Last week, Computer Weekly revealed exclusively that the head of the UK's Infrastructure Security Co-ordination Centre has advised organisations to review the security of their systems to ensure they are able to repel any attacks launched by cyberterrorists. They must also, reluctantly, countenance the prospect of having to invoke disaster recovery procedures in the event of disruption to their telecoms provisions.
Corporate governance has been pushed way up the IT agenda of late, owing to an increased legislative focus and to heightened, post-Enron awareness. Managing key risks has never been more important as Bank of America discovered when the Slammer virus took out 13,000 cash machines last month.
When confronted with global events likely to have a huge and terrible impact on human life, business publications win themselves no respect by focusing myopically on the ramifications upon the industry they serve. But equally, when a board director or some other person in a position of corporate responsibility shows blatant disregard for shareholder value in the face of a potential threat to business continuity, he or she can expect to receive no plaudits.
The IT function must exercise due diligence in defending the corporate systems it maintains. Moreover, governance in IT security must be an organic process, not a one-off project. Systems that are safe today could be breached tomorrow, so your security policy needs to be much, much more than a merely a sop to your auditors.