Human Firewall launches campaign

Human Firewall Council is promoting the role of people and policy in information security

To help managers and employees improve the protection of critical information, a consortium of government, industry and nonprofit organizations on Oct. 1 announced the launch of an international educational campaign to raise the awareness of information security.

"The Human Firewall campaign was developed to help people recognize how important human and policy issues are to successfully defending information assets from unauthorized use or abuse," Doug Erwin, chief executive officer of PentaSafe Security Technologies and acting chairman for the council, said in a release.

"In the past, we have relied primarily on technology as the first line of defense," Erwin said, "but it's time to broaden our view of information security to include the people who use technology...and the policies surrounding that use in order to effectively guard our companies against hackers, cyber-terrorists or even disgruntled employees."

The Human Firewall Council represents a melting pot of public, private and nonprofit organizations. In addition to Erwin, charter members in the United States include:

* Brett Hovington, national coordinator for the FBI's Infragard Group.

* Mike Kelly, partner, Ernst & Young's security consulting divisi

* Steve Hunt, vice president and research leader, Giga Information Group.

* Charles Wood, an independent information security consultant and author of "Information Security Policies Made Easy."

* Steve Katz, chief security officer, Merrill Lynch and Company Inc.

As part of the educational campaign, the group launched a Web site (www.humanfirewall.org), which features a manifesto that visitors are encouraged to read and sign to show their commitment to raising security awareness in their organizations.

Wood, the manifesto's author, said the increasing severity of information security problems "clearly indicates that the prevailing emphasis on technological solutions is not working."

The manifesto suggests that "management must adopt a more integrated approach which recognizes the pivotal role played by people such as employees, contractors, consultants, temporaries, volunteers, strategic partners, outsourcing firm staff and others."

Members of the council will give a keynote presentation at the Computer Security Institute's annual conference Oct. 31, where they will present a blueprint to help organizations take the first steps in creating a successful awareness program.

Sen. Robert Bennett (R-Utah), an information security awareness advocate, has been invited to give the opening remarks to the presentation.

NEXT STORY: Facing the need for biometrics