How Corporate Culture and Policies Impact IT Security

In addition to clearly understanding and aligning with your company's strategies, you also need to understand its culture and policies. Every company has a unique culture. Some companies have a very lax "we are all friends here" culture, where rules are few and seldom enforced. Others have very formal "buttoned down" cultures, where managers are addressed as "Mr. Brown" or "Ms. Black," and where rules are many and conscientiously enforced and obeyed. If your IT security policy does not address the reality of your corporate culture, it will not be effective. If you establish 52 rules of network security in a company where things run rather fast and loose, 51 of those rules will be disregarded whenever possible.You cannot single-handedly change your corporate culture, but you can influence it greatly when it comes to IT security. If you educate executives and users about the importance of IT security and how it affects them, you are more likely to gain their support and compliance. The reverse is also true. If you work in an environment where rules and regulations sometimes overwhelm even the simplest business process, you may need to make a case for having a more relaxed environment. Again, the complex password scenario is the one that consistently comes to mind. If you require passwords that look like x%v93P!2m5>6, users are going to write them down even if it is against the rules.

Company policies also come into play when creating an IT security plan. Does your company require a background check on employees who handle money, manage confidential personnel files, or who have full administrative rights on the network? Does your company have policies in place that address current regulatory requirements such as Health Insurance Portability and Accountability Act (HIPAA) or Sarbanes-Oxley (SOX)? If so, your IT security plans should also address these policies. Reviewing corporate policies will help you align your IT security with the requirements and realities of your company. Make sure you include legal, financial, and human resources representatives on the IT security project team, which will help ensure policies related to network security are properly addressed.

And finally, if you include users (Success Factor #2) in your security planning project, you are much more likely to strike a balance between the need for tight network security and the need for users to easily access the necessary resources. If you neglect to bring users into the mix until you are ready to implement the security solution, you will probably find that users are more resistant because you are simply "laying down the law." A collaborative approach, while taking more time in the planning stages, generates a better result and reduces problems in the implementation stage.The cost of making changes to a project in the planning stage is significantly less than making changes in the implementation stage; therefore, including users early in the process will save you time and money in the long run.

Project Management Made Easy

Project Management Made Easy

What you need to know about… Project Management Made Easy! Project management consists of more than just a large building project and can encompass small projects as well. No matter what the size of your project, you need to have some sort of project management. How you manage your project has everything to do with its outcome.

Get My Free Ebook


Post a comment