[ISN] Almost half ISO 27001 'compliant' firms break basic security requirements

From: InfoSec News <alerts_at_private>
Date: Fri, 23 Oct 2009 02:13:54 -0500 (CDT)
http://www.computerworlduk.com/management/security/data-control/news/index.cfm?newsid=17211

By Leo King
Computerworld UK
October 22, 2009

Almost half of businesses that claim compliance with ISO 27001 are 
sharing privileged user accounts and breaking other standard guidance, 
according to a survey of IT managers.

Some 47 percent of firms in the UK said they were compliant with the 
standard. But forty-one percent of these said that they were using 
various non-compliant practices.

Bad practice by privileged users is putting European data at "high 
risk", according to the 'Privileged user management - it's time to take 
control' report. These practices included use of default user names and 
passwords, the granting of wider access than is necessary, failure to 
monitor the users, and an ignorance around the existence of privileged 
users in the first place.

Two hundred and seventy European IT managers, including 45 in the UK, 
were interviewed for the survey that was conducted by Quocirca.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Fri Oct 23 2009 - 00:13:54 PDT

This archive was generated by hypermail 2.2.0 : Fri Oct 23 2009 - 00:48:06 PDT