Controls, Policies and Procedures - A corporate jargon!!

Organizations consider that if they have implemented strict controls, policies or procedures, they are secure. But they, fail to understand that one simple question, “what to secure and from whom?”

This is a very common practice to have this type of mind set because when a security has to be implied to prevent a information from getting leaked out from an organization, then I don’t think, any stringency would be of any help in doing this. The reason is very simple, “Are we feeling the every possible gap within the organization?”

The answer to this question will be “No” every time because it is not possible to close all the gaps because, we are not aware of all the gaps. We are putting our thinking on what is visible but there would be many things, which are not visible. So is an organization safe?

Due to an increase in the pressure of getting organizations comply on various standards; we have shifted our thinking to the real problem of limiting data theft. The biggest threat prevailing in this area is on the human mind , acting a vital role in data leakage. The behavior of a non satisfied employee is always uncertain and there is no policy to govern the mind.

It is and was never possible to control over a human mind and there will be always a non-compliance in this aspect, then “what are we preventing and from whom?”, this is the reason, why we always emphasize on awareness. It is very important to minimize the internal threat against external. Till today, people working in an organization, are considered to be the biggest threat against the external entities.

For me, having policies, procedures and controls are just good to have for an organization, to say “ I have security implemented” but when you look at the granular level then you will realize the purpose of having all these is never achieved. One talking to limit the data theft is impossible, if it is not implemented at the level where humans dealing with the data, take the responsibility of its security. I don’t believe, any technology can go above the intelligence of human brain. This is the only weapon which can cause and prevent the damage from getting worse.