|
|
ISF: information Leakage - A new name for an old problem; Media
attention is driving senior managers to plug Information Leakage gaps
says Information Security Forum
(M2 PressWIRE Via Thomson Dialog NewsEdge)
RDATE:03122007
Adverse publicity and damage to customer trust resulting from the loss
of confidential information is focusing the attention of senior
executives on the dangers associated with information leakage, claims a
new report from the Information Security Forum (ISF). But the report
that has been released into the public domain today
(www.securityforum.org) also highlights that while the term
information leakage' may be new, it is a problem that organisations
have had to deal with for many years.
"While there are some new factors and challenges, it is really just a
new name for an old problem," says report author Andy Jones, senior
research consultant at the ISF. "For large organisations a certain
level of information leakage may be inevitable through unintentional
actions, rather than malicious intent. What's important is to focus
resources on identifying and protecting high value data and increasing
awareness of the risks."
Information leakage, or a breach in the confidentiality of
information' can take place at any vulnerable point in a company's
security system where data is being processed, transmitted, copied or
stored. Human error accounts for most information breaches such as the
loss of a laptop, sending a confidential email to the wrong address, or
not providing sufficient protection to information in transit.
New high-profile vulnerabilities have also been introduced through the
increase in high capacity storage devices such as USB keys or MP3
players and the growing popularity of social networking sites such as
Facebook and MySpace. Employees can inadvertently place classified
business information on these sites that may compromise someone's
identity, for example.
"Increasing risks, combined with recent high profile security breaches
and the growing list of data protection and confidentiality
regulations, from US breach notification laws to the Gramm-Leach-Bliley
Act, have also helped information leakage reach the top of boardroom
agendas," says Jones.
The ISF briefing, normally only available to ISF Members, has been
released publicly to help organisations to identify specific threats
and vulnerabilities that present the greatest risk. For example, data
transmitted by a Virtual Private Network (VPN) has a very low degree of
exposure compared to a standard internet connection or the spoken word.
Storage is particularly vulnerable where data is stored on laptops, USB
devices or home PCs. Printed papers are highlighted as presenting high
levels of risk, but are often neglected and poorly protected.
The ISF briefing provides guidelines on how to identify and deal with,
or avoid, information leakages through appropriate controls ranging
from access control to laptop or USB encryption. A high priority is
also placed on educating and warning staff and third parties in order
to reduce incidents.
"Delivering the right message on information leakage is difficult and
all too often is perceived as we don't trust you - therefore we will
lock everything up'," says Jones. "A balance should be established
between protecting information and sharing it for business benefit.
Information leakage is an old familiar problem, but it does appear to
be enjoying a new lease of life."
The ISF information leakage briefing is one in a series of special and
timely reports on information security related issues compiled through
research and interviews with ISF Members, and is available from
www.securityforum.org
The Information Security Forum is a not-for-profit international
association of over 300 leading organisations, which fund and
co-operate in the development of practical, business driven solutions
to information security and risk management problems. The ISF
undertakes a leading-edge research programme and has invested more than
US$100 million to create a library of over 200 authoritative reports
along with information risk methodologies and tools that are available
free of charge to ISF Members.
In addition, the ISF Standard of Good Practice for Information Security
2007 has recently been published and is also available free to
non-members at www.isfstandard.com.
CONTACT: Peter Rennison/Allie Andrews, PRPR
Tel: +44 (0)1442 245030
e-mail: pr@prpr.co.uk
e-mail: allie@prpr.co.uk
((M2 Communications Ltd disclaims all liability for information
provided within M2 PressWIRE. Data supplied by named party/parties.
Further information on M2 PressWIRE can be obtained at
http://www.presswire.net on the world wide web. Inquiries to
info@m2.com)).
Copyright 2007 M2 Communications Ltd.
[ Back To TMCnet.com's Homepage ]
|
|
Discussions:
|
|
INDUSTRIES
Activate Email 
