The Security Institute

The Security Institute has joined hands with leading Industry Security experts to release guidance on converged security risks. The report lays a foundation stone for enhanced security through better understanding, collaboration and awareness of the latest issues. It will help businesses ensure their real and virtual assets are protected.

One of the key recommendations is businesses should appoint a single Chief of Security who can take responsibility for both physical and online assets, as well as the increasingly complex area of compliance security.

The report was co-authored by the Security Institute (Information Risk Forum), the Information Security Awareness Forum, Price Waterhouse Coopers, the National Federation of Fraud Forums, and Portsmouth University.

Azeem Aleem is chair of the Institute IS Risk Forum. He said: "Most of the IS disasters exposed these days are result of vulnerabilities present at human level on the social and technical levels. To mitigate these threats, having a converged security approach to identify the risks is an essential element.

"To counter these threats we must keep ahead of those who attack us because the concept of security has now expanded way beyond the traditional remit into areas like brand and IP protection, corporate espionage, social-engineering, and cyber mules linked closely with organised crime.

"The report raises the concerns that while many security departments are so busy fighting day-to-day crises that they tend to miss less obvious threats, especially the overlap of security risk between real and virtual worlds."

The report seeks to help IT professionals and management better understand the myriad security issues created by the increasing demands placed on physical and information security resources - and explain how to counter threats effectively, he said.

The report argues that those in charge of risk need to challenge the way they think and work in four key areas:

• Ensure wider understanding about all other areas of the company;
• Build in clear and repeatable processes, rather than ad hoc solutions to individual challenges;
• Share information, integrate processes and streamline reporting across the company;
• And have the humility to accept when other risk priorities come above one's own function for funding or management attention.

The report also includes a survey of business owners on the impact the economic downturn has had on their company's security. About 7,200 respondents, more than half, say risk has increased, regulations have become more complex and burdensome, and cost cutting has made it harder to achieve a good level of security.

Dr David King, chair of the ISAF, said the report will act as a foundation stone for IT and other professionals to build the innovative security defences needed in a ‘modern connected' business world.

He said: "The major security problem that all IT managers are now encountering centres on the blended threats that cyber-criminality and hacker attacks now pose most businesses."

The report also details structural vulnerabilities created by IT-enabled modern offices and their buildings such as access control, air-conditioning, CCTV and fire alarms, and looks at ways to better defend them.

Professor Paul Dorey, chairman of the Institute of Information Security Professionals, said: "Our opponents have no departmental barriers or concerns over responsibilities. Only by working closely with our security and risk colleagues will the protection of our businesses be equally joined-up."

The report was launched on 15^th April at Thomson Reuters in London. Copies can be obtained from karen@security-institute.org. For more information on joining the Security Institute IS Risk Forum please contact Azeem.aleem@port.ac.uk