I’ve been of the view, for some time, that effective corporate information security will only come to pass when company directors are prosecuted, fined and jailed for failures to implement and maintain effective information security management systems.
Here are two stories that rather illustrate the point:
- Companies not evaluating security policies efficiently (if at all)
- Companies mostly unprepared to prevent data leaks over email
And it’s all actually quite straightforward – implement ISO27001, obey the Data Protection Act, and have happy customers, staff and regulators!