1
We need to remember that security and privacy revolves around people. Human factors in cybersecurity mean we should give more focus to user experience, including interface design, usability, interactions, and workflow. We must go beyond the usual technical measures and rules trying to govern behaviour. We need to bake security and privacy in from the start. Investors should perform due diligence on start-ups, to gain assurance that these things are considered and delivered, protecting the investor, start-up and customers. We must recognise and reward good practices and penalise bad ones. We need to understand how the internet of things changes security models. Control has moved away from the IT department, into facilities management and domestic environments; more SCADA than server. We must ensure that IoT vendors build their systems for secure operation, management and updates. We need to expand into new areas of automation with caution. Self-driving cars are not just big mobile devices with apps – confidentiality is our least concern; integrity of data (e.g. speed/fuel/pressure, not only emissions) is important; and loss of availability can be fatal. We must treat vehicles as a safety critical system. Maybe we need to think about expanding the coverage of cyberethics, to better reflect the volume, velocity, and INFORMATION SECURITY variety of system and personal data, including telemetry, metadata and content, which can be collected, analysed and shared by emerging tech innovations – before we need to stuthe genie back in the lamp. You can follow Gareth on Twitter: @garethniblett As the world of cyber evolves, we need to drive innovation which moves past the conventional IT world and the wider world of mobile devices and apps, to consider where else we need to innovate to ensure we keep safe wherever and however we connect, says Gareth Niblett, Chair of the BCS Information Security Specialist Group. Information Security Specialist Group (ISSG): www.bcs-issg.org.uk Information Risk Management and Assurance Specialist Group: www.bcs.org/groups/irma BCS Security Community of Expertise (SCoE): www.bcs.org/securitycommunity FURTHER INFORMATION doi:10.1093/itnow/bwv095 ©2015 The British Computer Society Image: Thinkstock CYBER INNOVATION December 2015 ITNOW 23

BCS ITNow 201512 - Cyber Innovation

Embed Size (px)

Citation preview

Page 1: BCS ITNow 201512 - Cyber Innovation

We need to remember that security and privacy revolves around people. Human factors in cybersecurity mean we should give more focus to user experience, including interface design, usability, interactions, and workflow. We must go beyond the usual technical measures and rules trying to govern behaviour.

We need to bake security and privacy in from the start. Investors should perform due diligence on start-ups, to gain assurance that these things are considered and delivered, protecting the

investor, start-up and customers. We must recognise and reward good practices and penalise bad ones.

We need to understand how the internet of things changes security models. Control has moved away from the IT department, into facilities management and domestic environments; more SCADA than server. We must ensure that IoT vendors build their systems for secure operation, management and updates.

We need to expand into new areas of automation with caution. Self-driving cars are not just big mobile devices with apps – confidentiality is our least concern; integrity of data (e.g. speed/fuel/pressure, not only emissions) is important; and loss of availability can be fatal. We must treat vehicles as a safety critical system.

Maybe we need to think about expanding the coverage of cyberethics, to better reflect the volume, velocity, and

INFORMATION SECURITY

variety of system and personal data, including telemetry, metadata and content, which can be collected, analysed and shared by emerging tech innovations – before we need to stuff the genie back in the lamp.You can follow Gareth on Twitter: @garethniblett

As the world of cyber evolves, we need to drive innovation which moves past the conventional IT world and the wider world of mobile devices and apps, to consider where else we need to innovate to ensure we keep safe wherever and however we connect, says Gareth Niblett, Chair of the BCS Information Security Specialist Group.

Information Security Specialist Group (ISSG):www.bcs-issg.org.uk

Information Risk Management and Assurance Specialist Group:www.bcs.org/groups/irma

BCS Security Community of Expertise (SCoE):www.bcs.org/securitycommunity

FURTHER INFORMATION

doi:1

0.10

93/i

tnow

/bw

v095

©20

15 T

he B

ritis

h Co

mpu

ter

Soci

ety

Imag

e: T

hink

stoc

k

CYBERINNOVATION

December 2015 ITNOW 23