About RSS
Search for: in 
Tony Dyhouse
R E L A T E D   C O N T E N T
Similar articles
IThound
News centre
More from Computing
Jargon Buster

ADVERTISEMENT

Tony Dyhouse

Organisations must instil a culture of data security

Recent high-profile data losses show that worringly lax attitudes to security are still common

Computing, 03 Feb 2010
ADVERTISEMENT

Last November, St Albans City Council and two NHS care trusts were victims of embarrassing data thefts as the result of someone walking out the door with their computers.

These incidents highlight a worrying trend: CIOs are focusing on technical security and forgetting about the basics. Implementing sophisticated data protection technology is fine, but not if you ignore the fundamentals of physical and online security. It’s like investing in fingerprint identification for your front door and leaving your back door unlocked.

These thefts raise the same old concerns: why wasn’t the data encrypted? Why was it stored on an internal drive and not a securely held server? And why wasn’t there adequate physical security in the building? The answer to all these is that people aren’t taking information security seriously enough.

Public organisations are trusted with a huge amount of sensitive data and they have a corresponding duty to handle it responsibly. But this goes beyond data theft. If data is being held on a hard drive and not a central server, how can we be sure it is being properly updated and backed up?

The solutions are not difficult. In fact, many are already in place and working well. The Information Commissioner’s Office (ICO) lays down guidelines for all public sector organisations, and healthcare security is covered, albeit non-bindingly, by the Connecting for Health Information Governance Toolkit.

The problem is that, in too many cases, these procedures are not being followed. St Albans Council even admitted that there wouldn’t have been a problem, had their security policy been followed.

If the problem is to be solved, the CIO must take full responsibility for implementing mandatory security practices. This has to include: proper data handling training for relevant staff; ensuring employees understand the impact of mishandling data; and implementing personnel procedures to make sure employees do not compromise the system. These measures must be backed up by adequate sanctions for any unreasonable failures.

Tony Dyhouse is director, cyber security programme at the Knowledge Transfer Network

Tags: Security

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Implementation/ Release Manager
| Hays Information Technology
Our client is an internationally based organisation and is urgently looking for an Implementation/ Release manager. We are looking for the successful candidate to manage the timely development of workflow processes and software applications to ... more >
Senior Software Developer (Web)
| Computer People
My client a leading business to business services organisation based in Leeds is currently seeking a Senior Web Developer to join their rapidly expanding team. Reporting to the Systems Development Manager you will be involved ... more >
Development Team Leader - leading team of 5, .Net
| Computer People
My client is looking for a Development Team Leader to work in both a hands on development capacity as well as managing a small team of developers (4/5). You will be responsible for: the direct ... more >
Data Analyst
| Hays Information Technology
Data analyst – Excel   My public sector client requires a data analyst with specific in-depth experience of excel, modifying, updating and manipulating spreadsheets. Checking all data integrity. Interviews are to be held ASAP and ... more >
More job opportunities
Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Advertise
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP and Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Software engineer jobs
Inquirer Jobs Firmware developer jobs, Electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . V3.co.uk
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Loading...