Why today’s IT security report is a must read for all

By Simon Rice, Group Manager

Do you know your SSL from your TLS? Or what SQL injection is? The chances are that some of you won’t, but increasingly it’s these types of security issues that data protection officers and senior managers must have some understanding of in order to keep their systems secure.

IT securityThe report we have published today aims to provide those of you who are not dealing with these problems on a daily basis with an introduction to the key IT security problems that lie behind many of the current, and all too common, data breaches investigated by our office. In all of these cases the breaches that occurred could have been prevented, or the consequences greatly reduced, if the organisations had addressed the issues raised in our report. The report therefore provides data protection officers with the opportunity to learn from the mistakes of others, so that they can make sure their IT systems are better protected against the most common threats.

While the issues covered in today’s report should be common knowledge to many IT security professionals, the fact that the same IT security problems continue to crop up in the breaches we investigate suggests that not everyone is as familiar with them as they should be. Data protection officers and senior managers have an important role in making sure these improvements are made.

The report has been developed in line with industry best practice and reflects the views and feedback provided by a range of key stakeholders within the IT security industry. We hope it provides an accessible document that builds and compliments our previous IT security guidance for small businesses and helps to reduce the number of people whose details continue to be left vulnerable by basic IT security errors and oversights.

In tomorrow’s blog, I will be discussing the biggest IT security scare of the year so far and why it raises new questions around the encryption of internet traffic.

Simon RiceSimon Rice is the Group Manager for the Technology team which provides technical expertise to all ICO departments in order to support the broad range of activities undertaken by the ICO.

Last updated 15/05/2014 14:15

This entry was posted in Simon Rice and tagged , , , , . Bookmark the permalink.

6 Responses to Why today’s IT security report is a must read for all

  1. Pingback: Why today’s IT security report is a must read for all - IT Policy

  2. Pingback: ICO publishes guide on top IT security failings | News Feed

  3. Pingback: Learn from Other People’s Security Mistakes | UKFast Blog

  4. Colin Watson says:

    I have extracted a summary of the security controls mentioned in the report for each of the eight security problems. Available at:

    https://www.clerkendweller.com/2014/6/3/Personal-Data-Protection-in-Online-Systems-Part-2-Security-Controls

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s