Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
26 December 2005  
Untitled Document
Sections

Best Defence
Technology Life
Columns

Between The Bytes

Specials

HMA Bankbiz
UPS Batteries

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Network Magazine India
Express Hospitality
Express TravelWorld
feBusiness Traveller
Express Pharma
Exp. Healthcare Mgmt.
Express Textile
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Best Defence - Article

Security around the world

Security around the world

For the first time compliance with regulations has surpassed worms and viruses to take the lead with regard to information security, according to a survey conducted by Ernst & Young. Terry Thomas offers choice excerpts from the survey report.



"With the world becoming smaller and growing
information flow between
companies, all organisations need to consider the security of their business partners, outsourcing arrangements, suppliers and customers "

- Terry Thomas

The sheer number of regulations and the failure to comply with them has escalated information security to the boardroom. Nearly two-thirds of survey respondents, cited compliance with regulations such as Sarbanes-Oxley, the Clause 49 or their equivalent as the primary driver of information security.

However, organisations are missing rare investment opportunities that compliance offers to promote information security as an integral part of their business. “Compliance is proving to be more of a distraction than a catalyst for information security to become strategically aligned within organisations,” says Edwin Bennett, Global Director of Ernst & Young’s Technology and Security Risk Services.

He adds that one may assume that with the attention information security is receiving due to regulatory compliance, (organisations’) information security postures are improving and information security as a function is becoming integral to their strategic initiatives. Unfortunately, this is not happening on a consistent basis. The gap continues to widen between the growing risks on the one hand and what information security is doing to address those risks on the other. The pattern is consistent across organisations, regardless of size or location.

The gap continues to widen

The Security Survey was conducted across a global landscape in which organisations find themselves vulnerable to growing risks, brought on by rapid changes in the business environment and requirements to stay competitive. These changes are expected to increase in the coming years. Yet the survey indicates that when it comes to information security—a critical part of an organisation’s ability to manage risk—they are not doing enough to keep up with the changes. The gap continues to widen between growing risks and what information security teams are doing to tackle them. Many of our survey respondents are becoming aware of the gap and it has become imperative for them to take action.

Based on the analysis of their responses, we arrived at findings that focus on four areas where the gap is evident. They are

Growing global interdependency

With more information flowing between companies all organisations whether global or not need to consider their business partners, outsourcing arrangements, suppliers and customers. Each group needs to be confident with others’ information security. However, many organisations are not taking the required measures.

About the survey

The survey was conducted among executives in leading global companies and governmental and non-profit agencies. More than 1,300 organisations in 55 countries from around the world participated. Out of these, 50 companies were from India. It was developed with the help of information security clients from organisations worldwide.

A questionnaire was distributed to designated Ernst & Young professionals in each country practicing within the company’s network, along with a protocol sheet to minimise possible interviewer bias. Most survey results were gathered in face-to-face interviews. When that was not possible, the questionnaire was delivered electronically. The primary respondents were chief information officers and chief information security officers.

Outsourcing remains an information security threat as many organisations are not paying adequate attention to vendor risk management—the process of assessing and mitigating risks, including diligence and reviews of practices and procedures supporting vendors’ products and services. The survey reveals that one-fifth of respondents do not address the issue of vendor risk management at all, and one-third report they have only informal procedures in place to do so.

It is no longer enough for organisations to consider just their information security issues and threats. With the world becoming smaller and growing information flow between companies, all organisations need to consider the security of their business partners, outsourcing arrangements, suppliers and customers. Otherwise, the value created by these arrangements can quickly diminish or disappear due to perceived or real security, privacy, or identity breaches. Organisations should consider demonstrating their commitment to good information security practices by applying recognised standards or getting certified.

About Ernst & Young

Ernst & Young, a global leader in professional services, is committed to restoring the public’s trust in professional services’ firms and in the quality of financial reporting. With extensive business knowledge and industry expertise, they help companies in businesses across all industries —from emerging and growing companies to global powerhouses—in identifying and dealing with many issues, ensuring growth, improving financial performance and managing risk.

The firm’s 103,000 people in more than 140 countries around the globe pursue the highest levels of integrity, quality and professionalism, to provide clients with solutions based on financial, transactional, and risk-management knowledge, in its core services of Assurance, Tax and Transaction Advisory. It has received the Most Admired Knowledge Enterprise (MAKE) Award for five consecutive years.

In India, Ernst & Young (www.ey.com/india) operates from seven cities with a work force of over 1,500 people who work towards its vision of being the trusted business advisor which contributes to the success of people and clients by creating value and confidence.
Ernst & Young refers to all the members of the global Ernst & Young organisation.

Technologies buoyed by business demand

The analysis found that business demands and the declining cost of wireless connectivity are driving the widespread adoption of mobile technology. But with these devices leaving the safety of the controlled corporate environment, individuals are increasingly becoming responsible for protecting information assets and intellectual property on these devices—a responsibility that many organisations have not yet fully accepted or anticipated. Less than half of organisations make provision for general users of information to be trained or made aware of the impact of information security issues with these technologies, and fewer receive training on responding to security incidents.

Other rapidly developing technologies such as voice-over IP telephony, open source, and server virtualisation, which hold the potential for increasing organisations’ competitive edge, are reported to be a significant security concern among less than 20 percent of organisations, despite the serious threats they bring with them. Organisations consider emerging technologies in general to be a growing security concern in the next 12 months. However, over a quarter of them have no plans to address the concern during that time period or beyond.

Alignment and delivery

Opportunities exist for information security to make significant contributions to organisations’ strategic initiatives through proper organisational alignment and delivery. Yet most organisations continue to concentrate their information security activities on operational and tactical issues. It can mean the difference between thriving and surviving.

With proper organisational alignment and execution, information security can make significant contribution to an organisation’s strategic initiatives and overall risk management. Organisations which employ information security in this way continuously involve business, IT, and information security leaders in identifying specific areas where they can contribute to strategic initiatives, such as mergers and acquisitions and outsourcing of business operations. They apply recognised information security standards, leading practices and appropriate resources.

An electronic copy of the 2005 Ernst & Young Global Information Security Survey is available at www.ey.com/ globalsecuritysurvey

Terry Thomas is Partner, Ernst & Young. He can be reached at terry.thomas@in.ey.com

 


UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.