IT security, vunerabilities, bugs, fixes, flaws, RSA conference and Infosec.
 A blog from V3.co.uk
May 2010
Sun Mon Tue Wed Thu Fri Sat
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          
Other blogs
Download Junkie
Your daily dose of download discussion

IT Sneak
V3.co.uk's under cover reporter offers odds and ends from the odd end of the technology

Mac Inspector
Drills to the core of the latest Mac rumours and news

The Frontline
Insight into the latest tech news from V3.co.uk's team of reporters

Silicon Valley Sleuth
An insiders view from the valley.

V3.co.uk Labs
The latest UK business technology: quick reviews and first impressions

« September 2008 | Main | November 2008 »

Banging the same old security drum

Some of the advice on offer at security events is interesting, thought-provoking, pertinent and pretty useful for those working in the IT industry; and lots of it is grandmother-sucking-eggs type stuff. And yet it still apparently needs to be said.

At the ISSE security show in Madrid this year, which has always claimed to have one of the more discerning audiences on the security conference circuit - ie the great and good from the information security community - one or two presentations fell into the later category.

Case in point. A presentation on SME security by a researcher from Cardiff University told us that SMEs aren't very good at security. Well, to be fair there was a little more to it than that.

Specific points raised from the research were that very few small firms have requirements in place for security; few test their backup data, even if they actually back up; and most tellingly, only around a quarter said they actually know what information assets they have.

A bit worrying, especially when you consider that SMEs employ about two-thirds of the workforce and contribute in total more to the economy than large organisations.

And then the more useful stuff for security chiefs. Many in the security industry get a lot of value from sharing best practice, looking at the things their peers are doing that have proven to work.

And so Roland Muller, corporate information security officer from Daimler Financial Services, explained the value of security assessments in a multinational organisation. To put it simply: they're very valuable. But the key points Muller made for anyone wanting to do similar were:

1) Get management buy-in for any security assessment scheme.

2) Link the scheme to international standards, rather than a local approach.

3) Maintain regular contact with management and local security guys: "The people who are always the victims".

4) User education is vital: "Policies are written by security guys for security guys. You need a simple way to bring the message to people," Muller said.

October 8, 2008 | | Comments (1)


Site credentials: About | Privacy policy | Terms & conditions | Top of the page
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093