Protecting and Securing Information Systems Does Not Top List of IT Concerns

EL SEGUNDO, Calif., Nov. 19 -- Despite the events of Sept. 11 and the ongoing war against terrorism, corporate information systems remain dangerously vulnerable to cyber attacks, according to the findings of a Computer Sciences Corporation (NYSE: CSC) survey released today.

Survey results revealed the following weaknesses among the organizations polled:

• 46% do not have a formal information security policy in place;
  
  
• 59% do not have a formal compliance program supporting their information systems (IS) function;
  
  
• 68% currently do not regularly conduct security risk analyses or security status tracking.

These findings, focused specifically on information security, are contained in an October addendum to CSC’s 14th Annual Critical Issues of Information Systems Study, a survey of more than 1,000 information technology (IT) executives worldwide completed in August 2001.

The annual CSC Critical Issues Survey revealed that IS managers generally held a lackadaisical view toward protecting and securing information systems prior to the attacks against the World Trade Center. When asked to select from a list of issues that are most important to the organization, global technology executives said eliminating systems vulnerabilities to minimize risks and to safeguard information resources only ranked fifth.

“While most IS professionals recognize the benefits of protecting and securing data, the business leadership in the organization still sees security as a ‘nice to have’ rather than a ‘need to have,’” said Ron Knode, CSC’s global director, managed security services. “It’s not until something goes wrong that perceptions change. The fact is, it costs far less to establish the right security measures at the outset than it does to recover from a breach in security.”

Knode recommends that organizations take the following measures to enhance their information security policies and procedures:

• Designate a task force responsible for the information security policy program. This task force (or individual) must have the authority, resources and accountability necessary to execute the program from start to finish;
  
  
• Define and develop an information security plan;
  
  
• Coordinate with all teams across the IS organization; and
  
  
• Conduct regular audits and follow up on any findings.

With the increased reliance on the Internet, companies have become dependent on electronic transactions, communications and capabilities. When these resources are affected by security breaches, it can cripple many businesses -- and bring others down completely, Knode explained. Many industries, such as healthcare and financial services, have established regulations requiring companies to implement security and storage policies.

Knode added, “There has been significant media attention focused on the risks of cyber terrorism. While cyber terrorism is a very real concern, disgruntled employees or hackers also pose a risk to an organization’s data and intellectual property.”

Other Technology Priorities Identified

According to the CSC survey, the most important issue to global technology executives was getting maximum value from their existing enterprise systems.

“At first glance, executives seem to be preoccupied with wringing efficiencies out of the IS organization and enterprise systems,” said Van B. Honeycutt, CSC’s chairman and chief executive officer. “Yet, if we look at the underlying messages, executives are focused on enterprise buildouts to extend collaboration throughout the supply and CRM process. The goal is not the technology, but rather, synchronizing business processes with information technology at the center.”

The second issue of critical concern to information technology executives, cited by 63 percent of respondents, is “optimizing organizational effectiveness” principally by partnering with the organization’s senior management to create and sustain value.

“Building relationships with the leadership team, as well as with customers, suppliers and even competitors -- in essence, creating a collaborative relationship chain -- is key to enhancing value and producing results,” Honeycutt pointed out.

In the wake of the demise of many dot com companies and in light of the increasingly inward-looking priorities of executives in this year’s survey, e-business seems to have fallen out of the spotlight for this year, according to the CSC survey. Developing an e-business strategy, which ranked five in last year’s survey, fell to 12 this year.

“Despite highly publicized dot com failures, e-business is not dead,” Honeycutt said. “Instead, it is viewed as a routine part of new systems. As organizations seek greater return on investment, business processes will become an essential source of that return, and integration of process with technology is essential.”

The respondents to this year’s Critical Issues Survey included chief information officers, vice presidents and directors of technology departments representing organizations in various markets, such as financial services, healthcare, consumer goods and government. In addition, the survey examined key IT initiatives, such as outsourcing, systems development, e-business and emerging technologies. Of the 1,000 respondents, 34 percent were from organizations in North America; 29 percent were from Europe; 13 percent were from Australia; and 24 percent were from Asia.

"CSC's 14th annual survey provides a solid analysis of current issues and directions in information systems management worldwide,” said Denny Wayson, vice president and chief analyst of the Enterprise Solutions practice of Gartner Dataquest, a leading market research firm. “The principle findings, that IT management is focusing on optimizing IT service delivery across the enterprise and focusing on organizational effectiveness, is very consistent with current research from Gartner Dataquest on customer buying trends and sourcing strategies."

CSC’s Annual Critical Issues of Information Systems Management Study, including results by industry segment, is available on CD-ROM and online at www.csc.com.

Computer Sciences Corporation, one of the world’s leading consulting and IT services firms, helps clients in industry and government achieve strategic and operational results through the use of technology. The company’s success is based on its culture of working collaboratively with clients to develop innovative technology strategies and solutions that address specific business challenges.

Having guided clients through every major wave of change in information technology since 1959, CSC combines the newest technologies with its capabilities in consulting, systems design and integration, IT and business process outsourcing, applications software, and Web and application hosting to meet the individual needs of global corporations and organizations. With some 68,000 employees in locations worldwide, CSC had revenues of $11.1 billion for the 12 months ended September 28, 2001. It is headquartered in El Segundo, Calif. For more information, visit the company’s Web site at www.csc.com.