Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, April 07, 2004

IT directors welcome Big Four’s corporate security initiative

Plans by an industry consortium to develop a corporate checklist for assessing cyber threats could help IT directors justify security spending and help protect companies against hackers, according to industry experts.

The consortium, which includes the Big Four accounting firms and insurance giant AIG international, aims to agree a cyber-risk model that can be used by companies in all industries.

Auditors and insurers could also use the “risk preparedness index” to help decide whether a company has adequate IT security arrangements.

Although details of the framework have yet to be finalised, security experts believe it will focus on an organisation’s IT security safeguards, such as its firewalls and anti-virus software, and compare this against the security threats it faces.

“IT infrastructure risk management is of critical importance to the industry and Barclays broadly welcomes the principles behind this initiative,” said Barclays group chief technology officer Kevin Lloyd.  “We will continue to monitor the development of this framework with interest and potentially inclusion in the shaping of the framework.”

Nick Leake, director of operations and infrastructure at ITV, said, “I think the real value of this approach is in sorting out the companies with dreadful levels of non compliance/operation from those with high levels - it won’t be much use in distinguishing the better of two already very compliant operations.  And as with all these things, it will have to be kept up to date.”

Industry experts said that an accepted model for measuring security risk would be a breakthrough if widely adopted and would also help IT departments justify security spending.

“The new security standard looks promising, although a lot of the devil will be in the detail,” said Graham Titterington, principal analyst at Ovum.  “It will make it easier for people to justify spending on IT security because of the backers of the standard are blue chip companies, which gives it credibility with the board.”

Neil Barrett, technical director of security consultancy information risk management, said the proposed security standard would allow IT directors to measure their organisation’s security arrangements against a benchmark.

Posted on 04/07