ASSESSING ORGANIZATIONAL AWARENESS AND ACCEPTANCE OF DIGITAL SECURITY BY DESIGN

Abstract

A significant proportion of attacks on current systems are facilitated by the exploitation of vulnerabilities inherent in the underlying design of the technology concerned or components within it. As such, there is now significant focus on the issue of enabling Security by Design; building in the protection from the outset and avoiding vulnerabilities at source. Related initiatives are now in progress to deliver hardware technologies that would form the foundation for future devices, but questions remain over the understanding and readiness of potential adopters to recognize and implement the resulting approaches. This paper reports upon a survey that was undertaken as part of a funded project to investigate organizational awareness and acceptance of the Digital Security by Design (DSbD) concept. Detailed responses were received from over 70 UK-based organizations, with the respondents themselves largely coming from a security background and in strong general support of the principle of maintaining cyber security. As such, the findings provide a relevant insight into whether an already pro-security group would be willing to go further in terms of their security commitment. The findings reveal that while the generally positive perspective prevails, there is currently relatively limited awareness of DSbD itself, and a variety of challenges that may be faced in promoting the adoption in practice. At the same time, there is general support for more effort to be made to incentivize and to some extent require the use of DSbD-technology once it becomes more widely available.