Buddy, can you lend a hand? The issues may be similar, but the approach is different - and the Charities Security Forum is a great way for third sector professionals to get support.
Security professionals, perhaps more than most, depend on the ability to network to stay current in their job. This desire to share experience and seek practical advice is usually accompanied by the need for the adviser to have a good understanding of the world in which one is working. It was the desire to provide this context that inspired Brian Shorten, IS BCP risk and security manager, Cancer Research UK, and Martyn Croft, CIO, The Salvation Army (see interview here ), to establish the Charities Security Forum (CSF) over two years ago.
“When I joined Cancer Research UK, my first instinct was to look for someone to go to for advice,” says Shorten. “In the past, I had worked for banks and for a telco. I often attended networking groups and there had always been others at them who worked in the same sector as me.”
A charity or non-profit organisation often doesn't have a dedicated information security person, while the responsibility for security can be divided across several functions – some having little to do with IT, explains Shorten. “It all depends on the size and focus of the charity. Our member could be the administrator of a hospice who has had to take on PCI DSS compliance. We deal with the same issues as the corporate sector, but are tackling them differently.”
The forum offers members the opportunity to develop their knowledge through quarterly meetings, the CSF LinkedIn discussion group, an ad hoc email service where people can share their thoughts with the group, and a repository of information.
Speakers cover a wide range of topics: the CSF organised a Qualified Security Assessor to talk through the PCI DSS audit, and has also brought in a consultant to speak about business continuity planning.
The main member contacts are encouraged to invite their colleagues along to help develop knowledge required within their firms. The group also facilitates links with other organisations, including the Information Security Awareness Forum (http://theisaf.org) and Socitm Third Sector (www.socitm.net).
Today, The Charities Security Forum is supporting people from over 30 member organisations. It is open to anyone with an interest in security working for a not-for-profit or charity; there is no cost to get involved. Meetings are held at UK Cancer Research's offices, near High Holborn. More info: www.charitiessecurityforum.org.uk