[ISN] The new byword in infosecurity: Don't embarrass the boss

From: InfoSec News (alerts@private)
Date: Tue Apr 22 2008 - 01:49:04 PDT


http://www.news.com/8301-10787_3-9924786-60.html

By Charles Cooper
Coop's Corner
News.com
April 21, 2008

Information security may be improving but embarrassing incidents 
involving data loss or identity theft at the Veterans' Administration 
and at TJX Companies, the operator of T.J. Maxx and Marshalls retail 
chains, suggest that the battle is a long way from victory.

Indeed, three-fourths of the information security professionals around 
the world surveyed by Frost & Sullivan say they now consider avoiding 
reputation damage to their organizations as a top priority.

That fits with the times. Increasingly, companies are elevating the 
prevention of high-profile data security breaches to the level of a 
strategic goal, if not competitive weapon.

Here's where things are getting interesting. That new sensitivity to 
data loss has invited more high-level scrutiny from the business side 
into how IT maps out its cyberdefenses. In fact, the percentage of 
information security personnel reporting to executive management or 
boards of director has climbed to 49 percent from 21 percent just four 
years ago.

"Information security professionals are under increasing pressure to 
secure not just the perimeter of the organization but all the data and 
employees that belong to the organization," according to the report, 
which was conducted at the behest of the International Information 
Systems Security Certification Consortium.

"We're seeing a shift toward a more information-centric approach...where 
will need to take security consciousness beyond IT to every person in 
the organization," said Howard Schmidt, the president of R&H Security 
Consulting. "Time is clearly of the essence and we have to rethink our 
approach to security,"

The survey included responses from 7,548 information security experts in 
various geographies. Among its other conclusions:

51 percent of respondents say that internal employees pose the biggest 
security threat.

75 percent of respondents see viruses and Internet work attacks as top 
or high threats. Next in line as a security concern came hackers and 
employees.

Cyberterrorism remains more of a concern for government than for people 
working in other sectors.

The most concern voiced about all security threats came from the 
banking/insurance/finance sector.

The report also suggested a good news-bad news paradox: Even as the 
economy slows, security concerns should contribute to strong demand for 
products and services that help IT prevent data breaches. The report 
also said that regulatory compliance will also factor into the equation, 
feeding demand for more information security professionals.


_______________________________________________      
Subscribe to the InfoSec News RSS Feed
http://www.infosecnews.org/isn.rss



This archive was generated by hypermail 2.1.3 : Tue Apr 22 2008 - 01:59:41 PDT