<$BlogRSDUrl$>
 

This page is powered by Blogger. Isn't yours?

 Feedblitz email:
 RSS: http://linkingintegrity.blogspot.com/atom.xml

 

linking INTEGRITY

Integrity - use of values or principles to guide action in the situation at hand.

Below are links and discussion related to the values of freedom, hope, trust, privacy, responsibility, safety, and well-being, within business and government situations arising in the areas of security, privacy, technology, corporate governance, sustainability, and CSR.

Concern over Compliance, Instant Messaging and Internal Attacks Spurring Changes, 29.8.05

Business Wire

Regulatory compliance, internal attacks, and the vulnerability of electronic communications - especially instant messaging and e-mail - are among the key factors reshaping data security systems, according to the U.S. results of the 8th annual Global Information Security Survey by InformationWeek Magazine and Accenture.

At the same time, the U.S. Information Security Survey uncovered indications that companies and organizations are failing to provide rigorous protection of customer and client data. The survey, which was conducted over the Web this summer, received responses from more than 2,500 U.S. information technology and security professionals.

Highlights:

  • Compliance is reshaping corporate security practices.
  • Security attacks are becoming increasingly more sophisticated, yet basic passwords continue to be the most common line of defense.
  • Security breaches are increasingly coming from within, forcing companies to keep tabs on their employees.
  • Vulnerabilities in operating systems and applications - including the use of instant messaging - continue to be common points of entry.
  • Concern continues to grow over privacy and identity theft, yet organizations are failing to provide rigorous protection of customer data.

    "Companies are taking a more structured approach to information security and making it more of a priority," said Alastair MacWillson, partner in charge of Accenture's security practice. "Many companies are beginning to see the benefits in leveraging new technologies to proactively assess and manage threats and vulnerabilities, and are consolidating, integrating and securing applications to improve integrity and productivity."

    Regulatory Impact

    This pyramid features NICNAS's hierarchal enforcement strategy, starting with a persuasive approach, which employs no sanctions, and gradually progressing to more severe sanctions. http://www.nicnas.gov.au/about - National Industrial Chemicals Notification and Assessment Scheme There are indications that compliance requirements like Sarbanes-Oxley, HIPAA, the U.S. Home Security Act and the U.S. Patriot Act are reshaping corporate security practices. According to the survey:

  • 60 percent view regulatory compliance as more of a governance issue than a technology problem.
  • Over half of the survey respondents report that government regulations have pressured their company to adopt a more structured approach to information security.
  • About two in five say the threat of government penalties has made achieving regulatory compliance an information security priority.
  • While only a third say achieving compliance is a main catalyst of security-related purchases, over half say it has made their company more cautious about their use of security hardware, applications and services.

    Threat Perception and Attacks

    Security attacks are constantly evolving, making it difficult for companies to stay one step ahead. For example:

  • Malicious intent is a concern for 45 percent of respondents. Yet few tie their firm's vulnerability to the lack of a well-defined information security strategy or managerial involvement in security practices and policies.
  • One third of respondents blame budget constraints for their firm's susceptibility to security breaches.
  • Significant damages attributed to actual attacks - financial losses, security incursions and identity theft - are uncommon.
  • Planted spyware code, however, has caused slowdowns in network performance and employee productivity in three quarters of the companies.
  • Viruses affected two-thirds of surveyed sites last year.
  • E-mail is proving to be the launching point of assaults, with falsified information in an e-mail attachment reported as the primary method of attack at 35 percent of surveyed sites.
  • Minor financial losses were confirmed at one in five sites.

    Security Tactics

    As a result of the vulnerabilities with instant messaging and E-mail, electronic communication has become a major focus of employee monitoring with attachments and content of outbound messages carefully scrutinized. Basic-user passwords still remain the most prevalent method used by companies to protect themselves against security breaches. Informing employees of privacy or behavior standards, posting privacy policies online and using secure Web transactions are the steps taken to safeguard the privacy of customer data. In addition, the survey reveals that:

  • Only a quarter of respondents report no monitoring of workers.
  • The monitoring of instant messaging has jumped from 25 percent to 34 percent since last year's survey.
  • Only 15 percent of sites have created the position of chief privacy officer and less than 30 percent have conducted privacy policy audits to ensure there are adequate guidelines. In fact, practices concerning the security of customer data are categorized as only fairly rigorous at half of the sites.

    Security Costs

    A majority of U.S. companies spend below $500,000 on security expenses, with half anticipating increased spending in 2005 over the previous year, and only 3 percent expecting spending to decline. Performance and return on investment count the most when purchasing security products.

    "Despite the fact that information security professionals are adopting many state-of-the-art security practices, certain lapses still exist that can result in serious financial losses for corporations or a violation of customer trust," said Rusty Weston editor, InformationWeek Research. "Security professionals lack the ability to control every point of entry, but worse, they have too much faith in technology that claims to automate network defenses."


    • __posted by Carolyn L Burke @ 8:50 a.m.
    subscribe to Integrity

    Comments

    Post a Comment

     

    Google

    Integrity Incorporated

    Site Feed

     Feedblitz email:


     RSS: http://linkingintegrity.blogspot.com/atom.xml

    "We shall need compromises in the days ahead, to be sure. But these will be, or should be, compromises of issues, not principles. We can compromise our political positions, but not ourselves. We can resolve the clash of interests without conceding our ideals. And even the necessity for the right kind of compromise does not eliminate the need for those idealists and reformers who keep our compromises moving ahead, who prevent all political situations from meeting the description supplied by Shaw: "smirched with compromise, rotted with opportunism, mildewed by expedience, stretched out of shape with wirepulling and putrefied with permeation.
    Compromise need not mean cowardice. .."

    John Fitzgerald Kennedy, "Profiles in Courage"

    Archives

    07.03   08.03   09.03   10.03   11.03   12.03   01.04   02.04   03.04   04.04   05.04   06.04   07.04   08.04   09.04   10.04   11.04   12.04   01.05   02.05   03.05   04.05   05.05   06.05   07.05   08.05   09.05   10.05   11.05   12.05   01.06   02.06   03.06   04.06   05.06   06.06   08.06   09.06   10.06   11.06   01.07   02.07   03.07   04.07   07.07   08.07   09.07   10.07   05.08   06.08