All the latest UK technology news, reviews and analysis
|
|
|
09 Aug 2007
Just over half of UK companies have not implemented the necessary processes and procedures to comply with legislative directives such as PCI DSS and Mifid, according to a new survey commissioned by security system developers NetIQ.
The survey also shows a high degree of scepticism among IT staff concerning the commitment to IT security at board level, with 40 per cent of respondents saying that the board were merely paying lip-service to IT security to gain compliance status.
"This reinforces the need for the CSO to be not only a technologist but also a good communicator, who is able to interact with people outside the IT department. We see many misconceptions about the importance of risk management in the marketplace," said Ulrich Weigel, director of security products for NetIQ.
"It is imperative that they are able to communicate at senior board level that security is no longer just a cost item on the P&L, but that it can actually differentiate them from their competitors and win them new business."
The results reveal a lack of readiness of companies to meet compliance goals despite being their most critical security issue ahead of business continuity, data leakage and protection against viruses and spyware.
The survey was conducted by EMedia and questioned 218 security and IT managers about their company's readiness and views on compliance and risk management.
Other survey findings pointed to a lack of co-ordination between the IT department and the rest of the business, as 29 per cent of IT security managers felt that their company's security policies were sufficiently integrated with the rest of their business objectives.
Furthermore, 57 per cent of them felt that internal staff didn't understand the legislation that affected their business.
These findings confirm similar results from a report titled What's Top Of Mind For European Security Managers? by analyst firm Forrester Research.
"CSOs/CISOs have traditionally been IT people focused on technology, but the job is shifting to focus more on business risk management," said Thomas Raschke, an analyst at Forrester Research.
"We are currently in a time of transition, one that can make CISOs with less business-side experience acutely uncomfortable. In the interim, legacy CISOs and other security managers still struggle with gaining visibility and influence within the business."
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
Orange and Intel talk us through the ins and outs of their San Diego smartphone
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Project Manager - Credit Risk - Finance IT - Investment...
Infrastructure Configuration Manager/Analyst/Data Modeler...
Lead Perl Developer, Apache, SQL, Unix/Linux, Shell Scripting...
**Perl /Java Developer, Web/ JEE application servers...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?