By Simon Rice, Group Manager
Do you know your SSL from your TLS? Or what SQL injection is? The chances are that some of you won’t, but increasingly it’s these types of security issues that data protection officers and senior managers must have some understanding of in order to keep their systems secure.
The report we have published today aims to provide those of you who are not dealing with these problems on a daily basis with an introduction to the key IT security problems that lie behind many of the current, and all too common, data breaches investigated by our office. In all of these cases the breaches that occurred could have been prevented, or the consequences greatly reduced, if the organisations had addressed the issues raised in our report. The report therefore provides data protection officers with the opportunity to learn from the mistakes of others, so that they can make sure their IT systems are better protected against the most common threats.
While the issues covered in today’s report should be common knowledge to many IT security professionals, the fact that the same IT security problems continue to crop up in the breaches we investigate suggests that not everyone is as familiar with them as they should be. Data protection officers and senior managers have an important role in making sure these improvements are made.
The report has been developed in line with industry best practice and reflects the views and feedback provided by a range of key stakeholders within the IT security industry. We hope it provides an accessible document that builds and compliments our previous IT security guidance for small businesses and helps to reduce the number of people whose details continue to be left vulnerable by basic IT security errors and oversights.
In tomorrow’s blog, I will be discussing the biggest IT security scare of the year so far and why it raises new questions around the encryption of internet traffic.
|Simon Rice is the Group Manager for the Technology team which provides technical expertise to all ICO departments in order to support the broad range of activities undertaken by the ICO.|
Last updated 15/05/2014 14:15