Infosecurity user group: Solve the security puzzle

Boosting awareness of the deepening IT security crises facing all users should be the overriding priority for IT managers.

Boosting awareness of the deepening IT security crises facing all users should be the overriding priority for IT managers.

That was the core message to come from the first anniversary meeting of Computer Weekly's Infosecurity User Group at the recent Infosecurity Show.

Key future trends that all IT managers need to monitor include the increased sophistication of attacks; a more blurred security perimeter for organisations, especially with broadband and wireless take-up; a greater need to boost security of key company assets; the impact of upcoming privacy legislation; and uncertainty over the security of suppliers' consortium the Trusted Computing Group and Microsoft's digital rights platform, Palladium.

Speakers at the off-the-record event said that to adapt to this darkening environment IT managers will need to focus more on defence in depth; they will rely more on best-of-breed products and use encryption more.

Attendees heard that with the concept of the network as a fortress dying, they will need to put more emphasis on application security. They will also have to take greater ownership and promote security awareness heavily throughout all levels of their organisations.

There is a limited but bewildering number of core new technology areas to consider when tackling these issues: corporate identity management; digital rights management; enterprise security management; next generation intrusion detection; securing e-mail; virtual private networks; and wireless security.

To add to the complexity, there are persistent worries about the lack of effective security in many IT products.

At the same time, organised crime bodies have begun to enter the cybercrime arena.

Detection of hacking on open wireless networks is virtually impossible, and police resourcing is low, due in part to companies' reluctance to report computer crime.

The law itself is often on the side of criminals too, as it is not illegal to steal data under UK law, and deceiving a machine does not constitute fraud.

CWIUG events

5 June
Information security awareness

10 July
Corporate-governance and liability

25 September

30-31 October
Meeting at Compec conference

20 November
Authentication and ID management

How to join

Membership is free to anyone with responsibility for IT security in a UK user organisation. E-mail [email protected].

Read more on IT risk management