IT experts: tighten cyber-security. (Property/Casualty: Loss/Risk Management Notes).A cyber-loss control expert at Chubb Group of Insurance Cos. is advising U.S. companies to increase their cyber-security. "Cyber-warfare is a real possibility, given the skill sets and resources of today's terrorists and cyber-criminals," said James Tucker, assistant vice president, Chubb & Son, and loss control computer security specialist, Chubb Commercial Insurance. "The threat of cyber-terrorism, push-button (electronics) push-button - A roughly fingertip-sized plastic cover attached to a spring-loaded, normally-open switch, which, when pressed, closes the switch. Typical examples are the keys on a computer or calculator keyboard and mouse buttons. warfare and launching online bombs at corporate targets thousands of miles away is very real." Tucker noted that a successful cyber-security breach could translate into significant financial loss, loss of market share, loss of reputation and a falling stock price, significantly impacting shareholder value. The Business Software Alliance has released a survey that mirrors this concern. The U.S. Business Cyber Security Study, which was conducted by Ipsos Public Affairs Those public information, command information, and community relations activities directed toward both the external and internal publics with interest in the Department of Defense. Also called PA. See also command information; community relations; public information. , questioned 602 information technology professionals and more than 1,000 Internet users Internet user n → internauta m/f Internet user Internet n → internaute m/f . The study found that this industry segment thinks the risk of a major cyber-attack on U.S. businesses has increased since Sept. 11. While about 62% of respondents In the context of marketing research, a representative sample drawn from a larger population of people from whom information is collected and used to develop or confirm marketing strategy. said the risk has grown, 47% think U.S. businesses are likely to face a major cyber-attack within the year. To help companies respond to cyber-terrorist threats, Tucker recommends 10 steps for companies to take in designing an information and networking security program: 1. Don't downplay down·play tr.v. down·played, down·play·ing, down·plays To minimize the significance of; play down: downplayed the bad news. Verb 1. the risk. Acknowledge that the cyber-terrorist threat exists and prepare for cyber-warfare. 2. Emphasize prevention over repair and invest in an enterprisewide cyber-security plan. 3. Institute a corporate cyber-risk management, information and network security assessment with input from representatives of all disciplines within the company, not just the information technologists. 4. Appoint a senior executive who will be responsible and accountable for the assessment and the security plan. 5. Establish trust within and outside the organization. Include supply chain, Internet service providers Internet service provider (ISP) Company that provides Internet connections and services to individuals and organizations. For a monthly fee, ISPs provide computer users with a connection to their site (see data transmission), as well as a log-in name and password. , business partners and vendors in the assessment plan and demand confirmation of the sturdiness stur·dy adj. stur·di·er, stur·di·est 1. Having or showing rugged physical strength. 2. Substantially made or built; stout: sturdy canvas. 3. of security systems. 6. Establish internal information security education, training and awareness. 7. Initiate security auditing, validation See validate. validation - The stage in the software life-cycle at the end of the development process where software is evaluated to ensure that it complies with the requirements. and measurement processes. Report all security violations, not just the major ones. 8. Use independent cyber-security expertise to test and validate To prove something to be sound or logical. Also to certify conformance to a standard. Contrast with "verify," which means to prove something to be correct. For example, data entry validity checking determines whether the data make sense (numbers fall within a range, numeric data security systems. 9. Protect critical servers. The Internet may provide easy and unwelcome access from outsiders. 10. Conduct a risk assessment and evaluate the cost effectiveness of implementing protection. For example, evaluate the trade-off between how well and how fast a Web site functions, and the security issues. Risk of Major Cyber-Attack On U.S. Businesses Do you think that the risk of a major cyber-attack on U.S. businesses has strongly increased, somewhat increased, remained the same, somewhat decreased, or strongly decreased since 9/11? Strongly Increased 14% Somewhat Increased 48% Remained the Same 30% Somewhat Decreased 5% Strongly Decreased 2% Not Sure 1% Source: Ipsos Public Affairs Note: Table made from pie chart |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion