ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Security management Toolkit

Talkback

Post a comment


Story: Security is more than just an overhead

  • Previous comment

Posted by: 345958 (Wednesday 28 February 2007, 2:10 PM)

  • Reply

Information Security is an investment in the company's future

John’s article is absolutely correct and is thought provoking. It’s very difficult to be positive about Information Security, especially when it’s viewed as a technical issue rather than one that the business should embrace. Reporting the information security status to senior management tends to be negative. Information Security professionals report bad news. It can’t be helped. If security is running smoothly then there is nothing to report, otherwise Information Security has a tendency to be reported in quantitative terms, such as the number of security incidents. We need to find another way.

One important factor to consider within a company is the positioning of the senior Information Security professional. If they are within the IT department, then it will be viewed by everyone as a technical issue. Sure, most of the security controls are within IT because that’s where most of the information is held, but the drivers are with the business. If the security of information is a business responsibility, and it can be traced back to business requirements, then funding becomes easier. When Information Security is within the IT department there is a tendency to take a technical approach. After all, IT people love technology; they will buy the most technologically advanced and shiniest piece of equipment to mitigate security vulnerabilities and treats. If one considers that IT doesn’t own business information, then IT can’t be responsible for its protection. If the business doesn’t get this and other roles and responsibilities correct before any outsourcing takes place, then it can be very difficult to manage the outsource contract.

View complete profile

Send private message

View all posts

Robert Whitcher

Robert Whitcher
London
Member since: January 2004

Site Activity Rating:

2

 


  • Previous comment

  • Reply to this comment
  • Return to story
  • Report this as offensive


Full Talkback thread

More In Security management


Sentry Posts Blog

Nasa and the virus

Yesterday the BBC ran a story about a computer virus making it into orbit, which I read with incredulity. OK, it's a nice silly season story on the surface, but what really got me was... More

3 comments

Customer data found on eBay server hig...

The recent news about customer details being retrieved from a server sold on eBay is yet another story about the sorry state of information security in the electronic age (see: http://news.zdnet.co.uk/...m).... More

Post a comment

Does it matter if you are an aardvark...

In spam terms, apparently it does. According to Cambridge University security expert Richard Clayton, if your email address is aardvark at animal.net, you are more likely to receive... More

5 comments

Featured Talkback

It seems to me this is a burden being placed on the wrong shoulders. There is not an It system in the world that can stop an individual taking information in their heads and spewing out at the nearest undesirable third party.

By: RonaldWilkins

Read full story:
Deloitte: People are still weakest security link

DOWNLOAD

Security Essentials

Security Downloads

There are masses of security suites out there for small businesses. Here's a selection to get you started

Editor’s Rating
1 Norton 360™
2 AVG Anti-Virus Free Edition Rating: 10
3 PC Tools AntiVirus Free Edition
4 Kaspersky Internet Security

See All Software

In association with Symantec