Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security and Common Sense Richard Henson University of Worcester November 2008.

Published byGilbert Rice Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Security and Common Sense Richard Henson University of Worcester November 2008."— Presentation transcript:

1 Information Security and Common Sense Richard Henson University of Worcester November 2008

2 Yes, good Information Security IS common sense… n as is safely driving a motor car…

3 “Where did it all go Wrong?” n “End User” Computing n Rapid Advances in Technology n Confusion about legislation n Lack of policy or inconsistent implementation of policy n Data handling training issues

4 Safe Storage of Organisational Information n Before Digital Data… n Paper in a Locked, Fireproof Cabinet, in a locked room…

5 Use of Digital Data within Organisations in the early days n BIG Computers –centralised resources & storage –Terminal-only access to data –Printing only via centralised resource n Data processing areas private…

6 The Rise of End User Computing n 1980s… n The PC offered the possibility of organisational data in the hands of “non professionals”… –network administrators and some academics predicted that there would be big problems… –few people listened… THEY SHOULD HAVE!

7 Have we been down this road before? n Days of “mainframe” or “centralised” computing… comparable to mass transport systems (e.g. stage coach, railways, bus) –“professional” drivers –people driven about

8 Example of Technological Change causing rapid Cultural Change; systems inadequate n Also true of the coming of the motor car…

9 Result of “the motor car” cultural change… n Transport became personalised –those handling motor vehicles were often a menace to other road users –many accidents, injuries, lives lost

10 Systems catch up with cultural change… n Professional bodies ineffective n ALL DRIVERS only controlled through the use of legislation –on cars… minimum standards –and on drivers…had to be 17 to drive…

11 Then more cultural change… n And then more legislation –Driving Test –National Speed Limit –Safer cars

12 Are roads safe today? n Despite increases in traffic, UK road deaths been falling consistently for many years –safer cars? –better driving? –tougher penalties? So a cultural problem CAN be brought under control…

13 The Challenges of “End User Computing” n In early 1990s, immediate workplace computer-related threats to SMEs were… –RSI –eye strain –EU Health & Safety legislation (1992) –Floppy disks… »because viruses could stop computers functioning!

14 The Hidden Threat n Lot of changes with the coming of the PC… n but the threat to personal data from removable media NOT fully acknowledged –floppy disks could only hold small amounts of data… –Data Protection Act, 1984, only a civil offence »end-user computing for business use not anticipated…

15 Digital Data and the Law n Data Protection Act updated in 1998 –did not address the problems associated with putting the end user in control »digital data can be easily carried around –two big technological advances »Writeable CDs.. n meant removable media could now carry huge amounts of personal data »The Internet… n allowed organisational networks to link to the world… n and unlimited amounts of data to be potentially taken off organisational machines…

16 Too much focus on the Internet? n Internet (mis)use caused data losses –and damaged reputations… n In the face of media horror stories… –organisations steered clear of the Internet for sending data –saw writing to CD as the safe way to go –didn’t acknowledge that data copied to a CD tends to stay there…

17 The USB stick n Employees had been happily copying data to writeable CD… even writeable DVD… –MUST have been data losses! –So what? Not a Health & Safety issue! Data Protection Act max penalties not enough of a deterrent to even focus minds on reading it… n USB stick encouraged –People had problems using writeable CDs –even more convenient –stored even more data –less bulky to carry around (!!!) n It was a disaster waiting to happen –perhaps the only surprise was that it took so long…

18 The New Law n Finally (2008) legislation being updated to acknowledge the problem –New term of “Data Recklessness” embedded into Data Protection legislation »serious penalties!!! –Information Commissioner’s Office (ICO) has increased powers.. »FURTHER changes expected during the 2008-9 Parliamentary Session Information Commissioner Richard Thomas

19 So… why such a long wait? n Again… back to the motor car n Original Highways Act? –law in 1835 –only substantially updated in… 1959 –Why then? had become »a matter of public concern n Equally, Data Protection now –A MATTER OF PUBLIC CONCERN –latest surveys: by 2007 as concerned about privacy as they are about terrorism!

20 What are the consequences for Organisations? Need to get serious about data protection, or risk the wrath of the Information Commissioners OfficeNeed to get serious about data protection, or risk the wrath of the Information Commissioners Office one recent sufferer was…one recent sufferer was… Richard Branston, Virgin Media (3383 customer records went missing)Richard Branston, Virgin Media (3383 customer records went missing) Would you want to be next???Would you want to be next???

21 What to do? n Apply common sense? n Now (from 2007) an International Standard for organisations to follow: –ISO 27001 –based on British Standard BS7799 »UK leading the world in design… »but not implementation! –any organisation achieving this quality standard gains in two crucial ways: »unlikely to lose data through “recklessness” »can use the ISO 27001 “kitemark” to show potential customers that their personal data is being properly looked after

22 Is getting ISO 27001 cost-effective? n BIG question –even before… »“credit crunch” arrived »data recklessness became law n Cost overhead of ISO 27001 quantifiable –intensive, highly focussed courses –paperwork deliberately customisable to meet the needs of large and small organisations n If data is lost, what of the cost overhead of: –bad press? –disgruntled customers? –hefty fines?

23 Is Good Information Security Common Sense? n YES… –just as driving safely is common sense n BUT… –even good drivers could fall asleep at the wheel n What would the roads be like today if: –1835 Highways Act was still in force unchanged? –no-one had to pass a driving test? n QUESTIONS???

Download ppt "Information Security and Common Sense Richard Henson University of Worcester November 2008."

Similar presentations

Information Security and Common Sense Richard Henson University of Worcester October 2008.

Information Security and Common Sense Richard Henson University of Worcester October 2008.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Drive in Rain.

Drive in Rain.
Emotions and Driving Emotions affect our every thought and action. We are not able to separate ourselves from our emotional state. We drive as we are.

Emotions and Driving Emotions affect our every thought and action. We are not able to separate ourselves from our emotional state. We drive as we are.
ADMINISTRATION REVISION – BLOCK 2 HEALTH AND SAFETY.

ADMINISTRATION REVISION – BLOCK 2 HEALTH AND SAFETY.
Implications and Security Issues of the Internet By Neelesh Patel.

Implications and Security Issues of the Internet By Neelesh Patel.
District 1220 Assembly 2006 Health and Safety HEALTH AND SAFETY For Rotary District 1220 and its Member Clubs.

District 1220 Assembly 2006 Health and Safety HEALTH AND SAFETY For Rotary District 1220 and its Member Clubs.
The Health and safety Act, is an act to make further provision for securing the health and safety and welfare of persons at work.For protecting others.

The Health and safety Act, is an act to make further provision for securing the health and safety and welfare of persons at work.For protecting others.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.

PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.
CLOSE TO AUSTRIA “Young drivers who are confronted with stories of severe road accidents presented by people of the same age are less likely to engage.

CLOSE TO AUSTRIA “Young drivers who are confronted with stories of severe road accidents presented by people of the same age are less likely to engage.
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
CLOSE TO AUSTRIA Risk Prevention for beginning Drivers “Young drivers who are confronted with stories of severe road accidents presented by people of the.

CLOSE TO AUSTRIA Risk Prevention for beginning Drivers “Young drivers who are confronted with stories of severe road accidents presented by people of the.
Computer Viruses. Where the name came from This is a phrase coined from biology to describe a piece of software that behaves very much like a real virus.

Computer Viruses. Where the name came from This is a phrase coined from biology to describe a piece of software that behaves very much like a real virus.
Backing up data By Alicia stewart.

Backing up data By Alicia stewart.
Health and Safety.

Health and Safety.
BUSINESS CONTINUITY PLANNING FOR SMALL TO MEDIUM ENTERPRISES Presented and written by Jamie Whitford-Robson Corporate Business Continuity Lead.

BUSINESS CONTINUITY PLANNING FOR SMALL TO MEDIUM ENTERPRISES Presented and written by Jamie Whitford-Robson Corporate Business Continuity Lead.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Occupational health and safety

Occupational health and safety

Similar presentations

Ads by Google