E-Book Overview
The effective management of risks online is likely to be the greatest business enabler / destroyer of the next decade. Clearly, organizations that do not move to full e-commerce functionality are unlikely to flourish; whereas those that ignore cyber crime and the "dark side" of the Internet are likely to get badly burnt.
This important new book highlights the key issues in online risk management, taking the premise that information security is no longer an issue confined to the IT department but is critical to all operational functions: finance, HR, marketing, production etc.
Nor are its solutions purely technical. With two thirds of security breaches said to be caused by human error, management controls and processes are equally important.
Published in association with the Institute of Directors in England, "The Secure Online Business" draws on the experience of leading firms and their advisers and uses up-to-date case studies to illustrate "best practice" in online risk management.
E-Book Content
The Secure Online Business
Consultant Editor: Adam Jolly
Kogan Page
The Secure Online Business
Consultant Editor:
Adam Jolly
Publisher’s note Every possible effort has been made to ensure that the information contained in this book is accurate at the time of going to press, and the publishers and authors cannot accept responsibility for any errors or omissions, however caused. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the editor, the publisher or any of the authors. First published in Great Britain and the United States in 2003 by Kogan Page Limited Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act, 1988, this publication may only be reproduced, stored or transmitted, in any form, or by any means, with the prior permission in writing of the publisher, or in the case of reprographic reproduction in accordance with the terms of licences issued by the Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publishers at the undermentioned addresses: 120 Pentonville Road London N1 9JN www.kogan-page.co.uk
22883 Quicksilver Drive Sterling VA 20166–2012 USA
© Kogan Page and Contributors 2003
British Library Cataloguing-in-Publication Data A CIP record for this book is available from the British Library ISBN 0 7494 3936 X
Typeset by Saxon Graphics Ltd, Derby. Printed and bound in Great Britain by Cambrian Printers Ltd, Aberystwyth
Contents Foreword George Cox, Director General, Institute of Directors Introduction Adam Jolly
xiii
xv
Part 1: Information at risk 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8
The business case for information security Nick Coleman, Head of Security Services, IBM and Chairman, SAINT The demand for continuous information Rick Cudworth, Partner, KPMG LLP The threat from cybercrime The Fraud Advisory Panel, Cybercrime Working Group, ICAEW Recent attack trends Stuart Eaton, Centrinet Recognising the enemy within Declan Grogan, Security Designers Cyberliabilities in the workplace Richard Woudberg, Legal Counsel, Integralis Data complacency Humphrey Browning, Head of Technical Consultancy, Nexor The marketing dimension Michael Harrison, Chairman, Harrison Smith Associates Stamping out the bugs Tony Neate, Industry Liaison Officer, National Hi-Tech Crime Unit (NHTCU)
3 12 18 22 26 33 37 41
47
Part 2: Points of exposure 2.1 2.2
Email Indicii Salus Web security Sam Green, Zeus Technology
53 61
_______________________________________________
ឣ VIII
CONT