Baronscourt Home
 
 
Tuesday 6th January 2009
 

You are here: Home / Site Map

 
 
 

User Awareness: A Bridge too Far for the Public Sector?

By Tara Hutton

November 5, 2008

Data security in government hit the headlines again this week, with one clear message; employees continue to pose the biggest threat to an organisations data security.  Public confidence in the government handling of data is at an all time low, industry watchdogs have raised serious concerns over the future of data security and Governmental reviews have highlighted the problem as “….an absence of proper awareness and training among staff and confusion on the ownership and guardian of data.”  But the data breaches keep coming, which begs the question, is managing User Awareness a bridge too far for the Public Sector?

This could possibly be the case, but it is a bridge that will have to be crossed, and soon, as significant fines and penalties are around the corner. The Information Commissioner has sent a clear message that substandard data handling will no longer be tolerated.  The cornerstone of any successful Information Security strategy has to be the participation, accountability and awareness of ALL users in an organisation.  Technology, systems, regulations, all play an important part, but, as recent times have painfully illustrated,  one human error, one simple mistake can bring your IT Security crashing down around you.  

The complexity of the problem is daunting, but the solution is delightfully simple, according to one industry expert, Robbie O’Brien, CEO of Baronscourt. 

“How can government guarantee employee participation across multiple sites, multiple user types and various 3rd party contracts? One word, Automation.”

Automating IT Security Awareness activities has been proven to increase User Awareness levels by over 30% in the initial 3 months of a project, figures that are unachievable by any other means.  This in itself would be a huge benefit to Government organisations, however, deploying a sophisticated Automation solution brings additional benefits:
  • User Accountability is guaranteed through self certification;
  • Organisation can elicit and enforce 100% response across ALL users, including 3rd party and remote workers;
  • IT Security posture and user awareness levels can be regularly measured through automated risk assessments;
  • Aggregated reporting provides the data required to assess, plan and budget for continual gains in User Awareness levels;
  • Organisations can demonstrate compliance via the same aggregated, secure audit and reporting system;
  • Sustainable Compliance can be achieved through developing automated, repeatable processes.
During his keynote speech at this year’s RSA conference, Information Commissioner Richard Thomas outlined 3 main areas of focus that he believes will allow Government to take control of data security.  These three areas, ensuring the right policies and procedures are in place, getting the technology right and focusing on people and behaviour, are all easily addressed by Automation, in fact can only be successfully addressed by Automation.  And it is imperative that these are addressed now. Developments in technology mean that increasing amounts of our data will be stored and accessed more cheaply and easily, and this poses a very real threat to data security.   Engaging employees in an ongoing, interactive communication, achievable only with the use of Automation, is the one way to ensure that they are both aware of their responsibilities in handling our data, and accountable for their actions should they neglect these responsibilities.  The message is very clear, the taxpayer won’t tolerate lax data security any longer, and the Information Commissioner has the teeth to prove it.

Join Baronscourt for a 30 minute webinar on how Automation can help organisations increase, measure and sustain User Awareness across all users, to deliver on IT Security objectives. 

Title: IT Security Awareness – Where to Begin, How to Measure and How to Sustain User Awareness

Date: Wednesday 3rd December 2008

Time: 1.00 – 1.30 pm GMT

Register Now or call Tara Hutton on 0207 917 9527 for more information. 

More News

 
 
 
Next Steps


Multimedia demos
Case Studies
30 day Trial
Personal Demo
 
 
 

Download...

"Experts estimate the process of writing IT Security Policies can take 3 -6 months, with no guarantees that policies will continue to cover all aspects of the changing regulations that govern IT security."

Judith O'Connor, CEO ECMP
 
 
 
MetaCompliance Policy Enterprise
 
 
 
 
 
MetaCompliance Policy Classic
 
MetaCompliance Policy Laptop
 
 
 
WebEncript - This site is verified as secure daily by encription limited ethical hacking services
Search Content | Search News
Privacy Policy | Copyright Info | SiteMap | Home

Copyright Baronscourt Technology, © 2009. All Rights Reserved.
www.sans.org/reading_room/