Feature

IT security pioneer piped into ISSA's Hall of Fame

The Information Systems Security Association (ISSA) has awarded its accolade of the year to IT security specialist Fred Piper by admitting him to its Hall of Fame.

Piper, long-time professor of mathematics at Royal Holloway College, set up the UK's first MSc degree in information security in 1979. Since then he has been at the hub of IT security in the UK.

Presented with his award at ISSA's annual conference, Piper warned of the inherent insecurity of ATM systems. He said the current use of password/Pin with a card was in practice not two-factor authentication but one factor.

"The card is not a token, it is a number, an extended password," he said, and urged the use of mobile phones as the second factor in authentication.

Also at the meeting, security expert Marion Cook of Symantec warned organisations to be careful not to contaminate evidence of security breaches, as that would make it inadmissible in court.

She said the IT department must have one person in charge of any investigation, keep an audit trail and not change any data on the suspect computer.

Mike Maddison, leader of UK security and consultancy services for Deloitte, warned that attacks were becoming more sophisticated and financially motivated. He said ID theft and accounting fraud were top priorities and that the UK response was behind the curve.

"Business continuity has become a bigger priority than ever before, but organisations may not be as prepared as they think," Maddison said. "Many financial institutions still do not measure the effectiveness of their information security controls."

Maddison added that life science companies were quietly beefing up their IT security. "Many have appointed chief information security officers.

"However, they are still struggling to develop return on investment for security - to quantify cost versus value."

More details: www.issa.org


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in October 2006

 

COMMENTS powered by Disqus  //  Commenting policy