When IT Meets Politics

Jul 22 2011   4:01PM GMT

Lessons from Hackgate: 2) Data leaks via people not technology

Philip Virgo Profile: Philip Virgo

Tags:
data retention
Eurim
hackgate
RIPA
Wetware

Much of the debate on the Regulation of Investigatory Powers, Data Retention, ID cards, Medical Records et al centres on who could/should be trusted to authorise access to what. Those with little experience of how Magistrates and Courts authorise warrants and maintain their records thought they were more trustworthy than giving similar authority to senior civil servants. Meanwhile private investigators and journalists were bribing and blagging their way into accessing information on those on witness protection programmes let alone the victims of crime, the rich and famous or those whose misconduct was indeed worthy of investigation.

The full version of the report of the Information Society Alliance (EURIM) Security by Design group begins with a splendid quote from Professor Richard Walton, sometime Director of CESG: “The main benefit of investing in better security technology is to force the enemy to concentrate on corrupting your people instead of trying to break your systems.”

The cruder way of making Richard’s point is “Its the wetware stupid”.  No amount of technology can make up for leaky people processes. 

The collapse of confidence in the security of public sector databases that will follow Hackgate adds an unwelcome topicality to the new alliance study on “Rebuilding confidence in the on-line world: by joining up Information and Identity Governance and removing the regualtory jungles that get in the way of good practice“.

 

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: