The BCS has launched a security area on its website to
provide advice on protecting corporate data.
With increasingly sophisticated targeted attacks being launched
against IT systems, and with the greatest threat often coming from
within an organisation through social engineering attacks on
staff, securing company information is more complex than ever.
How to manage the internal risk is currently a huge debate
within the industry. Staff need access to critical data to do their
jobs, but IT wants to minimise that access because the more data is
exposed, the more vulnerable it becomes.
"Employees are an organisation's biggest asset, but also the
biggest risk," said Greg Day, security analyst at anti-virus firm
McAfee. "Viruses and spam are probably recognised as the most
common assault on a company's IT infrastructure, but there are many
other elements to consider.
"While external factors pose a significant threat, most breaches
are carried out internally. Role-based access is becoming
increasingly popular as a preventative measure."
Training to protect staff from social engineering techniques is
also increasing, Day added.
To highlight the time and effort required to keep company
information secure, this year's BCS IT Professional Awards have
introduced the Award for Investment in Information Security,
sponsored by McAfee.
The award seeks to recognise the most successful investment
based on measurable benefits to the business in terms of brand
value and trustworthiness, fraud reduction, or improved service
quality.
The 2006 finalists are Alliance & Leicester, Anite Public
Sector, Betfair and Liverpool Direct. The winner will be announced
on 7 December.
BCS security site
IT Professional Awards