This page contains a Flash digital edition of a book.
7445_38-39_PSO.qxd 15/9/08 18:18 Page 43
PUBLIC SECTOR: OPINION■
‘We should be operating in a
culture and environment that is
based on the concept of respect
for personal information’ By Colm Butler
IT’S a fair bet that IT security is not a ‘problem’ that will building a barrier to keep people from getting their
ever get solved. It is really a ‘situation’ that will exist for hands on vulnerable data. I have no idea how much of a
as long as there are people willing, eager and resourceful problem there is, but from the reports of lost data that
enough to hack into systems, invent viruses, intercept have emerged over the past year – both here in Ireland
messages and generate bogus transactions that pillage and abroad – whether it’s big or not, it will undoubtedly
other peoples’ accounts. Growth in the popularity and diminish confidence in online transacting. That is a real
range of online facilities for commerce and trade has shame because technology has opened up all sorts of
brought us some major IT scams and it also throws this possibilities for innovation in commerce and govern-
new field of security into very sharp focus. ment by improving the level of access and the speed of
To my mind, the greatest threat to online transactions service. And in many respects, we have only started to
is in the area of data security. Scarcely a week goes by reap the benefits of technology. Any future progress
without hearing about some sort of security breach must be based on the existence of trust.
somewhere. If it’s not stolen credit card details, it’s the So, there really needs to be a fundamental re-think
incidence of ‘lost’ data through PC theft from those who about how data is being handled – both in terms of the
should really know better. Giving some small comfort to data culture and standards in organisations and also in
the victims – the owners of the data – is one thing. how individuals who are dealing with data behave. I used
Dismissing such thefts as opportunistic just diverts to sell computers that, according to the manufacturer,
attention from the fact that people should have a legit- had been designed and built around an operating system
imate expectation that their personal information is rather than the other way round. To me, some similar
being very carefully stored and only released from thinking needs to take place about IT security.
storage in exceptional circumstances. Most IT security incidents arise from unauthorised
The online world has fundamentally changed the access or the threat of illegal access to data. It stands to
nature of data. Not necessarily the data content itself, reason therefore that the primary focus should be on
but in terms of its storage, transport and transmission. protecting data. People who own data should be aware
Because of the volume and variety of storage facilities of where it is going and should be able to have trust in
now available, organisations are holding onto more data those to whom they are releasing it. People who use data
in places other than secure stores – on flash sticks, should only get access to the data elements they need.
external drives and on laptops. They do this primarily Governments and public authorities exist to process
because they can. A lot of the time, those who need only vast quantities of data. There are countless repositories
tiny elements of data or aggregations of it are copying of data across the system. Data sets are held in dupli-
whole data sets because it’s easier than selecting what cate and triplicate as they move around the system.
they actually require. Many possessors of laptops don’t While there are data protection regulations in place,
have the ICT skills or experience to understand how they are not there just to make life even more difficult
vulnerable the data on them is. for officials.
With mobile computing becoming more common, and My personal view is that we should be operating in a
with ever-increasing disk sizes, more and more data is culture and environment that is based on the concept of
moving around – out of secure sites and into all sorts of respect for personal information. If that really existed,
unsafe environments. Trading on the internet means you wouldn’t see people downloading files onto laptops
sensitive financial data is being transmitted and becom- or other storage devices. Procedures would be in place to
ing vulnerable to improper use by the many who are ensure that only what is required is accessible, and that
prepared to abuse it. Part of the problem is that we have where data has to be transported or transmitted, it is
evolved from older systems – both paper and electronic sufficiently protected using anonymisation, encryption
– where things didn’t get stored or moved in the same and anything else that the security community can
way. Cabinets full of paper files are difficult to move and come up with. If people need to work away from the data
search. Large computer files on tapes and disks used to source, they should be using protected workstations
be kept secure in libraries. that do not have much storage facilities and use encryp-
What a lot of organisations fail to realise is that data tion techniques. It would be a tremendous help if there
protection, privacy and IT security are not just compli- were a set of standard principles about data and infor-
ance issues because of rules or regulations. It is not just mation – about who can access and use it and in what
about minimal changes to processes or procedures, or circumstances. This would be a useful starting point.
September 2008 Knowledge Ireland 39
Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84
Produced with Yudu - www.yudu.com. Publish online for free with YUDU Freedom - www.yudufreedom.com.