In 2003, Integralis research identified blinkered boardrooms as the biggest barrier to security implementation and nearly two years on new research shows that the situation hasnt changed and the boardroom is still the biggest barrier to security implementation.
The Security Systems Integrator questioned 200 people representing organisations across the private and public sector and found that overall responsibility for security implementation was still, predominantly, with the IT department as opposed to the board. The board was also identified as a hindrance as much as a help in adopting effective security strategies. Interestingly, but unsurprisingly, the legal implications of Internet (mis) use provoked a moderate to low level of concern.
Graham Jones, Integralis Director of Northern Europe explains; Its incredible that two years on, security risk management still isnt the boardroom issue that it should be. Despite the intense media interest and scrutiny in organisational security and CBI findings* that says two in three companies now has a dedicated security officer, were still seeing many organisations lacking the level of board commitment needed to tackle vulnerabilities at the deepest layers. The board do not appear to understand the far reaching brand, reputation and legal implications a security breach can have.
According to CBI research, security is top of the agenda for corporate Britain with 97 per cent describing it as a matter of great or some concern. This is very encouraging, however with the majority of Integralis delegates still putting Internet speed higher in priority over corporate security, the message still doesnt appear to be getting through on the ground, which points to lack of clear direction from the top.
It is unlikely that an IT manager will know whos downloading what software at their desks, exchanging illicit and/or confidential information, chatting all day via a web phone or MSN, or be able to understand, never mind have the bandwidth to maintain, complex multi-layer security across multiple sites. Security should not start and end with the IT department, Graham says.
A good security audit is a great place to start for any board director wanting to obtain greater understanding of the everyday issues facing his/her organisation from the inside and can be carried out quickly, cost effectively and discreetly. We can then give real world advice, taking it down to a technical level later on, thus putting a flexible framework into practice onto which they can develop bespoke policies and procedures to encourage vigilance and awareness throughout the company.
Integralis has welcomed the CBIs call for a coalition of agencies to provide clear, commonsense guidelines on security best practice for businesses. The company already works with the Home Office and the police and partners with the very best technology providers in the world to deliver a breadth of relevant and robust managed services that can handle even the most complex security issues.
* Taken from CBI/QinetiQ Business Security Survey 2004