May 06 2009

Rise of cybercrime and management responsibility

Category: Information Security,Information WarfareDISC @ 5:08 pm

ITIL Security Management
Image via Wikipedia
According to SF Chronicle article by Deborah Gage (May 8, 2009, c2) consumer reports magazine’s annual “State of the Net” survey finds that cybercrimes has held steady since 2004, with one out of five consumers becoming victims in last two years at a cost to economy of $8 billion. Consumer report can be found on at www.consumerreports.org

Uncertain economic time brings new threats and scams and most of the security experts agree that there’s a possibility of increase in cybercrime for this year. Survey also found that around 1.7 million people were victims of identity theft and 1.2 million had replaced their computers because of infected software.

First why all the signs are showing uptick in cybercrimes and second what are we going to do about it.

Management should start considering security as total cost of ownership instead of wasting time on what is ROI of information security. If there is a security breach, somebody in the management should be held accountable not an IT or security personnel. Management will keep demonstrating lax attitude toward data protection and security in general unless there are serious consequences like spending time in jail for lack of security controls (basic due diligence) and not taking appropriate actions for the risks that posed a significant threat to the organization.

PCI, HIPAA and SOX compliance are a good start in a right direction for management to take information security into consideration, but these compliance initiatives don’t address the security of a whole organization. They address security risks of a business unit in an organization. If management is really serious about security then ISO 27002 code of practice is one of the option which should be considered to address the security of the whole organization and ultimately organization should achieve ISO 27001 certification which will build a comprehensive information security management system to manage ongoing risks.

[TABLE=2]

Reblog this post [with Zemanta]

Tags: Information Security, International Organization for Standardization, isms, iso 27001, iso 27002, Operating system, Policy, Security

3 Responses to “Rise of cybercrime and management responsibility”

  1. affordabletermquote says:

    The unsolved case are more scary than the swine flu. This issue should properly be adhered to the soonest possible time.

  2. Africafibrenet | Africaincorp [Beta DEV] says:

    […] Rise of cybercrime and management responsibility (deurainfosec.com) Save this: […]

  3. Managing Risks and NIST 800-53 | DISC InfoSec blog says:

    […] and FactsMaxiue1 on Skype and Information PrivacyAfricafibrenet | Africaincorp [Beta DEV] on Rise of cybercrime and management responsibilityyardley285022 on World Bank security breach and financial crisis The State of California has adopted […]

Leave a Reply

You must be logged in to post a comment. Login now.