50 % of ISO 27001 Companies don’t care about Security Rules

Almost half of businesses that claim compliance with ISO 27001 are sharing privileged user accounts and breaking other standard guidance.

Some fiagures:

Some 47% of firms in the UK said they were compliant with the standard. But 41% of these said that they were using various non-compliant practices.

Bad Practices:

  • Included use of
  • Default user names and passwords,
  • The granting of wider access than is necessary,
  • Failure to monitor the users, and
  • An ignorance around the existence of privileged users in the first place.

Who all were surveyed?

270 – European IT managers (including 45 in the UK)
Survey Conducted by – Quocirca

29% of firms in the UK rely on manual control of privileged users, who include system administrators, application service users, and privileged personal users.

Only a quarter have implemented privileged user management software, which aims to help businesses enforce and track policy. Around 20 percent plan to implement the software.

UK firms saw privileged users as a medium threat, rating them on average at 2.5 on a scale of one to five, where one meant no threat and five represented a very serious threat.


  1. http://whitesock.net/index2.php?option=com_content&do_pdf=1&id=24877
  2. http://www.networkworld.com/news/2009/102209-almost-half-iso-27001-compliant.html?hpg1=bn

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: