The IT industry has yet to get security right, according
to theEuropean
Network and Information Security Agency (ENISA)Europe's security advisory group.
"We have not got it right. Perhaps we are setting the bar too
low," Steve Purser, head of the technical competency department at
ENISA told the
ISSE 2009
security conference in The Hague.
The IT sector needed to make a more proactive contribution to
the security process, he said. This is why ENISA had made building
a better information security community a strategic goal.
"We need to encourage electronic common sense so people protect
information online in the same way as they do in the real world,"
said Steve Purser.
Most businesses and individuals were still adapting to living in
an online world, Purser said. Security models needed to be reviewed
to cope with those changes.
Pee-to-peer networking was mainly associated with online gaming,
but now being used in the enterprise and security models needed to
reflect that change, he said.
With all new opportunities come risk, so if business and
government were to benefit, they needed to reduce that risk by
developing appropriate and effective frameworks to assure
end-users, he said.
The challenge was to achieve a greater level of security that
was also economically effective, by carefully balancing opportunity
and risk, said Purser.
Governments needed to ensure that businesses do not lose out
through complying with new regulations aimed at improving IT
security, he added.