Search FCW

Advanced Search
Subscribe Now!
Table of Contents
Sprint
Business
BPM
CXOs
Columns
Columnists
Defense
E-Government
Elections 2008
Enterprise Architecture
Funding
Homeland Security
Health IT
IPv6
LOB
Management
Procurement
Privacy
Policy
Program Management
State and Local
Security
Technology
Telework
Workforce

More Topics
resourcecenter
Home
Letters to the Editor
Current Issue/Download
Print/Online Archives
Editorial Calendar
researchstore
resourcecenter
Sprint Communications for Continuity of Operations
Oracle Resource Center
NEW! Priority Report: Virtualization
GSA: Your Customer Service Agency
Government Leadership Survey
Green Solutions Guide
Report: Information Sharing
DISA IT Strategy & Vision
Emergency Preparedness Report
Report: Green Computing
PEO EIS Guidebook
Content Library

More >>



Latest News
ADVERTISEMENT




 

Survey: Partnerships increase security risks

By David Hubler
Published on September 19, 2006

Comment

Click here to comment on this article

Related story links

Cybertrust acquires most of Ubizen's stock

CyberTrust builds PKI solutions package

Newsletters

You might also be interested in these FCW newsletters:

Daily

To learn more, click here.

Nearly three-quarters of businesses and government agencies believe having partners increases the chances of an information security breach, and 13 percent said they have terminated a partnership because of security concerns, a new survey found.

Cybertrust, a global information security consulting company, conducted the survey of more than 200 organizations worldwide. More than 8 percent of the organizations were government agencies.

According to the findings, organizations overwhelmingly agree on the need to monitor their business partners’ security, but less than 50 percent said they do so. Organizations that do assess their partners’ security are three times less likely to experience security breaches.

One-third of respondents reported at least one security incident involving business partners in the previous year. Malicious code was the most prevalent at 43 percent, followed by:

  • Unauthorized network access, 27 percent.
  • Denial-of-service attacks, 9 percent.
  • System abuse or misuse, 8 percent.
  • Data theft, 7 percent.
  • Fraud, 6 percent.
Many organizations and agencies have internal compliance mandates and security audits, but they do not have a programmatic way of assessing the security of their external networks, which includes those of their partners, said Peter Tippett, Cybertrust’s chief technology officer, in a statement accompanying the survey.

“Without this awareness, organizations continue to leave themselves open to financial and legal risks, as well as brand implications,” he said.

Although 91 percent of respondents said senior managers should make information security a moderate to high priority, about 50 percent said they believe their managers give it low priority or none at all.

When respondents were asked how often they assess the security of their partners’ information systems, about half said never or were not sure. Nineteen percent said they conducted assessments only prior to forming the partnership.

For those organizations that conduct security assessments, the predominant method was a simple informal agreement, accepting the partner's promise that its systems were secure. Formal written agreements ranked a close second, while a few reported using such measures as questionnaires, light scans and third-party audits.

The report, “Risky Business: Information Security in the Extended Enterprise,” can be downloaded free by clicking on “Risky Business.”

upcoming event

Enterprise Architecture 2008 - Washington, DC
September 9 - September 10, 2008

Occupational Health & Safety Executive Summit - Arlington, VA
October 6 - October 7, 2008


 

head
fcw
issue
First Name State
Last Name Zip
Title Email
     

Home | About | Contact | Customer Help | Privacy Policy | Editorial Info | Advertise | Link policy / Reprints | Site Map


1105 Media, Inc.

© 1996-2008 1105 Media, Inc. All Rights Reserved.