The Softer Side of Security

For the last few days as I’ve been over in Orlando speaking at MIS Training Institute’s excellent Infosec World. It’s one of the most comprehensive conferences in terms of subject area coverage, with 11 simultaneous streams of in-depth presentations. And the feedback from delegates is always good. So it provides an interesting perspective of the state-of-the-art of the US security community and an indication of the challenges facing security professionals.

In the UK we’re used to looking to the USA for an idea of what’s coming next. But in the information security world the opposite has often been the case in recent years as US companies adopt UK innovations such as ISO standards, ITIL management processes and de-perimeterisation strategies.

However the traditional gap between US and UK security emphasis – the former having a stronger technology focus and the latter more process-oriented – has largely disappeared. Programmes such as Infosec World now have a strong emphasis on softer management issues such as leadership, business alignment and human factors. It’s an encouraging trend and one that’s set to continue for a long time.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

That's very interesting, David. And very heartening. I've a question, though. I run a consultancy which specialises in addressing the aspects of business continuity, crisis management, change planning and general risk management from the decision-makers point-of-view. There isn't any point procuring equipment, developing security policies, drafting disaster recovery plans, etc., if the infrastructure, systems, processes do not support the taking of the best decisions by people, both in mundane business and crisis operations. The challenges of employee wrong-doing; insider attack; social engineering and (more importantly) a bad appetite for risk are all areas where organisations require practical and pragmatic support to develop their competence and confidence. Analytic Red's work has taken us to some high-profile environments (No 10, Bank of England, CPNI/NISCC, technology corporates, defence and security community, etc.), but in terms of 'breaking into' new markets we're having problems. Do public and private sector organisations yet understand the importance of human factors and (critically) how do we help them falling prey to psycho-babble providers if and when they do recognise this need?! Mils.