Challenges and complexities of managing information security

摘要

Information security (IS) management is both complex and challenging. The complexity stems from the pervasive and multi-functional nature of IS, first, to protect organisations' valued assets, in order to achieve secure and dependable information assurance, and second, to advance business relations for the organisation by creating platforms for trust, business alliance and collaboration. Further, the ever-growing dependence of organisations on technology to drive businesses and to create a competitive advantage makes IS management for organisations extremely challenging. These challenges facing organisations in managing IS are numerous and inherently diverse. A traditional approach in addressing these challenges includes the use of technical controls to treat risks. Whilst technical controls are helpful in protecting valued assets, unfortunately, technical controls alone are insufficient in providing dependable security and information assurance required in a contemporary global enterprise. Global outsourcing, consumer-centricity, security compliance and legislation as emerging global business drivers have imposed new security requirements that complicate traditional perspective in security management.