[ISN] Firms 'must do better' on IT security

From: InfoSec News (isnat_private)
Date: Wed Oct 16 2002 - 23:50:42 PDT

  • Next message: InfoSec News: "[ISN] Security UPDATE, October 16, 2002"

    By Graeme Wearden, ZDNet UK
    17 October 2002
    The British government has urged companies to take IT security more
    seriously, amid concern that almost three-quarters of firms have no
    policy on information security.
    Speaking at an event in London on Tuesday, e-commerce minister Stephen
    Timms said it is unacceptable that just 27 percent of companies have
    an IT security policy, according to a recent official survey. Timms
    believes that many senior company executives are failing to give
    enough attention and resources to this critical issue.
    "If only 27 percent of companies actually have a policy on this issue
    then the challenge of engaging the other 73 percent of company boards
    is a real and important one," said Timms. "This basic failure to set
    objectives and goals fed through into the survey's findings of a host
    of management shortfalls -- under-investment, lack of analysis of
    investment, lack of appropriate personnel policies, security processes
    and technical security," he added.
    Timms was speaking in London at the Information Assurance Advisory
    Council's third annual symposium, where he also explained that the
    government is promoting best practice standards to address the issue.
    The fact that just 27 percent of companies have an IT security policy
    came to light earlier this year with the publication of the
    Information Security Breaches Survey 2002, a survey of UK companies
    conducted by PricewaterhouseCoopers. This figure was actually a 100
    percent increase compared to the previous year, which Timms described
    as evidence that at best the UK has "progressed from the disastrous to
    the bad."
    There is understood to be concern within government circles that the
    growth of e-commerce in Britain is threatened by poor e-security.
    The Information Security Breaches Survey 2002 calculated that hacking
    and virus attacks are costing British companies billions of pounds a
    year, and found that 44 percent of UK businesses suffered at least one
    malicious security breach in 2001.
    Last month, Timms gave his backing to the launch of Part 2 of BS 7799
    -- a new guideline that aims to make businesses better defended
    against risks such as hackers and computer viruses.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 02:33:23 PDT