Professional Documents
Culture Documents
Security Failure
Understanding security risk and strategy in the Telecommunications,
Media and Entertainment sectors
This illustration of security risk is not as uncommon IT and Network Security has a strong element of
as one might think. And when you consider the Information Security embedded within, but more
principle illustrated here in other areas of security, fundamental logical, physical and people security
then the issues become even more significant. concerns should also be considered as part of an
overall plan. Although certain systems may not
Many issues arise from the poor operation of host or process data that might be considered
security controls that are put in place, i.e. the sensitive, security failure might result in lost
human factor. Any security defence is only as revenues or increased costs. For example, internal
strong as the weakest link and all too often that is fraud is a very common problem and every CSP
our people! Security practices are often perceived will suffer to an extent (in one operation in Asia
as a hindrance and so many will passively or 11% of revenue was lost to internal fraud). Many
deliberately not comply, without really seeing the such frauds are facilitated by poor security.
bigger picture and the damage that can be done.
How do you know if you have a
What are the common problems
problem?
leading to security exposure?
The range of security issues is broad so the nature
Information Security is probably one of the most of the problems will reflect that. There will always
commonly addressed areas of risk, but in practice be specific incidents that bring security failure to
there tends to be much room for improvement in the attention of management; however, it is the
many organisations. Accentuated by the need to security failure that remains undetected that
protect certain types of data through regulation, causes the most concern. Apart from responding
e.g. ‘personal data’ protection laws, the highly to incidents, the only real way to identify security
competitive nature of some markets, and the risk is to be proactive and assess risk throughout
increasing dependence on IT systems for business the business.
operations, Information Security usually draws the
most attention. However, in reality this
responsibility tends to be focussed on IT teams
where IT is actually just one facet of Information
Security – the basic issues are often not
addressed and sensitive information may be
exposed through other (non-technical) means. For
example, the head of marketing that had the
company’s new strategy document taken from his
desk when the office was unlocked; or the early
release of market-sensitive business performance
data through a disgruntled employee that was able
to lay hands on a print-out left on a photocopier; or
the selling of VIP address and personal details
obtained from forms or returned bills stored in non-
secure facilities; or the non-secure disposal of
waste paper providing a fraudsters dream!