| Information security is now too | | | | organizations have become threats to |
| important to be left to the IT | | | | their more responsible brethren. |
| department. This is because information | | | | The extent and value of electronic data |
| security is now a business-level issue: | | | | are continuing to grow exponentially. |
| Iformation is the lifeblood of any | | | | The exposure of businesses and |
| business today. Anything that is of | | | | individuals to its misappropriation or |
| value inside the organization will be of | | | | destruction is growing equally quickly. |
| value to someone outside it. The board | | | | The growth in computer and information |
| is responsible for ensuring that | | | | related compliance and regulatory |
| critical information, and the technology | | | | requirements reflects the threats |
| that houses and process it, are secure. | | | | associated with digital data. |
| Legislation and regulation is a | | | | Directories have clear compliance |
| governance issue. In the UK, the | | | | responsibilities that cannot be met by |
| TurnBull Report clearly identifies the | | | | saying " The head of IT was supposed to |
| need for boards to control risk to | | | | have dealt with that". |
| information and information systems. | | | | Ultimately, consumer confidence in |
| Data protection, privacy, computer | | | | dealing across the web depends on how |
| misuse and other regulations, different | | | | secure people belive their personal data |
| in different jurisdictions, are a | | | | to be. Data security, for this reason, |
| boardroom issue. Banks and financial | | | | matters to any business with any form of |
| sector organizations are subject to the | | | | web strategy, from simple business t |
| requirements of the Bank of | | | | consumer or business to business |
| International Settlements ( BIS ) and | | | | propositions through Enterprise Resource |
| the Basle 2 framework, whici includes | | | | Planning ( ERP ) systems to the use of |
| information and IT risk. | | | | extranets and e-mail. It matters, too |
| As the intellectual capital value of | | | | any organization that depends on |
| "information economy" organizations | | | | computers for its day-to-day existence |
| increases, their commercial viability | | | | or that may be subject to the provisions |
| and profitability, as well as their | | | | of Data Protection Act. Even the freedom |
| share, increasingly depend on the | | | | of Information Act which ostensibly |
| security, confidentiality and integrity | | | | applies only to public sector |
| of their information and information | | | | organizations, raises confidentiality |
| assets. | | | | issue for any business that contracts |
| Threats and Consequences | | | | with the public sector. |
| The one area in which businesses of all | | | | Newspapers and business magazines are |
| sizes today enjoy a level playing field | | | | full of stories about hackers, viruses |
| is in information security: all | | | | and online fraud. These are just the |
| businesses are subject to the | | | | public tip of the data insecurity |
| world-class threats, all of them are | | | | iceberg. Little tends to be heard about |
| potentially betrayed by world-class | | | | businesses that suffer profit |
| software vulnerabilities and all of them | | | | fluctuations through computer failure, |
| are subject to an increasingly comlex | | | | or businesses that fail to survive a |
| set of computer and privacy related | | | | major interruption to their data and |
| regulations around the world. | | | | operating systems. Even less is heard |
| While most organizations belive that | | | | about organizations whose core |
| their information systems are safe, the | | | | operations are compromised by the theft |
| brutal reality is that they are not. | | | | or loss of key business data; usually |
| Individual hardware, software, and | | | | they just disappear quietly. |
| vendor driven solutions are not | | | | This article was written by Stefan D. |
| information security systems. Not only | | | | The owner of Ready Business and Free |
| is it extremely dangerous for an | | | | Games |
| organization to operate in today's world | | | | You can republish or (re)print this |
| without a systematic, strategic approach | | | | article as long as you keep live the |
| to information security, such | | | | links above. |