“The risk of going to jail usually pushes information security up the boardroom agenda,” conclude Jon Fell and John Skelton in their feature on e-crime.
Fair enough, I guess – the integrity of customer data has to be a crucial business priority. But who should really call the shots when it comes to security, the IT department or the business?
A recent survey by Websense suggested 95 per cent of security professionals believe the chief executive should be held accountable for a breach, with a quarter of respondents believing the boss should go to jail in the event of a consumer data incident.
Tough talking from the IT professionals – and the survey also found just five per cent of security experts believe ultimate responsibility for a breach lies with the IT department, a huge drop from 21 per cent in 2007.
Are such hard-hitting opinions reasonable or are we looking at a case of IT professionals attempting to pass the buck?
Chief security officers (CSOs) certainly think so, with conference specialist Infosecurity Europe suggesting many are very concerned about the integrity of their application code.
As many as 75 per cent of European businesses think their applications contain security holes that can be exploited by criminals, according to Infosecurity Europe – and CSOs say they would welcome an initiative to raise awareness of security among the developer community.
IT leaders, then, blame the followers. But let’s be honest, no one would blame security professionals for playing their “get out of jail free” card, especially with the media hype surrounding customer data loss.
Such incidents have placed increased pressure on firms to ensure their systems and policies are up to date and in line with current regulatory demands.
Take the recently enforced Companies Act, which gives enhanced rights to auditors to obtain information. The Act states directors must disclose accurate information to auditors.
Board members who include false information run the risk of eating porridge at Her Majesty’s pleasure.
Security chiefs take note. While some IT leaders may be keen to apportion blame for e-crime on security professionals, real responsibility will always rest with the boss.
What do you think? Read Mark Samuels’ blog at: http://knowledge.computing.co.uk
Post your comment
Send an email to the Computing editor at feedback@computing.co.uk
del.icio.us
digg this
reddit!
Scheme has already delivered important benefits but first phase is 18 months late 04 Jul 2008
Storm approaching email market as clouds gather on SaaS provision 04 Jul 2008
Retailer suffers from web downtime for the second time in a month 04 Jul 2008
More news
Cutting fuel costs and improved services high on airline’s agenda 03 Jul 2008
Formula 1 team uses a virtual private network to exchange strategic data with its UK factory 02 Jul 2008
Experts warn that changes could tempt new cyber-squatters 02 Jul 2008 More in depth
Advertising Marketplace
- Enterprise Accounting Solutions
- Business Intelligence Solutions
- Enterprise Content Management (ECM)
- Supply Chain Management
- Enterprise Resource Planning (ERP)
- Project Management Solutions
- Customer Relationship Management (CRM)
- Security Solutions
- Systems Management
- Networking and Communications Solutions
Featured jobs
More job opportunities