INFO5301 Information Security Management
Explain:
• Technology controls alone cannot protect the information system
• Formal controls and informal controls are even more important which affect the effec-
tiveness of technology controls
• Example on the human factor exposes risk the organization’s information system se-
curity
• Many vulnerabilities of information systems security cannot be solved by using latest
technologies: need policies, security rules, regular education/training programs
Duration: This question is for group discussion. Each group has 25 min to discuss and 5 min to
present their answer to the main class
Exercise 4:
Over engineering a solution or over bureaucratization of the formal systems have conse-
quences for security and integrity of operations.
Comment?
Hints:
Over engineering a solution: technical solutions
Over bureaucratization: long process/complex procedure to make small things done, e.g.
forms/documentations to be approved by government entities
Answer:
The below includes sample points that you should address in your answer. Follow the
answers in question 1 and question 2 to present your answer.
Comments:
• Complexity of the procedure/solution could lead to inefficiency
• Complexity has consequences to security/integrity operations. Due to the human na-
ture, people try to find an easiest way if things are complex.
• For security rules, if people do not follow complex rules for their convenience, it could
expose the information system to security threats
• Example: login process requires lengthy password. People tend to write it down to
reuse.
Duration: This question is for group discussion. Each group has 25 min to discuss and 5 min to
present their answer to the main class
Information Security Management Page 3of 3