Corporate information systems remain dangerously vulnerable to cyber attacks, according to a survey by Computer Sciences Corporation.
The company's 14th annual "Critical Issues of Information Systems Study" surveyed more than 1000 information technology executives worldwide. Results show that 46% of organisations do not have a formal information security policy in place; 59% do not have a formal compliance programme supporing their information systems (IS) function; and 68% currently do not regularly conduct security risk analyses or security tracking.
When asked to select from a list of issues that are most important to the organisation, global technology executives ranked measures to eliminate systems vulnerabilities to minimise risks and to safeguard information resources a lowly fifth.
“While most IS professionals recognise the benefits of protecting and securing data, the business leadership in the organisation still sees security as a ‘nice to have’ rather than a ‘need to have’,” says Ron Knode, CSC’s global director, managed security services. “The fact is, it costs far less to establish the right security measures at the outset than it does to recover from a breach in security.”
Knode recommends that organisations take the following measures to enhance their information security policies and procedures:
* designate a task force responsible for the information security policy programme;
* define and develop an information security plan;
* coordinate with all teams across the IS organisation; and
* conduct regular audits and follow up on any findings.