Forwarded From: Nicholas Charles Brawn <ncb05at_private> NOVELL: Poor information management threatens ... 06-11-1998 03:20 NOV 5, 1998, M2 Communications - NOVELL, UK -- Businesses that recognise information as their chief asset and manage and protect it properly will be the winners of the Information Age. Furthermore, failure to protect information appropriately could cost an organisation dearly, claims Novell in a report launched today in the UK entitled: "Electronic Confidence: Doing Business in the 21st Century". The report by Novell, the world's leading network software provider, with Kroll Associates, the corporate risk mitigation consultants, aims to help European business leaders understand the issues of information security inherent in the Information Age, to enable them to capitalise on the opportunities offered by Electronic Business. The report identifies information, rather than raw materials or capital, as the most valuable corporate asset in the modern electronic age. It clearly illustrates that protection of that asset and secure information management are vital challenges facing businesses of all sizes. A challenge only made more critical as businesses connect to the World Wide Web and extend their organisations to the Internet, which remains, largely, an unknown quantity. The report addresses the 'Information Age Paradox'; how can corporations make their most important asset (information) flow freely to all relevant parties, while at the same time protecting its value by ensuring it is correct, contemporary and relevant, and does not fall into the wrong hands? It suggests that its resolution is a methodical, enterprise-wide approach to information security, designed to allow organisations to extract maximum value from their information, and allow it to be traded electronically - without risking its integrity. Andrew Sadler-Smith, managing director, Novell UK comments: "With the growth of Internet-led business opportunities, the need to resolve the security conundrum is of increasing importance to enable organisations to make the most of such technologies - without putting their valuable assets at risk." Report author Dennis Willetts, director of information security at Kroll Associates commented: "Failure to implement even a basic approach to information security could jeopardise an organisation's most important asset, information. At Kroll Associates, we often see the costly consequences that this neglect can produce". Threats to information Several categories of potential threats to information are highlighted. These should be anticipated and evaluated by business managers before a security policy can be reached: external threats; hackers, fraudsters or 'cyber-warriors' who are responsible for electronic 'break-ins' which may result in the stealing or unauthorised manipulation of information internal threats; accidental, malicious or careless acts committed by employees that threaten information acts of god; uncontrollable natural disasters such as fire that can destroy electronic systems others; such as computer viruses and Year 2000 Information security management The report then outlines how to build an enterprise-wide, information security management model based on these potential threats - and stresses the vital importance of assigning board-level responsibility for managing information. "The Boardroom is waking up to the fact that information, rather than raw materials or capital, is now the most valuable corporate asset," comments Dennis Willetts. "An information security management model needs to be created which takes an holistic view of security, assessing and countering threats wherever they arise across the enterprise. This includes staff education, which should be repeated at regular intervals to reinforce the security message." Technology tools can provide a solution to information management issues - for example, by identifying access points and all potential users of a system. However, Andrew Sadler-Smith stresses that without education, such management tools may not be enough: "Sophisticated technology can only be truly effective if staff are trained in its use". A security checklist In the report, Kroll Associates defines the essential points that an organisation should review before it can conduct Electronic Business with confidence: Identify the systems and its boundaries Identify critical information at risk Decide what level of vulnerability is acceptable Choose the control objectives Select the appropriate information security controls Devise a complementary security training and awareness programme Implement under a quality management system Collate evidence of effective implementation Carry out periodic checks Andrew Sadler-Smith concludes: "There are several key issues that all organisations need to address before they can make the most of opportunities afforded by Internet-led technology and achieve Electronic Confidence". About Novell Founded in 1983, Novell (NASDAQ: NOVL) is the world's leading provider of network software. The company offers a wide range of network solutions for distributed network, Internet/intranet and small-business markets, as well as the network computing industry's most comprehensive education and technical support programmes. Information about Novell and its complete range of products and services can be accessed on the World Wide Web at http://www.novell.com. UK Web site is at http://www.novell.com/uk/ About Kroll Associates Since 1972 Kroll associates has been the world's market leader in providing to help clients evaluate risks, realise opportunities and resolve problems. Kroll's staff are specialists in defining investigative assignments, gathering information and providing advice. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:10:18 PDT