No business Tikes to waste money. And IT professionals commonly have trouble in persuading management to invest in security. Often if security budgets are not linked to overall if investment, and IT staff are often the last to know about major IT decisions within their organisation. In fact the 2003 AusCFRT Computer Crime and Security Survey shows that only 11 percent of respondents believed that they were managing all computer security issues reasonably well. As part of the E-Security National Agenda, the Commonwealth government is developing a range of initiatives aimed at persuading senior business leaders to manage their information assurance risk. This is where existing Standards, such as AS/NZS ISO IEC 17799:2001 and AS/NZS 7799:2003 help by providing benchmarks for IT security. However, business leaders still need to be persuaded of the potential return on investment in appropriate IT security. When calculating this return on investment, much depends on the likely consequences of having poor if security. Downtime, loss or compromise of sensitive data and exposure to fraud are all containable risks. The cost of damage to reputation and/or the cost of litigation are, however, much harder to quantify.
展开▼
机译:没有生意浪费金钱。而且,IT专业人员通常很难说服管理层投资于安全性。如果安全预算通常不与总体投资挂钩,则IT员工通常是最后一次了解其组织内主要IT决策的人。实际上,2003年的AusCFRT计算机犯罪和安全调查显示,只有11%的受访者认为他们合理地管理了所有计算机安全问题。作为《电子安全国家议程》的一部分,英联邦政府正在制定一系列旨在说服高级企业领导人管理其信息保证风险的举措。这是现有标准(例如AS / NZS ISO IEC 17799:2001和AS / NZS 7799:2003)为IT安全提供基准的地方。但是,仍然需要说服业务领导者在适当的IT安全方面的潜在投资回报。在计算此投资回报率时,很大程度上取决于安全性差的潜在后果。停机,敏感数据丢失或泄露以及欺诈风险都是可以控制的风险。但是,声誉损失的成本和/或诉讼的成本很难量化。
展开▼
