Friday, 23 October 2009

Almost half ISO 27001 'compliant' firms break basic security requirements



Almost half of businesses that claim compliance with ISO 27001 are sharing privileged user accounts and breaking other standard guidance, according to a survey of IT managers.

Some 47 percent of firms in the UK said they were compliant with the standard. But forty-one percent of these said that they were using various non-compliant practices.

Bad practice by privileged users is putting European data at "high risk", according to the 'Privileged user management - it's time to take control' report. These practices included use of default user names and passwords, the granting of wider access than is necessary, failure to monitor the users, and an ignorance around the existence of privileged users in the first place.

Two hundred and seventy European IT managers, including 45 in the UK, were interviewed for the survey that was conducted by Quocirca.

emails

a

The Register - Security

IQ test

The Register - Security: Anti-Virus

HackWire - Hacker News