Information Security News mailing list archives
Re: Failing security threatens FTSE100 firms
From: InfoSec News <isn () c4i org>
Date: Mon, 8 Sep 2003 00:18:04 -0500 (CDT)
Forwarded from: Mark Bernard <mbernard () nbnet nb ca> Dear Associates, There are two sides to this story. For a long, long time It professionals never put much stock in a piece of paper called a certificate. However, in recent years a few of these certificate vendors have strategically positioned themselves with governments and alike. Justifiable or not an affiliation, (not a formal endorsement), to a known organization will help a company gain enough creditability to make millions of dollars without holding any accountability. The other side of the story is the need to assure senior management that your staff have a defined level of InfoSec competency. Since Universities are only beginning to jump on this it will take two or three years before the certificate landscape changes to degrees. Even now some certification organizations are hustling to have their certification accredited by a public body. The down side is that with all the focus being on certifications that the real and tangible goals are being pushed to the back of the InfoSec bus. Anyone with experience in IT Tech or IT Management can tell you that staff credibility is only one element of a complex solution in achieving asset security and being able to assure it. Speaking of creditability, currently there is no link between national, state and-or provincial InfoSec legislation and the people that perform the work. Unlike lawyers, doctors and even bus drivers there is no requirement for someone practising InfoSec to be licensed. However it wouldn't surprise me if that changes in two or three years. In closing; It would be interesting to see a survey conducted here in North America, that is Canada & the USA not just the USA, to see how many hospitals, banks, insurance companies have certified personal doing InfoSec work. My guess is less than 2%, because the mentality has always been to make do with what you have and that will never change! Regards, Mark. ----- Original Message ----- From: "InfoSec News" <isn () c4i org> To: <isn () attrition org> Sent: Friday, September 05, 2003 4:06 AM Subject: [ISN] Failing security threatens FTSE100 firms
http://silicon.com/news/500013/1/5876.html Will Sturgeon 4 September 2003 Shareholders in some of the UK's most prestigious companies may be horrified to hear that only 16 per cent of FTSE100 firms employ a properly qualified, dedicated security specialist to safeguard their systems from cyber attack. These findings have caused one IT training organisation to hit out at what it calls "boardroom apathy" regarding the issue of security, with too many CEOs adopting an 'it couldn't happen to us' attitude. Despite a recent spate of high-profile virus attacks, and the constant threat posed by hackers, companies still appear to be leaving a lot to chance - a stance which Robert Chapman, co-founder of The Training Camp, who conducted the survey, says displays a worrying level of "ignorance".
- ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Failing security threatens FTSE100 firms InfoSec News (Sep 05)
- <Possible follow-ups>
- Re: Failing security threatens FTSE100 firms InfoSec News (Sep 07)