R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from IT Week
ADVERTISEMENT

Security gurus laud process benefits

Security based on people and process - not technology

Phil Muncaster, IT Week 03 Apr 2008
ADVERTISEMENT

Information risk experts at a leading IT security conference have underlined the importance of people and processes in delivering an effective enterprise security programme.

Speaking at the annual Forrester Security Forum in Europe, Stephen Bonner, Barclay's head of information risk, insisted that a pre-occupation with technology was undermining security efforts.

Bonner explained that focusing solely on technology solutions will not solve the underlying security problems that plague many firms, many of which are a result of "poorly designed processes".

"A lot of vendors are making a lot of noise around data leak prevention products but I remain unconvinced," he argued. "These are technology solutions to particular problems – you can manage this problem by tying down your email, or USB stick use, but people will just print out material or move [to other methods]."

Several other speakers at the conference also argued that a risk management strategy that addressed IT issues would secure corporate networks far more effectively that concentrating on specific incidents or technologies. " Technology should not take up most of your time; it's just a small layer between the processes and people," said Forrester analyst Thomas Raschke.

Bonner explained that Barclays is running a comprehensive awareness-raising campaign in an attempt to change corporate culture and mitigate the risks associated with the "insider threat".

The firm has commissioned a series of short, accessible videos to raise staff awareness about issues such as device loss, he added.

"Lots of control functions are seen as stuffy, an extra layer of cost and inconvenience, so we're trying to challenge their preconceptions," said Bonner. "And because the awareness material is not mandatory, it makes it a bit more viral, drawing attention to the issues."

Bonner argued that in 80 per cent of incidents involving insiders, the perpetrator exhibited unusual behaviour beforehand. "Most of the issues can be resolved not through technology … but by walking towards the problem," he said, "If someone in the team is known as a bit dodgy just have a word – in a lot of cases something was known to be wrong and no-one did anything."

See also:

Security chiefs urged to become business focused
Security efforts clouded by opaque metrics, warn analyst  02 Apr 2008
it wek leader
Security is built on compliance
Data breaches are not the only things on CISOs' minds  31 Mar 2008

All IT Management

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
LeadJava Developer/e-commerce/Consumer Electronics Corp-Amsterdam-€60K
| Abraxas
Join a leading provider of personal navigation products amp; value with navigation solutions currently used in 20 countries. You will join the eCommerce team within IT amp; continuity of eCommerce amp; security. Besides diving into ... more >
IT Applications Pr.Manager-Global Consumer Electronics Corp-Amsterdam-60K+Bonus
| Abraxas
Join a leading provider of personal navigation products amp; value with navigation solutions currently used in 20 countries. You will join the ICT department amp; resource plan aligned with project portfolio. Manage/ escalate issues amp; ... more >
Team Manager-Java Applications/Global Consumer Electronics Corp-Amsterdam-€80K+
| Abraxas
Join a leading provider of personal navigation products amp; value with navigation solutions currently used in 20 countries. You will join the eCommerce team within ICT as a Team Manager amp; reversed logistics domain, acting ... more >
Test Engineer - Global Consumer Electronics Corps-Amsterdam-$$$
| Abraxas
Join a successful global consumer electronics company as senior test engineer. You will pro-actively make contributions to the overall quality of the test documentation base amp; take the initiative in implementing such improvements. You will ... more >
More job opportunities
Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503