Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, May 24, 2005

Put policies before products in IT security battle

Two-thirds of respondents to AusCert’s 2005 Computer Crime Survey admit there is still room for improvement when it comes to IT security staff training. Senior AusCert security analyst Jamie Gillespie said education of information security staff is paramount in improving security management.

Speaking at the AusCert conference on Queensland’s Gold Coast, where the survey was released yesterday, Gillespie said respondents admitted education has to be directed to IT security staff so they can more effectively manage the technology already in place.

“Between 98 and 100 percent of companies surveyed use antivirus software yet they are still getting infected; this wouldn’t be happening if tools were employed properly,” Gillespie said.  Nearly 70 percent of respondents in the survey said their IT security staff have insufficient experience and training to meet the needs of their organization.  About 79 percent are concerned about the level of security training for general staff, and 76 percent are concerned about the lack of training within their organizations.

The view within enterprises is that more dollars will solve security problems, but it is really about implementing and maintaining the right policies, Gillespie said.

“There is a lack of information security policies and poor education related to following policies. The failure of using policies was instrumental in the downfall of one of the world’s most famous chartered accountancy firms.”

Posted on 05/24