Today as never before, there is a rising tide of cybercrime, industrial espionage, and piracy threats to confidential organizational information and intellectual property. There is an increased need to focus on expansion and integration of information security compliance policies, mandates and new technologies to provide the highest level of protection to an organization’s Board of Directors confidential content materials.
The potential for significant threats to confidential content and intellectual property leakage and piracy requires a more aggressive approach to information security of an organization’s confidential board books and supplemental materials.
The Board of Governance organizations must continue to mandate that boards of directors and senior executives understand their compliance requirements to ensure the security and integrity of the organizational assets is protected against threats.
At the same time, companies in varied market segments have been burdened with inadequate IT technical and security resources dedicated to reducing the amount or impact of these data threats. Therefore a large portion of the task of protecting critical confidential board information falls squarely on the shoulders of board governance senior executives and boards of directors.
To achieve effectiveness in today’s complex, interconnected world, board information security must be addressed at the highest levels of the organization, not only regarded as a technical specialty relegated to the IT department. Information security is not only a technical issue, but a business and governance challenge that involves adequate risk management, reporting and accountability. Effective information security requires the active involvement of executives working with the IT professionals to assess emerging threats and the organization’s response to them.
It is interesting to note that in a recent survey, IT professionals say their senior management at their companies does not follow security procedures. In a survey, IT management said 42% of directors and senior managers ignore security issues, according to a worldwide security company based in Europe.
The survey asked 300 IT professionals who was most likely to follow security policies. The study found that 56% of senior management thinks security rules don’t apply to them. Ironically, it is the board of directors and executive management who have the most sensitive information that needs the highest level of security protection.
The study discovered others who do not follow their own organizational security rules. Twenty percent of IT professionals blamed senior managers, 17% blamed CEOs, and 20% blamed themselves.
“This is a tough problem. Seeing wanton disregard at a senior level for the policies and procedures put in place to protect an organization is infuriating, and a real challenge for the CISO who must balance the needs of a business with the requirement to protect assets,” said Nigel Stanley of Bloor Research, an IT research firm, in a statement.
It is fair to say there is a need for organizations to assess and institute new information security technologies and compliance policies, as well as apply security training to all key managers, executives and board members across the board. It is estimated that sixty-five percent of companies offer some sort of security compliance training for their employee groups, especially the senior management team and the board of directors.
The risk of confidential data loss is huge, so IT professionals should continually re-examine their internal security compliance policies, security technology and expand employee compliance training. But at the same time, the board of directors and senior management should be leading the rest of employees regarding adhering to their own company compliance policy about protecting their information assets and confidential content against possible outside threats.