Information Security forum to 'change behaviour'

An organisation has been launched to promote security awareness in the wake of the plethora of major security breaches in 2007.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

The Information Security Awareness Forum (Isaf) - launched yesterday at the British Computer Society (BCS) in London - will be an umbrella body for a number of organisations, including BCS, IT industry lobbying group Eurim, and web-safety campaign Get Safe Online.

The forum was created as a result of various security breaches last year, which Isaf said were the result of a lack of security awareness. These included the HMRC breach, where 25 million personal details were lost, and the TJX breach, where up to 96 million credit-card details were compromised.

Isaf aims to promote information security awareness across government, corporations and small businesses, as well as among individuals. David King, chair of Isaf, told silicon.com sister site ZDNet.co.uk security awareness was one of the "big things" for all organisations, and that there was common security ground between all sizes of public and private organisations.

King said: "There is some common ground. For example, picking good passwords, changing passwords frequently, and being conscious of the impact of sharing information on social-networking sites. Companies have a responsibility to handle information securely, just as government does."

King said Isaf would seek to change people's behaviour so they would think of the possible security ramifications of their actions before acting. While organisations needed to have "awareness on the agenda", multiple approaches needed to be taken to change behaviour, according to King. "To change behaviour we have to come at the problem from different angles," he said.

Isaf says it will aim to publish a "guide for directors on information security" by the end of April. This will be aimed at senior figures in public- and private-sector organisations.

Senior civil servants in particular need to have information security awareness on the agenda, according to Philip Virgo, secretary general of IT industry lobbying group Eurim. Virgo said: "There's definitely a confusion among civil servants, just as there's a confusion among [private sector] managers. That's down to the amount of conflicting security advice being given [by groups promoting commercial interests]."

Isaf membership will mainly consist of industry bodies. While the membership of those bodies consists primarily of commercial organisations, as well as Eurim, King said the Isaf would not be a lobbying group or promotional tool for any particular vendor or set of products.

King said: "We are not a lobbying organisation. We don't have corporate members. Our agenda will be delivered by industry body representatives. Those industry bodies have different organisations, which all have their own agendas."

Isaf will also collaborate with web-safety campaign Get Safe Online to promote security awareness in small businesses and for consumers. The campaign has been running since 2005, and encountered controversy when its membership costs were revealed and also the fact that sponsors' products would be promoted by the site.

Isaf will also promote an Information Security Awareness Week from 21 to 25 April, to coincide with the Infosecurity Europe conference at Olympia in London.

Original article: 'Internet Security Awareness Forum' is launched from ZDNet UK