Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Security procedures to take the human factor into account.

ISC Squared : 14 December, 2007  (Technical Article)
Government acknowledges the importance of the human factor in data security in review of security procedure requirements for 2008.
Security awareness programmes, fuelled by attacks targeting individuals and the desire to curb employee error, are set to dominate information security agendas in the coming months as companies and government acknowledge the human side of securing information according to the non-profit information security professional body (ISC)2.

"Good information security is about people, those that manage it and those that use the systems, while individual people, not systems, are increasingly the target in information security attacks," says John Colley. "High profile security breaches, such as the recent loss of personal data by HMRC, along with the growing concern over identity theft that dominated headlines in 2007, is driving this message home to a broad audience—organisations and individual citizens alike.

"As a result, information security professionals are managing a growing appetite for better security awareness, driven by executives, and demanded by the customers and employees that are being targeted," Colley continues.

(ISC)2 research and members have highlighted that improving employee awareness has become a top priority, feeding a collective desire to ensure all people have the knowledge needed to live up to their responsibilities and protect themselves. Colley points out that awareness is an area that information security professionals have sought to improve for some time but have not always been able to prioritise.

"With companies and governments now having invested in the basics of security infrastructure, attention is now rightly turning to assuring awareness across the organisation," he says. "We have to go beyond teaching policy basics. We have to ensure people clearly understand how to avoid errors in handling information, who is behind social engineering attacks and why they exist. We will also have to be prepared to answer savvy questions if we are going to motivate people to uphold policy.

"We are likely to see the HR department become much more involved in this area and even see it embraced as a core element of employee responsibility," he suggests.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo