Security Awareness - The Common Sense Attribute
- When?
- Friday 14 May 2010, 10:00 to 12:00
- Where?
- 24AA04
- Open to:
- Staff, Students
- Speaker:
- Mr Clinton Walker
A lecture delivered by Clinton Walker, Security Consultant at Logica.
Recent media reports covering major breaches of security claimed that they might have been prevented if staff awareness of security, procedures, appropriate data handling and security controls had been more reliable. Human error has become the biggest security concern for IT directors, end users and all parties concerned with data that’s held about them.
"Enterprises must recognise that simply trusting employees will inevitably prove detrimental to their security, their risk postures and their business interests," wrote Perry Carpenter, a research director at Gartner. Vnunet.com (10th Oct 2008).
As our information becomes more readily available and easily accessed via various outlets (social networks, online forums, Google, local authorities by the use of the freedom of information act), we tend to have no control over who is using, or accessing our details for the wrong reasons. As the plethora of information warehouse increases and the use of cross border deals (i.e. - outsourcing, as a cost cutting measures) and support in the IT arena grow there is an increased need for more compliance, legislation and security awareness of every user who comes into contact with our data. Coupled with all the best practices and legal requirements, the following are also paramount in aiding compliance, awareness and control of our data…ISO27001, PCI-DSS, BS25999, Computer Misuse Act 1990, and Data Protection Act 1998 plus many more for different countries.
Hence, security awareness must be integral to the foundation of managing, implementing and enforcing security solutions for it to be effective and fit for purpose. The use of security awareness across major organisations in some cases has been a reactive process in the past few years and until we reach a point where this becomes a culture and a proactive process, our defence will be futile in fermenting changes in user’s attitudes towards security.
Yet, insider threat is seen as one of the most feared and high risk link in the chain/ecosystem of people whom we entrust with our valued data in the organisation!
Clinton is currently a Security Consultant within the Security Practice for Logica UK. For the past few months Clinton has been working on various public sector projects, one of which is the largest Government project in Europe and of Logica. He is also currently working on the implementation of a security awareness software tool to be rolled out within Logica globally (60+ Countries). http://www.logica.com/
Key areas of interest and specialisation for Clinton are: Compliance, Governance, best practices (BS25999-Business Continuity, ISO27001, BS9001, PCI-DSS), risk assessment, Training and Awareness, Auditing.
As an active British Computer Society (BCS) member and the Co-ordinator for the Young Professionals arm of BCS, Clinton regularly organises networking events in the Nottingham and Derby.
Prior to joining Logica, he worked for Experian as a Senior Security Analyst within the Technology Division, with the responsibility of staff supervision, project management, Business Continuity, ISO27001 Reviews, .incident management & escalation and security systems administration.
Clinton Walker was also the Vulnerability Manager for E.ON IS UK, responsible for network scanning, remediation, patch management, risk management, incident management and process & procedure development.
Clinton has also worked at New College Nottingham in their IT department as a web developer, IT Support Analyst and currently lectures part time at Castle College Nottingham.
Clinton holds a Masters in Information Systems Security from Sheffield Hallam University, BSc (Hons) in Business Information Technology from DeMontfort University, ISO27001 Lead Auditor, trained Paralegal, ITIL Foundation Certificate, Member of the Institute of Learning (MIfL), School Governor and a Member of the Institute of Leadership, and Management (ILM)
Outside the remit of Logica he helps local charity organisations in the community and the local schools with various IT advice and security awareness talks.