Book contents
- Frontmatter
- Contents
- Acknowledgements
- Acronyms and abbreviations
- Glossary of terms
- 1 Introduction
- 2 The laws and regulations
- 3 Data quality management
- 4 Dealing with threats
- 5 Security, risk management and business continuity
- 6 Frameworks, policies, ethics and how it all fits together
- Discussion points and exercises
- Index
5 - Security, risk management and business continuity
Published online by Cambridge University Press: 08 June 2018
- Frontmatter
- Contents
- Acknowledgements
- Acronyms and abbreviations
- Glossary of terms
- 1 Introduction
- 2 The laws and regulations
- 3 Data quality management
- 4 Dealing with threats
- 5 Security, risk management and business continuity
- 6 Frameworks, policies, ethics and how it all fits together
- Discussion points and exercises
- Index
Summary
Introduction
In terms of its inherent nature, security is sometimes described as an emergent property of networks and the organizations they support. Given security's many dimensions, the precise location where security is enacted cannot be readily identified. An organization's security condition is often determined in the interaction and intersection of people, processes, and technology. As the organization and the underlying network infrastructure change in response to the evolving risk environment, so will the state of an entity's security.
Allen and Westby, 2007, 15This chapter goes hand in hand with Chapter 4, which described threats to our information, and how to deal with them. It would be under - standable to take the view that, having addressed the issue of threats, our organization is now secure, and this type of reactive approach is widespread. However, as in so many other areas of business, the external environment is changing, and expectations are changing, too.
If we examine the idea of ‘security’ a bit more closely, taking an individual person as an analogy, security doesn't just mean locking the doors and windows of the house at night, and setting burglar alarms, though of course those are important elements. A person would like to be physically secure when outside the house, dealing with other people. He or she would like to be secure in their employment, to be treated fairly in business dealings, to be respected as a member of society. At whatever level of abstraction we examine the individual's interactions with their environment, there is an implicit notion of security as perceived freedom from concerns. This perceived freedom, though, will have been accomplished by the actions of many individuals, in their creation and maintenance of a society in which freedom is possible. Or, if you prefer, threats are like illnesses, which impact on our desired state of health. There is more to health than the avoidance and treatment of illnesses, although these are large factors in maintaining health.
Similarly, there isn't a security process, it's more a way of doing the business processes.
- Type
- Chapter
- Information
- Information Governance and AssuranceReducing risk, promoting policy, pp. 113 - 156Publisher: FacetPrint publication year: 2014