Helping security bosses stay one step ahead
Posted on 11. May, 2010 by admin in Criminology
Business directors and managers have been given new methods by security experts to beat off attacks by fraudsters, hackers, thieves and other criminals.
A new report on converged security threats is designed to act as a foundation stone to help businesses ensure their real and virtual assets are protected.
One of the key recommendations is businesses should appoint a single chief of security who can take responsibility for both physical and online assets, as well as the increasingly complex area of compliance security.
The report was co-authored by the University of Portsmouth’s Institute of Criminal Justice Studies, Price Waterhouse Coopers, the National Federation of Fraud Forums, the Information Security Awareness Forum and the Institute of Information Security Professionals.
Azeem Aleem is Director of the Security Institute and Principal lecturer in internet security at the University of Portsmouth.
He said: “Most of the IS disasters exposed these days are result of vulnerabilities present at human level on the social and technical levels. To mitigate these threats, having a converged security approach to identify the risks is an essential element.
“To counter these threats we must keep ahead of those who attack us because the concept of security has now expanded way beyond the traditional remit into areas like brand and IP protection, corporate espionage, social-engineering, and cyber mules linked closely with organised crime.
“The report raises the concerns that while many security departments are so busy fighting day-to-day crises that they tend to miss less obvious threats, especially the overlap of security risk between real and virtual worlds.”
The report seeks to help IT professionals and management better understand the myriad security issues created by the increasing demands placed on physical and information security resources – and explain how to counter threats effectively, he said.
The report argues that those in charge of risk need to challenge the way they think and work in four key areas:
- Ensure wider understanding about all other areas of the company;
- Build in clear and repeatable processes, rather than ad hoc solutions to individual challenges;
- Share information, integrate processes and streamline reporting across the company;
- And have the humility to accept when other risk priorities come above one’s own function for funding or management attention.
The report also includes a survey of business owners on the impact the economic downturn has had on their company’s security. About 7,200 respondents, more than half, say risk has increased, regulations have become more complex and burdensome, and cost cutting has made it harder to achieve a good level of security.
Dr David King, chair of the ISAF, said the report will act as a foundation stone for IT and other professionals to build the innovative security defences needed in a ‘modern connected’ business world.
He said: “The major security problem that all IT managers are now encountering centres on the blended threats that cyber-criminality and hacker attacks now pose most businesses.”
The report also details structural vulnerabilities created by IT-enabled modern offices and their buildings such as access control, air-conditioning, CCTV and fire alarms, and looks at ways to better defend them.
Professor Paul Dorey, chairman of the Institute of Information Security Professionals, said: “Our opponents have no departmental barriers or concerns over responsibilities. Only by working closely with our security and risk colleagues will the protection of our businesses be equally joined-up.”
