2005 will be the year that more organizations crash and burn through inadequate information security and IT governance practices – more IT projects will go wrong, more malicious incidents, more organised crime frauds and some serious terror attacks, along with even more viruses and increasingly clever spammers – remembering that 80% of organizations never recover from a serious business interruption (fire, fraud, terrorism, etc), the turn of the year is a good time to re-think security postures.
The revised and updated ISO 17799, due out in Spring 2005, will not, on its own, save many organizations – what will save organizations is directors and boards making a conscious effort to put information security on their board agendas and to keep it there throughout the year – and keep it there while they make sure that their organizations are tackling IT projects and information security strategically and systematically.
