With blending IT expertise with a non-IT perspective, how can the organizations enhance overall information security effectiveness?

Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
icon
Related questions
Question

Need answer. Thank you.

With blending IT expertise with a non-IT perspective, how can the organizations enhance
overall information security effectiveness?
Transcribed Image Text:With blending IT expertise with a non-IT perspective, how can the organizations enhance overall information security effectiveness?
According to a global information security survey by the giant E&Y in 2010, in 46% of cases
firms have reported an increase in investment in information security. The report also indicates
that 60% interviewees feel that the use of cloud computing, smartphones, social media and
other personal gadgets have posed a higher risk to information security. However, a firm must
keep a proper mix of managerial, behavioral and technical aspects of information security to
overcome the data risk challenges.
Organizations have substantially improved information security programs to address
accelerating threats. They have added new features to their information security systems,
redefined strategies, installed new information security function components and added more
people. These step-by-step adjustments have undoubtedly improved information security
capabilities. It just hasn't improved them enough.
Traditionally, IT departments do not have a formal risk landscape or assessment mechanism
something that is fundamental to the risk function. This may explain why 52% of
organizations do not have a threat intelligence program currently in place. Without a
disciplined approach to researching and monitoring threat intelligence, the IT function is not
only unable to proactively address current threats; it also has no way of anticipating the threats
that are lurking just around the corner. This only reemphasizes the gap. It's a familiar refrain,
particularly in today's era of economic volatility and spending restraint: too much work, not
enough resources. But a lack of resources only tells part of the story. Information security
doesn't just need more resources; it needs people with the right skills and training to meet
rapidly evolving changes in the information security landscape.
The article above demonstrates the trend and survey of information security from Year 2010
to Year 2012 by E&Y. Based on your opinion, discuss the followings with justification:
Transcribed Image Text:According to a global information security survey by the giant E&Y in 2010, in 46% of cases firms have reported an increase in investment in information security. The report also indicates that 60% interviewees feel that the use of cloud computing, smartphones, social media and other personal gadgets have posed a higher risk to information security. However, a firm must keep a proper mix of managerial, behavioral and technical aspects of information security to overcome the data risk challenges. Organizations have substantially improved information security programs to address accelerating threats. They have added new features to their information security systems, redefined strategies, installed new information security function components and added more people. These step-by-step adjustments have undoubtedly improved information security capabilities. It just hasn't improved them enough. Traditionally, IT departments do not have a formal risk landscape or assessment mechanism something that is fundamental to the risk function. This may explain why 52% of organizations do not have a threat intelligence program currently in place. Without a disciplined approach to researching and monitoring threat intelligence, the IT function is not only unable to proactively address current threats; it also has no way of anticipating the threats that are lurking just around the corner. This only reemphasizes the gap. It's a familiar refrain, particularly in today's era of economic volatility and spending restraint: too much work, not enough resources. But a lack of resources only tells part of the story. Information security doesn't just need more resources; it needs people with the right skills and training to meet rapidly evolving changes in the information security landscape. The article above demonstrates the trend and survey of information security from Year 2010 to Year 2012 by E&Y. Based on your opinion, discuss the followings with justification:
Expert Solution
steps

Step by step

Solved in 4 steps

Blurred answer
Knowledge Booster
Types of Security Policy
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education