MS-MIS PracticumSaahil Goel

Information security awareness◦ Top management initiative◦ Business unit leaders involved in decision making◦ IT Spending and attitude◦ Reactive rather than Proactive◦ Increasing risks, dependency and complexity◦ Economic savings and profits

Information is not available in understandable form

President Bush’s National Strategy to Secure Cyberspace

Many business leaders (SMEs) view IS security as a non-key element to run their business (WSJ)

Look for tangible benefits only (BW) – hard to ‘sell’ security to top management

Information is difficult to understand (NW) Financial services industry has highest

security spend (CIO)◦ Driven by compliance◦ Easier to spend money on security – criticality of

data, shareholder wealth creation Lack of security awareness leads to

complacency to learn (INFOWEEK)

Companies lose money every year because of identity theft, fraud and data breaches(Network Security Journal)

Trust of customers & brand equity Stock value – permanent damage Stockholders

Sun Microsystems◦ Build culture of security awareness◦ Separation of unit which governs risk from

technology and from business Deloitte

◦ Training and Awareness – one of the top agendas for FSIs across the globe

◦ Monitoring and measurement of security awareness

Post September-11 terrorist attacks◦ Business Continuity Planning◦ Data Recovery Sites◦ Security became a concern

Business leaders in SMEs still complacent Compliance plays a major role (SOX) FSIs most active Management still views security as sunk cost Economic benefits are still key in management’s eyes Difference of opinion between technology and business

leaders Risk and security are viewed as technology initiatives

rather than business ones