1 / 16

Information Security and Common Sense

Information Security and Common Sense. Richard Henson University of Worcester October 2008. Why has Data Security become such a problem?. “End User” Computing Advances in Technology Confusion about the Data Protection Act Lack of policy or inconsistent implementation of policy

lorand
Download Presentation

Information Security and Common Sense

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security and Common Sense Richard Henson University of Worcester October2008

  2. Why has Data Security become such a problem? • “End User” Computing • Advances in Technology • Confusion about the Data Protection Act • Lack of policy or inconsistent implementation of policy • Data handling training issues

  3. The Rise of End User Computing • In the 1980s, organisational data was kept either in: • centralised computers • secure filing cabinets • The PC offered the possibility of organisational data in the hands of “non professionals”… • network administrators predicted there would be big problems… • few people listened… THEY SHOULD HAVE!

  4. Where are we now with Information Technology? • Days of “mainframe” or “centralised” computing… comparable to mass transport systems (e.g. stage coach, railways, bus) • “professional” drivers • people driven about

  5. Another e.g. of Technological Change bringing about Cultural Change… • Coming of the motor car…

  6. The Coming of the Personal Computer… • In technology/society terms, the equivalent of the motor car…

  7. Result of “the motor car” cultural change… • Transport became personalised • those handling motor vehicles were often a menace to other road users • many accidents, injuries, lives lost • Only controlled through the use of legislation (e.g. Highway Code) • and then more legislation (e.g. Driving Test)… • and yet more legislation!!! (e.g. National Speed Limit)

  8. Are roads safe today? • UK Road deaths been falling consistently for many years • So a cultural problem CAN be brought under control… • What about the perils of end user computing…

  9. Digital Data and the Law • What do we have for keeping computer users in order? • the Data Protection Act • Problem… dates back to 1984 • BEFORE end user computing • Update in 1998 • did not address the problems associated with putting the end user in control • e.g. digital data can be easily carried around

  10. The New Law • Finally (2008) legislation is being updated to acknowledge the problem • New offence of “Data Recklessness” • Information Commissioner’s Office (ICO) has increased powers.. • further changes expected during the 2008-9 Parliamentary Session Information Commissioner Richard Thomas

  11. Why such a long wait? • Again… back to the motor car • Highways Act? • became law in 1835 • only substantially updated in… 1959 • Why then? had become • a matter of public concern • Equally, Data Protection is now A MATTER OF PUBLIC CONCERN • latest surveys; people now as concerned about their privacy as they are about terrorism!

  12. What are the consequences for Organisations? • They need to get serious about data protection, or risk the wrath of the Information Commissioners Office • first to suffer was… • Richard Branston, Virgin Media (3383 customer records went missing) • Would you want to be next???

  13. What to do? • Apply common sense! • establish, or update the organisation’s Information Security Policy • key role: Data Controller - make sure all employees are aware of the law… • make sure systems are in place to make sure that policy works at operational (end user) level • make sure the systems are auditable, and regularly audited

  14. Don’t Know where to start? • There is now an International Standard: • ISO 27001 • based on British Standard BS7799 • UK leading the world in design… • but not implementation! • any organisation achieving this quality standard gains in two crucial ways: • unlikely to lose data through “recklessness” • can use the ISO 27001 “kitemark” to show potential customers that their personal data is being properly looked after

  15. Is getting ISO 27001cost-effective? • BIG question • even before… • “credit crunch” arrived • data recklessness became law • Cost overhead of ISO 27001 quantifiable • intensive, highly focussed courses • paperwork deliberately customisable to meet the needs of large and small organisations • If data is lost, what of the cost overhead of: • bad press? • disgruntled customers? • hefty fines?

  16. Is good Information Security Common Sense? • YES… • just as driving safely is common sense • BUT… • What would the roads be like today if: • 1835 Highways Act was still in force unchanged? • no-one had to pass a driving test? • QUESTIONS???

More Related