to help enterprise security across Europe
The resource centre for busy senior executives seeking the latest insights into IT Compliance & Privacy issues for major organizations
 
sarbaines oxley ofcom communications regulator
Latest Resources      data protection register
compliance resources privacy resource center

Breaking Global News
Global Compliance and Privacy News
- Breaking News, updated every 30 minutes
•   Compliance, Privacy and Security
•  Money Laundering
•  Phishing
•  Regulatory Issues
•  SOX, Basel 2, MiFID


You Tell Us:
S
S
L

T
E
C
H
N
O
L
O
G
Y
We use SSL Technology for web data entry points:

Always
Sometimes
Never
What is SSL?

News
Are Smartphones Endangering Security? - Wick Hill
Dealing with Internet Security Threats - Ian Kilpatrick
How the New EU Rules on Data Export Affect Companies in and Outside the EU - Thomas Helbing
Farmers' Data Leak Highlights Old Technology Use - Wick Hill
Saving Money with SFTP - Wick Hill
UK Information Commissioner targets firm selling vetting data - Eversheds e80
12 Key Steps to Internet Security - Wick Hill
Telephone Monitoring Legality in the UK - Dechert
Firewall or UTM - Wick Hill
UK Information Commissioner demands mobile device encryption - Eversheds e80
Data loss - liability, reputation and mitigation of risk - Eversheds e80
Phorm, Webwise and OIX - BCS Security Forum
The challenges of PCI DSS compliance - Thales, Russell Fewing
"Quality" Data Vendor Spams us! Editor astounded!
National Gateway Security Survey 2008 - Wick Hill
Unified Threat Management - Watchguard Technologies

news archives
:
0 | 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 |
12 | 13
[What is this?]

Industry Blogs
Tim Berners Lee's Blog
Tim Callan's SSL Blog
Davis Wright Tremaine's Privacy & Security Law Blog
Emergent Chaos Blog
Michael Farnum's Blog
Phillip Hallam-Baker's Blog - The dotFuture Manifesto: Internet Crime, Web Services, Philosophy
Stuart King's Security and Risk Management Blog
David Lacey's IT Security Blog
Metasploit Official Blog
Jeff Pettorino's Security Convergence Blog
Jeff Richards's Demand Insights Blog
David Rowe's Risk ManagementBlog
Bruce Schneier's Security Blog
Larry Seltzer's Security Weblog
Mike Spinney's Private Communications Blog
Richard Steinnon's Threat Chaos Blog
The TechWeb Blog
Tim Trent's Marketing by Permission Blog
Rebecca Wong 's DP Thinker Blog

Newsletters
23 February Newsletter
Newsletter Archives are located in "News"

Industry Update
Internet Security Intelligence Briefing - November 2005
Find out the latest trends in e-commerce, web usage & the latest threats from adware/Spyware

Reports
Phorm, Webwise and OIX
- BCS Security Forum

'The Any Era has Arrived, and Everyione has Noticed' - Stratton Sclavos - VeriSign
Identity Security - Time to Share
Malicious code threats - iDefense
Public Alerts - updated as they happen from Stopbadware.org
Public Alerts - updated as they happen from Websense
Public Advisories - updated as they happen, from iDefense
Phoraging - Privacy invasion through the Semantic web: a special report by Mike Davies of VeriSign

Legislation
Privacy Laws & Business International E-news, Issue 57
Privacy Laws & Business UNited Kingdom E-news, Issue 60

Security Reviews
February 2007 - VeriSign Security Review
The security review archive is here

Case Studies
Finance Industry
Case Study Example

A case study on a Finance industry company.

White Papers
VeriSign® Intelligent Infrastructure for Security
VeriSign® Intelligent Infrastructure: An Overview
Identity Protection Fraud Detection Service - description of the service
Life of a Threat - Video on Threat Management Lifecycle
Optimizing Enterprise Information Security Compliance - Dealing with all the audits
For a full list of all whitepapers, visit our Whitepaper library

Legal Notices
Privacy Policy
Terms of use

basel 2 sarbanes oxley
    legislation
data controller notification binding corporate rules BCR data transfer third countries third part data transfer basel 2 regualtor regulation regulate FSA banking network security RSA encryptin algorithm Bits sacked bank staff
Blogs compliance Reports compliancy Legislation Data Protection Case Studies data privacy White Papers data protection act News information commissioner Events security standards Links information security iDefense
Retail Solutions

Information Security Driving Business Process Improvements - But Need for Continuous Attention to Minimize Risk

compliance and privacy

Current News Updates

Information Security Driving Business Process Improvements - But Need for Continuous Attention to Minimize Risk

Information Security is increasingly recognized as a driver of business improvement, says Ernst & Young's 9th Annual Global Information Security Survey, but companies still need to do more to improve their information security posture in the globalized business environment where the largest opportunities also carry the greatest risks. Among the five key priorities identified by the report as being most critical to future success, the one making the most dramatic leap up the boardroom risk agenda is privacy and personal data protection; the most consumer-driven of these issues.

The survey, "Achieving Success in a Globalized World — Is Your Way Secure?" sought the views of nearly 1,200 senior information security professionals in 48 countries, as well as benchmarking the current information security practices of more than 350 organizations in 38 countries.

Paul van Kessel, Global Leader of Ernst & Young's Technology and Security Risk Services, comments, “We have identified five major information security priorities in which companies are showing significant progress, but also where continuous improvements are necessary to keep pace with the growing requirements of effective risk management.

“Among the most notable priorities is privacy and personal data protection, which is the one information security issue most-consumer driven. It has become a high-stakes business issue, catapulted up the board agenda by consumer concerns caused by well publicized lapses of security and the growing response of government and legislative activism. Understandably it is the area where companies are being most active, with privacy and data protection practices becoming increasingly more formalized.”

Paul van Kessel adds, “Companies know all too well that the problem of privacy and personal data protection is broader and deeper than what is in the headlines. Our survey reports that this will continue to be a top business issue, requiring vigilant oversight on the part of organizations and even more formalization of measures to mitigate the risks.”

Driving the surge in awareness of privacy issues is the notoriety corporations and government agencies have received from well publicized lapses in consumer data security, combined with a significant increase in the collection and sharing of information. Inherent in globalization is the risk to business information as it is more frequently and easily moved, used by companies globally and entrusted to third parties.

Five Major Priorities for Information Security

Based on its latest survey and the results from previous years, Ernst & Young has identified five major priorities for information security, where progress has been made but where there is an ongoing need for continuous improvement. These are:

  • integrating information security with the organization: embedding information security into the mainstream of the business with increased visibility and resources.
  • extending the impact of compliance: shifting attitudes from compliance as a distraction to being an enabler, bringing advances in risk-based security for organizations.
  • managing the risk of third party relationships: recognizing the challenges, issues and actions needed to manage the risks with global suppliers and outsourced partners.
  • focusing on privacy and personal data protection: taking a proactive and comprehensive approach to mitigating the risks related to privacy and personal data protection.
  • designing and building information security: using externally imposed compliance deadlines and security incidents as a catalyst for proactive investments in stronger capabilities and defenses.

Compliance Still the Top Driver

While privacy and personal data protection has become a major information security issue, compliance with regulations, for the second year running, is still the top driver that has most impacted, and will probably continue to impact, information security practices over the next 12 months. There is emphatic agreement — by almost 80% of survey participants — that efforts and activities undertaken to achieve regulatory compliance have actually improved companies' information security. It will now be important for companies to be proactive in carrying out security rationalization and optimization, to sustain and embed their information security compliance controls and processes into their normal operations.

Third-Party Risk

Companies are recognizing the challenges, issues and action needed to manage the risks of third-party relationships, particularly with the use of customer data by customer service outsourcing companies in rapidly developing economies. More than one-third of survey participants say they have formal procedures in place for vendor risk management. Vendors themselves are expected to spend more time over the next year complying with information security certification requirements. Yet the survey shows companies have inconsistent policies and procedures in place to manage these relationships. More than 50% of survey respondents say they address the issue of vendor risk only informally, or not at all. Just 14% of organizations require their vendors to have an independent review of their information and privacy practices against leading practices.

Van Kessel concludes, “Overall our 2006 Global Information Security Survey confirms that information security has never been more important. It shows that many companies are making significant progress in mitigating risk by strengthening their information security. This is due to greater investments, greater board involvement, positive influences of regulatory pressures and maturity in information security leadership. However, the dynamics of risk require continuous improvements and updates to information security measures.”

Looking Ahead: 2007 Challenges and Priorities

The 2006 Global Information Security Survey points to strong challenges and priorities that will almost certainly be reflected in the future:

  • regulatory compliance will continue to dominate information security, challenging organizations in how they sustain compliance and integrate it into an overriding risk management framework and internal control processes.
  • privacy will continue to preoccupy companies and their information security executives.
  • certification against recognized standards will continue to gain wider acceptance as a key component of information security.
  • benchmarking against recognized standards and peers will continue to broaden in scope and influence.
  • the recognition that information security risks are intertwined with achieving broader business objectives will make it even more of a priority for information security to play a proactive role.

See the 2005 Survey

 


This site is independent of all its sources
The contents of the site are sourced from across the industry. All copyrights are acknowledged.