ISACA says UK PLC making positive moves in information security

Commenting on the conclusions of the 2008 Information Security Breaches Survey, Paul Williams, Chair ISACA Strategic Advisory Group, said that they show that UK PLC is making some positive progress in improving its information security strategies.

Don't forget to register to attend the Biggest Online Recruitment Event of the Year - Click here and complete the form and a member of the Onrec.com team will be in touch

Williams said that the results of the survey, which was carried out on behalf of the Department for Business, Enterprise & Regulatory Reform, are encouraging, with the numbers of companies having implemented BS 7799/ISO 27001 - the British/International Standard for information security management - having risen from five per cent in 2002 to 11 per cent this year.

I was especially impressed with the numbers of companies with documented security policies (55 per cent, up from 27 per cent in 2002) and the fact that security breaches in small businesses were down from 62 per cent in 2006 to 45 per cent last year, he said.

Other aspects of the survey, said Williams, were equally encouraging, with the total costs to UK PLC having dropped by roughly a third compared with two years ago.

This brings us back to the security costs level that the UK was in back in 2004, despite the fact that the number and variety of security threats has increased greatly in the same time period, he said.

Despite the positive aspects of the security survey, Williams warned that there is no room for complacency when it comes to protecting a company's IT resources, no matter how small the company is. He added that whilst the survey demonstrates positive progress, UK PLC still has much further work to do if trust in global commerce is to be maintained.

The fact that 13 per cent of companies have detected unauthorised outsiders within their network, says Williams, indicates the need for constant vigilance on the information security front.

For more on ISACA: