Inadequate security management can result in the wrong priorities being set and investments
not being made in areas that would bring the greatest benefits to a given organisation. This
may lead to the following errors:
• an organisation may invest in expensive security solutions without providing for the basic
organisational regulations required. when not clearly defined, competencies and
responsibilities can still lead to serious security incidents in spite of a high investment.
• an organisation may invest in information security in areas which already have a keen
awareness of information security Other areas that are important to carrying out business
processes and reaching business objectives may be ignored due to a lack of resources or a
lack of interest on the part of the persons in charge. Imbalanced investments may then be
made in some areas while security risks that are particularly significant for the system as a
whole are ignored.
• By unilaterally increasing the protection of individual key security objectives, the overall
protection can even be reduced: The encryption of information
• The inconsistent and uncoordinated use of security products may result in the use of a
great deal of financial and personnel resources.