Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Information security giants create risk forum.

InfoSecurity Europe : 13 February, 2008  (Company News)
Information security risk is tackled head on with forum created by leading organisations to fight the growing challenges the industry faces.
This week sees the launch of a partnership between all the most influential groups and industry bodies in the UK associated with information security - it will be called the Information Security Awareness Forum. According to the Forum one of the biggest problems facing organisations and individuals is a lack of information security awareness with people either not knowing about, ignoring or circumventing security processes and technical countermeasures. Lack of awareness has been the main cause of some of the most impactful security incidents in the UK in the last 12 months whether as a result of HMRC sending inadequately protected discs containing millions of peoples sensitive data in the post, the MOD leaving a lap top in a car with hundreds of thousands of confidential data records on it, TJX transmitting millions of credit card transactions over an open wireless network, or individuals simply replying to phishing emails. In light of so many breaches associated with lack of wareness, the Information Security Awareness Forum has been established as a cross industry initiative dedicated to improving information security awareness by pooling the expertise and resources of the following organisations: (ISC)2, British Computer Society (BCS), Communications Management Association (CMA), European Information Society Group (EURIM), GetSafeOnline, The Institution of Engineering and Technology (IET), Infosecurity Europe, Information Assurance Advisory Council (IAAC), Institute for the Management of Information Systems (IMIS), Institute of Information Security Professionals (IISP), IUA Digital Risk Working Party, Jericho Forum, Security Awareness Special Interest Group (SASIG), Worshipful Company of Information Technologists (WCIT), Information Security Forum (ISF), Information Systems Audit and Control Association (ISACA), ASIS International (ASIS) and the Information Systems Security Association (ISSA).

A survey by Infosecurity Europe on behalf of the Information Security Awareness forum of 1,311 companies has found that for 79% of organisations the single greatest security weakness that their organisations faces is lack of awareness, with people not knowing about, ignoring or circumventing security processes and technical countermeasures. The research also found that 15% felt that the greatest threat was from out of date or insufficient Security technology and countermeasures, and 6% said that security processes being incomplete or not well-enough defined was the biggest issue.

'For a number of years, security awareness has been on the agenda for many organisations and more recently the emphasis has been on end-users and consumers. In spite of this, lack of awareness continues to be a major contributor to security breaches. Often there is overlap in messages. There are also gaps. Most of all there has been a distinct lack of coordination across the providers of advice. The Information Security Awareness Forum has been formed to coordinate and build on existing work and initiatives, to improve their overall effectiveness, and ultimately to increase the level of security awareness in the UK that will help protect us all.' Dr David King, Chair of the Information Security Awareness Forum

'Unless the professionals get their act together and help set the agenda we are at risk of ill-informed and possibly even counter-productive political and regulatory initiatives' Philip Virgo - Secretary General, EURIM

"Infosecurity Europe is taking part in Information Security Awareness week in April 2008 and as the largest event in Europe dedicated to improving information security for business, government and other large organisation has an education programme dedicated to improving awareness. At the show as well as over 100 seminars and keynotes we have the launch of the 2008 information security breaches survey on behalf of the department for Business, Enterprise and Regulatory Reform, the Tracking Information Security Governance- (ISC)² Global Information Security Workforce Study 2008, and the Jericho Forum conference. The Forum is co-ordinating the activity of the organisations and groups who are responsible for helping UK government, business and citizens to prevent information security breaches, identity theft, and electronic crime. I am delighted that Infosecurity Europe is taking part in this initiative, by contributing our skills and resources to compliment those of all the other different bodies. This is the start of a very exciting initiative that will deliver a powerful message to improve awareness and I encourage any organisations that have not already done so to join this proactive Forum." Claire Sellick, Event Director, Infosecurity Europe 2008

'Since its inception in 2005, has been working in partnership with the UK Government, law enforcement and the private sector to raise awareness of internet security issues amongst consumers and micro-businesses. We have always believed that a collaborative approach is the only way to effectively tackle the complexity and variety of online safety issues. We applaud the initiative to extend this approach through the Information Security Awareness Forum and look forward to playing an active role.' Tony Neate, managing director,

'The Jericho Forum ( welcomes this initiative to promote security awareness, an essential part of our vision to allow seamless and secure collaboration between businesses, suppliers and customers, allowing us to conduct business across an open, Internet-driven, networked world.'
Andrew Yeomans, member of Jericho Forum board of management.

