I disagree that security is associated more with physical security than DP.
Physical security is important, I agree that physical access to a server can
result in someone very easily breaching the seventh principle. With physical
access to a server it doesn't take much to access / manipulate or disclose
all the personal data. However, addressing physical access risks is a small
part of the challenge of securing an organisation's personal data. It
includes raising staff awareness of security / DP issues, ideas that people
can social engineer their way into systems, technical modifications to apply
the latest patches. However, the biggest risk through all security / DP is
the human factor, which can defeat IT technical, physical security and
procedures very easily.
It's the combination of all these which makes my job so interesting..
Andrew Fogden
(10 years IT security, 5 years DP)
-----Original Message-----
From: [log in to unmask]
[mailto:[log in to unmask]]
Sent: 14 March 2001 11:33
To: [log in to unmask]
Subject: Re: Security/DP
** Reply to note from Paula Leon <[log in to unmask]> Wed,
14 Mar 2001 10:34:22 +0000
> We are currently in the process of trying to implement a corporate
security
> policy which will include D.P issues.
>
> The initial aim is to recruit a Security Manager, can canyone tell me if
they
> have already done this and if so would be intrested to talk more to these
> people. Topics would be looking at implementation phases, Job
Descriptions,
> pay etc.The role.
>
>
> Has this been implemented as purley an I.T function or the whole remit of
> security, e.g physical buildings, cctv,paper records etc.
I would say neither of your proposals is OK. DP has overtaken what was a
nice fit under the 84 Act between IT and Data protection. So the spectrum
is
wider and you should not expect IT people (without diversifying from their
core activities) to cover DP.
Security is associated more withy physical security than DP.
I think you need a job spec. where the person understands the processes, the
data, and the offices/people involved.
Hmmm, I probably have told you what you don't want but I have not told you
what you do want.
:-)
Charles
==============================================
Charles Christacopoulos, Secretary's Office, University of Dundee,
Dundee DD1 4HN, Scotland, United Kingdom.
Tel: +44+(0)1382-344891. Fax: +44+(0)1382-201604.
http://somis.ais.dundee.ac.uk/
Scottish Search Maestro http://somis2.ais.dundee.ac.uk/
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|