The Information Security Forum Releases Report on Dangers of Information Leakage

Among topics to be discussed by more than 400 senior-level security professionals at ISF’s 18th Annual World Congress

NEW YORK – Dec. 3, 2007 - The Information Security Forum (ISF) today released a report on the dangers associated with information leakage. The report provides guidelines on how to identify, address and avoid such security breaches. To access the full report, visit https://www.securityforum.org/html/view_pub01.asp. This and other security issues will be discussed at the ISF 18th Annual World Congress, taking place December 9 – 11, 2007, in Cape Town, South Africa.

Information leakage, or ‘a breach in the confidentiality of information’ can take place at any vulnerable point in a company’s security system where data is being processed, transmitted, copied or stored. Human error accounts for most information breaches such as the loss of a laptop or sending a confidential email to the wrong address. Additional vulnerabilities have been introduced through the increase in high capacity storage devices such as USB keys or MP3 players, and the growing popularity of social networking sites such as Facebook and MySpace. For example, employees can inadvertently place classified business information on these sites that may compromise a person’s identity.

“Increasing risks, combined with recent high profile security breaches and the growing list of data protection and confidentiality regulations, from US breach notification laws to the Gramm-Leach-Bliley Act, have elevated the concerns of information leakage to the top of boardroom agendas,” said author, Andy Jones, senior research consultant at the ISF.

“Delivering the right message on information leakage is difficult and all too often perceived as ‘we don’t trust you – therefore we will lock everything up’,” said Jones. “A balance should be established between protecting information and sharing it for business benefit.”

The ISF Report, normally only available to ISF members, has been released publicly to help organizations worldwide identify specific threats and vulnerabilities that present the greatest risk. This briefing is one in a series of reports on information security-related issues compiled through research and interviews with ISF members. In addition, the ISF Standard of Good Practice for Information Security 2007 has recently been published and is also available free to non-members at www.isfstandard.com.

About The Information Security Forum
The ISF is a not-for-profit international association made up of more than 300 leading organizations across 25 countries, including half of the Fortune 100. The ISF funds and collaborates on the development of practical, business driven solutions that address information security and risk management issues. The leading independent authority on information security, the ISF has invested more than $100 million to create a library of over 200 authoritative reports along with information risk methodologies and assessment tools that are available free of charge to ISF members. For more information about the ISF or the 18th Annual World Congress, visit www.securityforum.org.

Contact Information

Michelle Chase

PR Contact

Chase Communications

Contact via E-mail