Gestion De Seguridad De La Informacion
Páginas: 23 (5733 palabras)
Publicado: 14 de enero de 2013
information security technical report 13 (2008) 195–201
available at www.sciencedirect.com
www.compseconline.com/publications/prodinf.htm
Information Security management: A human challenge?
Debi Ashenden
Department of Informatics & Sensors, Cranfield University, Swindon SN6 8LA, UK
abstract
Keywords: Information Security Management Organisational culture Human factors Changemanagement Communication Awareness This paper considers to what extent the management of Information Security is a human challenge. It suggests that the human challenge lies in accepting that individuals in the organisation have not only an identity conferred by their role but also a personal and social identity that they bring with them to work. The challenge that faces organisations is to manage thiswhile trying to achieve the optimum configuration of resources in order to meet business objectives. The paper considers the challenges for Information Security from an organisational perspective and develops an argument that builds on research from the fields of management and organisational behaviour. It concludes that the human challenge of Information Security management has largely beenneglected and suggests that to address the issue we need to look at the skills needed to change organisational culture, the identity of the Information Security Manager and effective communication between Information Security Managers, end users and Senior Managers. ª 2008 Elsevier Ltd. All rights reserved.
1.
Introduction
2. What do we mean by a ‘human challenge’?
The first question to addressperhaps is what we mean by the phrase ‘a human challenge’. To answer this question we will explore what it means to be human in the organisation and how this goes beyond the role that an individual is paid to perform. We will then turn to look at one of the main challenges that all organisations face – that of configuring resources. Finally we will place our understanding of what it means to behuman in the context of the challenge of configuring resources.
This paper examines the extent to which Information Security management is a human challenge. Information Security continues to mature as an organisational function and it is apparent that the management of Information Security depends on technology, processes and people. Understandably perhaps we have become skilled at managingtechnology and process but we have been less successful at managing people. It may be that this has occurred because we have a tendency to view the problem from the wrong starting point – we start from Information Security and try to look outwards towards the business. This paper aims to reverse this approach and looks from the organisation towards Information Security. It starts by examining what thehuman challenge is from an organisational perspective and develops the links between organisational management and the management of Information Security. Finally it explores the challenges facing Information Security management and examines the extent to which these are human challenges.
2.1.
Being humans in an organisational setting
When we talk about a ‘human challenge’ we have to takeaccount of more than just the roles that embody an individual’s work identity (for example, sales manager, management accountant, team leader) we also have to include the individual’s unique attitudes, beliefs and perceptions that they
E-mail address: d.m.ashenden@cranfield.ac.uk 1363-4127/$ – see front matter ª 2008 Elsevier Ltd. All rights reserved. doi:10.1016/j.istr.2008.10.006
196information security technical report 13 (2008) 195–201
bring with them to work. With this in mind we need to look at all individuals in the organisation from end users to Information Security Managers to Senior Managers and Board members. As a whole the humans within the organisation bring into being this rather nebulous phenomenon that we call organisational culture. This is a phrase that is...
available at www.sciencedirect.com
www.compseconline.com/publications/prodinf.htm
Information Security management: A human challenge?
Debi Ashenden
Department of Informatics & Sensors, Cranfield University, Swindon SN6 8LA, UK
abstract
Keywords: Information Security Management Organisational culture Human factors Changemanagement Communication Awareness This paper considers to what extent the management of Information Security is a human challenge. It suggests that the human challenge lies in accepting that individuals in the organisation have not only an identity conferred by their role but also a personal and social identity that they bring with them to work. The challenge that faces organisations is to manage thiswhile trying to achieve the optimum configuration of resources in order to meet business objectives. The paper considers the challenges for Information Security from an organisational perspective and develops an argument that builds on research from the fields of management and organisational behaviour. It concludes that the human challenge of Information Security management has largely beenneglected and suggests that to address the issue we need to look at the skills needed to change organisational culture, the identity of the Information Security Manager and effective communication between Information Security Managers, end users and Senior Managers. ª 2008 Elsevier Ltd. All rights reserved.
1.
Introduction
2. What do we mean by a ‘human challenge’?
The first question to addressperhaps is what we mean by the phrase ‘a human challenge’. To answer this question we will explore what it means to be human in the organisation and how this goes beyond the role that an individual is paid to perform. We will then turn to look at one of the main challenges that all organisations face – that of configuring resources. Finally we will place our understanding of what it means to behuman in the context of the challenge of configuring resources.
This paper examines the extent to which Information Security management is a human challenge. Information Security continues to mature as an organisational function and it is apparent that the management of Information Security depends on technology, processes and people. Understandably perhaps we have become skilled at managingtechnology and process but we have been less successful at managing people. It may be that this has occurred because we have a tendency to view the problem from the wrong starting point – we start from Information Security and try to look outwards towards the business. This paper aims to reverse this approach and looks from the organisation towards Information Security. It starts by examining what thehuman challenge is from an organisational perspective and develops the links between organisational management and the management of Information Security. Finally it explores the challenges facing Information Security management and examines the extent to which these are human challenges.
2.1.
Being humans in an organisational setting
When we talk about a ‘human challenge’ we have to takeaccount of more than just the roles that embody an individual’s work identity (for example, sales manager, management accountant, team leader) we also have to include the individual’s unique attitudes, beliefs and perceptions that they
E-mail address: d.m.ashenden@cranfield.ac.uk 1363-4127/$ – see front matter ª 2008 Elsevier Ltd. All rights reserved. doi:10.1016/j.istr.2008.10.006
196information security technical report 13 (2008) 195–201
bring with them to work. With this in mind we need to look at all individuals in the organisation from end users to Information Security Managers to Senior Managers and Board members. As a whole the humans within the organisation bring into being this rather nebulous phenomenon that we call organisational culture. This is a phrase that is...
Leer documento completo
Regístrate para leer el documento completo.