Why managers must be involved in planning a thorough information security plan for the company, why? This is one of the most common questions we have been answering since long, but still this exists in many minds. Why managers are given so much importance, the reason is that managers are the one who is managing everything in a working culture OR simply he is responsible for maintaining Confidentiality, availability, and integrity of information assets.
Have you ever thought or experience workflow of an organization when there is no manager, there is hardly one person who will take the responsibility of protecting the digital assets. There is only one person who is then held responsible for data leakage, “the manager”. And a manager who fails to accept the responsibility of data leakage will out his/her organization’s survival at risk.
Why managers must know about information security?
There are many organizations that are still working without any kind of security policies and they are considered as “rudderless” when it comes to providing information security. The technical IT people are responsible for creating a master plan for information security and they simply fight with any kind of mitigation attack (also they have limited control or authority of the overall system). At this point, manager’s role starts as he/she is responsible for keeping check on any data leakage by ensuring every team member follow set guidelines. A manager will act as a backbone and help the company to achieve its goal of information security.
Companies which are operating in GULF especially in Qatar are still lacking such practices that are why there is a big loophole exists for hackers.
Many information security companies in Qatar must understand that managers have direct authority to supervise information policies for an organization. And to do this job a manager do not even need to be a computer nerd, basic training and responsible role can help him/her achieve their goals. There is a need of realizing that organizations must undergo with some kind of the systematic approach to assuring information security in their organization.
Manager’s responsibility:
The following items are included in the manager's responsibility for computer security:
1. Vital assets of an organization must be identified, described and itemized.
It is really important to identify all information assets in order to provide an appropriate level of security for each set of information. In addition to that an organization without explicit knowledge of what information assets it owns cannot provide information security.
2. Each of the information assets must be classified as to its level of criticality.
1. Vital assets of an organization must be identified, described and itemized.
It is really important to identify all information assets in order to provide an appropriate level of security for each set of information. In addition to that an organization without explicit knowledge of what information assets it owns cannot provide information security.
2. Each of the information assets must be classified as to its level of criticality.
What “critical” means must be described in terms of an information asset, what are they and why they must be protected? For example, financial accounts are more critical than a backup copy of a public website. Policies and procedures must be developed on how information is to be processed in the organization.
No comments:
Post a Comment