Staff Behaviour Key to Security - Really?

Posted: 30th March 2008

Changing employee behavior is key to improving business security, it was recently announced in a UK Government survey. The survey also pointed out that increasing numbers of UK companies allow staff to access data remotely and have no restrictions on internet access. In addition, it suggested that this is opening companies up to social engineering attacks from outsiders and making organizations concerned about what is said about them on Facebook or MySpace. All of this is despite installing a welter of technical controls, including authentication, virtual private networks and access blocking to inappropriate web sites.

The survey added that, whilst companies are beginning to realize these measures are not enough to ensure security, many are bolstering the technology with clear security policies and ensuring that staff understand and comply with those policies. What is not emphasised is the need for those policies to be turned into controls that extend beyond technical to include processes and people in one security system. This ability to link people, process and technology in one security system is available today. Its called Proteus Enterprise™.

Proteus enables controls to be applied to technology, processes and staff. These can be linked, as can the policies. Utility is provided in the form of electronic Compliance Audits, Remediation, Action Planning, Incident Management, Business Impact Analysis, Business Continuity and Asset Management, Risk Assessment, Policy Management, and risk and compliance management reporting in one total solution - web based. Staff compliance with policy is evidenced through Proteus.

Stephen Hall, CEO of InfoGov says “It is heartening to learn that 7 out of 8 large companies now have security policies, and that 68% of all surveyed rated having a policy as high or very high priority for security. But it really does not, and should not stop there. As PricewaterhouseCoopers’ Chris Potter so rightly pointed out “increasing security awareness is only part of the answer”. Proteus EnterpriseTM enables management to place controls on people to ensure that they not only do what expedites their activity but do what they ought to.”

Stephen added “So at this juncture, actually placing controls on people to ensure that what is best for security is done – and evidenced as having been done as Proteus ensures - is the key. The security, risk, compliance and fraud shared knowledge and information environment that Proteus creates and sustains is the most expedient measure in technology and process terms that companies can do to ensure the most rapid change in staff behaviour.

Increased need for enhancing security is driving organisations towards unified governance, risk, compliance, fraud and crisis management strategies within existing knowledge and information architectures. They no longer see these functions as separate project-based activities, but as a composite framework that guides, standardises and strengthens processes and security, and integrates technology throughout the organisation and supply chain.

This world-leading GRC&F utility in Proteus Enterprise™, developed by the UK company InfoGov Ltd, automates governance, risk and compliance, and fraud management, and enables defence and protection against security breaches across any type of business line in one web-based tool.

But how do you ensure compliance with a multiplicity of regulations, including risk mitigation in one solution? Our unique approach brings together and links controls, compliance, business impact, risk analysis, documentation and incident management into one total solution. Proteus RiskView™ provides a powerful business intelligence ‘dashboard’ and reporting capability allowing real time visibility of risks at Board level via the web.