Almost half of businesses that claim compliance with ISO 27001 are sharing privileged user accounts and breaking other standard guidance.
Some fiagures:
Some 47% of firms in the UK said they were compliant with the standard. But 41% of these said that they were using various non-compliant practices.
Bad Practices:
- Included use of
- Default user names and passwords,
- The granting of wider access than is necessary,
- Failure to monitor the users, and
- An ignorance around the existence of privileged users in the first place.
Who all were surveyed?
270 – European IT managers (including 45 in the UK)
Survey Conducted by – Quocirca
29% of firms in the UK rely on manual control of privileged users, who include system administrators, application service users, and privileged personal users.
Only a quarter have implemented privileged user management software, which aims to help businesses enforce and track policy. Around 20 percent plan to implement the software.
UK firms saw privileged users as a medium threat, rating them on average at 2.5 on a scale of one to five, where one meant no threat and five represented a very serious threat.
Source:
- http://whitesock.net/index2.php?option=com_content&do_pdf=1&id=24877
- http://www.networkworld.com/news/2009/102209-almost-half-iso-27001-compliant.html?hpg1=bn
