Username

Password

I forgot my password

New User? Register Now

Resources
Virtual Library
How to Use This Resource
Ask a Librarian
Member Pricing
Salary Survey
Current Publications
Knowledge Shelf
eReads & Reference
PM KnowledgeWire

Research
Research Program
Submit a Sponsored Research Proposal
Current Research
Completed Research
Ideas for Research
PMI Research and Education Conference
Research Program Working Sessions
Research Member Advisory Group
PMI Online Research Community

Publications
Our Publications
PM Network
PMI Today
Project Management Journal
e-Newsletters
Our Book Publishing Program
PMI Publication Quizzes
Rights and Permissions for Use
Articles and Reprints
Editorial Calendars
Permissions FAQ

Standards
Standards Overview
2008 Standards Updates
Library of PMI Global Standards
Current PMI Standards Projects
Exposure Drafts
Standards Working Sessions
Standards Member Advisory Group
International Standards Activities

Surveys
How Surveys Aid the Profession
Tell Us What You Think
Past Survey Results
How to Post

Become a member.

Stand out from the crowd and demonstrate your project management skills with a globally recognized credential.

Safe and Secure

Companies are in a constant battle for IT security—but first they have to know what they’re up against.

Barely a week goes by without an IT security failure making headlines somewhere in the world. For project managers, the loss, damage and disruption that such breaches spark can be costly—and not just to the bottom line.

Although no region is free from the threat of hacking, malware, viruses and phishing attacks, the vulnerabilities—and the responses to them—vary widely around the globe. “Different geographies face different imperatives,” says Mark Lobel, a New York, New York, USA-based member of the information security management committee for ISACA, formerly the Information Systems Audit and Control Association.

“Europe and North America have been alert to the dangers of security breaches for longer due to earlier technology adoption, while Asia has tended to place a much lower level of emphasis on it,” he explains.

But that is changing, Mr. Lobel adds. “India’s spending on security capabilities as a percentage of those surveyed now lead the United States—and most other countries worldwide,” says Mr. Lobel.

The number of Indian respondents who reported having an information security strategy in place jumped 112 percent since 2006 according to the Global State of Information Security 2008, an annual global survey of more than 7,000 high-level executives and IT and information security vice presidents and directors by PricewaterhouseCoopers, CIO and CSO magazines.

There has also been an 82 percent increase in those reporting they conduct periodic threat and vulnerability assessments. The precise nature of the security threat also varies by region.

In South America, for instance, disgruntled employees and poor company infrastructure are some of the main risks, says Ramiro Rodrigues, a São Paulo, Brazil-based chief security officer for Latin America telecom giant BT Global Services. “The economic downturn, job insecurity and dissatisfaction—all of these may undermine employee loyalty to the point of becoming a serious threat,” he says.

This danger is often exacerbated by a blind spot at the top. “Not enough senior-level executives appreciate that information security is a business priority [because] they still perceive it as an IT issue,” Mr. Rodrigues says. “At the top of many businesses in the region, there’s an absence of a security culture.”

Many companies are just not willing to invest in the right infrastructure. “In the past—although it’s changing—a lack of investment in general infrastructure has tended to lead to a delay in moving to newer, improved and more secure IT platforms,” he says.

Infrastructure is an issue in Asia as well, says Finn Worm-Petersen, chief executive of Colombo, Sri Lanka-based contract software house Exilesoft. “The Web and telecommunications infrastructure in Asia is less pervasive, and you need to put more resources into business continuity, through backup sites and off-site storage, than you do in North America or Europe,” he says.

The need to keep a focus on physical security can’t be overlooked either. “With a memory stick, there’s a real danger that a project can literally walk out of the door,” warns Mr. Worm-Petersen. “You have to have the right culture and the right security procedures in place. That kind of thinking is much more important than many people recognize.”

Legislation helps to set that cultural tone in Europe, which boasts some of the toughest data-protection laws in the world, says Andy Jones, a London, England-based principal research consultant at the Information Security Forum.

Yet generalizations are dangerous. Eastern European countries, for example, are well-known hotbeds of cyber-crime because of lax local law enforcement monitoring crimes where the victims are overseas.

Even countries that have invested in sophisticated information security aren’t exempt. “The United States hosts the largest number of malware domains—it’s not just a problem of less-developed countries,” says Mary Landesman, a senior security advisor at San Francisco, California, USA-based security company ScanSafe.

The organization’s latest Annual Global Threat Report showed malware had increased 582 percent between 2007 and 2008 as the credit crunch fueled a surge in online crime. But when it comes to IT security, companies are often battling a moving target. “While the number of U.S.-hosted malware sites is declining, the number of Chinese-hosted sites is growing,” says Ms. Landesman.

The lesson? Although security dangers differ from country to country, no place is safe. And with IT security breaches continuing to make the headlines, project managers can’t afford to let down their guard.