| | |
| Summary |
| Please note: The McKinsey Quarterly has agreed to a special arrangement for CEOExpress members that allows member access to their articles. Articles must be clicked on directly through the links below to gain access to this group of articles.
|
Managing information security
Most companies take steps to safeguard sensitive information, but the number and cost of information system breaches is increasing: in 1991, US companies reported 53,000 system break-ins—a 130 percent increase over the previous year—which cost more than $10 billion. A study of best security practices suggests that narrow technical fixes are not enough. Companies must also look at organizational, operational, and strategic factors; know the value of their information; and take an integrated approach to information security.
The take-away: No company can fully protect itself against every possible risk. Rather than build a technological fortress that treats all information equally, companies must assess their portfolio of information assets from a business standpoint and manage the threats to each asset in a way that reflects its importance. That approach is expected to lead half of the Global 2000 to hire a chief security officer (CSO) by 2004.
Articles provided by The McKinsey Quarterly
© 1992-2003 McKinsey & Company, Inc
|
|
|
