For those involved in IT security, one of the most frustrating tasks can be attempting to convince the board of the very real business threats posed by IT risk (the combination of an abnormal event or failure of your IT systems and the potential impact upon the business). A major challenge lies in effectively communicating to the board members the fact that IT risk is an organizational issue rather than merely an IT concern.
Good corporate governance depends on the effective management of internal controls and on the availability, confidentiality and integrity of information. Corporate reputation, brand preservation and financial results all depend on the defence of business processes and on compliance with a growing array of legislation and regulation. For companies listed on US exchanges, the Sarbanes-Oxley Act of 2002 (‘SOX’) is of overriding importance and information security has a crucial role to play in achieving compliance.
I imagine that most people would consider the chances of an attacker guessing a privileged account name and password in two or three guesses to be astronomical. Unfortunately, nothing could be further from the truth. Breaking into corporate networks, and thereby corporate information, has never been easier. Why? Firstly, access to systems (usually Windows) at the desktop is universal. Secondly, most people, including IT staff, don’t appear to know how to select adequately secure passwords.
New research from BT and the University of Glamorgan, Edith Cowan University in Australia and Longwood University in the USA has revealed that a significant number of hard disks available on the second-hand market contain sensitive company and personal information.
The International Security Forum (ISF) is highlighting the latest security risks and threats as it runs executive briefings across 13 cities and ten countries around the world during October, November and December.
The recent Information Security Solutions Europe (ISSE) conference in Warsaw saw the announcement of plans to make national identity card services transferable across member states in the European Union by 2010.
Security Management News is published by Exaprotect.
© Exaprotect. All Rights Reserved | Disclaimer | Privacy | Terms of Use
