IT security gets personal in 2008

IT security gets personal in 2008

Information security teams will need to think harder about educating staff, according to ISC2

The human rather than the technology side of IT security will be a major priority for IT teams in 2008, as threats increase and social engineering techniques become more sophisticated, according to non-profit security certifications organisation ISC2.

The organisation's European managing director, John Colley, argued that attacks are increasingly targeting individuals rather than systems, while high-profile data breaches are driving home the message to executives and employees that more awareness-raising is needed.

“We have to go beyond teaching policy basics and to ensure people clearly understand how to avoid errors in handling information, who is behind social engineering attacks and why they exist," he added. "We will also have to be prepared to answer savvy questions if we are going to motivate people to uphold policy."

Colley also argued that HR teams are likely to get more heavily involved in this area, by ensuring that awareness of IT security issues is a key employee requirement.