EURIM Security by Design Subgroup
CAN SOCIETY AFFORD TO RELY ON SECURITY BY AFTERTHOUGHT NOT DESIGN?“The main benefit of investing in better security technology is to force the enemy to concentrate on corrupting your people instead of trying to break your systems.” Professor Richard Walton, former Director, CESG The Security by Design Subgroup emerged from issues raised at the EURIM Directors Round Table on Information Governance: related to the need to change market behaviour so that security is built into information systems from the outset. The Group produced a report making the case for a fundamental change in market behaviour so that the complex IT systems, on which society increasingly depends, have security embedded from the start rather than added as an “afterthought”. A Summary four page report is available for those without time to read the full length version, as well as a one page version of key points. Executive Summary Society is increasingly reliant on complex online systems and vulnerable to online risks and threats. Many reports recommend retrofitting privacy and security, but much more needs to be done to ensure it is built in the design stage. Government, regulators and professional bodies have important roles but the key to changing market behaviour is better practice in design and procurement. Government’s main contribution should be as a more intelligent customer. Convergence, increased system complexity and the transition towards new online business models, such as cloud computing, present risk-management challenges that cannot be resolved by security provided as an afterthought. Action is also urgently needed at service, system and product levels to reduce the threats from criminals, terrorists and cyberwarfare to the systems on which society depends. The UK Government, its security advisors and the providers of ICT services must play a leading role in agreeing common approaches that will change market behaviour. These must include common terminologies and shared processes for practical co-operation, focusing on frameworks for assessment and audit. The formation of government and regulatory policies should not only involve the relevant trade associations and professional and academic bodies but should also be peer reviewed by practitioners, both public and private sector, including those with responsibility for delivery, operations and monitoring.
|
|||||||||||||||||||||||||||||||||||||
Information Security - A Summary  |
|
Information Security - An Overview of Best Practice |
|
Information Security - Document Directory |
Carlos Solari Abstract: Security in a Web 2.0+ World - A Standard
Based Approach |
Forthcoming Subgroup Meetings
| Date | Description | |
Recent Subgroup Meetings
| Date | Subject | Papers |
| 27 Oct 10 | Launch of Security by Design Status Reports |
Presentation |
| 09 Jul 09 | Security by Design Subgroup Meeting |
Summary
Report Presentation |
| 27 Apr 09 | Security by Design Subgroup Meeting |
Summary
Report |
| 03 Mar 09 | Security by Design Subgroup Meeting |
Summary
Report Presentation |
| 12 Feb 09 | 'Security by Design' work-stream scoping meeting |
Summary
Report Presentation |
|
||||||||||||||||||||||
 | ||||||||||||||||||||||
|
||||||||||||||||||||||
| ||||||||||||||||||||||
| copyright © 2011 www.eurim.org.uk | ||||||||||||||||||||||
|
|
||||||||||||||||||||||
