Audit commission report
Phil Cain
phil at headstar.com
Mon, 24 Sep 2001 17:31:53 +0100
This is a multi-part message in MIME format.
------=_NextPart_000_02E5_01C1451E.CD2D0660
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
An update on IT Abuse 2001: yourbusiness@risk
http://www.audit-commission.gov.uk/publications/yourbusrisk.shtml
Extracts:
"More sophisticated monitoring, blocking and filtering software is now =
available and organisations should consider how best to use it."
"As access to systems and use of services becomes more automated, so the =
identification and authentication process will need to be integral =
elements of the new technology. Organisations will need to consider =
cryptography and other related techniques to ensure that users are =
properly identified and that their access rights and restrictions are =
effectively monitored."
"While, for example, 98% of respondents now use email, only 51% saw this =
as presenting a medium-level risk to their organisations, and yet our =
survey shows that email provides the means for introducing viruses and =
unsuitable material into IT systems."
ISO/IEC 17799 formerly BS7799: Adoption of the security standard has =
fallen to 15% from 19% in 1997. 70% said they have not sought =
certification with many saying it was not a business priority.
Statistical titbits:
Of the 688 organisations surveyed (542 public sector, 146 private):
76% monitor Internet activity
53% monitor email
40% of hacking incidents perpetrated by organisations' own staff
Phil Cain
editor/publisher
headstar.com
t: +44 1273 231 291
f: +44 1273 232 179
E-Government Bulletin (http://www.headstar.com/egb)
E-Access Bulletin (http://www.e-accessibility.com)
E-Legality Bulletin (http://www.e-legality.org)
VoxPolitics (http://www.voxpolitics.com)
------=_NextPart_000_02E5_01C1451E.CD2D0660
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2919.6307" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><FONT=20
face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA">An=20
update on IT Abuse 2001: =
yourbusiness@risk</SPAN></FONT></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><A=20
href=3D"http://www.audit-commission.gov.uk/publications/yourbusrisk.shtml=
">http://www.audit-commission.gov.uk/publications/yourbusrisk.shtml</A></=
SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: =
AR-SA"></SPAN></FONT> </DIV>
<DIV>Extracts:</DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA">“More=20
sophisticated monitoring, blocking and filtering software is now =
available and=20
organisations should consider how best to use=20
it.”</SPAN></SPAN></FONT></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA">“As=20
access to systems and use of services becomes more automated, so the=20
identification and authentication process will need to be integral =
elements of=20
the new technology. Organisations will need to consider cryptography and =
other=20
related techniques to ensure that users are properly identified and that =
their=20
access rights and restrictions are effectively =
monitored.”</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: =
AR-SA"></SPAN></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA">“While,=20
for example, 98% of respondents now use email, only 51% saw this as =
presenting a=20
medium-level risk to their organisations, and yet our survey shows that =
email=20
provides the means for introducing viruses and unsuitable material into =
IT=20
systems.”</SPAN></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: =
AR-SA"></SPAN></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA">ISO/IEC=20
17799 formerly BS7799: </SPAN></SPAN></FONT><FONT face=3DArial =
size=3D2><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA">Adoption=20
of the security standard has fallen to 15% from 19% in 1997. 70% =
said they=20
have not sought certification with many saying it was not a =
business=20
priority.</SPAN></SPAN></SPAN></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA">Statistical=20
titbits:</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: =
AR-SA"></SPAN></FONT> </DIV>
<DIV>Of the 688 organisations surveyed (542 public sector, 146 =
private):</DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: =
AR-SA"></SPAN></FONT><FONT=20
face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: =
AR-SA">76% =20
monitor Internet activity</SPAN></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: =
AR-SA">53% =20
<SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: =
AR-SA">monitor email</SPAN></SPAN></SPAN></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: =
AR-SA"></SPAN></SPAN></SPAN></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA"><SPAN=20
style=3D"FONT-FAMILY: 'Times New Roman'; FONT-SIZE: 12pt; =
mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-GB; =
mso-fareast-language: EN-US; mso-bidi-language: AR-SA">40%=20
of hacking incidents perpetrated by organisations' own=20
staff</SPAN></SPAN></SPAN></SPAN></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Phil =
Cain<BR>editor/publisher<BR>headstar.com<BR>t:=20
+44 1273 231 291<BR>f: +44 1273 232 179</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>E-Government Bulletin (<A=20
href=3D"http://www.headstar.com/egb">http://www.headstar.com/egb</A>)<BR>=
E-Access=20
Bulletin (<A=20
href=3D"http://www.e-accessibility.com">http://www.e-accessibility.com</A=
>)<BR>E-Legality=20
Bulletin (<A=20
href=3D"http://www.e-legality.org">http://www.e-legality.org</A>)<BR>VoxP=
olitics=20
(<A=20
href=3D"http://www.voxpolitics.com">http://www.voxpolitics.com</A>)</FONT=
></DIV></BODY></HTML>
------=_NextPart_000_02E5_01C1451E.CD2D0660--