Information security activities often create tension between the desire of users
ID: 334067 • Letter: I
Question
Information security activities often create tension between the desire of users to engage in a particular activity and the need to secure the information assets of an organization. If business stakeholders and the broader community span the globe, how might this contribute to increasing the potential tension between business users and information security professionals? Discuss a strategy that you would use to reduce or eliminate potential areas of tension or conflict between these two groups within a global organization.
Explanation / Answer
Use of data and information by the users present in different parts of the world, cause the information to flow through the insecure environment. It creates higher scope of theft of information, breach of security and information hacking. It increases the challenge for the information security professionals. As a response, these professionals bring new measures to ensure information security that restricts the free flow access of the information at the user’s end. As a result, a tension is created between the business users and the professionals. Here, business users want maximum access to the information without any constraints, attracting security issues, whereas the security professionals work to ensure that no any breach of security takes place by putting security infrastructure.
As a strategy, the users of the information, will be put into the different categories and they will be allotted the different level of authorization to access the information or data. Besides, the sensitive information can only be accessed using the authorization used to the department or the functional head. It will reduce the number of users who can access the data, but the accessibility is not inhibited by issuing authorization to senior people in the organization. It will reduce the conflict and security network will be robust and sound to prevent any unauthorized access or threat.
Besides, the data will be categorized so that data for one purpose is not accessed by the other people who don’t need it. It will also help to secure the information without inhibiting the control.