Feeds

Corporate governance goals impossible - RSA

IT managers tied up in red tape

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Companies are struggling to cope with tighter corporate governance regimes, which might even work against the goal of achieving improved IT security they are partly designed to promote. The need to comply with requirements such as data protection, Sarbanes-Oxley, Basel II and other corporate governance reforms is tying up IT managers in red tape, according to a banking security expert. "Recent legislation is having a negative impact on risk management," said Michael Colao, director of Information Management at Dresdner Kleinwort Wasserstein.

In some cases, the law has made IT managers legally responsible for adherence to corporate governance rules. Colao says that this may not necessarily be a good thing. "CIOs are now relying on convoluted processes rather than using sound business judgement based on years of experience. A process is easier to defend in court than personal judgement. This means that in many cases unnecessarily cautious decisions are being taken because the CIO is focusing on their own personal liability, rather than what is best for the business," he said.

Different implementations of the European Data Protection Directive in different countries are creating a headache for multinational firms, according to Colao. "This legislation was brought in as part of the EU common market and was supposed to provide clarity and harmony across Europe. Because each country implements legislation in very different ways, the result is a very fragmented and disjointed approach which causes all sorts of problems, particularly for global organisations," he said.

Colao made his comments at the Axis Action Forum, a meeting of IT directors sponsored by RSA Security, in Barcelona this week. RSA Security said differences in European legislation highlighted by Colao were a real problem for its clients.

Tim Pickard, strategic marketing director at RSA Security EMEA, said: “The nature of implementation of EU directives in member states means that it is almost impossible for today’s global CIO to be fully compliant and is therefore likely to be breaking the law in at least one member state.”

Business managers becoming fed up with FUD

In a separate study, more than a third of the 30 delegates to the Axis Action Forum admitted that their Board had never asked for an update on security or implications of security breaches. The finding suggests widespread boardroom indifference to security issues despite the high profile security has been given in the media and by numerous industry initiatives.

Firms only take security seriously in the aftermath of attacks, according to one delegate. Part of the reason could be that business managers are becoming inured to alarmist security pitches. Simon Linsley, head of consultancy and development, Philips said: "For years we have had to go to the Board with messages that create the Fear of God. We can no longer rely on these doom and gloom messages - we have to go to the Board with solutions that add value to the business."

The Axis Action Forum attended by more than 30 CIOs, IT directors and heads of security from a range of medium to large businesses. ®

Related stories

UK corporate governance bill to cost millions
Hackers cost UK.biz billions
IT voices drowned in corporate governance rush
Big.biz struggles against security threats

Providing a secure and efficient Helpdesk

More from The Register

next story
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.