Security gurus laud process benefits

Security based on people and process - not technology

Written by Phil Muncaster

IT Week, 03 Apr 2008

Information risk experts at a leading IT security conference have underlined the importance of people and processes in delivering an effective enterprise security programme.

Speaking at the annual Forrester Security Forum in Europe, Stephen Bonner, Barclay's head of information risk, insisted that a pre-occupation with technology was undermining security efforts.

Bonner explained that focusing solely on technology solutions will not solve the underlying security problems that plague many firms, many of which are a result of "poorly designed processes".

"A lot of vendors are making a lot of noise around data leak prevention products but I remain unconvinced," he argued. "These are technology solutions to particular problems – you can manage this problem by tying down your email, or USB stick use, but people will just print out material or move [to other methods]."

Several other speakers at the conference also argued that a risk management strategy that addressed IT issues would secure corporate networks far more effectively that concentrating on specific incidents or technologies. " Technology should not take up most of your time; it's just a small layer between the processes and people," said Forrester analyst Thomas Raschke.

Bonner explained that Barclays is running a comprehensive awareness-raising campaign in an attempt to change corporate culture and mitigate the risks associated with the "insider threat".

The firm has commissioned a series of short, accessible videos to raise staff awareness about issues such as device loss, he added.

"Lots of control functions are seen as stuffy, an extra layer of cost and inconvenience, so we're trying to challenge their preconceptions," said Bonner. "And because the awareness material is not mandatory, it makes it a bit more viral, drawing attention to the issues."

Bonner argued that in 80 per cent of incidents involving insiders, the perpetrator exhibited unusual behaviour beforehand. "Most of the issues can be resolved not through technology … but by walking towards the problem," he said, "If someone in the team is known as a bit dodgy just have a word – in a lot of cases something was known to be wrong and no-one did anything."

Enjoyed this article? Help spread the word:

Comments

Reader comments for this story
Post your comment Post your comment   What is this?

Also read

Related articles

White papers

Related jobs

Most read

Most commented

Special Reports

Latest

Spotlight

Profile: Ian Powell, chairman of PwC

Being number one isn't enough for PwC chairman Ian Powell....

Credit crunch special: guiding business through the storm

The downturn is hurting and recession looms. Will accountants be...

Beat the credit crunch with Young Professional

Latest issue features a guide to advancement during economic uncertainty,...

Find your next job

Find your next job
Solve your clients debt problem with a ClearDebt IVA
Salary Checker

Newsletters

Sign up here for the very latest news delivered to your inbox. Choose from the following options:

Search white papers

Search white papers

Have your say

THE BIG QUESTION: THE LONDON OLYMPICS
Will the 2012 London Olympics provide a boost to business?
Yes, such a high profile event can't fail but to help the economy
No, any gains won't match the amont of money spent on the event

Job of the week

More finance jobs...

Your next job