Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Top UK companies are failing to develop written security policies

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Top UK companies are failing to develop written security policies
Date: Wed, 8 Sep 2004 07:47:46 -0500 (CDT) 
http://www.microscope.co.uk/articles/article.asp?liArticleID=133113

by Nick Huber 
7 September 2004 

Almost half (47%) of the UK's top 350 companies do not have a fully
documented information security policy, despite the proliferation of
computer viruses and the impact a security breach could have on a
company's share price, according to a survey.

The IT department is left to develop and enforce a security policy in
71% of FTSE 350 companies, according business executives questioned
for the survey.

Simon Owen, partner in the technology assurance practice at
professional services firm Deloitte, said, "The findings are as
alarming as any written security policy. If you fail on security, how
confident can management be that controls are strong throughout the
organisation?

"It could be symptomatic of wider problems throughout the company."

Owen said a written policy on an organisation's information security
should be no longer than 10 pages and avoid jargon. It should cover
internal and external threats and be backed up by training to raise
awareness of security issues among staff, he added.

UK companies with a casual approach to IT security also risk the anger
of shareholders, according to the survey, which was commissioned by IT
services company LogicaCMG, which questioned senior executives at 20%
of the FTSE 350 companies.

A security breach would have an impact on a company's share price,
according to 83% of investors, and 68% said that a company's policy on
IT security would be a significant factor when deciding whether to buy
or sell its shares.

Getting it right

"UK companies have a misplaced conception that increased spend in IT
security will mitigate information violations. Unfortunately,
devolving responsibility of information governance away from the board
room to the IT department will not safeguard information assets.

"Information security governance needs to be embraced throughout the
organisation. The best technology in the world cannot alone prevent
the implications of negligent human behaviour."



_________________________________________
Donate online for the Ron Santo Walk to Cure Diabetes - 
http://www.c4i.org/ethan.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Top UK companies are failing to develop written security policies, InfoSec News <=
Previous by Date:  [ISN] Incheon Airport Vulnerable to Hackers, InfoSec News
Next by Date:  [ISN] REVIEW: "Ethics and Computing", Kevin W. Bowyer, InfoSec News
Previous by Thread:  [ISN] Incheon Airport Vulnerable to Hackers, InfoSec News
Next by Thread:  [ISN] REVIEW: "Ethics and Computing", Kevin W. Bowyer, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]