A 10% drop in piracy would create 40,000 new jobs and add £6 billion to UK GDP.
BSA/IDC piracy report 2004

Welcome to the Information Technology Security Group's website whose aim is ‘To Provide a Secure and Efficient Environment for the Workplace’

Security is a hot topic both inside and outside the workplace. The members of the ITSG embrace all aspects of security in the IT environment and will be happy to advise and assist you. Please consult the list of members for contact details.

ITSG Members
Press Release - FAST joins mobile revolution but advices caution
Press Release - Federation urges action from IT security industry
Press Release - 95% of UK bosses see IT security as a major concern

Data Loss - Don't get caught out
Lord's Cricket Ground - 6th March 2008

The Asset Management Group (http://www.fast.org.uk/assetgroup.asp) and IT Security Group’s (http://www.fast.org.uk/itsgroup.asp) latest joint event got off to a lively and intriguing start with a keynote speech by Lord Erroll, a Cross Bench Peer and champion of IT in the House of Lords.

Presentations followed from four Federation members covering all aspects of data leakage from assessing how to balance the need for access against the prevention of intrusion, assessing risk and how to use a combination of processes, people and technology to develop best practice and what to do if a data leakage incident occurs.

Click on the links to download the session slides

Data Loss in the Real World by Paul Davie of Secerno Limited
Data Leakage - The Importance of Risk Assessment by Martin Smith of Ultima Risk Management
Minimising the Risk of Exposure by Mark Murtagh of Websense Limited
Dealing with Data Loss Incidents by Simon Janes of Computer Forensic Alliance

--- For Your Eyes Only ---

Pinewood Studios, 17th October 2007
The Asset Management Group (http://www.fast.org.uk/assetgroup.asp) and the Information Technology Security Group (http://www.fast.org.uk/itsgroup.asp) put on their first joint event at Pinewood Studios. Taking advantage of the fact that Pinewood is the home of James Bond, the Groups produced a film which followed an IT Manager (Basil Bond (!)) on his first day at a new company. Meetings with his own deputy, the MD, Sales & Marketing Director and FD were shown, and after each meeting the issues raised were examined by the presenters.

Click on the links to download the session slides;

Asset Management was presented Roger Mallet of Hewlett Packard.
Instant Messaging and the Benefits of Remote Working was presented by Mike Smart of Secure Computing International Ltd and Ian Moyse of Email Systems Ltd
Data Leakage was presented by Tatiana Kruse of Salans and Grant Taylor of Wick Hill
Managing Information Risk was presented by Ralph O’Brien of Ultima Risk Management

Re-Drawing the Battle Lines, 15th May 2007
Seminar topic: How to try and eliminate risk in your enterprise and what to do when disaster strikes and your frontline is breached.

On a rainy Tuesday morning in May, delegates had the gloom lifted by experts from The Federation’s Information Technology Security Group (ITSG). In a half day seminar they showed how to mitigate risk and what to do if the worst should happen and your company’s security is breached. Three sessions covered Policy Management, Removable Media and Mobile Working, and Incident Investigation.

Robin Saunders of Nexus Technology Ltd laid the groundwork by emphasising that organisations not only needed to have robust Policies & Procedures (P&Ps) but it was essential that they were understood and signed up to by everyone in the organisation and they had to be updated on a regular basis. He explained how, in a tribunal situation, not ensuring that everyone had signed up could be seen as inequality of treatment of staff. Realising all the areas of risk is the first step to putting P&Ps together. Only once you know the risks can you start to plan to mitigate those risks. Have a look at Robin’s presentation slides to see the Risk Management Cycle and how to get it under control.

Andy King from Centennial Software discussed the vexed question of Removable Media and Mobile working. This can be an absolute minefield for companies but it doesn’t have to be that way. The reality at present is that 70% of security breaches within organisations happen behind the firewall and although many organisations have usage policies only 16% admitted to actually enforcing them. Andy had some mind-boggling examples of security breaches which you can see on his slides, together with essential actions that organisations must take and guidance on how to create an effective security policy.

Crime is always of interest, even more so if someone else is the victim, it gives us a slightly smug feeling that ‘it wouldn’t happen to us’. Of course we know that’s not true and even in the best of regulated companies, where everyone understands and knows the Policies and Procedures, bad things do happen. Simon Janes of Computer Forensic Alliance, in the third session, quoted a statistic from the National High-Tec Crime Unit’s Crime Report of 2005 in which it stated that ‘68% of all incidents relating to the theft of information or data were committed by internal employees’. An astonishing figure as we all tend to think that it’s people outside that want our data or customer lists, but it’s not. It’s more often than not internal staff either setting up a business outside or assisting a competitor. To quote Simon, ‘Computer forensics is the process through which the facts are established in relation to any incident where a computer may contain evidence’ and after giving an overview of these processes Simon went on to a case study where he was able to show how they discovered, in a sequence of temporary files, that the originating company’s documents had been changed for the benefit of a competitor.
A panel Q&A session completed the seminar and delegates were then free to speak to members of the ITSG on a one-to-one basis over lunch.

Use the links below to download the seminar presentations.

Related Links
Download the Nexus Technology presentation
Download Centennial's presentation
Download the Computer Forensic Alliance presentation

Looking at Defence in Depth - An Approach to Layered Security The Tower of London was an appropriate venue for the Information Technology Security Group’s (ITSG) latest free seminar which was held on the 24th November 2006.

This event was designed to assist organisations develop and implement policies to combat the increasing number and complexity of threats not only in the work environment but also at home and through mobile phones.

The first presentation, given by Richard Hales of F-Secure, initially focused on explaining the threats that everyone needed to be aware of before a security policy could be devised - after all if you don’t know what the threats are how can you combat them. Richard then went on to give examples and concluded with some general business policy guidelines.

Neil Larkins of Pointsec (formerly Reflex Magnetics Limited) then highlighted to the audience the internal threats that companies face from employees deliberately or accidentally transferring data outside the company by the use of smartphones, iPods and USB memory sticks. Amazingly 55% of firms have taken no action to protect themselves against the threat posed by removable media.

The final presentation by Frank Coggrave of Websense outlined the external threats that companies need to be aware of citing phishing, malicious websites, spyware, crimeware and keylogger installs amongst others. Frank illustrated the harm that these can do and explained how organisations can protect themselves.

The morning was completed by the presenters taking part in a lively question and answer session after which delegates were able to speak to ITSG members participating in the event on a one to one basis.

Download Pointsec's presentation (PDF, 415KB)
Download Websense's presentation (PDF, 1.5MB)
Download F-Secure's presentation (PDF, 8.3MB)

ITSG Seminar On 7th June 2005 the Federation's IT Security Group hosted a seminar 'Enabling and Securing Remote and Mobile Workers'.

The seminar reviewed the latest trends in remote and mobile working against a background of corporate compliance and security threats.

Enabling and Securing Remote and Mobile Workers (PDF, 500KB)

State of Software Licensing Compliance & Piracy/b>
29th July, London.