The Increase in Security Failures and Privacy Breaches Often Due to Wrongsourcing: Researchers
Submitted by: Informatica Security Corporation
2008-01-14 00:02:45
Toronto (OPENPRESS) January 14, 2008 -- Toronto-based Informatica Security Research estimates that the vast majority of issues involving the security and privacy of data, identity theft breaches, compliance failures and other information risk issues are due to poor strategic planning and IT governance.
Informatica's president, Claudiu Popa is a recognized information risk consultant who sees the issue as a management problem: "we have seen a general trend in North America where we often talk to companies that opt to force their internal IT departments to also manage security. Many organizations fail to realize that security management is not a core competency that neatly fits within IT governance activities. In fact, as companies scramble to achieve compliance with numerous standards and legislation, they often mismanage their operations and impact productivity. It makes no sense to in-source activities that are complex, expensive and often mismanaged instead of hiring qualified experts to get the job done. The flip side of what I call 'wrong-sourcing' is that organizations too often choose to outsource their core capabilities. This is backwards and executives should revisit their business objectives."
A recent study indicates that in European organizations at least 50% of an executive's time is spent looking for growth opportunities that can be readily exploited. In contrast, Informatica Research estimates that up to two-thirds of a North American executive's time is spent trying to cut costs and stretch existing resources to do more with less. The growing trend towards socially engineered security attacks takes advantage of the fact that organizations have dedicated few resources to best-of breed top-down solutions in favour of off-the-shelf band-aid products marketed for a naïve audience. "By wrong-sourcing security expertise, managers and executives place their operational effectiveness and customer data at risk." said Popa. "Standards bodies and industry auditors make no exceptions for organizations that claim ignorance of adequate security management, use improper internal auditing practices or simply do not enforce policies. We see such governance issues costing companies dearly, not only in financial terms, but also in brand erosion, loss of credibility, productivity and organizational effectiveness. Good information risk management is simply good business and should not be viewed through a narrow lens as purely a cost centre."
Companies seeking to implement proper IT governance and standards-based security management best practices should contact Informatica Security Corporation (www.SecurityandPrivacy.ca).
For media enquiries and security solutions contact:
