New paper lays foundation stone for enhanced security through better understanding, collaboration and awareness of latest issues

 Press Release – London, 16th April 2010 The Information Security Awareness Forum (ISAF), PricewaterhouseCoopers, the National Federation of Fraud Forums, Portsmouth University and the Security Institute have co-authored and published a paper detailing the convergence and security issues that affect companies operating in the modern connected world.

 

The paper seeks to help both IT professionals and business managers to better understand the myriad security issues created by the increasing demands placed on physical and information security resources - and explain the steps required to counter the issues in the most effective manner.

 

ISAF - which was born out of the ISSA-UK Advisory Board and is a cross-industry initiative set up to formally raise awareness of information security - is now in its third year and, according to Dr. David King, Chair of the ISAF the paper will act as a foundation stone for members and other IT security professionals to build the innovative security defences needed in the modern connected business world.

 

"The major security problem that all businesses are now encountering centres on the blended threats that cybercriminality and hacker attacks now pose," he said.

 

"This paper, developed in conjunction with PricewaterhouseCoopers and - and which details the many business benefits that accrue from a `joined-up' security strategy - sets out the framework required for professionals to collaborate and develop the best possible security strategies. It represents summation of the array of knowledge that the Forum and its partners - which is now in its third year - has amassed," he added.

 

According to Dr. King, the paper explains the need for understanding across each function, the requirement to build on the professionalism of the various management resources, and details why there needs to be a sharing of information to counter the security threats that faces anyone in modern business.

 

To assist in this process, he says, the paper proposes the "SIMPLE" acronym to help professionals remember the guiding principles that are required to counter these security threats.

 

Details of the acronym and what it stands for can be found in the paper, which can be downloaded at www.theisaf.org/documents/Security_Risk_Convergence.pdf

 

The paper also explains the structural vulnerabilities created by IT-enabled modern offices and their buildings - such as access control, aircon, CCTV and fire alarms - and looks at the methodologies required to better defend these assets.

 

Tapping the resources of more than 30 national and international security organisations, together with leaders from the fraud and business continuity communities, the PwC-supported paper will, the Forum hopes, assist anyone involved in security and its management to better understand the potential problems the interconnected business environment creates.

 

Increasingly, the Forum observes that what is required is a respect for each other's area of expertise and a recognition that each business discipline cannot solve the problem on its own.

 

The Forum hopes that, by sharing good practice and common reporting strategies, our industry can identify vulnerabilities in its systems before either a rogue member of staff - or a cybercriminal - exploits them.

 

Dr. David King, Chair of the ISAF is chairing a keynote at Infosecurity Europe 2010 on “Preventing Converged Threats From Sneaking Your Data Out The Front Door”, topics covered will include: the benefits of converged security, how have converged threats become so much more dangerous, how to plug the physical and Information Security culture gaps in the business.  For more details on this session, and Infosecurity Europe, visit www.infosec.co.uk. The event takes place at Earls Court, London, from 27th–29th April 2010.

 

ISAF press quotes:

 

"ASIS International has promoted the importance of Enterprise Security Risk Management for many years and has actively supported and contributed to this new paper.  It has campaigned for security convergence to be adopted by businesses across the world and we are delighted to see so many different organisations involved in outlining the benefits it brings".  James Willison, Convergence Lead, ASIS UK

 

"Despite the long-recognised and yearned-for need for greater convergence, the security industry remains fragmented into its various specialisations. As the criminal becomes more organised and determined, then our industry must respond with improved efficiency of, and greater co-operation between, all those involved in defending our corporate assets. I am delighted that the Security Awareness Special Interest Group has been able to contribute to this crucial debate," - Martin Smith, MBE BSc FSyI, chairman and founder of the Security Awareness SIG

 

"Our opponents have no departmental barriers or concerns over responsibilities. We recognise that only by working closely with our security and risk colleagues will the protection of our businesses be equally joined-up," - Prof. Paul Dorey, chairman, The Institute of Information Security Professionals.

 

"Most of the IS disasters these days are result of vulnerabilities present at human or social and technical element. To mitigate these risks, having a converged approach to identify the risks is an essential element" Azeem Aleem Director of The Security Institute  & Principal Lecturer in Internet Security at the University of Portsmouth

 

About the Information Security Awareness Forum

 

A number of professional bodies and organisations involved in information security have come together to form the Information Security Awareness Forum (ISAF) www.theisaf.org to coordinate and build on existing work and initiatives, to improve their overall effectiveness, and ultimately to increase the level of security awareness in the UK that will help protect us all. We are a group whose aim is to deliver rather than to merely talk about awareness.  

 

The forum was launched on the 13th February 2008. The member representatives meet monthly to progress the agenda and actions of the forum.

 

 

Founding members of the forum include The ISSA, the BCS, CMA, the Cybersecurity Knowledge Transfer Network, eema, EURIM, Get Safe Online, ASIS International (UK Chapter) IAAC, the Information Technologists' Company, Infosecurity Europe, the Institute for the Management of Information Systems (IMIS), the Institution of Engineering and Technology, the Digital Security Working Party of the  International Underwriting Association of London (IUA), ISACA, (ISC)², ISF, the Institute of Information Security Professionals (IISP), the Jericho Forum, the National Computing Centre, the National e-Crime Prevention Centre (NeCPC), the Police Central e-Crime Unit, the SANS Institute, the Charities Security Forum and the SASIG.

 

 

The forum is chaired by Dr David King and its secretary is Stephan Freeman.