Business Users are Not Mature Enough to Handle IT Security

  • Sharat Airani (Unknown Publication)
  • — 08 November, 2012 21:09

Though consumerization has completely changed the threat landscape within the enterprise, Sharat Airani, chief-IT (Systems & Security), Forbes Marshall, believes that users are not mature enough to handle the nuances of IT security by themselves.

I strongly disagree with the view that average users can take up such an immense responsibility of using their discretion when it comes to data security and protection.

No matter how responsible and well trained the citizens of a country are, one simply cannot hand them weapons and ask them to defend the country. That job requires a certain level of expertise and training and it's better to leave it to the experts.

Segregation of job profiles in an organization exists because not everybody can do everything. Though it's imperative that both business and IT work hand in hand towards more effective data protection practices, but blurring the lines of control could lead to unnecessary confusion.

An average user has limited knowledge about how technology works and how a small mistake could snowball into a larger problem for the enterprise. Even intensive training cannot ensure that users will understand the nuances of technology to be able to take a call themselves.

Security is not just restricted to not leaking passwords or clicking on spurious links. It's a giant monolith with compliance, regulatory policies and other industry rules all interlinked with each other in a tangled web that can perplex even the most skilled IT teams.

Today's IT environment is so complex that even CIOs are finding it hard to wrap their minds around it. I don't think business users are ready to take accountability for something they don't understand. They wouldn't even have the bandwidth to take time out of their routine to keep themselves abreast with technology changes.

I strongly recommend that the combination of a defensible, hostile and fertile network coupled with proper measuring and monitoring mechanisms--and creating user awareness--will help CIOs prepare the best defense for any attack.

Tags: consumer electronics, security

Heartbleed bug is irritating McAfee, Symantec, Kaspersky Lab

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Identity & Security Management

Identity and Security Management

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).

  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.