The UK’s Cyber Security Knowledge Transfer Network (KTN) has launched an international roadmap aimed at safeguarding the security of global information systems.
The group’s ‘Building in Information Security, Privacy and Assurance’ plan makes a number of recommendations to achieve a global security network that will ensure software and systems have security and privacy defined at project initiation and ‘implemented as a matter of course’.
Measures include outlining a clear business case, improving the training of IT undergraduates and increasing end-user input.
Nigel Jones, director of the KTN, said: ‘We’re still producing software and systems that unintentionally have holes and security flaws in them. What we need to do is not just educate people about security, but also put more effort into making sure the systems we deliver are secure from the start.
‘We discussed a number of areas of development that included shaping cases that make business sense and getting the government to put requirements on procurement of software to show that they’d taken security and privacy into account at an early stage.’
As well as improving early system development, the KTN believes there should be an ‘independent architect’ to mediate between the conflicting interests of the business and technology worlds in order to make security a priority.
Jones added: ‘Security is not necessarily on the agenda by designers at the moment. They don’t know how to capture those requirements in a way that everyone understands, and even if they did, businesses aren’t doing it because of economic pressures.
‘It’s important to get an international view on this as many of our systems are interlinked. What this document does is provide a viable plan for countries to take on board. We will be getting together again in 18 months and I expect that there will be good progress in the UK by then.’