A Business Guide to Information Security: Threats and Compliance

A Business Guide to Information Security Alan Calder 192 pages; $33.37 Kogan Page

There are a number of trends that lie behind these increases in threats to information security, which, when taken together, suggest that things will continue to get worse, not better:

What does this all mean, in real terms, to individuals and to individual organizations?

• No organization is immune.

• Every organization, at some time, will suffer one or more of the abuses or attacks identified in these pages.

• Individual and business activity will be disrupted. Downtime in business critical systems (such as ERP, enterprise resource planning, systems) can be catastrophic for an organization. However quickly service is restored, there will be an unwanted and unnecessary cost in doing so. At other times, lost data may have to be painstakingly reconstructed and, sometimes, it will be lost forever.

• Privacy will be violated. Organizations have to protect the personal information of employees and customers. If this privacy is violated, there may – under data protection and privacy legislation -- be legal action and penalties, including against directors individually.

• Organizations and individuals will suffer direct financial loss. Protection in particular of commercial information and customers' credit card details is essential. Loss or theft of commercial information, ranging from business plans and customer contracts, to intellectual property and product designs, and industrial know-how, can all cause long-term financial damage to the victim organization. Computer fraud, conducted by staff with or without third-party involvement, has an immediate direct financial impact.

• Reputations will be damaged. Organizations that are unable to protect the privacy of information about staff and customers, and which consequently attract penalties and fines, will find their corporate credibility and business relationships severely damaged and their expensively developed brand and brand image dented.

The statistics are compelling. The threats are evident. No one can afford to ignore the need for information security. The fact that the threats are so widespread and the sources of danger so diverse means that it is insufficient simply to implement an anti-virus policy, or a business continuity policy, or any other standalone solution. A conclusion of the CBI Cybercrime Survey 2001 was that 'deployment of technologies such as firewalls may provide false levels of comfort unless organizations have performed a formal risk analysis and configured firewalls and security mechanisms to reflect their overall risk strategy'. Nothing has changed.

Read the rest of Chapter 1 from A Business Guide to Information Security.

BROWSE BY TAG Malware, Viruses, Trojans and Spyware,   Information Security Threats,   Security Audit, Compliance and Standards,   Data Privacy and Protection,   Application and Platform Security,   Email Protection,   Email and Messaging Threats (spam, phishing, instant messaging),   Security Awareness Training and Internal Threats,   Information Security Management,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Malware, Viruses, Trojans and Spyware ISP shutdown latest cat-and-mouse game with hackers How to get rid of malware, botnets on a hospital IT network How can search results lead to malware? How to prevent mobile phone spying Should a national cybersecurity strategy include offensive botnets? How to defend against rogue DHCP server malware New Trojan stealing FTP credentials, attacking FTP websites Cybercriminals exploit Michael Jackson, Farrah Fawcett deaths When BIOS updates become malware attacks Antispyware buying guide for Indian enterprises Data Privacy and Protection How to find virtual machines for greater virtualization compliance Quiz: Virtualization and compliance Compliance in the cloud Researchers predict SSNs, crack algorithm putting identities at risk How to write a risk methodology that blends business, security needs PCI compliance requirement 3: Protect data Mass. Senate seeks to amend, weaken data breach notification law Bruce Schneier and Marcus Ranum Face-Off: Should We Have an Expectation of Online Privacy? Kodak CISO on virtualization, compliance Federal efforts to secure cyberinfrastrucure Data Privacy and Protection Research Email and Messaging Threats (spam, phishing, instant messaging) How to prevent brute force webmail attacks Unified communications: Securing a converged infrastructure Chained Exploits: How to prevent phishing attacks from corporate spies 3FN.net ISP shutdown interrupts spam campaigns Swine flu outbreak results in spam pandemic What does 'invoked by uid 78' mean? Economy fuels malware, spam Internet Explorer 8 includes a bevy of security features Adobe JBIG2 exploits being spammed, IBM warns Fierce competition prompted new Cisco email security options Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com) Zotob  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary