International IT Governance, published by Kogan Page, is a guide for managers and executives responsible for compliance and IT management. It explores new legislation, including the launch of ISO/IEC 27001, which makes a single, global standard of information security best practice available.
PricewaterhouseCoopers, with CIO magazine, carried out a worldwide study in 2005, interviewing 8,200 information security executives in 63 countries. PwC observed:
Despite the recent public exposures of phishing scams, identify theft, corporate espionage, intellectual property breaches, and theft of millions of personally identifiable records, only 37 per cent of companies reported that they have a security strategy in place. Improvements are far outpaced by the sophistication and volume of threats info security professional face.
The Computer Security Institute (CSI), with the participation of the San Francisco Federal Bureau of Investigations Computer Intrusion Squad, has now conducted nine annual surveys into information security at the CSI member firms. The latest results showed that in 2004 total financial losses to criminal abuse, across the 269 respondents, was 141 million.
The biggest loss arose from virus attacks (55 million) and denial of service attack (26 million). However, 11 million of these losses was from theft of proprietary information, 8 million for financial fraud and 7 million in laptop thefts.
Nearly half of those who took part in the study were unable (because they had no method of tracking) or unwilling (because of the possible reputational damage) to provide estimates of their financial losses from the successful attacks they had experienced. Responses showed that incidents of cybercrime originate equally from outside and inside the attacked computer systems.
The new book has a companion website which provides access to a toolkit of templates designed for implementation within organisations.
About the authors
Alan Calder is founder-director of IT Governance Ltd, which provides IT governance and information security services through its website www.itgovernance.co.uk (link below). He is the author of IT Governance and A Business Guide to Information Security, both published by Kogan Page.
Steve Watkins is Head of Corporate Services at HMCPSI and is co-author of IT Governance and A Business Guide to Information Security.
Related links: (Open in a new window.)
www.kogan-page.co.uk
www.itgovernance.co.uk
Taken from Information Security Bulletin.