Looks at the human challenges associated with information security.
Assesses the consequences of failing to meet them and – most importantly – looks at the steps organisations can take to make themselves and their information more secure.
Your business information is likely to be much more valuable than the hardware on which it is stored. The loss of a laptop might set you back £400, but if the files on the laptop included sensitive customer data or the blueprint for a new product, the cost of repairing the damage would run into thousands. The consequences of a data breach range from alienating customers to heavy fines, or even criminal prosecution. While technologies, such as antivirus software and encryption, can offer some protection against cybercrime, security breaches are most often the result of human error and carelessness.
Improving information security within your organisation, therefore, has to encompass people and processes, as well as technology. Motivating your team and making them more aware of security concerns should be at the heart of your information security strategy. At the same time, the processes you have in place to address information security issues need to be straightforward and properly understood if you want your employees to adhere to them.
This pocket guide is based on the approach used by BT to protect its own data security – one that draws on the capabilities of both people and technology. The guide will prove invaluable for IT managers, information security officers and business executives.
Security: The Human Factor looks at the challenges associated with information security, the consequences of failing to meet them and – most importantly – at the steps organisations can take to make themselves and their information more secure.
Paul Kearney is chief security researcher in the Security Futures Practice, BT Innovate & Design. He is based at BT’s Adastral Park technology centre near Ipswich, and has worked in information security research since 2001. Paul Kearney is a Certified Information System Security Professional (CISSP) and a full Member of the Institute Of Information Security Professionals (MInstISP). He holds a PhD in theoretical physics from the University of Liverpool, and is the co-author of the White Paper, “Human Vulnerabilities in Security Systems”, published in 2007 by the Cyber Security Knowledge Transfer Network.