Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Bosses are the weakest link

From: InfoSec News <isn () c4i org>
Date: Wed, 8 Oct 2003 09:49:50 -0500 (CDT)
Forwarded from: William Knowles <wk () c4i org>

http://www.vnunet.com/News/1144146

By Iain Thomson 
[08-10-2003]

Security best practice? I'll phone a friend

Senior managers may recognise the risks of lax IT security, but they
seldom practice what they preach.

A new report to be published today from the Economist Intelligence
Unit has found that, while board members see security as one of the
top issues facing their companies, their knowledge of best practices
is lacking.

Four out of five admitted to opening an email attachment from someone
they did not know, and one in five confessed to using their own name
as the password to access their network.

"There's a serious problem here," said Gareth Lofthouse, senior editor
at the Economist Intelligence Unit.

"If the top brass can't follow basic security procedure, what does
that say about the company's commitment to best security practice?

"It's easy for a company to throw money at a problem, but the real
challenge is instituting a broad corporate culture shift."

The survey found that security was the second most important factor
affecting IT systems, with network availability topping the list.

But, despite increasing security spending, firms reported rising
levels of attacks on corporate systems.

"You really have to get on top of your employee education," said Joe
Dauncey, security consultant at comms vendor AT&T's Technical Centre
of Excellence.

"From a value for money perspective it's more cost effective to sit
down with your staff and say 'Don't do this' rather than spending vast
amounts on security devices that are being subverted by bad practice.

"As a service provider when we're taking over a company's IT systems
we have to do a thorough review of best practice and the network
architecture."

The survey polled 237 companies to determine management's view of
perceived and real security threats now and in the future.



*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: