Question

In: Operations Management

Information security activities often create tension between the desire of users to engage in a particular...

Information security activities often create tension between the desire of users to engage in a particular activity and the need to secure the information assets of an organization. If business stakeholders and the broader community span the globe, how might this contribute to increasing the potential tension between business users and information security professionals? Discuss a strategy that you would use to reduce or eliminate potential areas of tension or conflict between these two groups within a global organization.

Solutions

Expert Solution

Use of data and information by the users present in different parts of the world, cause the information to flow through the insecure environment. It creates higher scope of theft of information, breach of security and information hacking. It increases the challenge for the information security professionals. As a response, these professionals bring new measures to ensure information security that restricts the free flow access of the information at the user’s end. As a result, a tension is created between the business users and the professionals. Here, business users want maximum access to the information without any constraints, attracting security issues, whereas the security professionals work to ensure that no any breach of security takes place by putting security infrastructure.
As a strategy, the users of the information, will be put into the different categories and they will be allotted the different level of authorization to access the information or data. Besides, the sensitive information can only be accessed using the authorization used to the department or the functional head. It will reduce the number of users who can access the data, but the accessibility is not inhibited by issuing authorization to senior people in the organization. It will reduce the conflict and security network will be robust and sound to prevent any unauthorized access or threat.
Besides, the data will be categorized so that data for one purpose is not accessed by the other people who don’t need it. It will also help to secure the information without inhibiting the control.


Related Solutions

Differentiate between internal users and external users and explain the examples of the accounting information required.
Differentiate between internal users and external users and explain the examples of the accounting information required.
Discuss the differences between internal and external users of information ..
Discuss the differences between internal and external users of information and their needs and demands on an information system. Historically, which type of user has the firm catered to most? 
can you create your idea for financial budget for security information
can you create your idea for financial budget for security information
Discussion Questions: Employees are often one of the greatest challenges for enhancing information security in government....
Discussion Questions: Employees are often one of the greatest challenges for enhancing information security in government. What can public organizations do to increase employee awareness of information security?
-What is the difference between information security andcybersecurity? Why is it important to understand the...
-What is the difference between information security and cybersecurity? Why is it important to understand the two concepts?-How do policies communication corporate culture? If possible, review your own organization policy on acceptable use and discuss how culture is embedded in the policy language.-Why is it important to have effective policies in an organization? What does effective mean?
Questions in Accounting Information Systems 1- What is the relationship between authorization and information security 2-...
Questions in Accounting Information Systems 1- What is the relationship between authorization and information security 2- What is the relationship between Internal Control and fraud 3- What is the relationship between double entry system and IT
Use this information as you create an SPSS dataset using the data chart below paying particular...
Use this information as you create an SPSS dataset using the data chart below paying particular attention in assigning the proper variable type (scale/interval, ordinal, or nominal) in the Measure column in the Variable View in SPSS. School ID School Region Enrollment Academic Rank 278 West 56 1 044 East 825 2 416 North 134 3 489 North 152 4 223 West 79 5 126 South 345 6 013 East 924 7 156 South 256 8
What is the PRIMARY goal of an Information Security Continuous Monitoring (ISCM) strategy? Create expedited assessment...
What is the PRIMARY goal of an Information Security Continuous Monitoring (ISCM) strategy? Create expedited assessment process for cost savings. Maintain visibility of an organization’s high-cost controls. Support organization risk management decisions. Assess the organizational tiers.
* What is the link between SOX compliance and law and information systems security? ** Why...
* What is the link between SOX compliance and law and information systems security? ** Why are vice-presidents and other executive managers who are privy to financial performance data considered insiders to a publicly traded company as defined by the Securities and Exchange Commission (SEC)?
1.Describe the difference between direct and indirect attacks. 2.Describe the balance between information security and access....
1.Describe the difference between direct and indirect attacks. 2.Describe the balance between information security and access. 3.Explain the difference between a policy and a standard. 4.Go to http://www.NIST.govand find the Incident Response template. Fill in the information on the template.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT