[ISN] Human error biggest threat to computer security

From: InfoSec News (alerts@private)
Date: Tue Jun 19 2007 - 22:10:41 PDT


http://www.itpro.co.uk/news/115920/human-error-biggest-threat-to-computer-security.html

By Rene Millman 
19th June 2007

New DTI report finds that most people never change their password. A 
third write them down on paper.

The biggest risk to an organisation's network security is human error, 
according to a new report.

The research by the Department of Trade and Industry found that over a 
third of respondents either wrote down their password on a piece of 
paper or recorded it somewhere on their computer.

The study also found that nearly two-thirds of the 1800 UK adults 
questioned said they never changed their passwords.

Minister for Science and Innovation Malcolm Wicks said that the survey 
found that a large number of people were "careless with passwords, 
unwittingly exposing themselves and their company to fraud and theft."

He added that the UK lost 440 million to credit card fraud last year and 
that 62 per cent of companies experienced a network security incident. 
Wicks said that this was a problem that needed to be fixed.

"Network security is also a major growth area where the UK has a good 
opportunity to become a global leader if we develop new technology to 
give us a competitive edge," said Wicks.

The department has embarked on four projects aimed at increasing network 
security by cutting down the risk of human error. Each of the projects 
will use behavioural science to tackle human error. The DTI has given 
the projects 4 million in total.

Among the successful projects are a project, run by BAE Systems and 
Loughborough University aimed at developing new ways of assessing an 
organisation's security risk and the human factors involved.

Also, another project run by HP, Merrill Lynch, the University of Bath, 
the University of Newcastle and University College London will develop a 
predictive framework to assess the effectiveness security policies that 
regulate interactions between people and information systems.

The other two projects will look at digital communication analysis to 
look for potential security threats and tools to identify human 
vulnerabilities in network security.

The projects are part of the DTI's Network Security Innovation Platform, 
which was set up to develop new ideas to improve network security. The 
DTI said that it estimated that development of this research could 
represent an extra 125 million market for businesses in the UK.


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Tue Jun 19 2007 - 22:19:15 PDT