ERNST & Young’s 10th global information security survey showed that staff shortages were hampering improvement initiatives. More than half the 1,300 respondents said that as the role of information security expanded within organisations, the lack of experienced and skilled resources was the number one challenge to protecting data against unauthorised access.
As a result, at least 60% of respondents said they were outsourcing certain elements of information.
Carl Ceillam senior manager of E&Y’s Channel Islands’ technology and security risk services, said the survey carried some strong messages for Guernsey.. ‘The one thing that really hit home was the skills shortage.
‘The limited supply of skilled people is a global issue. Management needs to be creative and look into alternative staffing options.
‘This means looking to other parts of the organisation, such as internal audit or compliance, to fill gaps in its resource needs and using third parties in the most cost-effective and productive ways possible.’
The survey canvassed senior executives in more than 50 countries and showed that the three primary drivers for information security were regulatory compliance, privacy and meeting business objectives.
Mr Ceillam said organisations were starting to realise that information security was about more than just preventing hackers getting in.
‘Meeting business objectives is becoming an increasingly important driver and it is obvious, by looking at our clients, that those who lead the field in IT effectiveness and operational efficiency are also those who have a well established information security function.
‘Information security is about risk and control but when risks are understood and appropriate controls are applied, we find that fewer things go wrong and business thrives.
‘The problem comes when information security is not closely connected to executive management and the strategic decision-making process.
‘I think the local trend is positive as I’m seeing information security on the board agenda a lot more.
‘Audit committees, non-executive directors and of course customers are starting to raise more questions about IT and information security governance.’
Mr Ceillam said that any business not fostering these relationships was missing out on a key opportunity.
Article posted on 9th January, 2008 - 12.00am
Loading ...
Most Commented: