Welcome to NBlog, the NoticeBored blog

I may meander but I'm exploring, not lost

Feb 11, 2015

Management awareness paper on office information security metrics


The NoticeBored security awareness module from which we've plucked this management-level discussion paper covered information security issues relevant to the typical office or corporate workplace.

In effect, offices are information factories. Office information security controls are essential to keep the factory, its machine tools, operators and production processes running smoothly, efficiently and profitably, and to protect office-based and accessible information assets (paperwork, computer files, and white-collar workers) from all manner of risks.

Office security concerns include:
  • Intruders - burglars, industrial spies and 'lost' visitors wandering loose about the place
  • Fires, floods and accidents 
  • Various logical/IT security incidents affecting the office network and file system, workstations, email and other applications
  • Procedural issues such as workers' and visitors' failure to comply with office information security policies and procedures.
This short awareness paper outlined just a few office security metrics, without delving into details. At the time it was written (2008), we lacked the means to analyze metrics in much detail since the PRAGMATIC approach had not yet been invented. Looking back on it now, the paper is fairly typical of its day, quite naive in approach, leaving the reader to contemplate and perhaps choose between the metrics suggested.