[ISN] Failing security threatens FTSE100 firms

From: InfoSec News (isnat_private)
Date: Fri Sep 05 2003 - 00:06:11 PDT

  • Next message: InfoSec News: "[ISN] Congress considers cybersecurity legislation"

    Will Sturgeon
    4 September 2003 
    Shareholders in some of the UK's most prestigious companies may be 
    horrified to hear that only 16 per cent of FTSE100 firms employ a 
    properly qualified, dedicated security specialist to safeguard their 
    systems from cyber attack. 
    These findings have caused one IT training organisation to hit out at 
    what it calls "boardroom apathy" regarding the issue of security, with 
    too many CEOs adopting an 'it couldn't happen to us' attitude. 
    Despite a recent spate of high-profile virus attacks, and the constant 
    threat posed by hackers, companies still appear to be leaving a lot to 
    chance - a stance which Robert Chapman, co-founder of The Training 
    Camp, who conducted the survey, says displays a worrying level of 
    Chapman told silicon.com: "It's really worrying and it should 
    certainly be worrying for these companies and those who are investing 
    in them. You would never hear about a large company which doesn't have 
    a designated legal specialist or accountant, but security is something 
    which companies don't seem to take as seriously as other issues." 
    Chapman also expressed concern about the limited take-up of the 'gold 
    standard' security qualification - the Certified Information Systems 
    Security Professional, or CISSP - within FTSE100 companies. 
    "I don't know if this is just a case of UK plc lagging behind again, 
    but in the US the position of chief security officer is now far more 
    common than in the UK and CISSP qualifications are also more common." 
    "It is stunning that a large number of FTSE100 companies donít employ 
    a dedicated professional with the right background and top-level 
    accredited certification," he added. 
    Chapman warned that it will probably take a "fall guy" - such as a big 
    bank or insurance company - to be hit by a major breach before UK 
    companies "sit up and take notice". 
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Sep 05 2003 - 03:12:45 PDT