[ISN] 'Internet Security Awareness Forum' is launched

From: InfoSec News (alerts@private)
Date: Tue Feb 12 2008 - 23:16:15 PST


http://news.zdnet.co.uk/security/0,1000000189,39292798,00.htm

By Tom Espiner  
ZDNet.co.uk
12 Feb 2008

An organisation has been launched to promote security awareness in the 
wake of the plethora of major security breaches in 2007.

The Internet Security Awareness Forum (ISAF), launched on Tuesday at the 
British Computer Society (BCS) in London, will be an umbrella body for a 
number of organisations, including BCS, IT industry lobbying group 
EURIM, and web-safety campaign Get Safe Online.

The forum was created as a result of various security breaches last 
year, which ISAF said were the result of a lack of security awareness. 
These included the HMRC breach, where 25 million personal details were 
lost, and the TJX breach, where up to 96 million credit-card details 
were compromised.

ISAF aims to promote information security awareness across government, 
corporations and small businesses, as well as among individuals. David 
King, chair of ISAF, told ZDNet.co.uk that security awareness was one of 
the "big things" for all organisations, and that there was common 
security ground between all sizes of public and private organisation.

"There is some common ground," said King. "For example, picking good 
passwords, changing passwords frequently, and being conscious of the 
impact of sharing information on social-networking sites. Companies have 
a responsibility to handle information securely, just as government 
does."

King said that ISAF would seek to change people's behaviour so they 
would think of the possible security ramifications of their actions 
before acting. While organisations needed to have "awareness on the 
agenda", multiple approaches needed to be taken to change behaviour, 
according to King. "To change behaviour we have to come at the problem 
from different angles," he said.

ISAF says it will aim to publish a "Guide for Directors on Information 
Security" by the end of April. This will be aimed at senior figures in 
public- and private-sector organisations.

Senior civil servants in particular need to have information security 
awareness on the agenda, according to Philip Virgo, secretary general of 
IT industry lobbying group EURIM. "There's definitely a confusion among 
civil servants, just as there's a confusion among [private sector] 
managers," said Virgo. "That's down to the amount of conflicting 
security advice being given [by groups promoting commercial interests]."

ISAF membership will mainly consist of industry bodies. While the 
membership of those bodies consists primarily of commercial 
organisations, as well as EURIM, David King said the ISAF would not be a 
lobbying group or promotional tool for any particular vendor or set of 
products.

"We are not a lobbying organisation," said King. "We don't have 
corporate members. Our agenda will be delivered by industry body 
representatives. Those industry bodies have different organisations, 
which all have their own agendas."

ISAF will also collaborate with web-safety campaign Get Safe Online to 
promote security awareness in small businesses and for consumers. The 
campaign has been running since 2005, and encountered controversy when 
its membership costs were revealed and also the fact that sponsors' 
products would be promoted by the site.

Other organisations involved with ISAF include the BCS, the Institution 
of Engineering and Technology, (ISC)2 , the Institute of Information 
Security Professionals, (IISP) and Jericho Forum.

As well as publishing the "Guide for Directors", the ISAF will also 
promote an Information Security Awareness Week from 21 to 25 April, to 
coincide with the Infosecurity Europe conference at Olympia in London.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Tue Feb 12 2008 - 23:29:07 PST