CANADA CORPORATIONS WAKING UP TO REAL THREAT OF DATA LOSS Canadian Security - Corporations waking up to real threat of data loss:

Corporations waking up to real threat of data loss
PDF Print E-mail

More companies need to form policies for vendor risk management

As stories of large-scale personal data leaks and identity theft continue to monopolize the headlines, it appears that companies are finally waking up. Seventy five per cent of CIO’s and CISO’s across 350 global companies ranked privacy and personal data protection as the area in which they are most proactive, according to Ernst & Young's 9th Annual Global Information Security Survey.


Still, while the problem is gaining attention in the boardroom, one quarter of companies currently have privacy projects underway and fifty per cent of survey participants cited removable media, mobile computing and wireless networks as significant risk to their organizations. As globalization and e-commerce advance, the amount of personal information that is shared continues to grow exponentially, meaning these risks will only increase. The Following are some tips from the report on what all companies should be doing to avoid security leaks:

• Spell it out. Establish formal internal policies for privacy and protection of customers’ personal information.
• Verify your vendors. Enforce standard procedures and requirements f for vendors and third parties who handle your company’s customer data.
• Take out the guesswork. Formalize access controls for information and information processes.
• Get on the same page. Make sure every employee receives privacy training.
• Keep a look out. Routinely assess your organizations privacy risks.

In this report, Ernst & Young has identified five major trends driving information security practices globally. In addition to personal data protection, they are compliance, vendor/third-party risk, business continuity, and the “mainstreaming” of information security.

Facts from E&Y’s Global Information Security Survey 2006:

Priority 1: Integrating Information Security with the Organization
Priority 2: Extending the Impact of Compliance
Priority 3: Managing the risks in third party relationships
Priority 4: Focusing on Privacy and Personal Data Protection
Priority 5: Designing and Building Information Security


Webblog Editor see weblink for full report