Thomas Lee recently blogged about UK government’s security awareness website which is intended to “provide both home users and small businesses with proven, plain English advice to help protect computers, mobile phones and other devices from malicious attack”.
The government hopes the service will help boost confidence in e-commerce, and at the same time protect national security but the trouble is, that I have only heard about it on Thomas’ blog, and in a recent article by David Neal, home users will bodge DIY security, which appeared in IT Week. As Neal points out, there has been no high profile coverage and consumers are not likely to be aware of the new initiative. He goes on to say that even “plain English… will go over the heads of most users” and that “giving someone advice on tinkering with their firewall, updating their virus definitions, rebooting in safe mode and checking their proxy settings is as dangerous as arming everyone in the country with a shotgun, just because there has been a spate of burglaries”- an interesting view, and no doubt intended to be provocative, but nevertheless an opportunity for many small IT businesses consulting to the SOHO and low-end SME marketplace.
Meanwhile, for larger businesses, the Information Security Forum (ISF) has issued updated guidelines in the form of the standard of good practice for information security v4.1 incorporating updated sections in areas that have been the subject of additional research and investigation including:
- Information risk management in corporate governance.
- Virus protection in practice.
- Securing instant messaging.
- Managing privacy.
- Information risk analysis methodologies.
- Patch management.
- Managing the information risks from outsourcing.
- Web server security.
- Disappearance of the network boundary.
- Feedback from the results for the ISF’s information security status survey.