The title of this posting clearly reflects one of the main messages that Christos K. Dimitriadis, Ph.D., CISA, CISM presents in his article recently posted on the ContinuityCentral website. The premise of Mr. Dimitriadis’ article begins with the fact that the current global economic crisis has elevated the need for an organization to initiate, evaluate, implement and improve an effective business risk management methodology —and — information security is one of the major parameters that affect business risk.
As Mr. Dimitriadis states, “…Information security will be understood, provide added value and effectively contribute to the operation of an organization only if it is designed and implemented as a core ingredient of the business strategy …and… While technical security controls are important, what distinguishes a typical information security management system from an effective one is the ability to correlate all parameters in the operation of an organization, especially the human factor.”
Does your organization support that same position regarding information security?
Click here to read the full reasoning and references that support Mt. Dimitriadis’ conclusion. And, if applicable, please pass this information along to those information and network security compliance team members in your organization.