Skip to main content

50 Percent of ISO 27001 Companies Not Respecting Security Rules

If the findings of a recent survey by Quocirca are to be believed, nearly 50 percent of organisations in Europe that claim to have attained the ISO 27001 standards are apparently sharing their privileged user accounts and are not following other standard guidelines.

The survey which was based on a sample size of 270 European IT managers including 45 managers from United Kingdom has raised serious questions about data security in organisations.

It has been reported that nearly 47% of firms in the United Kingdom claimed that they have followed the specified ISO standards while 41% of these organizations said that they were also using several non-compliant practices.

The European data is at a high risk because of bad and fraudulent practices which includes the use of default user names and passwords, failure to monitor users and negligence in the existence of privileged users.

What is more surprising is that 29% firms in the UK trust the manual control of privileged users, who include personal users, system administrators and application service users while only a quarter of them use privileged user management software that helps in business enforcement and tracking policies.

In order to secure the date present in an organisation, the study has highlighted the urgent need to introduce individual accountability, secure log files and follow a privileged user management.

Our Comments

Quocirca's survey results are worrying indeed and shows how difficult it is to educate senior managements and those in power. Apart from the insider threat, there's also the possibility that failure to respect simple security procedures (like using strong passwords) could allow outsiders to bypass security perimeters altogether.

Related Links

Privileged users posing threat to IT security (opens in new tab)

(ashdowngroup.com)

Almost half ISO 27001 'compliant' firms break basic security requirements

(computerworlduk.com)

Privileged users threaten IT security, study reveals

(computerweekly.com)

Europeans Warned Of Security Threat From Privileged Users

(eweekeurope.co.uk)

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.