Security and privacy seem to be in a constant battle with those that wish to undermine it.

We are constantly being bombarded with dire warnings of the latest vulnerabilities and attacks that will bring our digital, and physical, world down around our ears. So who are we fighting, and what can we do about it?

CrooksFrom hackers compromising millions of customer records and credit cards, through phishers picking off their victims one at a time, to scammers extorting malware

infected users to unlock their data, the crooks have an upper hand. They only have to win a small number of times to make their efforts worthwhile.

Companies need to work on the basis that they are under attack, and may already be infiltrated, ensuring that their defensive posture is appropriate.

Users need to be educated and aware of the potential threats and understand the basics of good password hygiene, patch management and caution online.

SpooksIntelligence agencies are tasked with protecting us from threats to national security, but they can undermine our liberties.

We have seen instances over the years of unwarranted overreach and untargeted mass collection, which has meant that even lawyers, journalists and the public can be considered fair game.

The phrase ‘if you have nothing to hide, you have nothing to fear’ is an oft repeated canard, perpetrated by those in power. Privacy is a

INFORMATION SECURITY

basic human need, and the powers we grant for intrusion into it should be clear, justified and limited; not subject to weasel wording or secret interpretations and agreements.

Finally, sometimes we are our own worst enemy so need to be on the lookout for ourselves and others, paying heed to warnings and fighting our own nature.

www.bcs.org/security

When it comes to dealing with security threats we need to be constantly vigilant says Gareth Niblett, Chairman of the BCS Information Security Specialist Group.

Information Security Specialist Group (ISSG):www.bcs-issg.org.uk

Information Risk Management and Assurance Specialist Group:www.bcs.org/groups/irma

BCS Security Community of Expertise (SCoE):www.bcs.org/securitycommunity

FURTHER INFORMATION

doi:1

0.10

93/i

tnow

/bw

u095

©20

14 T

he B

ritis

h Co

mpu

ter

Soci

ety

Imag

e: iS

tock

/153

7792

69

28 ITNOW December 2014

STAYALERT

BC98

8/LD

/AD

/111

4

WE SET THE STANDARDSWHEN IT’SMISSIONCRITICAL

CESG Certifi ed Professional Scheme.Independent assessment and verifi cation for information assurance professionals. Now available for the private sector.

bcs.org/ia

BCS, The Chartered Institute for IT, is the business name of The British Computer Society (Registered charity no no. 292786) 2014

BC988_ld_ad_cesg_itnow_ma.indd 1 05/11/2014 14:46