Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Senior Management Most Likely To Break Security Policies

Cryptzone : 25 May, 2012  (Technical Article)
Research by Cryptzone shows that IT Security Professionals and company management are the most likely to ignore security procedures and policies in the workplace
Senior Management Most Likely To Break Security Policies
A survey of 300 IT Security professionals has revealed that board of directors are most likely to ignore or flout security policies and procedures, with 42% cited as frequently ignoring them. That’s according to a survey released today by Cryptzone, Europe’s IT Threat Mitigation specialists, who found that rather than setting an example, over half of respondents were convinced that senior management believe that "the rules don't apply to them" when it comes to respecting IT security policies and procedures.

Alarmingly, 52% of those surveyed agreed with the statement that the Board of Directors have access to the most sensitive information yet have the least understanding of security. A worrying statistic when data loss has become a daily news headline and the regulators is hitting hard on organisations with lax attitudes towards data security.

Senior Vice President of the NETconsent business unit at Cryptzone, Dominic Saunders, said, “There’s a saying ‘do as I say, not as I do’ and this study would appear to demonstrate that it resonates in the executive corridor of far too many organisations today. However, there’s also a phrase ‘united we stand, divided we fall’ and that’s what each person who doesn’t tow the security line is potentially exposing their company to. Education is so important so that every single person not only knows what they should be doing, but also why they’re doing it. On top of that organisations need to get savvy and introduce solutions that don’t allow anyone, regardless of how far up the corporate tree they sit, to flout policies and procedures.”

The survey was conducted amongst 300 IT professionals visiting last month’s Infosecurity Europe, so surprisingly , when asked who in the organisation is least likely to follow policy and procedures, 20% answered senior managers, 17% CEO’s and an additional 20% pointed the finger right back at themselves citing the IT team!

“This is a tough problem. Seeing wanton disregard at a senior level for the policies and procedures put in place to protect an organisation is infuriating, and a real challenge for the CISO who must balance the needs of a business with the requirement to protect assets.” said Nigel Stanley, Practice Leader for Security at Bloor Research.

He added, “I consider the starting point for all security measures to be a governance statement signed by the board, at least with this you have some comeback if senior managers and directors aren’t playing ball.”

Turning attentions to security training, 65% of companies offer the same level and amount of IT security training to everyone in the organisation. Dominic concludes, “The reality of this practice is money is being wasted training people who might not need it, while not providing enough to the most at risk groups. Instead training should be tailored to reflect the level and depth of information people are privilege to, balanced against the risks they’re exposed to.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo