Forwarded From: Nicholas Charles Brawn <ncb05@uow.edu.au>
NOVELL: Poor information management threatens ...
06-11-1998 03:20
NOV 5, 1998, M2 Communications - NOVELL, UK -- Businesses that recognise
information as their chief asset and manage and protect it properly will
be the winners of the Information Age. Furthermore, failure to protect
information appropriately could cost an organisation dearly, claims Novell
in a report launched today in the UK entitled: "Electronic Confidence:
Doing Business in the 21st Century".
The report by Novell, the world's leading network software provider,
with Kroll Associates, the corporate risk mitigation consultants, aims to
help European business leaders understand the issues of information
security inherent in the Information Age, to enable them to capitalise on
the opportunities offered by Electronic Business.
The report identifies information, rather than raw materials or
capital, as the most valuable corporate asset in the modern electronic
age. It clearly illustrates that protection of that asset and secure
information management are vital challenges facing businesses of all
sizes. A challenge only made more critical as businesses connect to the
World Wide Web and extend their organisations to the Internet, which
remains, largely, an unknown quantity.
The report addresses the 'Information Age Paradox'; how can
corporations make their most important asset (information) flow freely to
all relevant parties, while at the same time protecting its value by
ensuring it is correct, contemporary and relevant, and does not fall into
the wrong hands?
It suggests that its resolution is a methodical, enterprise-wide
approach to information security, designed to allow organisations to
extract maximum value from their information, and allow it to be traded
electronically - without risking its integrity.
Andrew Sadler-Smith, managing director, Novell UK comments: "With the
growth of Internet-led business opportunities, the need to resolve the
security conundrum is of increasing importance to enable organisations to
make the most of such technologies - without putting their valuable assets
at risk."
Report author Dennis Willetts, director of information security at
Kroll Associates commented: "Failure to implement even a basic approach to
information security could jeopardise an organisation's most important
asset, information. At Kroll Associates, we often see the costly
consequences that this neglect can produce".
Threats to information
Several categories of potential threats to information are highlighted.
These should be anticipated and evaluated by business managers before a
security policy can be reached: external threats; hackers, fraudsters or
'cyber-warriors' who are responsible for electronic 'break-ins' which may
result in the stealing or unauthorised manipulation of information
internal threats; accidental, malicious or careless acts committed by
employees that threaten information acts of god; uncontrollable natural
disasters such as fire that can destroy electronic systems others; such as
computer viruses and Year 2000
Information security management
The report then outlines how to build an enterprise-wide, information
security management model based on these potential threats - and stresses
the vital importance of assigning board-level responsibility for managing
information.
"The Boardroom is waking up to the fact that information, rather than
raw materials or capital, is now the most valuable corporate asset,"
comments Dennis Willetts. "An information security management model needs
to be created which takes an holistic view of security, assessing and
countering threats wherever they arise across the enterprise. This
includes staff education, which should be repeated at regular intervals to
reinforce the security message."
Technology tools can provide a solution to information management
issues - for example, by identifying access points and all potential users
of a system. However, Andrew Sadler-Smith stresses that without education,
such management tools may not be enough: "Sophisticated technology can
only be truly effective if staff are trained in its use".
A security checklist
In the report, Kroll Associates defines the essential points that an
organisation should review before it can conduct Electronic Business with
confidence: Identify the systems and its boundaries Identify critical
information at risk Decide what level of vulnerability is acceptable
Choose the control objectives Select the appropriate information security
controls Devise a complementary security training and awareness programme
Implement under a quality management system Collate evidence of effective
implementation Carry out periodic checks
Andrew Sadler-Smith concludes: "There are several key issues that all
organisations need to address before they can make the most of
opportunities afforded by Internet-led technology and achieve Electronic
Confidence".
About Novell
Founded in 1983, Novell (NASDAQ: NOVL) is the world's leading provider
of network software. The company offers a wide range of network solutions
for distributed network, Internet/intranet and small-business markets, as
well as the network computing industry's most comprehensive education and
technical support programmes. Information about Novell and its complete
range of products and services can be accessed on the World Wide Web at
http://www.novell.com.
UK Web site is at http://www.novell.com/uk/
About Kroll Associates
Since 1972 Kroll associates has been the world's market leader in
providing to help clients evaluate risks, realise opportunities and
resolve problems. Kroll's staff are specialists in defining investigative
assignments, gathering information and providing advice.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Sat Nov 7 13:20:45 1998