Three Reasons Why the IT Security-Business Gap Exists

Anyone who has ever had a password stolen or a website hacked knows the importance of information security.   Unfortunately, some businesses do not recognize how grave this  risk is until a breach occurs.   Jessica Santana offers three takes on why such a gap exists between IT security and business.

Santana suggests that the lack of priority placed on security policies is a reoccurring issue:

The purpose of security policies is to state how an organization plans to protect its information/information technology assets.   Security policies need to ensure that new projects being introduced align with policies that support it.   These policies need to be detailed, current and flexible so that changes can occur when necessary.   One example of how security policies stop organizational performance is the Department of Defense (DoD) and how their outdated policies sometimes stopped them from taking advantage of new technologies.

The second reason she gives for this gap exists is that security professionals are not always able to address key personnel to determine strategic objectives.   There is simply a lack of understanding as to how IT professionals should support business objectives.   Metrics are the final issue she highlights.   Basically, sometimes it is difficult for an IT person to explain something in their terms to a business person and vice versa.   Even though tools exist to facilitate these communications, those tools tend to be too expensive.   Without options to bridge the gap between IT security and business, that gap can only widen.

Show More

Leave a Reply


We use cookies on our website

We use cookies to give you the best user experience. Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.