
Fear leads to spending - though not always the right approach
By Tony Hallett
Published: 15 July 2003 06:21 BST
Despite a realisation across organisations that cyber-security should be a top priority, a large portion of users feel inadequately protected, and humans - rather than technology - continue to be the weakest link.
Many analysts are now recommending security budgets of 3-5 per cent of operational expenditure and organisations are nearing this level in some cases but "lack of budget" is considered a reason for corporate angst.
That's according to Ernst & Young's sixth annual global information security survey, which has also found around a third of organisations rate their ability to tell if their information systems are under attack as 'inadequate' or 'only marginal'.
Jan Babiak, managing partner at Ernst & Young's UK Information Security Practice, told silicon.com: "Organisations shouldn't necessarily be spending more [than 3-5 per cent] but they should be spending it better, spending it on the right things."
Common corporate oversights include little monitoring of partners' business continuity plans, a lack of understanding of insurance policy cover for breach-related damage and insufficient privacy compliance processes put in place.
However, many companies are still focused too much on software-related security. E&Y's Babiak said physical barrier breaking, such as poor building security or keystroke capturing 'dongles' placed between keyboards and PCs, could be at least as dangerous.
Also poor staffing procedures - for example not running background checks while hiring - are a threat.
Babiak added: "Getting people security right is harder. There can often be a vulnerability at a very low level."
E&Y polled senior IT business executives at 1,400 companies around the world.
This would cover Stored Install and deploy databases as required using scripts where necessary Create backup plans Work with the Director of ...
Provide support and cover for other Business Accounting activities. Services are based long-term at a client location, an Accenture Delivery Centre ...
Establishes and maintains security, integrity, and business continuity controls and documents. Designs complex testing scenarios and test cases that ...
CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.
July 10th: Just MASH Marketing: The Customer Reference Mashup
TechNet Webcast: How Microsoft Does IT: Management and Operations in Windows Server...
Mashing it up with Support: Automate, Coordinate and Collaborate with the Incident...
Ensure Virtualization is Meeting Your Needs--Read this New White Paper
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
silicon.com Dear silicon.com: Tech teacher shortage, Kangaroo and phones on planes Reader Comments of the Week
Mike Barrett From CIO to consultant: Project manager or salesman? Hard lessons from the coalface…