More firms integrate Security
Date: 20-12-2007
Source: The Business Times
Organisations are getting better at integrating security with risk management, and are more positive in their outlook on security, according to the latest annual study by Ernst & Young.
Its 10th Global Information Security Survey noted that more Singapore organisations have fully integrated security with risk management initiatives, rising from 21 per cent of respondents in 2006 to 39 per cent this year. A major stimulus for this trend, the study noted, is regulatory compliance.
Another finding in the study showed that Singapore respondents now view business security as a business enabler, instead of barrier. The latter had been the prevalent view in the past years of the survey. In all, 65 per cent of Singapore organisations now feel that information security improves IT and operational efficiencies.
For both sets of findings, similar trends had also been echoed by respondents from other countries.
But while Singapore companies are finding more success in implementing security processes within their organisations, they will have to overcome the ongoing skilled labour crunch if they want to ensure current and future projects stay on course. 'The lack of skilled resources in both creating a proper governance and decision-making structure, along with project oversight often results in a series of failed or delayed projects,' said John Chin, head of Ernst & Young's risk advisory services practice in Singapore.
He encourages organisations to turn to security outsourcing or co-sourcing as a solution. The study noted that this is already a major trend in Singapore, especially when it comes to outsourcing specific security functions like penetration testing.
Penetration testing is the practice of subjecting a company's assets to simulated hacker attacks to ascertain its vulnerability and security readiness.
Besides penetration testing, other security functions that will suit outsourcing are security training, security design, as well as architecture and procedure development, said Mr Chin. He noted that these functions typically require technology experts with a broad knowledge of industry best practices, experience in multiple product portfolios and are familiar with local regulatory requirements.
According to the study, 52 per cent of survey respondents in Singapore have turned to outsourcing certain elements of information security. It was higher, however, at 63 per cent in 2006.
Mr Chin attributed the drop to the 13.1 per cent increase in survey participation of companies from the financial services industry (FSI) compared to 2006.
He explained: 'FSI is a highly regulated industry and compliance with regulations is a top priority. They therefore tend to have dedicated in-house teams to manage information security. Hence, they are less likely to outsource the more sensitive elements of information security as compared to companies in other sectors.'
The survey involved about 1,300 organisations spread across major industries.
.jpg)