'Given ISACA's long-held belief in the importance of educating both institutions and individuals on information security, we are delighted to see that the Information Security Awareness Forum has taken that on board as its charge," said ISACA International President Lynn Lawton, CISA, FCA, FIIA, PIIA, FBCS CITP. "Unfortunately, even those who you would think might be more savvy about security breaches are not necessarily so. ISACA recently did a survey of a random sample of business people, and, while most were quite sure they did not engage in any online activities that might be considered "risky", when queried about specific habits, roughly three-quarters admitted performing them. Clearly, there is a gap in education and awareness, and we at ISACA are delighted that the Information Security Awareness Forum has been formed to narrow that gap'.
Lynn Lawton, CISA, FCA, FIIA, PIIA, International President of ISACA

"The principal objective of the Institute of Information Security Professionals is to advance the professionalism of information security practitioners and thereby the professionalism of the industry as a whole. Increasing the awareness of information security within society as a whole is one of our key activities and we are taking an active role in this new initiative to co ordinate and strengthen the message to help reduce on-line risks through guidance and best practice and lead the debate into the security/privacy balance. As a member of the Information Security Awareness Forum the IISP is contributing to an updated Directors Guide to Information Security which will give directors of companies an easy to use guide to help them meet their obligations." Paul Wood MBE, Corporate Board Member IISP.

'As recent events have demonstrated graphically, there is a pressing need for much greater awareness around the critical issue of the holding, retention and communication of data. This is true as much for individuals as for Government Departments and private sector organisations and companies. The Information Security Awareness Forum is working to pull together those already promoting information, education and greater awareness. This is an issue created by, and relevant to, technological developments in the modern era. The possibilities and vulnerabilities will not go away so getting the message across is a vital part of protecting the interests of us all.' Right Hon David Blunkett MP

"There is often appalling ignorance amongst the general public about information security, but at the same time there is an extraordinary amount of mis-information circulating. By working together the different groups represented on the Information Security Awareness Forum will be able to achieve much to combat this and to ensure that we all become effective citizens of the Information Society."
Lord Toby Harris

Chris Potter, the PricewaterhouseCoopers partner leading the UK government survey on information breaches due for launch in April, comments 'The initial results from the 2008 information security breaches survey indicate that companies are very concerned about potential leaks of confidential customer data. Many such breaches are caused by poor security awareness. For example, staff at a large technology provider accidentally copied confidential data from the HR folder into a shared drive, exposing salary and bonus information to everyone in the firm. Some leading organisations are making real progress in educating their staff about the risks and changing actual behaviour - they are turning their people into their strongest defence against data breaches rather than their weakest link. However, most companies are still struggling - given this, it's clear that forums to share good practice in this area are of enormous value.' PwC are managing the 2008 information security breaches survey on behalf of the department for Business, Enterprise and Regulatory Reform; the results will be launched at Infosecurity Europe on 22 April 2008.

'The Information Security Awareness Forum is creating a collaborative approach within the information security removes unnecessary duplication, and maximises the impact our messages have.' Raj Samani, VP Communications ISSA.

"Awareness is an area that information security professionals have sought to improve for some time, but have not always been able to prioritise. Now it is becoming a core responsibility, as individual people, rather than systems, are increasingly the target in information security attacks," says John Colley, Managing Director EMEA, International Information Systems Security Certification Consortium (ISC)2 . "Through the Information Security Awareness Forum we are supporting our members' efforts by improving society's general response to information security risk."

"Of course there can never be a guarantee of perfect security. But the carelessness underlying the high-profile incidents that are occurring more and more often, and the ease with which the security industry could reduce both their numbers and impact, are both deeply worrying. The human aspect of information security needs to be promoted to its rightful place alongside the technical wizardry - the Information Security Awareness Forum will be an enormous help in this regard." Martin Smith MBE, Chairman, The Security Awareness Special Interest Group (

"Breaches in information security affect both private and public sector organisations - from identity theft to the unavailability of key services. Whilst technology plays an important role in ensuring that information is accurate, protected, and there when we want it, many incidents turn out to be related to the human factor. More than ever before, security awareness plays a vital role in ensuring that people understand their responsibilities when handling information, are aware of the limitations of technology, and apply good practice through their actions. The Information Security Forum will be focussing on this topic in 2008, its year of security awareness, and are delighted to support the awareness initiative being carried out by the Information Security Awareness Forum." Bill Caughie, Chief Operating Officer, Information Security Forum

'The Communications Management Association (CMA) has, over its long history, developed a reputation for bringing key business issues to the attention of its members, government, regulators and the industry. The CMA therefore salutes the Security Awareness Forum initiative and will, via its own 'Fraud and Security Forum' seek to enhance interaction with other groups and involvement in initiatives thereby increasing security awareness throughout its membership.'
Peter Wenham CISSP MICAF CLAS, Director, CMA

"ASIS International is an active member of The Alliance for Enterprise Security Risk Management (AESRM) which was formed in February 2005 by ASIS International, ISACA and the Information Systems Security Association (ISSA) to accelerate the adoption of converged approaches for enterprise security risk management. The UK Chapter 208 realises the importance of convergence and so is keen to be involved with other organisations which are 'delivering security awareness messages to large corporations, SMEs, and individuals."
Barrie Millett - Chairman ASIS UK Chapter 208
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo