Does the left hand know what the right hand is doing? Or does even the left pinky know what the left ring finger is doing? Problems can easily arise when policies, including cybersecurity ones, end up being out of sync with business, technical, legal or regulatory requirements.
The situation becomes even more severe when policy drafters end up with some stringent rule that leaves process or technology owners befuddled. Imagine if you have a recovery objective that does not obey the laws of physics. (Think: “policy requires a recovery time of five minutes” but your current architecture does not allow you to recover for at least an hour.)
Unintended consequences of overly strict cybersecurity can end up damaging a business and internal relationships.
Are the Right People Talking to Each Other?
Regardless of the role you are in now, it is quite likely that, at least once in your career, you have paused – likely out of frustration or exasperation – and openly wondered, “Does the other side of the house actually know what we do here and what we need to work?”
If you have found yourself in a case like this, you may have also witnessed the workaround. Users circumvent policies and rules just to get their day-to-day work completed.
Let’s say a user installs unapproved software on their machine. Cases like this are sometimes known as shadow IT. Applications and other technologies end up being managed outside of the enterprise’s control. The security fallout can be disastrous. If an attacker exploits a vulnerability in the unapproved software, it could serve as an entry point or vector onto the network. Nex ..
Support the originator by clicking the read the rest link below.
