The majority (79%) of those responsible for security in
UK businesses are not aware of the contents of information security
standardsBS 7799andISO 27000, according to a government
survey.
The
Information Security Breaches Survey is conducted every two
years on behalf of the
Department for Business, Enterprise and Regulatory Reform and
managed by
PricewaterdhouseCoopers (PwC).
Chris Potter, a partner at PwC, said, "the standards contain
good guidance on what organisations can do to protect themselves,
so [not knowing what is in them] is a missed opportunity."
He said it meant the UK businesses were not necessarily adopting
the most effective approach to their security management, and
although awareness and adoption of the standards was picking up,
there was still a long way to go.
"For example, 52% of companies do not carry out any kind of
formal security risk assessment process. If you do not understand
the risk, how can you put the right counter-measures in place,"
said Potter.
Accreditation is another important aspect of standards, said
Potter. "This means you can give your customers and business
partners comfort about the quality of your security controls, yet
relatively few UK companies have got that accreditation," he
said.
Recent losses of thousands of personal details has raised the
awareness of the general public about the need for greater security
around information.
"Getting accreditation could be extremely valuable in helping
organisations persuade potential customers to transact with them
over the internet," said Potter.
The full results of the 2008 survey will be released at
Infosec Europe 2008 in London on 22 April.
Infosecurity Europe
2008>>