conflict of interest Thus, a conflict of interest constantly arises between the administrators of information security tools locat in the structure of the information security service and the employees of the IT departments, which, as a rule, is brought to the level of the top management of the organization and causes them completely justifi irritation.
Is resolv on the basis of subjective considerations conflict of interest
That is, on the basis of the amount special lead of administrative resource (the level of proximity to the top manager) of the heads of the security and IT departments. Regardless of the decision taken, the root cause of the conflict situation is not eliminat, which creates constant tension in the relationship between the IT and information security services.
For these reasons, it is advisable to assign responsibility
For the reliability of all elements of the enterprise’s information infrastructure to one person, rather than blurring the responsibility for the overall risk of disruption of the continuity of the IS by the presence of elements for which different departments are responsible, which sometimes report to different top managers. And the solution to the issue of control over IS administrators lies in the plane of organizational measures, and not in the construction of artificial restrictions on their work.
Each employee of the IT department
Must have an absolute understanding that any of their “good des” committ in circumvention of the establish procure will not go unpunish. And the heaviest punishment will follow for an attempt to conceal the facts of their activities. A corrupt log is a serious information security incident that should be follow by serious management decisions.
Organizational measures can only be implement from the top down
It is not necessary to how much does it cost to rank #1 on google? subordinate the IT service to the information security manager, but the head of the organization must require compliance with information security policies from all employees, including the IT service. The information security service can help formulate aero leads rules for safe work with information in departments, as well as provide the relevant managers with information about violations of the establish rules, but only one person should require compliance with these rules from subordinates.
