The rapid need for Information Security (IS) in the operations of organizations has led to the formation of Information Security Departments or units (ISDs). ISDs are gradually becoming ubiquitous in organizations due to business requirements, regulations and legislations.
Information Technology (IT) has been an integral part of most organizations due to its importance and enormous benefits. To help realize the benefits of IT, Information Technology departments or units (ITDs) have been existent in most organizations. ITDs have always predated ISDs in most organizations, especially in Africa and Ghana in particular.
With my experience in both IT and IS, I have realized that in organizations where the ISDs are younger than the ITDs, there always seems to be some level of animosity between them. This development ultimately affects the overall progress and productivity of the organization within which they operate. This article seeks to dissect this development and propose solutions for curtailment.
Responsibilities of ITDs & ISDs
ITDs and ISDs undertake several responsibilities based on the industry or organization within which they operate.
ITDs are generally responsible for effective internal and external communications, data management, technological innovations, increasing productivity, and ensuring the security of IT systems. They support the attainment of business goals and expansion plans, solve complex business problems through technology, provide data to support better decision making, and help the organization to be competitive. They also provide customer support, enhance customer relationship and experience, support effective management of organizational IT resources, and the continuity of IT dependent business processes.
ISDs are generally responsible for ensuring confidentiality, integrity, and availability of all organizational data/information. They ensure adequate protection of all information assets and business processes across the organization. They also implement and maintain IS policies and standards, provide IS awareness training and education for all employees, identify IS related risks and recommend countermeasures, and continuously monitor and protect the organization against IS threats. They support business continuity activities as well.
The issues
It is evident from the preceding section that, both ISDs and ITDs have information security related responsibilities. However, some level of animosity is eminent when undertaking their respective responsibilities. This sometimes feeds into the corporate politics of the organization and degenerates into something else. This animosity arises for various reasons; including the under listed.
In situations where the IS team are persons who migrated from the ITD, it becomes difficult for their former team members to easily corporate with them, especially when it comes to enforcing IS policies and standards. The IT team sometimes see their former colleagues as becoming “powerful” within the organization, hence some level of animosity sets in. I have witnessed a situation where the Head of ITD was very adamant to cooperate with his/her former subordinate(s) who had migrated to the ISD. His/her case was more of a superiority complex.
Also, in situations where the IT team shows some consistent level of non-cooperation with the IS team, the IS team also tends to develop some level of animosity towards them. This generally leads to squabbles and pettiness among them.
Some members of the IS team seem to abuse or become too bossy in dealing with the IT team, which easily degenerates into animosity, as not everyone is capable of accommodating such attitudes.
There is sometimes a lack of good human relation skills on the part of both teams. Some of the team members lack communication, negotiation, decision making, and conflict resolution skills. Mutual respect is also sometimes minimal or non-existent.
In organizations where there are weak IS policies and enforcement regime, individuals in these teams tend to do things their own ways, thereby resulting in conflicts between them.
Finally, lack of understanding is also a key factor. Team members from these two departments sometimes are unable to easily relate or comprehend the issues under discussion: either genuinely or deliberately. They are sometimes unable to compromise their stands on very petty issues.
How to ensure cordial cohabitation
In order to ensure cordial cohabitation of the ISD and the ITD, both team members need to have mutual respects for each other, put away their egos and put the interest of the organization first, acquire and demonstrate good human relation skills and comply with organizational IS/IT policies and standards.
Top Management needs to properly conscientize the two teams to peacefully coexist, train them on human relation skills, institute strong IS policies, and ensure strict enforcement. They should also ensure that violators of IS policies and standards are dealt with, and ensure proper governance of IT and IS.
Conclusion
The role of ISD is to complement the work of ITD, and not to antagonize it. ITD should not see ISD as an obstacle to its business processes; but a value addition. The role of ISD is to ensure that all the responsibilities of ITD are delivered in a secure manner. They need to work in tandem to enhance the productivity and security of the organization.
Both teams need to take cognizance of the fact that, good human relation skills are key to the success of their business functions.
When top management refuses to institute measures to curtail this situation, the organization will be the ultimate loser in this battle.
Author:
The writer is an IT GRC Consultant | PCI-QSA | Trainer @ Digital Jewels Ltd., | Editorial Board Member, Institute of ICT Professionals Ghana)
For comments, contact author [email protected] | Mobile: +233243835912