EURIM home page
  EURIM circle home login contact us search accessible/printer version search
#
What is EURIM?
EURIM arrow

EURIM TOR/Aims

EURIM arrow

Achievements

EURIM arrow

List of members

EURIM arrow

Structure and Governance

EURIM arrow

What EURIM is &
is not

EURIM arrow

Testimonials

EURIM arrow

Corporate Information

EURIM arrow

Notes for Editors

EURIM corner  
#
how to join
EURIM arrow

Benefits of membership

EURIM arrow

Achievements

EURIM arrow

Membership
types & fees

EURIM arrow

Application Form

EURIM corner  
#
resources
EURIM arrow

Index of Publications

EURIM arrow

Briefings

EURIM arrow

Status Reports

EURIM arrow

Working Group Archive

EURIM arrow

Useful Information

EURIM arrow

Guidelines

EURIM corner  
#
 

EURIM Security by Design Subgroup

Back to main IG page

 

CAN SOCIETY AFFORD TO RELY ON SECURITY BY AFTERTHOUGHT NOT DESIGN?

“The main benefit of investing in better security technology is to force the enemy to concentrate on corrupting your people instead of trying to break your systems.”

Professor Richard Walton, former Director, CESG

The Security by Design Subgroup emerged from issues raised at the EURIM Directors Round Table on Information Governance: related to the need to change market behaviour so that security is built into information systems from the outset.

The Group produced a report making the case for a fundamental change in market behaviour so that the complex IT systems, on which society increasingly depends, have security embedded from the start rather than added as an “afterthought”.

A Summary four page report is available for those without time to read the full length version, as well as a one page version of key points.

Executive Summary

Society is increasingly reliant on complex online systems and vulnerable to online risks and threats. Many reports recommend retrofitting privacy and security, but much more needs to be done to ensure it is built in the design stage.

Government, regulators and professional bodies have important roles but the key to changing market behaviour is better practice in design and procurement. Government’s main contribution should be as a more intelligent customer.

Convergence, increased system complexity and the transition towards new online business models, such as cloud computing, present risk-management challenges that cannot be resolved by security provided as an afterthought. Action is also urgently needed at service, system and product levels to reduce the threats from criminals, terrorists and cyberwarfare to the systems on which society depends.

The UK Government, its security advisors and the providers of ICT services must play a leading role in agreeing common approaches that will change market behaviour. These must include common terminologies and shared processes for practical co-operation, focusing on frameworks for assessment and audit.

The formation of government and regulatory policies should not only involve the relevant trade associations and professional and academic bodies but should also be peer reviewed by practitioners, both public and private sector, including those with responsibility for delivery, operations and monitoring.


Final Reports

Date Description
Oct 10 Can society afford to rely on security by afterthought not design? - Status Report
Oct 10 Can society afford to rely on security by afterthought not design? - Summary
Oct 10 Can society afford to rely on security by afterthought not design? - 4 Page


Subgroup
Outputs

Information Security - A SummaryEURIM Members & Registered Observers Only
Information Security - An Overview of Best PracticeEURIM Members & Registered Observers Only
Information Security - Document DirectoryEURIM Members & Registered Observers Only
Carlos Solari Abstract: Security in a Web 2.0+ World - A Standard Based Approach


Forthcoming Subgroup Meetings

Date Description
     


Recent Subgroup Meetings

Date Subject Papers
27 Oct 10 Launch of Security by Design Status Reports Presentation
09 Jul 09 Security by Design Subgroup Meeting Summary ReportEURIM Members & Registered Observers Only
PresentationEURIM Members & Registered Observers Only
27 Apr 09 Security by Design Subgroup Meeting Summary ReportEURIM Members & Registered Observers Only
03 Mar 09 Security by Design Subgroup Meeting Summary ReportEURIM Members & Registered Observers Only
PresentationEURIM Members & Registered Observers Only
12 Feb 09 'Security by Design' work-stream scoping meeting Summary ReportEURIM Members & Registered Observers Only
PresentationEURIM Members & Registered Observers Only


Back to top

# #
 
activities
EURIM arrow

Working Groups

 

- UK/EU Competitiveness

 

- Public Service Delivery

 

- Information Governance

 

- Information Society Workforce Skills

 

- Cyber Security & E-Crime

 

- Communications

 

- Digital Single Market

EURIM arrow

Other Committees

EURIM corner
 
#
what's new
EURIM arrow

Latest Timetable

EURIM arrow

Working Drafts

EURIM arrow

EURIM Outputs

EURIM arrow

Press Releases

EURIM arrow

Current Consultations

EURIM arrow

UK / EU Reports

EURIM arrow

EURIM Events

EURIM corner
 
#