<$BlogRSDUrl$>
 

This page is powered by Blogger. Isn't yours?

 Feedblitz email:
 RSS: http://linkingintegrity.blogspot.com/atom.xml

 

linking INTEGRITY

Integrity - use of values or principles to guide action in the situation at hand.

Below are links and discussion related to the values of freedom, hope, trust, privacy, responsibility, safety, and well-being, within business and government situations arising in the areas of security, privacy, technology, corporate governance, sustainability, and CSR.

Security policies break the ignorance cycle, 20.10.04

SearchSecurity

As for highways, so to security: Relieving the growing congestion on interstate highways and city streets will require more than simply building additional roads. Engineering is part of the solution, but economic, political, social and environmental considerations also determine what can and should be done. C-level executives and boards of directors are out of the communications loop when it comes to information security according to results from the Ernst & Young Global Information Security Survey 2004.

Survey results show that people at the highest management levels don't receive adequate, security-related information for making prudent decisions and need to engage more in decision-making communications. [...]

How can organizations break this cycle? The first step is to establish an infrastructure that supports, encourages and requires adequate communication about information security from the top down and bottom up. This can be structured through information security policies used in conjunction with detailed job descriptions and specific information security procedures. Policies and procedures should require top managers to define and communicate an overall strategy, assign responsibility for information security and engage in discussions about appropriate policies. Policies should require internal audits and periodic risk assessments for all information services. They should call for organization-wide information security status reports and compliance reports on laws and regulations (such as Sarbanes-Oxley). They should require incident handling reports and analysis about the adequacy of existing information systems controls.

Such an infrastructure involves many components, which could be mutually reinforcing. For example, a communications infrastructure could include multiple pathways so that important information is more likely to reach top management. This might involve an anonymous voicemail hotline for reports on security vulnerabilities and incidents. Such a hotline could provide an escape valve for channeling important, time-sensitive information, which would otherwise get the reporting individual into trouble with a mid-level manager. Likewise, periodic reports issued to a board of directors' audit committee would ensure that important information gets passed up. This could eliminate the middle management information blocking through other channels, which often occurs out of fear that it might make a person or department look bad.


__posted by Carolyn L Burke @ 5:41 p.m.
subscribe to Integrity

Comments

Post a Comment

 

Google

Integrity Incorporated

Site Feed

 Feedblitz email:


 RSS: http://linkingintegrity.blogspot.com/atom.xml

"We shall need compromises in the days ahead, to be sure. But these will be, or should be, compromises of issues, not principles. We can compromise our political positions, but not ourselves. We can resolve the clash of interests without conceding our ideals. And even the necessity for the right kind of compromise does not eliminate the need for those idealists and reformers who keep our compromises moving ahead, who prevent all political situations from meeting the description supplied by Shaw: "smirched with compromise, rotted with opportunism, mildewed by expedience, stretched out of shape with wirepulling and putrefied with permeation.
Compromise need not mean cowardice. .."

John Fitzgerald Kennedy, "Profiles in Courage"

Archives

07.03   08.03   09.03   10.03   11.03   12.03   01.04   02.04   03.04   04.04   05.04   06.04   07.04   08.04   09.04   10.04   11.04   12.04   01.05   02.05   03.05   04.05   05.05   06.05   07.05   08.05   09.05   10.05   11.05   12.05   01.06   02.06   03.06   04.06   05.06   06.06   08.06   09.06   10.06   11.06   01.07   02.07   03.07   04.07   07.07   08.07   09.07   10.07   05.08   06.08