With information security now demanding a significant level of attention
from organizations, the traditional approach of identifying risk in purely technical terms has proven insufficient. Please consider the areas that truly affect information security and integrate those findings into an overall risk management study to ensure an effective and appropriate technology program.
I believe the greatest information security threat is corporate culture. Culture baffles people that have never had to struggle with it. As a third culture kid (Dept. of State, 2010) I’ve struggled to explain myself culturally most of my life. I know I think differently even though I carry and American passport. I’ve learned that culture is a way of thinking, the way I think is logically derived from my culture and that the logic culture is based upon is based on assumptions about something.
The best example I’ve ever come up with uses our current numbering system which is based upon ten symbols: 0-9. We are taught times tables and addition based upon the assumption that there are ten symbols. But, what makes this assumption correct? Nothing, other than it is a cultural definition we use so that all of can communicate successfully.
Computer technicians often have to count using two, eight, or 16 symbols and learn to add and subtract using these counting systems. When using eight symbols (1-7) when 1 is added to 7, the one is carried to make 10. This is where people begin to get lost because counting to 10 using 8 symbols is not the same as counting to ten using 10 symbols. It is here that the culture clash of logic begins. Corporate cultures can be, and often are, this different.
Culture also set limits on how people think. Imagine using Roman Numbers and multiplying XIII time XXIX and getting the right answer. Roman Numbers also have no concept of zero and negative numbers don’t exist.
The assumption of a number system makes a big difference in how we...