BCS launches advice site to help firms tackle data security challenge

The BCS has launched a security area on its website to provide advice on protecting corporate data.

The BCS has launched a security area on its website to provide advice on protecting corporate data.

With increasingly sophisticated targeted attacks being launched against IT systems, and with the greatest threat often coming from within an organisation through ­social engineering attacks on staff, securing company information is more complex than ever.

How to manage the internal risk is currently a huge debate within the industry. Staff need access to critical data to do their jobs, but IT wants to minimise that access because the more data is exposed, the more vulnerable it becomes.

"Employees are an organisation's biggest asset, but also the biggest risk," said Greg Day, security analyst at anti-virus firm McAfee. "Viruses and spam are probably recognised as the most common assault on a company's IT infrastructure, but there are many other elements to consider.

"While external factors pose a significant threat, most breaches are carried out internally. Role-based access is becoming increasingly popular as a preventative measure."

Training to protect staff from social engineering techniques is also increasing, Day added.

To highlight the time and effort required to keep company information secure, this year's BCS IT Professional Awards have introduced the Award for Investment in Information Security, sponsored by McAfee.

The award seeks to recognise the most successful investment based on measurable benefits to the business in terms of brand value and trustworthiness, fraud reduction, or improved service quality.

The 2006 finalists are Alliance & Leicester, Anite Public Sector, Betfair and Liverpool Direct. The winner will be announced on 7 ­December.

BCS security site

IT Professional Awards


Read more on IT risk management