Monday, October 7, 2013

Next 5 biggest Info sec challenges

In my previous post I had listed the biggest 5 challenges. The challenges listed in this post are the next  five.

6.  Formulating and Enforcing data classification data destruction policies

Data discipline in terms of classification and management which would include labelling for archiving or disposal/ destruction is still quite casual by end users who generate documents. Though most users understand such policies for hard copies or physical documents and implement them to a large extent, they fail to do so for digital data. Duplicate and uncontrolled versions  of unstructured data(e.g word documents) lead to quite a few embarrassing situations.

7.   Consolidation and leverage of user initiated software systems

In a reasonably big, diverse and geographically wide spread enterprise the local IT people tend to design and use their own software tools. In such cases the overall organisation requirements  are not the issue but day to day task achievements are the goals. Consolidation and control of these from an ISMS point of view is often overlooked by central IT management. The local IT people also resist such attempts most of the time.

 8.   Disposal of old and decommissioned IT assets

Not much thought is given to old and decommissioned systems and they become a sore point. This happens despite having policies and regulations on the subject. 

9.   Individualistic continuance of IT initiatives and their management

Continuous dependence on such individuals would definitely lead to security issues in future. Processes should be evolved for managing these systems and after giving due credit such  individuals  should be taken away from these projects.  

10.  IT asset ownership issues

This topic continues as a thorn and requires resolution by regular education and awareness  programs.