Released on: January 12, 2008, 8:56 pm

Press Release Author: Informatica Security

Industry: Management

Press Release Summary: Security experts estimate that up to 75% of information
security incidents and privacy compliance issues are the direct result of
wrong-sourcing: outsourcing core competencies and in-sourcing activities that are
expensive, complex and difficult to manage.

Press Release Body: Toronto, January, 10, 2008 /PR/ Toronto-based Informatica
Security Research estimates that the vast majority of issues involving the security
and privacy of data, identity theft breaches, compliance failures and other
information risk issues are due to poor strategic planning and IT governance.

Informatica's president, Claudiu Popa is a recognized information risk consultant
who sees the issue as a management problem: "we have seen a general trend in North
America where we often talk to companies that opt to force their internal IT
departments to also manage security. Many organizations fail to realize that
security management is not a core competency that neatly fits within IT governance
activities. In fact, as companies scramble to achieve compliance with numerous
standards and legislation, they often mismanage their operations and impact
productivity. It makes no sense to in-source activities that are complex, expensive
and often mismanaged instead of hiring qualified experts to get the job done. The
flip side of what I call 'wrong-sourcing' is that organizations too often choose to
outsource their core capabilities. This is backwards and executives should revisit
their business objectives".

A recent study indicates that in European organizations at least 50% of an
executive's time is spent looking for growth opportunities that can be readily
exploited. In contrast, Informatica Research estimates that up to two-thirds of a
North American executive's time is spent trying to cut costs and stretch existing
resources to do more with less. The growing trend towards socially engineered
security attacks takes advantage of the fact that organizations have dedicated few
resources to best-of breed top-down solutions in favour of off-the-shelf band-aid
products marketed for a naïve audience. "By wrong-sourcing security expertise,
managers and executives place their operational effectiveness and customer data at
risk." said Popa. "Standards bodies and industry auditors make no exceptions for
organizations that claim ignorance of adequate security management, use improper
internal auditing practices or simply do not enforce policies. We see such
governance issues costing companies dearly, not only in financial terms, but also in
brand erosion, loss of credibility, productivity and organizational effectiveness.
Good information risk management is simply good business and should not be viewed
through a narrow lens as purely a cost centre"

Companies seeking to implement proper IT governance and standards-based security
management best practices should contact Informatica Security Corporation
(www.SecurityandPrivacy.ca).

For media enquiries and security solutions contact:

Claudiu Popa, CISSP, PMP, CISA
President & CSO, Informatica Corporation
416-431-9012 Info@InformaticaSecurity.com

CO: Informatica Corporation Information Security/Risk Management
ST: Ontario
IN: HTS
SU:

Web Site: http://www.SecurityandPrivacy.ca

Contact Details: Claudiu Popa, CISSP, PMP, CISA
President & CSO, Informatica Corporation
416-431-9012 Info@InformaticaSecurity.com