Organizations Integrating IT Security into Business Agenda

Ernst & Young, a company for professional services company, recently published its tenth annual GISS (Global Information Security Survey), which reveals that companies no longer consider technology as their priority area.

The yearly survey, which interviewed executives from 1,300 different companies, found that almost 32% of organizations' IT security teams never have any meeting with the company board and nearly 33% admitted they do not apprise management on IT security incidents or compliance.

Ernst & Young'S Head of risk services and technology security, Richard Brown, said that the incidents on IT security that have been happening in the United Kingdom highlight how organizations increasingly lack protection of their information assets. ComputerWeekly reported this on December 10, 2007.

Brown said that for the first time, information security has taken so high an importance on the agenda of corporate that it needs to move ahead along with the progress in entrepreneurial activities, not simply the IT plans and policies.

Organizations with IT security wholly integrated into their risk management have almost doubled from 15% to 29% over the past one year. Manager of security risk services and technology, Michael Heaney, said that for many years, companies' focus have been to fulfill business objectives but today, they are also seeking to fulfill information security with a more integrated approach into the general process of their risk management. SDA India reported this.

The research findings also showed that an urgent need is driving 58% of respondents for data and privacy protection compared to 41% in 2006.

There were, however, some encouraging findings as well from the survey. According to it, 82% of respondents reported some degree of integration between information security and risk management in their organizations.

Ernst & Young said that the continuously changing scenario of technology is giving rise to increasing threats. Removable devices like CDs and USB sticks that store huge volumes of organization's data, and mobile devices like smartphones and PDAs are the highest security concerns, according to the company.

Brown said that corporate heads with the guidance of their security team should understand the changing risks in their business and respond with right procedures to minimize them.

Related article: Organizations Experienced 100% Growth in Spam during 2007

» SPAMfighter News - 12/23/2007