I started this blog as a part of a independent study for my MBA and as you can see if you look at my archive, its been about 2 months since I’ve entered a blog entry. Since this is my assignment for the semester, it can be said that I’m a little bit behind on the work for this class. As the semester is coming to an end in less than 2 months and I realize that my time is slowly wittling away, I look into what I should be doing to jump start myself into finishing my work as well as looking into the past and analyzing why I am behind. (I have to analyze everything i do…Thats what MBAs live and breath) So, let’s start off with the past…
THE PROBLEM
I have taken this independent study and have not completed the work over the summer as planned.
ANALYSIS OF THE PROBLEM
Why?
- Stress of Moving to and from California for an Internship
- Buying the wrong book on Half.com (delaying reading for 3 weeks)
- On the backburner – Lack of presence in forefront of mind
- No short term goals or milestones set for independent study
- August – start of new semester & classes
- Busy – work, classes, a few hours of sleep, interviews, need for down time (Value of Time & Effort)
- September to November – interviews every week, behind on normal classes
Now you are probably wondering how this has anything to do with Information Security. Well, don’t worry. I’m going to go into that now.
In business, many things are happening at once. Everyone has to multi-task and prioritize their lives in order to survive work as well as life. Within business, many times security is put on the backburner. Unless top executives make Info Security a priority, businesses know they should be doing something but don’t take the time to do anything about it. People look for ways to save time and money, and security can sometimes cost employees and the business alot of time AND money. This link shows just one of the many ways that employees will find to short cut a system to save time while increasing risk to security.
As I mentioned before, having top executives’ support can make or break some initiatives. It is also important to set timelines, goals and milestones for progress. I personnally did not do this and as you can see from the small number of blog posts, I am not accomplishing my work in this portion of my class. By setting milestones in both Info Security and work goals, you can help to keep security work at the forefront of employees minds.
Lets move onto “Value of Time & Effort”. In everyone’s life, they have to constantly make choices. “Do I want to work out or do I want to watch TV”/ “Do I want to buy a new laptop or do I want to take a vacation to Hawaii?”, etc. This happens in Info Security a great deal, just like with life. Information Security, especially on the Internet, is an important aspect that needs to be addressed. However, events in which data or information are comprimized are few and far between. These events cost a great deal of money when they do happen however. Many managers don’t want to spend that large amounts of capital needed to guard against an event in the future that may or may not even happen. These managers sometimes don’t comprehend how expensive these types of breaches can cost.
So I guess to sum up my key points, I believe that in life and info security, we need…
- senior executive prioritization
- key security milestones and goals
- complete understanding of potential risks
0 Responses to “How Things DON’T Get Done In Real Life & Security Policy”