Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Ten questions that board members should ask about information security

According to new research conducted by the UK Department for Business, Innovation & Skills (BIS) with MI5 and GCHQ, only 14 percent of directors responsible for audit at the FTSE 350 firms regularly consider cyber threats, with a significant number receiving no intelligence at all about cyber criminals.

Espion, a company that specialises in information risk management, believes this research should serve as a wakeup call to those charged with governance and compliance to apply the same rules to information risk that are in place for other forms of corporate risk.

Espion’s head of consultancy, Stephen O’Boyle says: “Whether attacks from data thieves, spies or saboteurs who steal from, gain unfair advantage over or damage companies, the cyber crime threat facing UK organizations is increasing.

“It is worrying to see a mere 17 percent of these organizations have clearly set out what they see as an acceptable level of cyber risk. How an organization manages information risk can be a key factor in its ultimate success or failure and cyber security must feature higher on the corporate agenda.”

The impact of cyber crime on a company’s reputation, share price or even existence is well documented. Espion has produced ten questions board members should ask of management to support existing strategic level discussions on cyber crime:

1. Do we have a dedicated resource responsible for information security? Who is involved in the governance of information security?

2. Have we identified our key information assets, where they exist within our enterprise or partner ecosystem?

3. Do we know how vulnerable the assets identified in (2) are to attack?

4. Do we perform a risk assessment of cyber threats against key systems identified?

5. Do we have a set of controls to protect our critical information (financially sensitive data, IP and client information) against industrial espionage, extortion, customer data loss, fiscal fraud?

6. Do we have an assurance that the controls in place are effective?

7. Do we have a security strategy in place for social media, mobile devices, cloud computing and employee use of personal devices (BYOD)?

8. Do we ensure that secure off-site backups of key data exist?

9. Do we have formal information security policies and awareness programmes in place to ensure they are understood by the entire workforce?

10. How many security incidents have we had in our organization in the past 12 months and do we receive regular reports / intelligence on such incidents including methods and motivation?


•Date: 3rd December 2013 • UK/World •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here