The coffee-break bell has tinkled, signalling to delegates and VIPs to retake their seats for mid-morning presentations on data privacy and cyber security at PrivSec Dublin.
In the Cyber and Business Continuity theatre, Greg van der Gaast, Head of Information Security, University of Salford presents on accountable information security.
The CISO underlines how Information Security (InfoSec) guarantees the integrity of the infrastructure that houses sensitive information. As such, InfoSec is a vital component within the data privacy and cyber-security equation.
“You could argue that InfoSec is the more important [element] because it underpins much of data protection. But the problem is that InfoSec is often done badly – we can be terrible at providing information assurance and security,” Greg says, before qualifying that with “or rather holistic assurance.”
“We have to engage and we’re terrible at it,” he adds.
Describing what the problem areas within InfoSec are believed to be, Greg cites uneducated users, a lack of support from the board and stakeholders, not enough budget, and a perceived skills gap.
But he is an optimist, believing that we as a community can “do twice of what we do now, with half the people,” a maxim that our obsession with software tools will do nothing to engender, despite the fact that we spend “85% of our IT budgets on tools.”
So, “what is actually the problem with InfoSec,” Greg asks.
The culture is undermined by negativity and defeatism, elitism and small-mindedness. An inability to communicate well between people and departments also prevents security culture from bedding in. Workers are disinclined to take ownership of problems and admit that they messed up, and then there’s the tools obsession again – always seeking for a technological solution instead of looking to recruiting and up-skilling the right people.
Greg points out that the problem with negative blame culture in InfoSec is that it recognises a person – who is ostensibly to blame for an incident – as the weakest link, when in fact they are just the first link.
To overcome the negative mindset, Greg emphasises how we all need to ask what we can do to help, and to see “every barrier as a challenge.”
“Stay positive and enjoy overcoming those challenges,” Greg states, adding:
“If we hit resistance, step back, work out the cause and address that. It’s often relationships, understanding and support. Solve these issues first. We must not let our egos stand in the way of our own growth.”
The post #PrivSecDublin: Information Security in support of Privacy appeared first on PrivSec Report.