25 April 2007

Put people above technology, says (ISC)2
Professional body says its members should push staff education

SA Mathieson at Infosecurity Europe in London

Infosecurity professionals must polish their people skills to succeed in protecting their organisations, according to Yves Le Roux, member of (ISC)2's European advisory board.

"People are more important than software and technology," he told a seminar at the Infosecurity Europe exhibition on 24 April. "What we're seeing is a shift in focus."

(ISC)2's own research shows that its members are increasingly reporting to divisions of the business other than IT, and that they see management supporting, and staff following, their policies as more important than hardware and software.

Le Roux told his audience that this means awareness of infosecurity has to expand across organisations. "Security is everyone's duty," he said. "You need to have a strong security awareness for all the employees, not just some IT people."

He said that many infosecurity problems arise because of employee error, rather than malice. The US Department of Defense decided to put all its staff who use computers through an examination in infosecurity, and (ISC)2 is providing material for its members helping them run sessions on infosecurity in schools.
In the UK, the association has trained more than 80 volunteers in this.

The focus on education means senior infosecurity professionals must develop beyond the technical, Le Roux said. "We need to have a balance between technical skills, business skills and people skills," he said. "You must speak the language of the C-level people."

Back to news index