Database Reference
In-Depth Information
• There should be an awareness that, although insiders continue to be the
primary source of most security risks, attacks by organized criminals and
other outsiders are increasing.
• Proper attention should be paid to data privacy, copyright, and other
data-related legislation.
Quotes from prominent Security managers
IT security provides the management processes, technology and assurance to allow
business management to ensure business transactions can be trusted; ensure IT
services are usable and can appropriately resist and recover from failures due to
error, deliberate attacks or disaster; and ensure critical confidential information is
withheld from those who should not have access to it.
—Dr. Paul Dorey, Director, Digital Business Security, BP PLC
Directors have a responsibility to protect shareholder value. This responsibility
applies just as stringently to valued information assets as it does to any other asset.
Boards must recognize that securing that information is not just an investment;
it is essential for survival in all cases and for many it can even create competitive
advantage.
—Ronald Saull, Chief Information Officer and Senior Vice President, Great-West Life
Assurance Company/London Life/Investors Group
It is also worth reviewing some cases of the very real consequences of not adequately
governing information security:
Company
Exposure
Cause
Bank of America
1.3 million consumers exposed
Lost Backup Tape
DSW retail
1.2 million consumers exposed
Hacking
Card Services
40 million consumers exposed
Hacking
TJX Stores
45 million consumers exposed
Internal theft
UCLA
800,000 consumers exposed
Human error
Fidelity
196,000 consumers exposed
Stolen laptop
Source: Todd Fitzgerald, CISM, CISA, CISSP, ITILV3, 2008 ISACA Chapter Briefing
Search WWH ::
Custom Search