This should be your IS agenda

14.11.2005
According to Ernst & Young, which recently published its global information security (IS) survey for 2005, malware and spyware have been relegated to second on the list of top IS threats for the first time in three years.

The survey found that over two thirds of the 1,300 respondents from 55 countries in the world (including South Africa) said that compliance with regulations was the primary driver for IS initiatives in business.

According to Shaun Nel, Ernst & Young's senior manager for information systems assurance and advisory services, the survey highlighted four major themes.

He says that the survey found that companies seem to be caught in a compliance paradox, where there is a driving force behind compliance, but that the vast majority of companies are not using the opportunity to proactively invest in IS.

"For example," Nel says, "just under 90 percent of respondents who are implementing IS measures, as a result of having to comply with regulations, focus on creating new policies and procedures."

In stark contrast, just over 40 percent of companies surveyed are using the compliance with internal control regulations as an opportunity to reorganize their IS function or to make changes to their existing security architecture.