29 Jan 2002
Many emerging UK businesses are failing to properly secure their networks as they struggle to establish themselves.
Peter Restell, programme manager at the British Standards Institute (BSI), which established the risk assessment standard BS7799, pointed out that many network managers did not have the time or the resources to probe their security policies for holes.
"Some of the emerging industries haven't sat back and appreciated how vulnerable they are," said Restell. "We're trying to create awareness of the problems, but they're so busy trying to establish themselves that they don't think about the what-ifs in event of a critical failure. There's a tendency to assume that things will continue somehow."
The BSI has now updated the standard to include a complete set of guidelines on information security. However, the number of organisations that have achieved certification remains low, at just 85 nationwide.
Restell explained that just implementing the guidelines would bring tangible security benefits to all businesses.
"Hacking and virus protection is strongly emphasised, but internal risks are far more dangerous," he said, citing a major financial institution that applied the guidelines for a BS7799 audit. "They had 3,000 PCs, and found that more than 1,000 had full administration rights. They had no idea."
The BS7799 standard was primarily driven by the Department of Trade and Industry in consultation with businesses. Restell said that some of the UK's biggest employers and technology consultants, such as Marks & Spencer, KPMG and Logica, helped prepare the draft standard.
According to Restell, BS7799 is suitable for most organisations as it deals with assessing risk rather than giving advice on how to secure IT systems. "After looking at what you risk, the level of control applied is down to each organisation," he said.
Restell stressed that a cyclic approach to security is vital, with regular assessments of both technologies and personnel practices.
The BSI's code of practice for information security management is available at a cost of £80 from www.bsi-global.com.
Have your say on this article
Newsletters
Latest stories from Hacking
Latest videos
You may also like
Hacking jobs
Technology Patent Wars
Staff are increasingly using their personal devices for work. Productivity may increase as a result, but the trend brings with it security risks
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
