Scribd Logo
Upload

Welcome to Scribd!

  • 8 views

    module2slp

    Uploaded by

    floydmullings

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    module2slp

    Uploaded by

    floydmullings
    8 views5 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    8 views5 pages

    module2slp

    Uploaded by

    floydmullings

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    You are on page 1of 5

    The Importance of 1

    Running Head: The Importance of Belief & Culture in Information Security Management

    TUI UNIVERSITY

    Module 2 – Session Long Project

    Course #: ITM517

    Information Security Overview for Managers and Policy Makers


    The Importance of 2

    Introduction

    Belief guides one's actions. An organization may implement the very best technology as a

    means to obtaining information security. However, such approach does not address the root of

    the problem. The problem could be engraved in one’s belief – an employee for example, who

    believes that he/she was unfairly denied a promotion may react by not taking the necessary

    precaution to prevent a virus attack. IT managers should therefore strive to build their awareness

    and proper perception of information security and try to create a culture that embraces

    information security.

    An Overview of the Information Security Issue: Success Training College is a small

    community college located in the Bahamas. The college has three different campuses located on

    separate islands in the country. The college has approximately 1000 students. In terms of

    information technology the institution has two computer labs, one is used as a classroom for the

    computer courses and the other lab is made available to the students during the days. There is

    also a wireless internet service made available to the students and faculties which can be

    accessed while on campus. The main software that is used by the institution is Campus

    Anywhere. Campus Anywhere is a software that allows campus PCs and applications to be

    securely available to students, staff, and faculty from ‘anywhere’, at anytime. Campus Anywhere

    provides 24/7 computer lab access to students from anywhere; it allows faculty and staff to

    access it on their own desktop PCs from anywhere. As it relates to technical staffing, the

    institution does not have a structured IT department of such. The main IT person is the

    institution’s systems administrator who ensures the smooth running of the network and oversees

    other systems tasks such as information security. There is also one lab technician who monitors

    the activities in the computer labs. All other IT duties are carried out by outsiders.
    The Importance of 3

    Most of the technologies used by STC are embedded with security features. However,

    other than the default security features provided by the technology very little or no emphasis is

    placed on beliefs and culture. The institution does not promote a security-centric culture.

    Dangers of Ignoring Beliefs and Culture: Information security is more than the

    technology. The problem may be rooted in the belief and culture of the individuals in the

    organization. Therefore, an IT manager should not ignore such factors when implementing

    information security plans. System user’s security awareness should be top priority if proper

    security is to be achieved. A college environment like STC has an amalgamation of different user

    groups (students, faculty, administration, etc) all having their own beliefs and culture. Such

    beliefs and culture will naturally determine their attitude towards information security in the

    institution. An administrator for example, may not see the reason she cannot give information

    over the phone to someone she thinks she recognize so she disregards the privacy procedures and

    give the information anyway. A student for example may not see the reason for not allowing his

    “trusted” friend to have his user name and password so they can share account when using the

    computer labs, so he disregards the security rules and share his login information anyway. A

    faculty member for example, may use the school’s computer to access his/her email and with

    little or no precaution he/she downloads an attachment that might be infected with some form of

    malware. These are just a few examples of what takes place at the institution on a regular basis

    and no technology is able to prevent it from happening. It is a social issue. Such problems can

    only be corrected through awareness and proper security perception.

    Establishing Awareness and proper Perception: Individuals will always hold what

    they believe, however, it is the duty of management to create a security-centric culture in an

    organization. Culture is defined as the predominating, shared attitudes, values, goals, behaviors,
    The Importance of 4

    and practices that characterize the functioning of a group or organization (Fitzgibbons, 2010).

    Therefore, cultivating a security-centric culture will curve the users behavior to act properly by

    following security polices and procedures. This task however, cannot be achieved solely by the

    institution’s technical team. This is a task that will need top management involvement. Top

    management has the clout to channel an organization’s culture to a security-centric one.

    Management has the power to reprimand, and to reward and such actions should be taken in the

    name of promoting a security-centric environment.

    Conclusion

    According to Mark Seiden, technologies are designed for functionality and not for

    security (Seiden 2010). Therefore, an organization should not rely solely on the technology to

    meet its security needs. People’s belief and culture will determine the way they perceive their

    organizations information security policies and procedures. If they do not believe such

    procedures are necessary based on their belief then they will be disregarded which is the

    situation with STC. It is therefore important for management to work closely with the technical

    team in creating and promoting a security-centric culture. Through such means students, faculty

    and administration will develop a better information security perception, allowing them to have a

    better appreciation for the institution’s policies and procedures.


    The Importance of 5

    Reference

    Scheiner, B. (2008). The psychology of security. Retrieved January 28, 2010 from

    http://www.schneier.com/essay-155.html

    Schneier, B (2008). Reconceptualizing security on topics of security feeling, reality and model.

    Infosecurity Europe. Retrieved January 2010, from

    http://www.yada-yada.co.uk/podcasts/ReedExhibitions/InfosecurityEurope/

    video/BruceSchneier.html

    Seiden, M. “Mark Seiden speech”. Retrieved February 5, 2010 from

    http://cdad.tuiu.edu/Presentation.aspx?course=778&term=84&presentation=587

    Fitzgibbons, P. (2010). How to build awareness and change belief and culture? TUI University,

    Threaded Discussion. Retrieved February 5, 2010 from

    http://coursenet.tuiu.edu/students/forums_view.php?enrollID=368615&courseID=778

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy