Applied Computer Security

Boardroom backing of security policies is the most important element in effectively securing an organisation’s information, according to the Global Information Security Workforce Study 2006.

However, the second most important factor is getting users to follow a policy. Ed Zeitler, executive director, ISC² speaking at the RSA Conference Europe this week, says there is now a universal focus on people being more important than technology to provide security.

‘Security breaches that have made headlines during the past year have been a result of human error, and this further validates the long-held conventional wisdom of information security professionals that people are the critical component of an effective information security program.’

When asked who was accountable for security in 2004, 38 per cent of respondents said the chief information officer. In 2006 that figure dropped to 19 per cent.

‘Regulatory compliance in the public and private sector with things like Sarbanes-Oxley and Basel II puts information security into the risk profile of a bank, so responsibility for these kind of things goes much higher… The information security profession is being valued as an indispensable business component.’

Allan Carey, program manager at IDC, who led the study, says security professionals are helping CEOs recognise the positive contributions to business of information security.

‘The message of people and processes being absolutely crucial to effective information security is finally starting to resonate with business leaders,’ he said.

See full article.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

According to the annual RSA Security Password Management Survey, 39 percent of business users in the Asia-Pacific region are required to change their passwords monthly, compared to 34 percent in Europe and 23 percent in the United States.

Over 1,340 respondents participated in the survey conducted last month, which for the first time polled respondents outside the United States. Participants from the United States and Canada made up about half of the respondents, while Europeans and Asians each accounted for 21 percent of the total surveyed.

John Worrall, the security vendor’s senior vice president of marketing, noted in the statement that “business passwords remain one of the weakest links in the security chain”, due partly to the number of passwords that end users are required to manage.

Respondents from Asia reported the highest levels of awareness of breaches relating to the use of passwords–35 percent said they know of a corporate security breach that occurred as a result of a compromised password. About 33 percent of participants in Europe, and 14 percent in the United States, gave the same response.

The high number of passwords that users globally have to manage is apparently a source of annoyance. Some 12 percent of respondents from the Asia-Pacific region and 15 percent of users in the United States, indicated that they were extremely frustrated over having to manage too many passwords at work.

See full article.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.