Headlines: September 27th, 2001

A survey to assess the scale of security breaches across the UK found that 38 per cent of public organizations experienced a violation of information security in the last six months. The national average of all organizations was 23 per cent. The survey is published jointly by certification firm, SGS, and security consultancy, Claritas. The study found that external hacking in the UK is largely restricted to the public sector. This is a consequence of the lure of confidential public records and sensitive information regarding national security. Over two thirds of security incidents involve virus infection.The public sector out performs others in terms of information security monitoring and procedures. Organisations generally make greater use of asset registers, penetration tests, internal audits, and confidentiality agreements than their private counterparts. In addition 85 per cent of public bodies have a policy for managing information security. The most difficult barrier to achieving a higher level of security was found to be organisational culture and 48 per cent of respondents to the survey gave this as the most severe hindrance to better security for their own systems. The study also revealed that 95 per cent of organisations continue to use paper to store information.