Information Security Case Study

1477 Words6 Pages

In the modern world, numerous threats and risks effect the daily operations of organizations and lives of users, but most are unaware or blinded by the severity or possibility of the risk or threat. These circumstances require security and information technology managers to develop a culture, for appropriate information security awareness and perception. Consequentially, the members or personnel of an organization come from various backgrounds, and beliefs of probably or acceptable risks and necessary security measures differ, per life experiences, economical standings, education, and other variating factors. Furthermore, the personnel perceptions are not necessarily untrue, but do not meet the reality of information security and appropriate …show more content…

(Schneier, 2008)However, Schneier discloses the psychological factors that are detrimental or accommodating to identifying risk factors, and employing appropriate risk mitigation tactics. Consequentially, the psychological state of homo sapiens influenced through sensory input, education, religious and political affiliation, social status, and community or geographical location. Thus, these instances dictate perceived imminent risk that are highly unlikely to occur, while depreciating actual imminent risks, by being blinded by ones’ perception. This blindness influences the affordability of security tradeoffs, but the security mechanism is not appropriate, as user or consumer perception does not meet reality. (Schneier, …show more content…

Through the course of Seiden’s career, he formulated a hypothesis addressing organization’s and user’s perception versus the reality of security, and the requirement for legislative IT governance to address ownership of information. Furthermore, he identifies in his speech companies’ habitual practices to take on security risks and vulnerabilities for convenience, which leave huge gaping in security posture, examples are video teleconference (VTC), wireless routers and devices, and virtual private networks (VPN). (Seiden) Evidentially, findings from security assessments attest to the lack importance of security measures in the hierarchy of an organization, with the stealing of the master keys to an organization, and the responsible party or parties failing to notify the appropriate stakeholders. Additionally, the failure to properly encrypt tape and other data backups to prevent data breaches, in the event the media is stolen or lost in transport. (Seiden) Consequentially, security perception is limited to configuration and administration of the enterprise infrastructure, but do not protect against social engineering, surfing, and other socially associated