Never the less, times have changed and the recent past has seen a lot of regulations and legislation which impacts information security. Some of these legislations are the European Data Protection Directive, Sarbanes-Oxley Act, and the Capital Adequacy Directive, just to mention but a few. In the event of these new compliance rules organization are being forced to resort a range of codes and standards to control their information systems.
Information security is an organization problem, and not a technologically one. With increasing spotlight on information security in legislation and the media all over the world, companies are being faced with a complex need to conform to privacy and security regulations and standards. This is making information security issues to be discussed in the boardrooms and many executives and directors becoming aware of their responsibility in ensuring information security in an organization. Information security is driven by.
The knowledge of issues and challenges being faced in information security currently has increased. Through, the government, the media, crimes, cyber attacks and proliferation of products that are vulnerable, information security has continued to receive more attention (Purtell, 2007)
Through successful attacks for example code red and Nimrod, companies are realizing that security technology product is not the overall solution to information security. Information security is an organization problem and technology is only but a small element in the organization. (Purtell, 2007)
Companies are facing complex needs and requirements to conform to numerous regulation/standards. Even those vertical organizations such as financial services organizations, complication to adhere to security measures brought about by different regulations, for example the US Gramm-Leach Biley Act, 1999 (GLBA),