| Information security is now too important to | | | | approach to information security, such |
| be left to the IT department. This is because | | | | organizations have become threats to their |
| information security is now a business-level | | | | more responsible brethren. |
| issue: | | | | |
| | | | The extent and value of electronic data are |
| Iformation is the lifeblood of any business | | | | continuing to grow exponentially. The |
| today. Anything that is of value inside the | | | | exposure of businesses and individuals to its |
| organization will be of value to someone | | | | misappropriation or destruction is growing |
| outside it. The board is responsible for | | | | equally quickly. The growth in computer and |
| ensuring that critical information, and the | | | | information related compliance and regulatory |
| technology that houses and process it, are | | | | requirements reflects the threats associated |
| secure. | | | | with digital data. Directories have clear |
| | | | compliance responsibilities that cannot be |
| Legislation and regulation is a governance | | | | met by saying " The head of IT was supposed |
| issue. In the UK, the TurnBull Report clearly | | | | to have dealt with that". |
| identifies the need for boards to control | | | | |
| risk to information and information systems. | | | | Ultimately, consumer confidence in dealing |
| Data protection, privacy, computer misuse and | | | | across the web depends on how secure people |
| other regulations, different in different | | | | belive their personal data to be. Data |
| jurisdictions, are a boardroom issue. Banks | | | | security, for this reason, matters to any |
| and financial sector organizations are | | | | business with any form of web strategy, from |
| subject to the requirements of the Bank of | | | | simple business t consumer or business to |
| International Settlements ( BIS ) and the | | | | business propositions through Enterprise |
| Basle 2 framework, whici includes information | | | | Resource Planning ( ERP ) systems to the use |
| and IT risk. | | | | of extranets and e-mail. It matters, too any |
| | | | organization that depends on computers for |
| As the intellectual capital value of | | | | its day-to-day existence or that may be |
| "information economy" organizations | | | | subject to the provisions of Data Protection |
| increases, their commercial viability and | | | | Act. Even the freedom of Information Act |
| profitability, as well as their share, | | | | which ostensibly applies only to public |
| increasingly depend on the security, | | | | sector organizations, raises confidentiality |
| confidentiality and integrity of their | | | | issue for any business that contracts with |
| information and information assets. | | | | the public sector. |
| | | | |
| Threats and Consequences | | | | Newspapers and business magazines are full of |
| | | | stories about hackers, viruses and online |
| The one area in which businesses of all sizes | | | | fraud. These are just the public tip of the |
| today enjoy a level playing field is in | | | | data insecurity iceberg. Little tends to be |
| information security: all businesses are | | | | heard about businesses that suffer profit |
| subject to the world-class threats, all of | | | | fluctuations through computer failure, or |
| them are potentially betrayed by world-class | | | | businesses that fail to survive a major |
| software vulnerabilities and all of them are | | | | interruption to their data and operating |
| subject to an increasingly comlex set of | | | | systems. Even less is heard about |
| computer and privacy related regulations | | | | organizations whose core operations are |
| around the world. | | | | compromised by the theft or loss of key |
| | | | business data; usually they just disappear |
| While most organizations belive that their | | | | quietly. |
| information systems are safe, the brutal | | | | |
| reality is that they are not. Individual | | | | This article was written by Stefan D. The |
| hardware, software, and vendor driven | | | | owner of Ready Business and Free Games |
| solutions are not information security | | | | |
| systems. Not only is it extremely dangerous | | | | You can republish or (re)print this article |
| for an organization to operate in today's | | | | as long as you keep live the links above. |
| world without a systematic, strategic | | | | |