Raising the standard for information security

Organisations are taking unnecessary risks by letting suppliers loose on mission-critical IT network infrastructures.

Key business functions are increasingly reliant on efficient IT infrastructures, but security breaches and their impact on the business are becoming greater.

Although many organisations have implemented firewalls and integrated virus protection to cover their IT networks against virus or hacker attacks, the number of hacking incidents has soared.

More than half of organisations report growing levels of IT fraud, and loss of data and software is now a real business threat.

Often unknowingly, organisations are taking unnecessary risks by letting suppliers loose on mission-critical IT network infrastructures.

Every PC or network component disconnected from a corporate IT network for routine maintenance contains sufficient address information to help hackers navigate the network.

For example, many suppliers are given details of security policies and are privy to the set-up of network equipment.

It is essential that suppliers adhere to clear handling procedures for this information, to ensure that it is dealt with securely.

BS7799-2 is a British standard that provides a common framework to enable companies to develop, implement and measure effective security management practice. It guarantees the security procedures of firms with access to corporate IT networks.

While about 300 organisations are currently buying the details of BS7799-2 from the British Standards Institute each month, fewer than 100 UK firms have so far achieved accreditation.

Of this total, only a handful offer network management accredited to BS7799-2, because most accreditations are gained by organisations for their own corporate infrastructures.

Many central and local government organisations are now making compliance to BS7799-2 mandatory for any contracts where companies have access to network infrastructures handling key data.

In addition, many financial institutions are now using BS7799-2 as the framework for their information security management.

Firms that have developed information security management systems that conform to BS7799-2 are making a public statement of capability.

This commitment to information security demonstrates the integrity of their systems and processes as measured against industry best practice.

Mike Harris is managing director of Total Network Solutions.