IT security and the boardroom knowledge gap

How many board directors know what ISO 27001 or ISO 17799 are? For that matter, how many still don’t know a firewall from a fire extinguisher? We are finding that, although an increasing number of non-IT company directors want to get to grips with data security, a limited technical understanding continues to frustrate the efforts of many. As a result, information security remains something of a ‘Bermuda Triangle’ in the executive role – everyone knows it’s there, but it’s surrounded in mystery and few have actually ventured in.

Clearly, this is a situation that has to change and we have just launched a new book to help bridge this boardroom knowledge gap. ‘A Business Guide to Information Security‘ is written for non-IT directors and is co-published by Kogan Page and the UK’s Institute of Directors, which has also endorsed the book because of its relevance to SMEs as well as large businesses. We have taken data security issues from the ground up, in order to explain the various threats to a company’s systems and what has to be done to address them. (If you are interested, the book is widely available through bookshops and also here.)

It would be good to hear some feedback on directors’ current awareness and concern about the data security issue – we think it is definitely on the increase but has a long way to go. What will it take to really get it onto every boardroom agenda?