The Risks of Bad Communication fe-dumpssu, n1shopsu

I have been thinking about whether there are are any risks unique to
remote facilities when it comes to a company’s IT security design. 
This could be locations in different cities, near-shoring, off-shoring,
From the article Bad Communication Can Create Risk , the author lists four risks mitigated by effective communication:
From an IT security perspective, I will add:
The knowledge of being observed is itself a deterrent to bad behavior.  There is the Observer (or Hawthorne) effect ,
which “refers to changes that the act of observing will make on the
phenomenon being observed.”  Distance or separation from the company
could reduce efficacy of this control, and may embolden a subversive
contractor or employee.
Also, with a lack of proximity to the end users, you have no choice but
to make assumptions to fill in the gaps during the requirements
gathering phase.  Like in Jurassic Park where the  geneticists filled
gaps in the DNA with frog DNA:  we know how that turned out.  If the
design proceeds on incomplete information, mistakes will undoubtedly be
made.  Architectural and security decisions should not be based on what
is “believed” to be the environment and usage behavior of a distant
location.  The risk is that you may proceed with a false sense of
security because the design and implementation are based on a false set
of premises. 
There are also language and translation challenges, as well as time
zone differences.  These factors can add layers of confusion and
misinformation, and can be additional challenges to effective security
(see the four risks above).  Miscommunication could also lead users to
unintentionally break security rules because they are not fully
understood, and because monitoring is not in full effect, the behavior
goes on unnoticed.
Distance and communication challenges should inform the security
design.  Assumptions, due to lack of communication or sheer
exasperation, should be kept to a minimum.  This may require a few
trips to the distant location, as well as establishing a mechanism to
virtually visit (e.g. WebEx, video conference) the location on a
regular basis.  The first step to good security is to candidly identify
the differences between a remote and home location, and to design
fe-dumpssu n1shopsu

This entry was posted in Статьи. Bookmark the permalink.