"Until organisations wake up to the fact that effective security is all about policy and process as well as technology, we will continue to see security breaches in the press, week after week." That is the gloomy prediction of Martin Sutherland, head of security practice at customer relationship management consultancy Detica.
A recent survey commissioned by the company found that only one in four of the 124 IT and ebusiness directors surveyed have heard of BS7799, the British standard for best security practice (and close relation of the international standard ISO17799). Of those that are aware of BS7799, only one in ten have attained accreditation in the standard, although it has been in existence since 1999. Many organisations believe their internal security procedures are sufficient, but while 82% of respondents claimed to follow formal security procedures, 42% of those were not following any of the areas covered by BS7799.
This may point to an overwhelming complacency among UK businesses when it comes to IT security. Or it may just reflect a lack of interest in, or difficulty in adopting the BS7799 standard. Either way, this month's Information Age Business Briefing, On patrol (see Industry reports for more details), should assist readers in identifying key trends in IT security. For more information on the BS7799 security standard, go to www.bsi-global.com.