Tuesday, February 5, 2008

Human Error Tops the List of Security Threats by Diann Daniel (CIO.com)

When it comes to security, human threats score much higher than those posed by technology. So says a new survey by consulting firm Deloitte of more than 100 technology, media and telecommunications companies worldwide. Seventy-five percent of companies listed human error as the leading cause of security failures such as breakdowns and systems outages. Forty-eight percent also cited operations and technology lapses as key causes of security failures. Problems resulting from third parties such as contractors and business partners, meanwhile, received 28 percent of the votes as a root cause of security failures.

Misbehaving employees also figure prominently in IT fears: Ninety-one percent of respondents say the risk of employee misconduct related to information systems worries them.

Another security worry is many line-of-business executives' tendency to see information security as solely IT's problem, Deloitte says. Forty percent of surveyed companies give IT the primary responsibility for information security, and 45 percent say top management is informed about security issues only on an ad hoc basis. And although 62 percent say security is a key imperative at the board or executive level, that number is low, says Deloitte, since security should be top strategic priority for every TMT company.

To mitigate these security threats, Deloitte recommends that security goals be integrated into business strategies and plans. Measuring ROI on security efforts and providing thorough and ongoing security training to all levels of the organization are also key, Deloitte advises. Training can educate employees on how to deal with the latest security threats and can serve as a reminder to stay vigilant. For more lessons on security ROI, see "How GE Uses Six Sigma to Drive Security ROI" and "Your Guide To Good-Enough Compliance."

"The technology, media and entertainment and telecommunications industries are still in a reactive mode when it comes to their approach to security," said Rena Mears, Deloitte's global and U.S. privacy and data protection leader, in a press release. "A prerequisite for effective information security is the implementation of a proactive information security strategy that is closely linked to the company's overall business strategy, business requirements, and key business drivers."

by Diann Daniel


Anonymous said...

Hey! This is kind of off topic but I need some guidance from an established blog.

Is it very difficult to set up your own blog? I'm not very techincal but I can figure things out pretty quick. I'm thinking
about setting up my own but I'm not sure where to start. Do you have any points or suggestions? With thanks

my web site :: baby products

Anonymous said...

It's not my first time to go to see this site, i am visiting this web site dailly and take good facts from here all the time.

Also visit my web-site ... window seat cushions

Anonymous said...

My brother recommended I might like this web site.
He was totally right. This post actually made my day.
You cann't imagine simply how much time I had spent for this information! Thanks!

Feel free to visit my blog - wood cutting boards

Anonymous said...

Pretty! This was a really wonderful post. Thanks for providing this info.

My site - discount dishwashers

Anonymous said...

Thanks for some other informative web site. Where
else may I get that kind of information written in such a
perfect means? I have a undertaking that I am simply now working on, and I've been on the glance out for such information.

Check out my page: 18 inch dishwasher

Anonymous said...

For most recent information you have to visit world-wide-web and on the web I found this web page as a best
web site for most recent updates.

Here is my web blog ... table top dishwasher