Infosec 2009: Security must be built in from the start

Effective security needs international co-operation, according to Cyber Security KTN

The government-backed Cyber Security Knowledge Transfer Network (KTN) launched a new roadmap today intended to kick-start an international effort to engineer security into products from their inception.

Building in Information Security, Privacy and Assurance (PDF) aims to overcome the siloed approach to security taken by many countries, according to Cyber Security KTN director Nigel Jones.

"We are trying to get international co-operation on building security in from the start, because the problem still remains and it is still unclear what the best way to do it is," he said.

The roadmap covers how industry, governments and consumers can improve security and privacy, and includes a number of principal recommendations.

Cyber Security KTN calls for an international industry regulatory framework to enable secure software development, clearer business cases for implementing security measures, and better security training for IT undergraduates before they become software developers.

Jones admitted that there is still a lot of work ahead on the roadmap, but said that the project, which has had input from the Cabinet Office, the US Department of Defense and Microsoft among others, is a positive first step.

"The important thing is that now we have a benchmark by which to say 'in 2009 we set out our roadmap' so in 2010 we can see how far we've come," said Jones.