Staff hold key to successful security

Boardroom backing of security policies is the most important element in effectively securing an organisation’s information, according to the Global Information Security Workforce Study 2006.

However, the second most important factor is getting users to follow a policy. Ed Zeitler, executive director, ISC² speaking at the RSA Conference Europe this week, says there is now a universal focus on people being more important than technology to provide security.

‘Security breaches that have made headlines during the past year have been a result of human error, and this further validates the long-held conventional wisdom of information security professionals that people are the critical component of an effective information security program.’

When asked who was accountable for security in 2004, 38 per cent of respondents said the chief information officer. In 2006 that figure dropped to 19 per cent.

‘Regulatory compliance in the public and private sector with things like Sarbanes-Oxley and Basel II puts information security into the risk profile of a bank, so responsibility for these kind of things goes much higher… The information security profession is being valued as an indispensable business component.’

Allan Carey, program manager at IDC, who led the study, says security professionals are helping CEOs recognise the positive contributions to business of information security.

‘The message of people and processes being absolutely crucial to effective information security is finally starting to resonate with business leaders,’ he said.

See full article.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

Comments are closed.