Security is not primarily a technical issue

With the bank failures of recent weeks, more pending redundancies and a continuation of the downward slide, should we be concerned about lax security? Is...

With the bank failures of recent weeks, more pending redundancies and a continuation of the downward slide, should we be concerned about lax security? Is someone minding the store while all this is going on or should we be doing something more when the banks are going bust?

The great myth associated with information security is that the risks are primarily technical, writes Simone Seth, senior research consultant at the Information Security Forum (ISF). However, practitioners in the trenches know better the greatest vulnerabilities organisations face are down to human behaviour.

For example, although a company may have a sophisticated application in place to manage identities, failure to follow a process to 'on-board' and 'off-board' employees may result in leaving back doors open. And with the axe still swinging over banks and other financial institutions leading to a steady flow of redundancies, this particular security imperative has come to the fore as a critical issue.

Failure to effectively ensure that authorised access to data is terminated immediately when individuals lose their jobs puts sensitive and confidential data at risk and can lead to a breakdown in an organisation's control framework. Experienced security professionals have long highlighted this vulnerability to senior management and HR departments and maybe these unprecedented events in the financial world and radical changes in business practices will now focus their minds and lead to positive change.

Additionally, as banks merge with other banks to avoid collapse, the need to ensure that multiple information security and risk management control frameworks are synchronised becomes increasingly important. Inviting security to the table when senior business and IT management meet to discuss integration strategies and merged environments can serve to avoid downstream costs and problems associated with the exploitation of vulnerabilities.

Information security controls, if implemented correctly and consistently, ensure the validity of financial records. As business and government leaders face financial crises and focus on shutting down, rescuing, nationalising or merging operations, it is necessary to ensure that the integrity of financial records is not compromised and that customer data is kept confidential.

Leveraging security staff to assist in this process will reassure regulators and end customers of the ability to adapt to changing operating models. With financial institutions desperate to restore confidence and credibility, the last thing they need is a string of data loss headlines.

Read more expert advice from the Computer Weekly Security Think Tank >>

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.