[ISN] Almost half ISO 27001 'compliant' firms break basic security
requirements
InfoSec News
alerts at infosecnews.org
Fri Oct 23 02:13:54 CDT 2009
http://www.computerworlduk.com/management/security/data-control/news/index.cfm?newsid=17211
By Leo King
Computerworld UK
October 22, 2009
Almost half of businesses that claim compliance with ISO 27001 are
sharing privileged user accounts and breaking other standard guidance,
according to a survey of IT managers.
Some 47 percent of firms in the UK said they were compliant with the
standard. But forty-one percent of these said that they were using
various non-compliant practices.
Bad practice by privileged users is putting European data at "high
risk", according to the 'Privileged user management - it's time to take
control' report. These practices included use of default user names and
passwords, the granting of wider access than is necessary, failure to
monitor the users, and an ignorance around the existence of privileged
users in the first place.
Two hundred and seventy European IT managers, including 45 in the UK,
were interviewed for the survey that was conducted by Quocirca.
[...]
More information about the ISN
mailing list