|
Information Security Experts To IT Managers: Make Security A High Level Priority Before Accepting Added Responsibilities
Toronto-based security experts are asking IT managers and professionals to help raise user awareness about information security risks and to give management the facts they need to make informed decisions; even if it means relying on outside expertise.
Toronto (PRWEB) October 14, 2004 -- Toronto - based security experts are asking IT managers and professionals to help raise user awareness about information security risks and to give management the facts they need to make informed decisions; even if it means relying on outside expertise.
The facts are that over 70% of executives dont believe they should ever hear about security. The reality is that 87% of customers will hold them accountable." Claudiu Popa, President of Informatica Security added: not only will they hold them accountable, but they will take their business elsewhere and turn other clients away from the company". For public as well as private firms, this represents a significant challenge.
A recent study reports that most businesses simply have insufficient budgets to properly manage security, yet the same percentage report not ever calculating return-on-investment from security. The vast majority of businesses considers security to be an IT responsibility, adding to the departments workload and holding them accountable for breaches.
IT managers and technology professionals have a chance to do something about this. As trusted advisors, IT professionals need to suggest better alternatives than the latest commercial product. They need to recommend industry experts and clearly outline their responsibilities to executives and management. This means educating the boss about the difference between information technology and information security".
Security is a part of doing business. It needs to be integrated within high level business processes before it ever makes its way down to firewalls and sniffers. The protection of business assets needs to be a top priority for management boards because of the ever-increasing risk and liability. How can IT departments be held responsible for security breaches when the value of the information they are expected to protect by default is only known to C-level executives? This is a disconnect that is of particular interest to Claudiu Popa. Companies need to understand that security doesnt just happen. It is a mistake to assume that business assets can be secured equally. Another misconception is that somehow, the level of security in effect will vary according to increasing risk".
Every year, security threats increase by multiple degrees of magnitude" said Popa. This year is somewhat different, and not in a good way. We are seeing a surge in well funded, high level, organized cybercrimes paired with low level blended attacks. The vast majority are now motivated by financial gain. Gone are the days of nerdy, curious, inoffensive hackers."
Users and employees alike are attacked through multiple attack vectors such as spam email, fraudulent web sites, spyware, worms and viruses, social engineering attacks, etc.
Risk management is one area where the company works with IT departments to introduce manageable policies and procedures into the organization. By creating a watertight organization, your systems become impermeable to security threats and your business assets are protected. The resulting return on investment can be calculated based on year-over-year disaster recovery costs and on the value or liability associated with business data. More importantly for IT managers, adopting a flexible risk management methodology enables them to reduce their stress level and return to doing what they do best."
Informaticas message to the IT community comes on the heels of new statistics released in part by Ernst&Young in their annual Global Information Security Survey.
A division of Informatica, Informatica Security Research which recently completed its first Security Landscape Study" is also working on a new model for risk management targeted at the mid-market and up. The flexible new methodology named STORM" (Strategy for Total Organizational Risk Management) is a new approach to the implementation of risk management that is particularly well suited to growing organizations. Compliant with existing approaches such as FRAP, OCTAVE and COBIT, it provides policy-based guidance for a smooth transition to a managed security environment. Best of all, it allows management to understand information security risks and elevates employee awareness. It is currently being beta tested in Toronto.
The STORM Methodology currently serves as the foundation of Informaticas security assessments, providing up to 50% added effectiveness and reduced cost to organizations seeking to identify risks and vulnerabilities.
In addition to helping IT departments introduce risk management and raise corporate security awareness, Informatica offers a full suite of instructor-led courses and workshops for each level of the enterprise. 3 examples include:
1.Risk management and regulatory compliance for managers and executives
2.Best practices for Internet security for employees
3.Information Security Officer policies and procedures; essential training for IT managers
For further information email info@InformaticaSecurity.com or visit www.InformationSecurityCanada.com and www.InformaticaResearch.com/
CO: Informatica Corporation -- Information Security and Risk Management
ST: Ontario
IN: HTS
SU:
# # #
|
