Technology is not enough: Taking a holistic view for information assurance

Information security has become a boardroom topic, lost laptops and hacked systems make front page news across the globe, but while technology is a key piece of any corporate security strategy, it is not enough. In this paper, Dr. Bunker examines the change in emphasis for information security from being hidden in the backroom of IT to a responsibility of every employee.Security needs to be taken into account in every IT activity, but it has to match the requirements and needs of the business. Information security has given way to the more comprehensive information assurance which can be categorized into more than thirty different strategic, operational and tactical controls. This paper examines the different controls and how a maturity model can be used to prioritise improvements by concentrating on the people and the processes as well as the technology. Finally it looks at the implications of cloud computing on information assurance and on how people can be an organizations greatest security asset.