Engaging the Board: Corporate Governance and Information Assurance
Abstract
The UK is committed to an ambitious vision in which electronic networks will create an Information Society and Knowledge Economy. Information and Communication Technologies (ICT) hold the potential to revitalise UK business, to spur economic growth and competitiveness, to revolutionise working practices and living environments as well as to transform government services and our democratic process. With the froth from the dot.com bubble out of the way, UK businesses are getting down to the serious task of harnessing ICT to make them more competitive. However, it is clear that electronic networks will only be exploited if trust and confidence can be assured. Today, cyber-crime and information security incidents are deterring consumers and imposing costs on businesses. Tomorrow, as organisations become more dependent upon networks, insecurity will be a business critical issue. The UK's corporate leaders are increasingly aware of the importance of managing information risk. Unfortunately, this awareness is not yet being translated into effective risk management and controls. Although almost half of UK companies suffered an information security breach in 2001, only one in 20 has achieved compliance with the international standard for information security management (1S017799). The gap between the business expectations being placed on electronic networks and the means by which senior management are managing the risks needs to be closed if our visions of the Information Society and Knowledge Economy are to be realised.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jan 01, 2003
- Accession Number
- ADA426887
Entities
People
- Aarti Anhal
- Andrew Rathmell
- Kevin W O'Brien
- Stephanie Daman
Organizations
- RAND Corporation