Guide to the TechWeb Network

Intelligent Enterprise

Better Insight for Business Decisions
Intelligent Enterprise - Better Insight for Business Decisions
search Intelligent Enterprise
Advanced Search
RSS
Webcasts
Whitepapers
Subscribe
Home



July 26, 2002

Securing the Future

Information security needs to become a top priority for organizations

by Mark W. Doll

Continued from Page 1

How do you ensure that your security agenda is based on business requirements? What does the board need to know about the organization's information security strategy? Ask yourself the following:

  1. Is there clear accountability for information security within the organization?
  2. Can board members tell you what the organization's top information security threats and assets are? How often do these issues get reviewed with the board?
  3. How much do you spend on information security, and is a system in place to measure the return on investment?
  4. What would be the effect to the organization if a serious security incident occurred (for example, brand, reputation, revenue, litigation, operational performance, or investor confidence)? Are people engaged in those areas of the firm involved in the security process?
  5. What steps have been taken to determine that third parties (vendors, partners, suppliers, and customers) won't compromise the network security of the organization?
  6. How do you measure the effectiveness of your information security strategy? Have you tested it?

Most important, what does all this mean for your business? Reduced interaction with customers and business partners is not an option. Increased connectivity and interorganizational dependence are here to stay, and the risks associated with that will likely increase.

Framework for the Future

And yet, some continue to resist deploying new technologies such as biometrics, wireless security, and cyberseals, for a number of reasons. Some of the reasons may indicate a lack of clarity and understanding about where the various technologies are in terms of maturity and market implementation — especially in the boardroom. What's more, those outside of the IT space likely are unaware of the potential applicability of new technologies such as biometrics to resolve current concerns such as identification and authorization.



Rate This Article

Comments:

Optional e-mail address:

The gaps in information security infrastructure are obvious — uninvestigated security incidents, lack of business continuity planning, and the lack of employee awareness and training. Too often these gaps are addressed with short-term solutions that can expose organizations to additional risks.

Effective information security requires a framework that looks to the future. This approach enables organizations to incorporate IT security into their business strategy and planning, make and manage investments, and build consumer and investor confidence. More important, this framework approach ensures that the development and implementation of any security-related activity incorporates and considers critical elements of business operations. And that's where an effective security strategy will really affect the bottom line.


Mark W. Doll is the Americas Director of Ernst & Young's Security & Technology Solutions (STS) practice. Ernst & Young's STS practice is part of the firm's Technology Services & Risk Solutions group, which comprises more than 2,000 professionals internationally with world-class capabilities in minimizing risk and maximizing the security, maintenance, and control around IT systems.


Most Popular This Week
Business Process Management 101: The Basics of BPM and How to Choose the Right Suite
Business Intelligence 2.0: Simpler, More Accessible, Inevitable
Gartner BI Summit 2008: The Next Generation of Innovation
Of BI and Baseball: Two Reports Present Vendor and Product Standings

IE Weekly Newsletter
Subscribe to the newsletter
    Email Address







InformationWeek Business Technology Network
InformationWeekInformationWeek 500InformationWeek 500 ConferenceInformationWeek AnalyticsInformationWeek CIO
InformationWeek EventsInformationWeek ReportsInformationWeek MagazinebMightyByte and SwitchDark Reading
Digital LibraryIntelligent EnterpriseInternet EvolutionNetwork ComputingNo Jitter
space
Techweb Events Network
InteropVoiceConWeb 2.0 ExpoWeb 2.0 SummitEnterprise 2.0 ConferenceMobile Business ExpoSoftware ConferenceCSI - Computer Security Institute
Black HatGTECEnergy CampMashup CampStartup Camp
space
Light Reading Communications Network
Light ReadingLight Reading EuropeUnstrungLight Reading's Cable Digital NewsConstantinopleInternet Evolution
Heavy ReadingLight Reading Live!Light Reading InsiderEthernet ExpoOptical ExpoTeleco TVTower Technology Summit
space
Financial Technology Network
Advanced TradingBank Systems & TechnologyInsurance & TechnologyWall Street & TechnologyAccelerating Wall StreetBank Systems & Technology Executive SummitBuyside Trading SummitInsurance & Technology Executive Summit
space
Microsoft Technology Network
MSDN MagazineTechNetThe Architecture Journal
space