Information securityremains isolated
from executive management and business strategy, a survey from
consultant Ernst & Young has found.
The Ernst & Young Global Information Security Survey, among
executives at around 1,300 firms worldwide, says companies are
still failing to implement an holistic approach towards
information security, as the security function remains too
isolated from executive management and the strategic
decision-making process.
The survey reveals that a third of information security
personnel never meet with company board or audit committee members,
and over a quarter of information security personnel do not report
to business leaders on information security compliance or
incidents.
Monthly meetings are three times more likely to take place
between information security and IT than with corporate officers,
said Ernst & Young.
Richard Brown, head of technology security and risk services at
Ernst & Young, said, "Recent incidents in the UK have done much
to highlight the lack of protection of information assets held by
organisations.
"Information security has never been so high up on the corporate
and private individual's agenda, which means it has to move forward
on the business, and not just the IT agenda."