Process—Administration

The fact that information security processes will restrict employee behavior will cause concerns within organizations. Employees don't like anyone telling them what they can and cannot do. Usually they are primarily concerned with getting their job done, and they resent additional steps for the sake of security. As we have mentioned, administration is a careful balancing act between placing too many constraints on employees (which can motivate them to circumvent controls) and not securing systems adequately.

Using an appropriate use policy as an example, it's not a problem to prevent employees from accessing pornography, gambling, and hate sites because these could easily be considered an inappropriate use of the company's ...

Get Executive Guide to Information Security, The: Threats, Challenges, and Solutions now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.