The following introduction was originally published in the BCS Information Security Specialist Group Magazine, Winter 2005 issue:
Recently, another new initiative to educate and protect the IT user community was launched. Get Safe Online (www.getsafeonline.org) joins the myriad of other ‘advice’ websites set up over the years, by government and industry, to help the general public identify and address computer security threats.
Hopefully this latest attempt, backed by financial and marketing assistance from big names, including eBay, HSBC and Microsoft, will help the government get the message, of safe online computing, through to the consumer. The website offers a clear and balanced approach to mitigating Internet threats.
For cynics, who see Microsoft’s support of this initiative as self-serving, advice to consider alternatives to the Microsoft browser and e-mail client software does appear on the website. Also, a broad range of non-Microsoft security applications is referenced, along with advice being offered for the Apple Mac and Linux OS.
The embryonic, and tentatively entitled, Institute for Information Security Professionals (IISP) is aiming to launch on 1st January 2006. I urge you to review the work they have undertaken to date, and decide whether you support this route to the professionalism of the information security industry.
An overview of this new body, and the Working Group papers, is available on the Security Alliance for Internet and New Technologies (SAINT) website (www.uksaint.org). Questions, comments and offers of assistance related to this new body should be directed to Barrie Wyatt
The Working Groups have created papers on ‘Creating a Professional Body’, ‘Common Body of Knowledge’, ‘Codes of Professional Conduct’ and ‘Skills and Accreditation Requirements’. These papers are drafts which require your feedback to make them even better, and acceptable to the broadest community.
I was recently at a congress focused on partnerships to help tackle organized crime. The aim of the law enforcement community was to improve links with industries, which have close ties with large user communities, such as banking, telecommunications, retail and e-commerce.
Some areas of concern included ensuring compliance with current legislation (especially the Data Protection Act) in any information sharing agreements and whether information will truly flow in both directions, an area in which law enforcement and the government are improving.
I think that it can be good when businesses and security professionals go beyond the limits of their usual activities – simply hawking wares – and get involved in other, non-profit driven, activities, such as information security education and crime reduction partnerships for the good of the wider community.”