Given recent high profile events in both the private and public sector, information security has never been higher on the board agenda. Reputation, trust and brand value can all be seriously affected by information loss and theft.

Recent events have often erroneously been attributed to technology issues, and while technology is one of the key components to better information security, equal attention needs to be paid to people & organisation, culture and processes.

Are you prepared?

In addition to the loss of consumer and citizen trust, loss and reputation and brand erosion, the Information Commissioners Office (ICO) has also recently been granted enhanced powers, with legislation giving the ICO the power to impose substantial fines on offenders to the Data Protection Act. Additionally, in the financial services sector, the Financial Services Authority (FSA) is clamping down and gaining more power to penalise businesses and organisations for both individual and systematic failures.

PwC brings a multi-disciplinary approach to information security, addressing the key components of strategy, people, process, technology and compliance. We recognise that the ‘one-size-fits all’ approach does not work, as it fails to take account of an organisation’s strengths and weaknesses, and what makes sense in both the short and long term.

One thing we are clear about from our experience is how ‘tone at the top’ will have a dramatic impact on the rest of an organisation, and we have considerable experience working with organisations to ensure this tone is effectively translated, articulated and measured at the front-line.

In October 2008, PwC issued ‘Information Security – A guide to better information security’, which provides organisations with a practical approach and roadmap for managing information security better.