This report consolidates information collected from the ESF 1994-95 security status survey. Analysis of 500+ completed questionnaires confirmed that good practice is achievable but that security is undermined by common weaknesses including failure to classify information assets according to their value or importance, a lack of systematic risk analysis, poor reporting of security issues and concerns (especially at higher levels), fragmentation of responsibility, and lack of resources to deal with information security at a local level. Recommendations for dealing with these issues are provided. |
