Programmer-analysts and network managers must face numerous challenges: we expect their work to be flawless and that they do it fast. In the field, the preoccupations of the contributors with whom they work are focused on achieving tangible results: implementation of applications and services, correction of bugs and problem solving.
In such a context, information security can be perceived as an obstruction. Sometimes a functioning problem can be solved simply by deactivating or bypassing a security mechanism. Thus, to satisfy users’ priorities, the proper functioning of a service may override the necessity to maintain information security.
But even when the risk level is low, creating a security breach jeopardizes your organization’s activities, and may result in the following:
- Slowing down or interruption of operations,
- Incapacity to meet deadlines,
- Loss of clientele,
- Damage to the organization’s reputation,
- Legal consequences for the organization and its senior management,
- etc.
Thus, within the frame of your daily activities, it is crucial to keep these considerations in mind and to ensure that any intervention liable to have an impact on information security is approved by the contributors in charge beforehand.
What should you do when a user pressures you to quickly solve a problem even if doing so may entail a breach of security? The best solution is to raise employees’ awareness regarding information security and to involve senior management. Responsive users will be more liable to recognize the importance of protecting information and to comply with the corporate guidelines regarding information security. Consequently, they will view security as a must rather than an irritant. Furthermore, if your senior management is involved, it will be supportive of your efforts to comply with security guidelines and will take the necessary actions to prevent users from asking you to disregard such guidelines.
|
