Financial Institutions ignore threat to Information Security
28 June 2003
Europe's financial centre unprepared for potential cybercrime attacks.
BSI reports The City of London, Europe's main financial services centre, is a major focus for concern regarding the threat to information security.
Among the companies that have followed DTI and MI5 advice to meet the (ISMS) Information Security Management Standard, BS7799, only six percent are financial services organisations, which means that the vast majority of those in the City are exposed to potential attack. Despite warnings from the Government that they may fine businesses that fail to put ISMS systems in place.
Banks also face regulatory pressure. Under section three of the Basel II regulation, financial institutions that can provide no evidence that they are managing risk effectively, must put aside 15% of revenue/value in order to mitigate risk. However, by putting in place an Information Security Management System, such as BS7799, proving that the institution has control over its information, the 15% could potentially be reduced to eight percent and save companies millions of pounds.
Commenting on the real nature of the risk to information security for financial institutions, Chris Ferrant, BSI Management Systems says:
"BS7799 will address most issues faced by financial institutions with regard to information security.
"A staggering amount of cybercrime incidents go unreported in the financial sector as banks will rarely admit to a security breach in order to protect their reputation. It is also about maintaining consumer confidence in banks, as these institutions are there to take care of our money and protect our personal information."
Developed by BSI, BS7799 is the internationally recognised standard for information security management. Both the DTI and MI5 promote the use of BS7799 and were involved in its development from the start.
"The Government, by its engagement in the Standard from the outset, has laid the ground. It is now for financial institutions to take action and put in place infosec systems," says Chris Ferrant.- Ends -
Tel: +44 (0) 20 7861 3188
Fax: +44 (0) 20 7861 3200
Notes to editors:
BS 7799 is a standard setting out the requirements for an Information Security Management System. It helps identify, manage and minimise the range of threats to which information is regularly subjected and identifies 10 controls:
- Security policy - This provides management direction and support for infosec
- Organisation of assets and resources - To help you manage information security within the organisation
- Asset classification and control - To help you identify your assets and appropriately protect them
- Personnel security - To reduce the risks of human error, theft, fraud or misuse of facilities
- Physical and environmental security - To prevent unauthorised access, damage and interference to business premises and information
- Communications and operations management - To ensure the correct and secure operation of information processing facilities
- Access control - To control access to information
- Systems development and maintenance - To ensure that security is built into information systems
- Business continuity management - To counteract interruptions to business activities and to protect critical business processes from the effects of major failures or disasters
- Compliance - To avoid breaches of any criminal and civil law, statutory, regulatory or contractual obligations, and any security requirement
- BSI Book - Attack Threats to Information SecurityBSI is about to publish a book by Peter
- Murray which addresses the top 25 attack threats to business information which companies face; and is also running courses covering industrial and economic espionage; terrorist threat; and risk management.
For more information please contact Jonathan Silver at BSI on 020 8996 9000.
BSI GROUP INFORMATION
BSI Group believes in the universal adoption of best management practices, reduction of risk throughout the trading process and the harmonisation and acceptance of international standards by consent as a means of achieving economic prosperity and releasing the potential in all businesses to deliver excellence.
Founded in 1901 in the UK the BSI Group is now a global company made up of five complementary business units:
- British Standards, the UK's national standards body, is based in London, UK. It creates and updates national and international standards, reflecting the needs of stakeholders, including
- UK businesses and consumers.
- Business Information, a provider of information on standards and associated material.
- Management Systems, a provider of certification to management systems is based at BSI's headquarters in the UK. Following the 2002 purchase of the North American systems assessment business of KPMG, BSI Inc, based in Reston, Virginia, is the largest company providing management systems certification in North America. Management Systems also has regional headquarters in Hong Kong to service the network of offices in the Asian-Pacific region.
- Product Services, based in Hemel Hempstead, UK, provides product-testing and awards
- Kitemark registration and CE marking. The Kitemark is a BSI registered trademark.
Inspectorate, the leading independent inspection and analysis company, joined the BSI Group in 1998. Inspectorate has its main offices in Witham, UK; Houston, Texas and Singapore.
BSI Group is an international provider of services to businesses and other organisations. All our business units are working to the same vision of supporting business improvement and trade world-wide. Through provision of standards, technical information, systems assessment, product testing and commodity inspection services, BSI supplies vital third-party services that enable its customers to trade effectively and to improve their operations and products.
In 2002 the Group's turnover was £232.8 million (US$370 million).
Sir David John KCMG, group chairman BSI Group, was appointed in July 2002.
For further information about BSI, please visit our website: