Saturday, 3 May 2008

Security is primarily about people and processes

Security is primarily about people and processes. The matter how good the technology, it still requires people to manage, maintain and make use of it effectively (DTI, 2006). Without the proper training, processes and controls even the best intentioned employee will eventually fail to maintain adequate security.

Even in cases where staff acts with the best of intentions, when acting without guidance they are unlikely to act uniformly. Without guidance this hodgepodge of actions in itself becomes risky (Bosworth, Seymour & Kabay, 2002).

The primary aim of information security is to provide good information governance. Good governance requires the support and interaction of the people involved with the system (DTI, 2006).

As a result, technology is only truly effective when deployed in an environment conducive to its goals (Gosh, 1998).

No comments: