Information security has recently been making headline news with a growing rate of daily reports on cyber-attacks on individuals, businesses and government establishments. This has resulted in an increase in the need for infosec professionals with the proven skills to alleviate the growing cyber risks and attacks; so much so that the demand for experienced and qualified professionals has outstripped supply.
Kevin Henry is recognised as one of the Leaders in the field of Information Security worldwide and recently he visited Bournemouth University to give ‘An Overview of Information Security Today and into the Future’. He highlighted importance of the right Infosec practitioners by describing:
- How important it is for businesses not only to have the right technologies in place but also the skilled operators to use them to their full extent.
- Often there are several systems working side by side in a business, but not together, leaving gaps which can be easily exploited. It takes a skilled professional to see those gaps and close them.
- The need for security to be reasonable, simple and without burden to the user was also stressed. It should not slow a process down but should always be one step ahead of the curve. However, there will always be a balance to be found between system security and availability.
Kevin emphasised the need for:
- Building a strong security culture both in our individual lives and in our professional lives: we all rely on technology in one form or another so each individual needs to take responsibility and not rely on others to tell us what to do, we should all be using the mantra ‘security is my job’.
- Security awareness is paramount, businesses need to be constantly reminding staff what they should and should not be doing. Importantly, security needs to be regarded as being a positive influence and not as merely catching people out when they do something wrong.
- Businesses and Infosec professionals need to look ahead and consider where their business will be in two or three years’ time; what are the emerging technologies and how can we prepare and invest now?
Concluding thoughts on how businesses should manage Information Security:Due to the very nature of risk, specifically its unpredictability, it can be difficult to justify expenditure on systems and professionals mitigating it. By the same token, it is difficult to measure the success of implementing Infosec procedures and systems. Ultimately, each business needs to take ownership of the information they hold, whether it is Intellectual Property or the card details of customers and understand the impact of a security breach. A decision can then be made as to how much time and money to invest. Ignorance to the risks can no longer be used as an excuse, a security breach resulting in the loss of credit card details for example would be seen as irresponsible rather than unlucky.
The team at Bournemouth University Cyber Security Unit (BUCSU) have the skills and experience to assist businesses in developing their own personalised Information Security systems and processes. In addition we undertake bespoke security awareness training for all levels of staff. Our enterprise consultants can provide advice and assistance in accessing the various funding available to businesses to improve their Infosec position through consultancy and collaborative research. For more information on any of these points visit the BUCSU website or contact email@example.com.
Kevin Henry is *the* guru in security certifications and training and we are delighted that he will be presenting at the University on the 11th and 12th of June. Kevin is going to deliver a handful of lectures which will take you on an enlightening journey through the world of Information Security!
Kevin will present on the following topics:
Thursday 11th June
Shelley Lecture Theatre, Poole House
10.00am – 12.30 pm
Content of the CISSP
What is Information Security and its Role in Business?
2pm – 4pm
How is the face of Information Security Changing?
Hackers versus APTs
Where should my career go?
Friday 12th June
Shelley Lecture Theatre, Poole House
10.00am – 12.30pm
The Value of the CISSP and other Certifications
International Standards and Practices – An Overview of ISO/IEC 27001 and PCI-DSS
If you would like to attend any of the lectures please contact the BU Cyber Security Unit to reserve your place – 01202 962 557 or email
Kevin is recognized as one of the Leaders in the field of Information Security worldwide. He has been involved in computers since 1976 when he was an operator on the largest minicomputer system in Canada at the time. He has since worked in many areas of Information Technology including Computer Programming, Systems Analysis and Information Technology Audit. Following 20 years in the telecommunications field, Kevin moved to a Senior Auditor position with the State of Oregon where he was a member of the Governor’s IT Security Subcommittee and performed audits on courts and court-related IT systems. The co-chair of the CBK for the CISSP and several other certifications, as well as an author with published articles in over ten books and magazines, Kevin is the principal of KMHenry Management Inc. and served until recently as the Head of Education for (ISC)2 and Vice President of ITPG, responsible for all educational systems, products and instructors for training programs. Currently Kevin is an Authorized Instructor for (ISC)2, ISACA, and BCI.
Visit the BUCSU website for more information on enterprise consultancy, research and education
Staff and students are invited to join us for today’s cyber security seminar on:
‘Persuasive Technology for Information Security’
Tuesday, 27th January at 4pm.
Room: P335 LT
In the seminar, participants will hear about design principles for persuasive technology for promoting information security and also about methods to evaluate persuasive technology. Concrete examples and “best practices” will be given from a recent research project, in which it is used in organizations to make employees comply with information security policies.
Our speaker will be Marc Busch. Marc is a scientist at the AIT – Austrian Institute of Technology and is active at the intersection of persuasive technology and usable privacy and security. Furthermore, he is specialized in advanced quantitative and qualitative usability and user experience methodology, research methods and statistics in Human-computer interaction. Marc is involved in several international and national research and industrial projects, such as MUSES – Multiplatform Usable Endpoint Security Before joining AIT, Marc was at CURE – Center for Usability Research & Engineering, where he focused on user experience and usability.
Staff and students are invited to join us for the next cyber security seminar on:
‘Secure and cross border digital identity: issues and perspectives’
Tuesday 25th November, 4pm – 5pm
The talk will discuss requirements, issues and perspectives for an interoperability solution that allows citizens and organizations to establish new e-relations across borders, just by presenting their national eID.
