IT Security

For more than a dozen years, Professional Security magazine has each month reported information and IT security news, whether case studies, opinion pieces, new services and software, or installations of security over Internet Protocol (IP).

For instance in the February 2015 print issue, the US-based internet security product company Cisco warned that complacency of staff is among the risks faced by corporates. The company pointed to what it called a widening gap between readiness and reality in cyber security perception.

Cyber, IT and infosec figures sometimes feel that the technology is progressing faster than the standards to regulate that technology, and in effect the product vendors are setting the standards, if any; for instance in cloud security. A British standard in the field is ISO 27001, covering information security management. That’s of interest to security people generally as 27001 covers not only the digital data but the physical access to, for example, the data centre and the servers that hold the ‘zeroes and ones’.

Another theme is bring your own device – BYOD for short, a trend in private industry in particular for employers to allow staff to use whatever device they own, to do their work. While this legitimises staff doing what they may well do anyway, it brings the risk of staff downloading material including malware, or misusing or simply mislaying critical business data. But what is the alternative, if staff are savvy with smartphones and tablets and want to get things done, and – to turn to that Cisco report – may actually seek to get round security controls, seeing them as getting in the way of their job?

Cyber Essentials and the cyber streetwise initiative are among official efforts to get UK consumers and workers to be more aware of the risks of being insecure and unsafe online. And the role of the Chief Information Security Officers (CISOs) is developing.