Effective and widespread use of cybersecurity technology, such as firewalls and anti-virus software, is essential to protect individuals, organisations and national infrastructure. We therefore examine and measure best practice in the use of technology and associated business processes, and look at how to ensure good uptake of products.
Views vary as to what best practice is in the use of security products. This Dimension therefore takes an independent look at best practice to determine what results in the most effective cybersecurity. As well as being used appropriately, security products need to be widely adopted. We examine the impact on uptake of the user-friendliness of design, and the optimal configurations of security features to deploy on devices at the time of purchase.
An important consideration regarding uptake is that one cost of security is inconvenience, and this must not outweigh the advantages of the information economy. It is not necessary for everyone to have top-level security –governments’ needs are very different from those of the general public. In considering how to encourage greater use of products, we consider the appropriate security posture for a particular situation.
Business processes around security are also vital, but it is not enough for organisations to simply have a tick-box culture of compliance and training. It is important to think about particular threats to their business and how to react to them. We measure whether organisations have moved to a culture where they are genuinely conscious of, and keen to reduce, the risks from cyber-attack.
As well as looking at protection from cyber-attacks, we examine the tools, structures and processes to help clear up after a security breach and minimise damage. We consider which sorts of organisational structure are most effective, and how to protect nations without such a facility, for instance by sharing in regional provision.
Throughout the different strands to Dimension 5, we seek out projects that are being conducted across the world to help our research, and comparing their success. We consider whether national initiatives are more or less effective than transnational ones, or whether regional activities would produce better results. We also examine whether it is better to have various international forums to work on these areas, or if it would be more effective to combine them. The results should allow countries to see what really works in this area, and where there are gaps in their knowledge and approach.
This Dimension is chaired by Professor Michael Goldsmith, Senior Research Fellow at the Department of Computer Science, University of Oxford and Director of the GCSCC.