What is Issuer

Developments in multimedia technology and in networking offer to organizations new and more effective ways of conducting their businesses. That includes both internal as well as external contacts. Practically every business person owns a mobile phone, has PDA/laptop with wireless capabilities, and is able to communicate with colleagues/clients all over the world and from every place on the globe. As a result, well defined barriers between different organizations are becoming less and less visible. This technical progress intensifies the competing forces. In the past, an organization was directly exposed to competition located within their city or region. Now, due to easy communication, their competitor could be located on the opposite side of the globe. The advantage of using multimedia technology and networking could be accomplished only if data handled by a company are secure, that is, are available only to the authorised persons (confidentiality), represent true values (i.e., had not been changed during storage, processing, or transport), and are available on demand (availability). Thus, managing security of information becomes an obligatory part of running any modern IT system. There is not absolute IT system security. If a system is accessible by authorised people, by definition it is impossible to eliminate chances of unauthorised access. However, proper means exist to dramatically decrease the probability of occurrence of such unauthorised activities. This article illustrates the importance of proper managing in information security processes in an organization and presents a first level guidance on how to approach this problem. The most widely known document on information security is an annual Computer Crime and Security Survey (CCSS), conducted by San Francisco’s Computer Security Institute in cooperation with the FBI (CSI, 2006). It is based on responses from over 500 professionals representing all types and sizes of organizations from huge international corporations to small businesses from nationwide government agencies to small community centres. The message the survey is conveying is frightening: • Total losses for 2006 were $52,494,290 (USD) for the 313 respondents that were willing and able to estimate losses. • Losses due to virus contamination caused the most significant loss (over $15 million). • Unauthorised access to information was the second-most expensive computer crime among survey respondents. • As in previous years, virus incidents (65.2%) and insider abuse of network access (47%) were the most cited forms of attack or abuse. • The impact of the Sarbanes–Oxley Act on information security continues to be substantial. In fact, in open-ended comments, respondents noted that regulatory compliance related to information security is among the most critical security issues they face.