Our speaker will be Dr Andrea Atzeni, from the “Dipartimento di Automatica e Informatica, Politecnico di Torino” who is based in the TORSEC Security group.
Dr Atzeni’s work addresses the definition of security requirements and mobile security, plus, investigation and modelisation of user expectation on security and privacy; risk analysis and threat modeling for complex cross-domain systems; specification of functional and security architectures; development of cross-domain usable security; development and integration of cross-border authentication mechanisms (including legal and technical issues).
On Thursday 3rd July, the BU Cyber Security Unit (BUCSU) will be exhibiting at the National Security: Advancing Capabilities to Meet Current and Future Threats conference in London.
The conference will offer delegates an opportunity to investigate the key threats and risks to the UK’s national security. They will also learn of the latest developments in developing the UK’s cyber security and the role technology can play in protecting infrastructure and ensuring business and service continuity.
Facing the issue of developing the UK’s cyber security, there are two important areas which need to be tackled – the shortage of security practitioners and the increasing skills gap between existing knowledge and new cyber threats.
In response to these issues, BUCSU will be launching at the conference its ‘job retention through education plan’. The unit is already working closely with the Police and there is traction to work with other government agencies too; this conference will provide an excellent opportunity to engage with these agencies and UK businesses.
The Business Improvement District (BID) yesterday hosted their first breakfast meeting on business continuity and information assurance.
Staff from the Business School, The Disaster Management Centre and the Cyber Security Unit presented a knowledgeable insight to identify collective responsibilities of businesses within the district, giving examples where one business problem may affect other enterprises across the estate. The Dorset Fire & Rescue Service and Dorset Police further supported BU’s representations concerning crisis management; business resilience; disaster recovery and cybercrime. In addition, A&T Insurance Group provided a comprehensive study on insuring business resilience.
BUCSU introduced the availability of TSB Innovation Vouchers to meet the recently published ‘Cyber Essentials’ issued by the Information Commissioners Office.
Dr Christopher Richardson from the BUCSU delivered a thought provoking presentation at the CIFAS Fraud Conference, which was held at Dexter House London on the 3 June 2014. It was attended by the UK’s financial and insurance communities.
The conference was alerted to the fact that UK fraud is currently running at 25 incidents per hour; with an annual cost estimated above £52 billion.
Dr Richardson’s oversight expanded that through the continuance of pervasive technologies; increased crime wave and progressive skills shortage within the security industry, has all resulted in a perfect storm.
In forecasting the cyber threat landscape Dr Richardson projected the increase of insider threat, malicious software and human error, which if not corrected will bring the cost of fraud above £100 billion. The real question is, at what point will society, enterprise and individuals demand government action, and in particular a more determined approach to the investigation and prosecution of fraudulent activities? A characteristic of cybercrime is that it’s global, whereas policing is local. In order to rescue our beleaguered and often under skilled law enforcement agencies, we need to tackle the issues from an international perspective, with global partnerships engaging business communities and overcoming their reluctance to breach reporting.
This conference follows on from the BUCSU’s strategic cyber policing conference in February, where cyber enabled and cyber dependent crimes were discussed. Please visit previous blog post for further info on the South West Police Cybercrime Conference.
Do you want to take part? The constructive hack day is taking place across the weekend of March 8th & 9th at Kimmeridge House on our Talbot Campus, at the invitation of the BU Cyber Security Unit.
Anyone wishing to participate needs to sign up via this link: http://rewiredstate.org/hacks/nhtg14#signup (it looks like a very involved sign up form, but only the * need completing).
This is the first time the event has been run outside of London and Bournemouth is one of only four other centres across the whole of the UK, so this really is a great opportunity right on our doorstep.
The event’s intention is to use open data to address civic issues and Bournemouth Borough Council are being very supportive in sourcing as much relevant data as they can. More information can be found here.
Last week the five police forces across the South West Region started a partnership with Bournemouth University to develop a cyber-crime strategy. The Bournemouth University Cyber Security Unit (BUCSU) arranged a 3-day conference to assist our Police in creating a collaborative framework. Moreover, this conference has helped build a future implementation of a critical strategy which addresses the increasing threat of cyber-crime to our society.
A series of workshops were developed by BUCSU and attended by representatives from Avon and Somerset, Devon and Cornwall, Dorset, Gloucestershire and Wiltshire police forces. Those who attended included Police and Crime Commissioners (PCCs); Chief Constables, police officers and practitioners involved in the investigation of cyber-crime.
The conference provided insight to the problems faced by the police with this global threat and has contributed towards creating a sustainable programme that could be implemented across the region and aid police officers in their pursuit of the 4 P’s of CONTEST (Pursue, Protect, Prevent, Prepare).
Dorset Assistant Chief Constable David Lewis said, “The purpose of the event was to find innovative approaches to combat the growing threat of cyber-crime in all its forms, from frauds and bullying to threats to our national and economic infrastructure. We are building excellent relationships with the subject matter experts at Bournemouth University, their students and businesses in order to better protect our communities and bring those responsible for cyber-crime to justice”.
If you would like to find out more about the BU Cyber Security Unit and what it offers please contact Lucy Rossiter. The Technology Strategy Board (TSB) are offering up to £5000 funded support through the cyber security innovation voucher scheme. The vouchers will help SMEs, entrepreneurs and early stage start-ups who see value in protecting and growing their online business by having effective cyber security. For further information please visit the TSB website to find out how innovation vouchers can help you.