New Forum aims to pool awareness expertise

More than a dozen professional bodies have formed a new forum to raise security awareness among business, consumers and Government.

More than a dozen professional bodies have come together to raise security awareness among business, consumers and Government. They say it will provide a coordinated programme to tackle a problem that underlies some of the most serious recent security breaches.

The Information Security Awareness Forum will take input from its various membership organisations and attempt to provide a single point of contact for anyone seeking information about awareness programmes or good practice.

We have an overlap of conflicting messages from different quarters. Who should the users listen to?
David King
ChairmanInformation Security Awareness Forum
The move has the support of former Home Secretary David Blunkett, who chairs the advisory board of ISSA UK and who suggested a single voice to promote awareness rather than a series of uncoordinated initiatives.

"We have an overlap of conflicting messages from different quarters. Who should the users listen to?" said David King, who chairs the ISAF. "Our aim is to create a neutral ground with representatives from various industry bodies to work together. We may also involve commercial companies in some of our projects."

Among the first activities planned are an Information Security Awareness Week running April 21-25, and a guide for company directors, which will be published around the same time.

King emphasized that the Forum would produce little new material, but would draw on the resources of the participating bodies. For instance, one of them, GetSafeOnline, an organisation with Government and industry backing, holds a mass of practical information for consumers and small businesses. But managing director Tony Neate conceded: "Not enough people go to the GetSafeOnline site. The more we can drive traffic to it the better."

The awareness week will take place at the same time as the Infosecurity exhibition, and several other security related events are planned to coincide with it by other ISAF members, including the annual one-day conference of the Jericho Forum and the publication of ISC2's annual Global Security Workforce Study.

In addition, the Department for Business, Enterprise & Regulatory Reform (formerly the DTI) will publish its biennial Information Security Breaches Survey, which is expected to underline the need for greater user awareness.

Chris Potter, a partner at management consultants PWC, is a lead author of the DTI's breaches survey, which has been conducted every two years since 1991, making it the longest-running survey of its kind in the world.

"On the early findings we see greater concern about data leakage and the loss of customer data," he said. He said the survey showed that big security breaches tended to be as the result of "a lot of small things failing, and among them there would always be people involved." He said that most incidents could have been prevented if the people had been made better aware of the possible risks. "When we talk about awareness, we don't just mean awareness but a change in behaviour, but behaviourial change is really hard to achieve."

He said he supported the creation of the Forum because it would allow a "sharing of the pain and learning" gained by different bodies for the benefit of all.

Members of ISAF will meet on a monthly basis to help develop new activities and deliverables, said David King, and ISSA will provide administrative support. Other members include the British Computer Society, Isaca and the Information Security Forum.

Read more on Security policy and user awareness