0

What are the main factors that influence information security effectiveness (besides top management support, employee training and use of security policies)?

AviD
  • 72,138
  • 22
  • 136
  • 218
QuachTT
  • 11

1 Answers1

3

That's not what the examiner expects, but one can say that the main factors that influence information security effectiveness are apathy, incompetence and boredom.

The "right" answer for the exam, though, is whatever is in the corresponding guide book. Unfortunately, anything which talks about "main" or "most important" factors is an arbitrary judgement, and there are several schools of thought which have come up with distinct answers, while simultaneously declaring that all other schools are deluded heretics who should be burnt at the stake insofar as their existence is acknowledged at all.

In practical terms, information security will be effective if everybody understands what is going on, and practices map to what is really needed. Employees shall be made aware of the importance of security, enlisted in its implementation, and should be happily cooperating to its realization. This requires that whatever security goals and strategies and policies and systems are used really benefit to the organization as a whole; in corporative terms, what matters is business. If a security system does something which is actually beneficial to business, and employees who must cope with that system understand this causal relation, then they are much more likely to comply to the formal security system usage rules, and will not try to work around it.

An example of an ineffective policy is a system which forces users to change their password every 42 days. This is irksome, and nobody knows how it promotes the organization goals(*), so users will resist it in creative ways (passwords written down on stcik-up notes concealed under the keyboard, "smart" passwords generated as an easy sequence,...).

(*) It is quite probable that nobody knows what good password renewal makes because, in fact, it does not make any good at all.

Tom Leek
  • 168,808
  • 28
  • 337
  • 475