[ISN] Failing security threatens FTSE100 firms

From: InfoSec News (isnat_private)
Date: Fri Sep 05 2003 - 00:06:11 PDT

Next message: InfoSec News: "[ISN] Congress considers cybersecurity legislation"

Previous message: InfoSec News: "[ISN] Security means keeping the system up"
Next in thread: InfoSec News: "Re: [ISN] Failing security threatens FTSE100 firms"
Reply: InfoSec News: "Re: [ISN] Failing security threatens FTSE100 firms"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://silicon.com/news/500013/1/5876.html

Will Sturgeon
4 September 2003 

Shareholders in some of the UK's most prestigious companies may be 
horrified to hear that only 16 per cent of FTSE100 firms employ a 
properly qualified, dedicated security specialist to safeguard their 
systems from cyber attack. 

These findings have caused one IT training organisation to hit out at 
what it calls "boardroom apathy" regarding the issue of security, with 
too many CEOs adopting an 'it couldn't happen to us' attitude. 

Despite a recent spate of high-profile virus attacks, and the constant 
threat posed by hackers, companies still appear to be leaving a lot to 
chance - a stance which Robert Chapman, co-founder of The Training 
Camp, who conducted the survey, says displays a worrying level of 
"ignorance". 

Chapman told silicon.com: "It's really worrying and it should 
certainly be worrying for these companies and those who are investing 
in them. You would never hear about a large company which doesn't have 
a designated legal specialist or accountant, but security is something 
which companies don't seem to take as seriously as other issues." 

Chapman also expressed concern about the limited take-up of the 'gold 
standard' security qualification - the Certified Information Systems 
Security Professional, or CISSP - within FTSE100 companies. 

"I don't know if this is just a case of UK plc lagging behind again, 
but in the US the position of chief security officer is now far more 
common than in the UK and CISSP qualifications are also more common." 

"It is stunning that a large number of FTSE100 companies don’t employ 
a dedicated professional with the right background and top-level 
accredited certification," he added. 

Chapman warned that it will probably take a "fall guy" - such as a big 
bank or insurance company - to be hit by a major breach before UK 
companies "sit up and take notice". 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Congress considers cybersecurity legislation"
Previous message: InfoSec News: "[ISN] Security means keeping the system up"
Next in thread: InfoSec News: "Re: [ISN] Failing security threatens FTSE100 firms"
Reply: InfoSec News: "Re: [ISN] Failing security threatens FTSE100 firms"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 05 2003 - 03:12:45 PDT