Challenge Description
In the environment of the 21st century, technological savvy seems to have become an inherent quality, as most people use online tools for a range of purposes for social to business ones. However, because of the lack of research on the identified realm, the issue of security remains the primary problem that needs addressing urgently. Although the security management area faces a range of challenges that must be managed in a manner as efficient and expeditious as possible, it is the human factor that has been the cause of concern since the very beginning of the technological breakthrough.
Because most users refuse to take the security issues and the related risks seriously, thus, neglecting a variety of safety and precaution measures, the instances of a personal and corporate data breach are getting increasingly common. With the rapid development of the software devised to trick people into providing their personal data, coupled with a complete lack of concern among most users, the security management process is getting increasingly more complicated and, therefore, requires a set of drastic measures aimed at increasing the users’ competency (Human factors in information security management systems, 2013).
Therefore, the lack of responsibility concerning compliance with the existing security rules can be considered the primary issue to be addressed in the context of security management. A recent report indicates that most people using the corresponding tools that provide them with security, in general, and information security, in particular, prefer to bypass the policies that they consider inconvenient: “In fact, most employees say they are at least somewhat likely to look for security workarounds if they can’t access their favorite applications or websites at work, according to a survey by Software Advice of 529 employees of U.S. businesses” (Scarpati, 2016).
The lack of awareness on the subject matter would not have been a major obstacle on the way of improving the information security management process. Indeed, designing the strategy that would allow introducing people quickly and efficiently to the essentials of security in the workplace, as well as in their private use of the Internet and the related resources is not that hard.
However, the issue cuts much deeper, being related to people’s unwillingness to change their traditional behavioral patterns for something that they consider insignificant. In other words, a vast amount of audience takes security management very lightly when it comes to the use of the corresponding information security strategies (Ciupitu & Tudorache, 2015).
Therefore, the human factor can be viewed as one of the most drastic security-related issues that need to be managed as fast and efficiently as possible. No matter how well-built the security framework can be, there will always be a possibility of failure unless the people using the corresponding technological devices accept the existing safety standards and follow the instructions closely.
Therefore, the approach toward instructing people to comply with the guidelines and make decisions related to security management based on the existing standards needs to be designed. At the same time, the independence and initiative of the users should not be restricted or impaired. In other words, a gradual transfer from the current behavioral patterns to the desired ones will have to be accomplished. As soon as the people using the technology in question recognize the need to follow the existing security rules, the threat of data leakage will be reduced significantly.
Loss Prevention Assessment
Consistent auditing has been suggested as one of the means of addressing the issue, yet the strategy might use adjustments (Ahmad & Maynard, 2014). On the one hand, regular supervision of the security management process, as well as the suggestion that the staff members should submit reports regarding their application of the corresponding measures in the course of carrying out their routine tasks, deserves encouragement.
Making sure that the employees follow the set rules is crucial. However, it is also imperative to make sure that the staff members understand the significance thereof, as well as the gravity of the possible effects of incompliance. Differently put, there is an obvious need in challenging people’s concept of security in the workplace and making them realize the significance of following the existing security standards.
Therefore, apart from carrying out audits on a regular basis, the managers should consider the use of reports as the tool for assessing the loss prevention mechanism to be deployed in the context of the company. As long as the staff members realize the importance of following the standards set by the company as far as the security issues are concerned, and understand the implications of abusing these rules, the entrepreneurship is likely to avoid major information security risks.
Naturally, the process of assessment should also incorporate elements such as an overview of the recent updates made to the security management system. For instance, the software installed on the computers, the tools used to secure the intranet of the corporation from the invasion of hackers, etc. must be scrutinized in the most accurate way possible (Averweg, 2012). In addition, it is necessary to make sure that the routine actions, such as the regular change of passwords, should be carried out carefully and that the corresponding data should be stored in an appropriate manner.
However, as stated above, the focus should be on the human factor. Svensson (2013) makes a very valid point by reporting the tendency to apply personal judgments to the choice of security measures as one of the crucial concerns to be addressed in the future: “Not only is it important to have rules covering what to do and not to do, it can also be relieving for the personnel not having to judge what is right and wrong themselves but instead refer to the policy when being restrictive” (Svensson, 2013, p. 9).
The strategy outlined above, however, should not inhibit the employees’ willingness to develop independence as far as their work responsibilities are concerned. Instead, the people working for the company should consider the use of the appropriate tools and strategies as the extension of their responsibilities. In fact, the process of building security literacy among the employees should start with the promotion of the concept of Corporate Social Responsibility (CSR) as the foundation for the decision-making process in the context of the organization.
As soon as the target audience accepts the new philosophy of security management, they can be introduced to the courses that will help them increase their competencies in using the corresponding tools and maintaining the security rates high in the workplace. The courses, in their turn, must be viewed as a necessity, since the employees may require assistance in understanding the strategies for managing security rates and maintaining the latter high.
Reference List
Ahmad, A, & Maynard, S. (2014). Teaching information security management: reflections and experiences. Information Management & Computer Security, 22(5), 513-536.
Averweg, U. R. (2012). eThekwini Municipality’s intranet for augmenting knowledge-sharing in the organization. South African Journal of Information Management, 14(1), 1-6.
Ciupitu, S. A., & Tudorache, D. (2015). The management of the organization based over the informational system. Knowledge Horizons. Economics, 7(1), 41-44.
Human factors in information security management systems. (2013). Web.
Scarpati, J. (2016). Five essential network security topics and trends to watch. Web.
Svensson, G. (2013). Auditing the human factor as a part of setting up an information security management system. Stockholm: KTH Electrical Engineering.