“Why,” asks Julian Fraser, a director at Data Eliminate Ltd, “are we unable to translate the term ‘infosec’ from the world of academia and technologist into business and civil society language so that we all start paying appropriate attention to the issues that surround infosecurity, and start acting and learning appropriately?”
We need, he says, to make humans the drivers, because “in most cases, it’s humans who represent the vulnerability.”
Fraser points to the ‘negative’ image of infosecurity: it is largely confined to industry and academia; it is technically good, but “beyond the ability of most to understand”; and it is sold by negatives to senior management who are already converted. The PBI, the user, remains largely unengaged.
His argument is that we need to reverse this picture in order to create a positive demand for infosecurity – to reach out to the social media generation. And the way to do this is via a new infosecurity standard that solely focuses on training and awareness and is delivered in the work environment. “Many of the beneficiaries are likely to be young,” he says. “Their eyes will be opened. They will start to critically assess and demand changes internally, just as they already do in green issues today.”