Given the financial climate and the Comprehensive Spending Review announced on 20 October 2010, the message actually appears pretty healthy. Despite across the board cuts of 19%, a £650 million budget has been allocated within the Strategic Defence and Security Review over four years in support of The National Cyber Security Programme with supporting strategies in other departments.
This is clearly good news; however, it also highlights a shift in direction, with cybersecurity being identified as the new front line.
We all know cybersecurity is nothing new, more likely than this is the latest term we should associate with the government’s focus on tackling information security threats. So this is a brand change then, a PR exercise.
Okay fine, it’s always good to get the public on board. After all, neither information security nor IT security are the most dynamic terms.
Then, of course, there’s information assurance, which is by far the most accurate description of the practices organisations should adopt to instil confidence that their corporate governance obligations are being met. It’s hardly catchy though is it? Furthermore, it completely fails to capture the attention of anyone outside the boardroom. Start to use the term cybersecurity and people might just sit up and take note.
Perhaps we should think about this for a moment and take a look at the benefits of an image change. The tail end of 2007 and start of 2008 were the glory years for the UK’s information security profession, publicity wise at least. In my opinion, nothing did more to raise information security on the corporate agenda than the public outcry in 2007. We were front page news. Had Winston Churchill been speaking in 2007 about the efforts of UK government departments and their ability to protect their information assets, he may well have been quoted as: never before in the field of information security has so much owned by so many been lost by so few.
Joking aside, while this attention highlighted many flaws, it also sparked an abrupt wake-up call for the board to prioritise the things they should have been doing in the first place. The only thing that spoilt the party was a complete financial meltdown.
It’s fair to say the information security industry has fared comparatively well, but it’s not the growth market it could have been had the global economy stayed on track. Moving forward, we know that strategies and budgets have been aligned within HMG departments in order to combat the cyber threat. This offers both stability and the potential for growth. The knock-on effect will resonate throughout the supply chain, which is clearly of benefit to us all.
I appreciate not everyone within information security likes being associated with the cyber tag. Purists will argue that cybersecurity refers only to the technical measures, perimeter and internal network defences, within the electronic domain. And they are right. But we also need to consider where this fits in at the strategic level.
Thanks to a timely intervention from Iain Lobban, Director of GCHQ, cybersecurity has been unequivocally linked to information assurance. As professionals, this is the angle we should focus our attention on.
ISO/IEC 27001:2005 – the international requirements framework for an information security management system – is accepted as a prerequisite for robust information assurance. It’s not important if people want to call that cybersecurity. What’s important is board level buy in and organisational support for implementation.
Perhaps it’s only a fad, but as I said at the beginning of this article, the term ‘cybersecurity’ is catchy, something that appeals to politicians, the media and, most importantly, the public. Right now it’s fashionable, but it could be here to stay. In the time since the Comprehensive Spending Review, I’ve received 19 emails quoting the cyber threat, how about you?
For the past seven years, Nathan Fowler has been the sales and marketing director of QT&C Ltd, a training company offering professional qualifications and employee development in the field of information assurance, information security, legal compliance and business continuity. Fowler is also a fellow of the Institute of Sales & Marketing Management. His main area of interest is marketing, offering a welcomed outside perspective of the trends happening within the information security industry.