CSC Survey Reveals Inadequate Information Security Practices Among Companies Worldwide

Protecting and Securing Information Systems Does Not Top List of IT Concerns

EL SEGUNDO, Calif., Nov. 19 — Despite the events of Sept.
11 and the ongoing war against terrorism, corporate information systems remain dangerously
vulnerable to cyber attacks, according to the findings of a Computer Sciences Corporation
(NYSE: CSC) survey released today.

Survey results revealed the following weaknesses among the organizations polled:

  • 46% do not have a formal information security policy in place;

  • 59% do not have a formal compliance program supporting their information systems
    (IS) function

  • 68% currently do not regularly conduct security risk analyses or security
    status tracking.

These findings, focused specifically on information
security, are contained in an October addendum to CSC’s 14th Annual Critical Issues of
Information Systems Study, a survey of more than 1,000 information technology (IT)
executives worldwide completed in August 2001.

The annual CSC Critical Issues Survey revealed that IS
managers generally held a lackadaisical view toward protecting and securing information
systems prior to the attacks against the World Trade Center. When asked to select from a
list of issues that are most important to the organization, global technology executives
said eliminating systems vulnerabilities to minimize risks and to safeguard information
resources only ranked fifth.

“While most IS professionals recognize the benefits of
protecting and securing data, the business leadership in the organization still sees
security as a ‘nice to have’ rather than a ‘need to have,'” said Ron Knode, CSC’s
global director, managed security services. “It’s not until something goes wrong that
perceptions change. The fact is, it costs far less to establish the right security
measures at the outset than it does to recover from a breach in security.”

Knode recommends that organizations take the following
measures to enhance their information security policies and procedures:

  • Designate a task force responsible for the information
    security policy program. This task force (or individual) must have the authority,
    resources and accountability necessary to execute the program from start to finish;

  • Define and develop an information security plan;

  • Coordinate with all teams across the IS organization; and

  • Conduct regular audits and follow up on any findings.

With the increased reliance on the Internet, companies have
become dependent on electronic transactions, communications and capabilities. When these
resources are affected by security breaches, it can cripple many businesses — and bring
others down completely, Knode explained. Many industries, such as healthcare and financial
services, have established regulations requiring companies to implement security and storage policies.

Knode added, “There has been significant media
attention focused on the risks of cyber terrorism. While cyber terrorism is a very real
concern, disgruntled employees or hackers also pose a risk to an organization’s data and
intellectual property.”

Other Technology Priorities Identified

According to the CSC survey, the most important issue to
global technology executives was getting maximum value from their existing enterprise systems.

“At first glance, executives seem to be preoccupied
with wringing efficiencies out of the IS organization and enterprise systems,” said
Van B. Honeycutt, CSC’s chairman and chief executive officer. “Yet, if we look at the
underlying messages, executives are focused on enterprise buildouts to extend
collaboration throughout the supply and CRM process. The goal is not the technology, but
rather, synchronizing business processes with information technology at the center.”

The second issue of critical concern to information
technology executives, cited by 63 percent of respondents, is “optimizing
organizational effectiveness” principally by partnering with the organization’s
senior management to create and sustain value.

“Building relationships with the leadership team, as
well as with customers, suppliers and even competitors — in essence, creating a
collaborative relationship chain — is key to enhancing value and producing results,”
Honeycutt pointed out.

In the wake of the demise of many dot com companies and in
light of the increasingly inward-looking priorities of executives in this year’s survey,
e-business seems to have fallen out of the spotlight for this year, according to the CSC
survey. Developing an e-business strategy, which ranked five in last year’s survey, fell to 12 this year.

“Despite highly publicized dot com failures,
e-business is not dead,” Honeycutt said. “Instead, it is viewed as a routine
part of new systems. As organizations seek greater return on investment, business
processes will become an essential source of that return, and integration of process with
technology is essential.”

The respondents to this year’s Critical Issues Survey
included chief information officers, vice presidents and directors of technology
departments representing organizations in various markets, such as financial services,
healthcare, consumer goods and government. In addition, the survey examined key IT
initiatives, such as outsourcing, systems development, e-business and emerging
technologies. Of the 1,000 respondents, 34 percent were from organizations in North
America; 29 percent were from Europe; 13 percent were from Australia; and 24 percent were from Asia.

“CSC’s 14th annual survey provides a solid analysis of
current issues and directions in information systems management worldwide,” said
Denny Wayson, vice president and chief analyst of the Enterprise Solutions practice of
Gartner Dataquest, a leading market research firm. “The principle findings, that IT
management is focusing on optimizing IT service delivery across the enterprise and
focusing on organizational effectiveness, is very consistent with current research from
Gartner Dataquest on customer buying trends and sourcing strategies.”

CSC’s Annual Critical Issues of Information Systems
Management Study, including results by industry segment, is available on CD-ROM and online
at .

Computer Sciences Corporation, one of the world’s leading
consulting and IT services firms, helps clients in industry and government achieve
strategic and operational results through the use of technology. The company’s success is
based on its culture of working collaboratively with clients to develop innovative
technology strategies and solutions that address specific business challenges.

Having guided clients through every major wave of change in
information technology since 1959, CSC combines the newest technologies with its
capabilities in consulting, systems design and integration, IT and business process
outsourcing, applications software, and Web and application hosting to meet the individual
needs of global corporations and organizations. With some 68,000 employees in locations
worldwide, CSC had revenues of $11.1 billion for the 12 months ended September 28, 2001.
It is headquartered in El Segundo, Calif. For more information, visit the company’s Web
site at