Tuesday, February 12, 2008

Secret Love

I have been beating this drum for a long time, about how important it is to make every part of your security and compliance plan workable not just for us geeks, but for every user. Here is another thought about classifying information that has occured to me, but I haven't gotten around to writing about. Now I don't have to:

Chief information officers need to take a leading role in setting up formal information classification schemes to stop them over-engineering them to comply with security regulations, according to a report from the Information Security Forum (ISF).

The ISFsaid that information classification systems were overly complex. "As a result they rarely deliver business benefits and are often simply ignored," it said.

Now me and all my geeky friends just love us some multi-layered processes and classification schemes that look like flow-charts of Merovingian Dynasties, but you know, most people don't. Stange as it may seem, most folks just want to do their jobs, and if you make it too difficult for them, they will bypass your marvelous system, or in the case of data classification, underclassify it to avoid hassling with additional layers of crap. Make it easier for them to do the right thing, will ya?

No comments: