Share

Social security - Summer 2010

Social security - Summer 2010
Blogs

Social security - Summer 2010

IT | Brian Shorten | 14 Jun 2010

Brian Shorten emphasises the importance of working with people to ensure good IT security. 

In 1986, deregulation of the financial markets did away with the distinction between the London Stock Exchange and the banks, allowing banks to deal in shares, with a growth in automated dealing systems and networks. For the bank I was with at the time it also led to the need for the management of those systems.

This was very much an administrative function. We didn’t have the technology we have now to protect and secure the systems, so it was a people thing rather than a technological issue, and I had many conversations with dealers explaining the reasons behind having access to a system issued to an individual rather than shared. I was explaining why users should take a particular action rather than using a technological process to enforce it.

Since then, the technology has increased with a complexity and power that I couldn’t have imagined; however, one thing has remained constant. Whatever the industry you are working in, whatever the assets the business has to protect, the most important element is the people.

The technology is obviously an integral part of security; I’m not advocating that we do away with firewalls, anti-virus software, intrusion detection/prevention processes etc, but these become stronger parts of the whole if the people who use the applications, access the internet, and send and receive emails understand why security is important and how to protect themselves.

A firewall will protect against attacks against the network but it cannot prevent individual users circumventing it to connect to the internet. Anti-virus software can detect known viruses in files and software but it cannot stop a user bringing in a device containing a yet-to-be discovered virus. Software can detect viruses in email attachments and emails attempting to defraud the recipients of money and login details but users can still respond to a suspect email or click on a link.

Employee misconduct, carelessness or lack of knowledge cannot be controlled by technology alone, nor by policies, even if strictly enforced. The only way is to involve everyone in the whole process and effectively to turn every member of staff into a security manager.

Brian Shorten is IS BCP, risk and security manager at Cancer Research UK and chair of the Charities Security Forum

Directory: Cancer Research UK (CRUK)
Who's Who: Brian Shorten

Comments

[Cancel] | Reply to:

Close »

Community Standards

The civilsociety.co.uk community and comments board is intended as a platform for informed and civilised debate.

We hope to encourage a broad range of views, however, there are standards that we expect commentators to uphold. We reserve the right to delete or amend any comments that do not adhere to these standards.

We welcome:

  • Robust but respectful debate
  • Strongly held opinions
  • Intelligent relevant discussion
  • The sharing of relevant experiences
  • New participants

We will not publish:

  • Rude, threatening, offensive, obscene or abusive language, or links to such material
  • Links to commercial organisations or spam postings. The comments board is not an advertising platform
  • The posting of contact details for yourself or others
  • Comments intended for malicious purpose or mindless abuse
  • Comments purporting to be from another person or organisation under false pretences
  • Gratuitous criticism, commentary or self-promotion
  • Any material which breaches copyright or privacy laws, or could be considered libellous
  • The use of the comments board for the pursuit or extension of personal disputes

Be aware:

  • Views expressed on the comments board are left at users’ discretion and are in no way views held or supported by Civil Society Media
  • Comments left by others may not be accurate, do not rely on them as fact
  • You may be misunderstood - sarcasm and humour can easily be taken out of context, try to be clear

Please:

  • Enjoy the opportunity to express your opinion and respect the right of others to express theirs
  • Confine your remarks to issues rather than personalities

Together we can keep our community a polite, respectful and intelligent platform for discussion.

Tags

Information security

Related

Charity security experts discuss mentoring scheme

Charities Security Forum launches mentoring scheme

Social security: The importance of meeting and greeting

Social security: charities versus banks

John Tate (55) Rob Dyson (6) Kirsty Weakley (6) Vibeka Mair (5) Gareth Jones (4) Andrew Samuel (4) Brian Shorten (3) Celina Ribeiro (2) David Burrows (2) Niki May Young (2)
Dan Sutch (2) Iain Pritchard (1) Jonathan Waddingham (1) Ian Allsop (1) Jonathon Grapsas (1) Tom Eeles (1) Keith Collins (1) Debbie Attwood (1) Ingrid Marson (1) Peter Wanless (1) Patrick Nash (1) David Philpott (1)
Less +++ More +++

Popular Tags

Digital fundraising IT strategy and management

Accelerating insurance change for volunteer drivers

25 May 2012

Dan Sumners outlines Volunteering England's efforts to turn insurance red tape into a green light for...

Carrot and stick

21 May 2012

Community isn't led by government, so why wait for it to tell you what to do, protests Robert Ashton....

How to resolve your pensions problem

21 May 2012

How do you solve a problem like a pension deficit? David McHattie tackles the issue.

emailalert

Join the discussion

Twitter button

@CivilSocietyIT

Charity Finance magazine
Charity Finance magazine
from £119.00
BUY NOW

Charity Finance Yearbook 2012
Charity Finance Yearbook 2012
from £49.95
BUY NOW

Charity Investment Conference 2012

15 Oct 2012

Charity VAT & Tax Conference 2012

15 Oct 2012

Charity Property Conference 2012

15 Oct 2012

Charity IT Conference 2012

19 Nov 2012