Corporate IT largely remains unprepared for preventing and overcoming breaches of information security despite the terrorist attacks of Sept. 11, a recent survey found.
Computer Sciences Corp., of El Segundo, Calif., found in a post-Sept. 11 survey that IT organizations lack basic procedures that could help prevent security breaches.
Almost half—46 percent—didnt have a formal information security policy in place, and 68 percent do not regularly assess their risk for security breaches or track the status of information security.
"Were still breaking through that historical perspective that information security is just a cost, and if theres some way to avoid it, then we will," said Ron Knode, CSCs global director of managed security services.
CSC conducted the survey of 56 worldwide IT executives on information security as an addendum to its 14th Annual Critical Issues of Information Systems Study. In that earlier survey of 1,000 worldwide IT executives completed before the attacks, CSC found that information security was only the fifth most important issue for corporate IT. It trailed efforts to get more value from enterprise systems; to improve the effectiveness of their organizations; to better organize and use data; and to connect customers, suppliers and partners electronically.
Knode said enterprises must move beyond viewing information security as simply responding to failures and take a more proactive approach. At a minimum, he said, they should take the following steps to be better prepared for the threat: Organize a task force responsible for information security, define and develop a formal information security plan, coordinate security among all teams within IT, and conduct regular security audits.