| Information security is now too important to be left to | | | | responsible brethren. |
| the IT department. This is because information security | | | | The extent and value of electronic data are continuing |
| is now a business-level issue: | | | | to grow exponentially. The exposure of businesses |
| Iformation is the lifeblood of any business today. | | | | and individuals to its misappropriation or destruction is |
| Anything that is of value inside the organization will be | | | | growing equally quickly. The growth in computer and |
| of value to someone outside it. The board is | | | | information related compliance and regulatory |
| responsible for ensuring that critical information, and the | | | | requirements reflects the threats associated with digital |
| technology that houses and process it, are secure. | | | | data. Directories have clear compliance responsibilities |
| Legislation and regulation is a governance issue. In the | | | | that cannot be met by saying " The head of IT was |
| UK, the TurnBull Report clearly identifies the need for | | | | supposed to have dealt with that". |
| boards to control risk to information and information | | | | Ultimately, consumer confidence in dealing across the |
| systems. Data protection, privacy, computer misuse | | | | web depends on how secure people belive their |
| and other regulations, different in different jurisdictions, | | | | personal data to be. Data security, for this reason, |
| are a boardroom issue. Banks and financial sector | | | | matters to any business with any form of web |
| organizations are subject to the requirements of the | | | | strategy, from simple business t consumer or business |
| Bank of International Settlements ( BIS ) and the Basle | | | | to business propositions through Enterprise Resource |
| 2 framework, whici includes information and IT risk. | | | | Planning ( ERP ) systems to the use of extranets and |
| As the intellectual capital value of "information | | | | e-mail. It matters, too any organization that depends on |
| economy" organizations increases, their commercial | | | | computers for its day-to-day existence or that may |
| viability and profitability, as well as their share, | | | | be subject to the provisions of Data Protection Act. |
| increasingly depend on the security, confidentiality and | | | | Even the freedom of Information Act which ostensibly |
| integrity of their information and information assets. | | | | applies only to public sector organizations, raises |
| Threats and Consequences | | | | confidentiality issue for any business that contracts |
| The one area in which businesses of all sizes today | | | | with the public sector. |
| enjoy a level playing field is in information security: all | | | | Newspapers and business magazines are full of |
| businesses are subject to the world-class threats, all of | | | | stories about hackers, viruses and online fraud. These |
| them are potentially betrayed by world-class software | | | | are just the public tip of the data insecurity iceberg. |
| vulnerabilities and all of them are subject to an | | | | Little tends to be heard about businesses that suffer |
| increasingly comlex set of computer and privacy | | | | profit fluctuations through computer failure, or |
| related regulations around the world. | | | | businesses that fail to survive a major interruption to |
| While most organizations belive that their information | | | | their data and operating systems. Even less is heard |
| systems are safe, the brutal reality is that they are not. | | | | about organizations whose core operations are |
| Individual hardware, software, and vendor driven | | | | compromised by the theft or loss of key business |
| solutions are not information security systems. Not only | | | | data; usually they just disappear quietly. |
| is it extremely dangerous for an organization to | | | | This article was written by Stefan D. The owner of |
| operate in today's world without a systematic, | | | | Ready Business and Free Games |
| strategic approach to information security, such | | | | You can republish or (re)print this article as long as you |
| organizations have become threats to their more | | | | keep live the links above. |