Original URL: http://www.theregister.co.uk/2008/02/22/taking_it_security_to_task/

Taking IT security to task

Sleepwalking from bad guys to big brother

By Martin Atherton

Posted in Reg Technology Panel, 22nd February 2008 11:13 GMT

Is anyone getting fed up hearing about IT security? It wasn't enough to big up the threat from "them" – the outsiders, all those nasty hackers that are even as we speak stealing our identities and extorting money out of hapless corporations because they left the back door open.

Now attention is turning on the people inside the organisation. Which means "us".

It all feels like a bit of a slippery slope. Without dwelling on how we got here (it's like a film by M Night Shyamalan – it's all very well building an industry on the back of the bogeyman, but what if the bogeyman turns out to be us?), perhaps the bigger question is, do we really want to sleepwalk into ever tighter corporate controls just to avoid the risk of becoming the next HMRC?

Bigger still, perhaps, is the question - would such controls really make such a difference, or are they once again shooting at the wrong target?

We're using this train of thought to guide us as we scope out our panel on IT security. Our starting premise is that it is just as important to define and implement appropriate policies, grow awareness and develop culture as it is to implement products and weed out the wicked.

We would, obviously, be very interested in your views – which is why we've put together this questionnaire. It should take no more than five minutes to complete and we're ever grateful for your input.

Remember, we'll be presenting the findings of this research in The Register Security Debate on 17 April. You can register your interest here. ®