Published: 15 February 2008
Launch of Information Security Awareness Forum
This week sees the launch of a partnership between all the most influential groups and industry bodies in the UK associated with information security - it will be called the Information Security Awareness Forum.
According to the Forum one of the biggest problems facing organisations and individuals is a lack of information security awareness, which has been the main cause of some of the most ‘impactful’ security incidents in the UK in the last 12 months.
Whether as a result of HMRC sending inadequately protected discs containing millions of peoples sensitive data in the post, the MOD leaving a lap top in a car with hundreds of thousands of confidential data records on it, TJX transmitting millions of credit card transactions over an open wireless network, or individuals simply replying to phishing emails.
In light of so many breaches associated with lack of awareness, the Information Security Awareness Forum has been established as a cross industry initiative dedicated to improving information security awareness by pooling the expertise & resources of the following organisations:
· (ISC)2
· British Computer Society (BCS)
· Communications Management Association (CMA)
· European Information Society Group (EURIM)
· GetSafeOnline
· The Institution of Engineering and Technology (IET)
· Infosecurity Europe
· Information Assurance Advisory Council (IAAC)
· Institute for the Management of Information Systems (IMIS)
· Institute of Information Security Professionals (IISP)
· IUA Digital Risk Working Party
· Jericho Forum
· Security Awareness Special Interest Group (SASIG)
· Worshipful Company of Information Technologists (WCIT)
· Information Security Forum (ISF)
· Information Systems Audit and Control Association (ISACA)
· ASIS International (ASIS)
· Information Systems Security Association (ISSA)
A survey by Infosecurity Europe on behalf of the Information Security Awareness forum of 1,311 companies has found that for 79% of organisations the single greatest security weakness that their organisations faces is lack of awareness, with people not knowing about, ignoring or circumventing security processes and technical countermeasures.
The research also found that 15% felt that the greatest threat was from out of date or insufficient security technology and countermeasures, and 6% said that security processes being incomplete or not well-enough defined was the biggest issue.
Dr David King, Chair of the Information Security Awareness Forum, said:
"For a number of years, security awareness has been on the agenda for many organisations and more recently the emphasis has been on end-users and consumers.
In spite of this, lack of awareness continues to be a major contributor to security breaches. Often there is overlap in messages. There are also gaps.
Most of all there has been a distinct lack of coordination across the providers of advice.
The Information Security Awareness Forum has been formed to coordinate and build on existing work and initiatives, to improve their overall effectiveness, and ultimately to increase the level of security awareness in the UK that will help protect us all."
Philip Virgo - Secretary General, EURIM, said:
"Unless the professionals get their act together and help set the agenda we are at risk of ill-informed and possibly even counter-productive political and regulatory initiatives"
Claire Sellick, Event Director, Infosecurity Europe 2008, said:
“Infosecurity Europe is taking part in Information Security Awareness week in April 2008 and as the largest event in Europe dedicated to improving information security for business, government and other large organisation has an education programme dedicated to improving awareness.
At the show as well as over 100 seminars and keynotes we have the launch of the 2008 information security breaches survey on behalf of the department for Business, Enterprise and Regulatory Reform, the Tracking Information Security Governance- (ISC)² Global Information Security Workforce Study 2008, and the Jericho Forum conference (22 April 2008)
The Forum is co-ordinating the activity of the organisations and groups who are responsible for helping UK government, business and citizens to prevent information security breaches, identity theft, and electronic crime”.
Andrew Yeomans, member of Jericho Forum board of management, said:
"The Jericho Forum welcomes this initiative to promote security awareness, an essential part of our vision to allow seamless and secure collaboration between businesses, suppliers and customers, allowing us to conduct business across an open, Internet-driven, networked world."
Chris Potter, the PricewaterhouseCoopers partner leading the UK government survey on information breaches due for launch in April, commented:
"The initial results from the 2008 information security breaches survey indicate that companies are very concerned about potential leaks of confidential customer data. Many such breaches are caused by poor security awareness.
For example, staff at a large technology provider accidentally copied confidential data from the HR folder into a shared drive, exposing salary and bonus information to everyone in the firm.
Some leading organisations are making real progress in educating their staff about the risks and changing actual behaviour - they are turning their people into their strongest defence against data breaches rather than their weakest link.
However, most companies are still struggling - given this, it's clear that forums to share good practice in this area are of enormous value."
Infosecurity Europe 2008 (22 – 24 April 2008) in the Grand Hall, Olympia is a FREE ‘must attend event’ for all professionals involved in Information Security.
To find a business you can trust, click on the related categories below: