Page 17 - CISSO_Prep_ Guide
P. 17

ownership and personal accountability for the development and
            implementation of a comprehensive security program starts with
            the recognition that security is a part of everyone's responsibility.



            Defining Information Security

            If  a  survey  asking  'what  information  security  is'  was  to  be
            conducted  in  your  office,  what  would  the  results  be?  If  each
            person,  from  the  janitor  that  cleans  the  floor  to  the  Managing
            Director, was asked what information security is, how would they
            respond?
            To a person that watches a football or cricket match for the first
            time and that does not understand the rules, the game may only
            appear to  be  a lot of people running around in  a disorganized
            manner and for no apparent reason. A person unfamiliar with the
            game  does  not  understand  the  strategies  and  synchronization
            required to be successful, and they do not understand the crucial
            role that each player on the pitch actually serves. Such a person
            needs someone to explain the rules, describe the strategies, and
            point  out  the  actions  and  procedures  that  lead  to  victory  -  or
            defeat.  A  football  match  is  also  an  excellent  example  of  a
            combination of short, mid, and long term strategies. A quick pass
            may provide some progress while the main goal is to score points,
            a few at a time (mid-term plan), to achieve a winning result (long
            term strategies).
            The first challenge the information security manager faces is an
            incorrect understanding of what security is. This is because of the
            knowledge  of  what  security  varies  widely  from  one  person  to
            another  -  especially  between  security  professionals,  managers,
            and users.
            To the user, security is often perceived as:
   12   13   14   15   16   17   18   19   20   21   22