World Video | Defence | Foreign Affairs | Natural Events | Trade | NZ in World News | NZ National News Video | NZ Regional News | Search

 


Regulation most important driver of info security

8 November 2005
Media Release

Regulatory compliance surpasses worms and viruses as most important driver of information security

Yet organisations are missing the rare investment opportunities that compliance offers to promote information security as an integral part of their business, according to Ernst & Young’s 8th annual Global Information Security Survey


Compliance with regulations has taken the lead as the primary driver of information security, for the first time surpassing worms and viruses, according to a survey released by leading professional services provider Ernst & Young.

The sheer number of regulations and the consequences of not complying with them has escalated information security to the boardroom. Nearly two-thirds of survey respondents – representing 1,300 global companies, government and non-profit agencies in 55 nations – cited compliance with regulations such as Sarbanes-Oxley, the EU’s 8th Directive or their equivalent as the primary driver of information security.

However, organisations are missing the rare investment opportunities that compliance offers to promote information security as an integral part of their business.

“Compliance is proving to be more of a distraction than a catalyst for information security becoming strategically aligned within organisations,” says Susan Steedman, Ernst & Young New Zealand’s Director of Enterprise Risk and Improvement Services.

“One might assume that with the attention information security is receiving due to regulatory compliance, organisations’information security postures are improving and information security as a function is becoming more integral to their strategic initiatives. Unfortunately, this is not happening on a consistent basis. The gap continues to widen between the growing risks brought on by rapid changes in the global business environment and what information security is doing to address those risks. This pattern is consistent across organisations, regardless of size or location.”


Business demands pushing the adoption of emerging technologies

The Ernst & Young survey found that business demands and the declining cost of wireless connectivity are driving the rapid widespread adoption of mobile technology. But with these devices leaving the safety of the corporate control environment, the information assets and intellectual property they carry are increasingly becoming the responsibility of individuals to protect—a responsibility that many organisations have not yet fully accepted nor anticipated.

“Less than half of organisations make provision for general users of information to be trained or made aware of the impact of information security issues with these technologies, and fewer still receive training on responding to security incidents,” Ms Steedman noted.

Other rapidly developing technologies such as voice-over IP telephony, open source, and server virtualization, which hold the potential of increasing organisations’ competitive advantage are reported to be a significant security concern among fewer than 20% of organisations, despite the serious threats they bring with them. Organisations consider emerging technologies in general to be a growing security concern in the next 12 months. However, over a quarter of them have no plans to take action to address the concern during that time period or beyond.

Third party risk remains an issue

Outsourcing remains an information security threat as many organisations are still not paying adequate attention to vendor risk management—the process of assessing and mitigating risks, including due diligence and regular reviews of practices and procedures supporting vendors’ products and services. The survey reveals that one-fifth of respondents do not address the issue of vendor risk management at all, and one-third report they have only informal procedures in place to do so.

“It is no longer enough for organisations to consider just their own information security issues and threats,” Ms Steedman said. “As the world becomes increasingly smaller, and with more and more information flowing between companies, all organisations need to consider the security of their business partners, outsourcing arrangements, suppliers and customers. Otherwise, the value created by these arrangements can quickly diminish or disappear due to perceived or real security, privacy, or identity breaches. Organisations should also consider demonstrating their own commitment to good information security by applying recognized standards or becoming certified.”

Organizational alignment and execution

Although awareness about information security has risen as a critical issue among boards and executive management, they continue to focus information security activities on operational and tactical issues at the expense of addressing strategic concerns.

“With proper organisational alignment and execution, information security can make significant contributions to the organization’s strategic initiatives and overall risk management,” says Ms Steedman.

“Organisations which employ information security in this way continuously involve business, IT, and information security leaders in identifying specific areas where information security can contribute to strategic initiatives, such as mergers and acquisitions and outsourcing of business operations. They apply recognised information security standards, leading practices and the appropriate resources.”

ENDS

Notes to Editors:
1. An electronic copy of 2005 Ernst & Young Global Information Security Survey is available at http://www.ey.com/globalsecuritysurvey

About Ernst & Young
Ernst & Young, a global leader in professional services, is committed to restoring the public’s trust in professional services firms and in the quality of financial reporting. Its 106,000 people in 140 countries pursue the highest levels of integrity, quality, and professionalism in providing a range of sophisticated services centered on our core competencies of auditing, accounting, tax, and transactions. Further information about Ernst & Young and its approach to a variety of business issues can be found at www.ey.com/perspectives. Ernst & Young refers to all the members of the global Ernst & Young organization.
This press release has been issued by EYGM Limited, a member of the global Ernst & Young organization


http://www.ey.com/nz

© Scoop Media

 
 
 
 
 
World Headlines

 

Preliminary Results: MH17 Investigation Report

The Joint Investigation Team (JIT) is convinced of having obtained irrefutable evidence to establish that on 17 July 2014, flight MH-17 was shot down by a BUK missile from the 9M38-series. According to the JIT there is also evidence identifying the launch location that involves an agricultural field near Pervomaiskyi which, at the time, was controlled by pro-Russian fighters. More>>

ALSO:

At The UN: Paris Climate Agreement Moves Closer To Entry Into Force

The Paris Agreement on climate change moved closer toward entering into force in 2016 as 31 more countries joined the agreement today at a special event hosted by United Nations Secretary-General Ban Ki-moon. More>>

ALSO:

ALSO:

Gordon Campbell: On The End Game In Spain (And Other World News)

The coverage of international news seems almost entirely dependent on a random selection of whatever some overseas news agency happens to be carrying overnight... Here are a few interesting international stories that have largely flown beneath the radar this past week. More>>

Amnesty/Human Rights Watch: Appalling Abuse, Neglect Of Refugees On Nauru

Refugees and asylum seekers on Nauru, most of whom have been held there for three years, routinely face neglect by health workers and other service providers who have been hired by the Australian government, as well as frequent unpunished assaults by local Nauruans. More>>

ALSO:

Other Australian Detention

Gordon Campbell: On The Censorship Havoc In South Africa’s State Broadcaster

Demands have included an order to staff that there should be no further negative news about the country’s President Jacob Zuma, and SABC camera operators responsible for choosing camera angles that have allegedly made the President ‘look shorter’ were to be retrained... More>>

ALSO:

Gordon Campbell: On A Bad Week For Malcolm Turnbull, And The Queen

Malcolm Turnbull’s immediate goal – mere survival – is still within his grasp... In every other respect though, this election has been a total disaster for the Liberals. More>>

ALSO:

Get More From Scoop

 
 
 
 
 
World
Search Scoop  
 
 
Powered by Vodafone
NZ independent news