News
Losses of personal data point to need for cultural change over
security
24 January 2008
An Open University professor has called for more awareness of
security through training of staff at all levels to stem the continuing
losses of personal data by government and businesses.
Darrel Ince, Professor of Computing at The Open University, said,
“The cases of data loss so far are really the tip of a large iceberg of
systematic security failing which encompasses many organisations, not
just central Government.
“While a very small proportion of information security breaches are
malicious, the vast majority, more than 70% of all cases are caused
inadvertently by staff who have been encouraged to place their trust in
secure technology rather than thinking more carefully about their own
actions.
“A good comparison would be to look back to the introduction of seat
belts in cars. Drivers drove more dangerously then as they felt more
secure with the belts. Today, we recognise this logic as flawed and that
people need to take responsibility for their own actions.
“Most major organisations in the public and private sector have
appointed senior people, often IT specialists, to be responsible for
information security. But experience at The Open University, which runs
specialist courses in information security, suggests that many
organisations could do a lot more to make employees aware of how they
can play a role.
“The priority should be to cascade training on information security
to many more people at every level of an organisation than is currently
done. Information security is often seen as a specialist branch of
management, but every manager should be an information security manager
in relation to the work of their own department and team, and every
employee should understand the importance of their own role in this
process."
|
