A Help Button Needed on Every Website According to ISAF
June 2009 by ISAF
According to the Information Security Awareness Forum (ISAF) Security incidents affect most of us from time to time, but how easy is it for us to report them? Some websites have a "Report Abuse" mechanism, but many don’t. With some simple changes, many websites could help users to be more secure online. The ISAF supports the principle that every website that users interact with should have a clear routine for providing feedback, which includes instructions on how to report problems such as abuse, impersonation, fraud etc. This should be provided for all sites that are visited by an ordinary consumer, including social networks, gaming and e-commerce.
According to Dr. David King, ISAF’s chairman, “The simplest routine might be to use a button or click entry which leads to a semi-standard "Security Advice" page with instructions on how to report to the organisation’s own incident response team (if applicable) as well as generic advice and contacts. This would enable a consumer / user to inform the intended website of issues, and for the website to manage an appropriate response – which may include liaison with police and anti-fraud authorities.”
A member representative in ISAF experienced an incident recently: "I went onto my ebanking provider and ’felt’ that the website wasn’t normal - it didn’t have the usual colours, graphics, placement of icons etc....and yet I was able to log into my own bank account and all seemed in order (and thankfully this continues to be the case). If there had been an obvious ’report abuse’ button on the homepage, I would have logged out and used it, if only to receive a reassuring email confirming that perhaps they were doing a website upgrade and not to be worried...."
The page for contact/feedback should also provide links to sites that provide targeted security advice. A list of sites suitable sites are published in the ISAF guide and are available at the home page of the ISAF (see http://theisaf.org). Sites that are likely to be of particular relevance to most audiences include Get Safe Online http://www.getsafeonline.org.
Dr. David King continued, “To avoid the risk that a hacked website might lead the user to a source of false advice, websites should encourage users to cut and paste links to these reference site into a browser as a matter of practice.”
About the Information Security Awareness Forum
A number of professional bodies and organisations involved in information security have come together to form the Information Security Awareness Forum (ISAF) www.theisaf.org to coordinate and build on existing work and initiatives, to improve their overall effectiveness, and ultimately to increase the level of security awareness in the UK that will help protect us all. We are a group whose aim is to deliver rather than to merely talk about awareness.
The forum was borne out of the ISSA-UK Advisory Board which at its meeting in September 2007 identified the need for co-ordination activity within security awareness, and supported an awareness group to explore the agenda and identify specific actions that could be undertaken to make a difference. Founding members of the forum included the ISSA, (ISC)2, the IISP, EURIM, Infosecurity Europe and Get Safe Online.
The forum was launched on the 13th February 2008. The member representatives meet twice a month to progress the agenda and actions of the forum.
Founding members of the forum include ASIS International , the BCS, CMA, the Cybersecurity Knowledge Transfer Network, eema, EURIM, Get Safe Online, IAAC, the Information Technologists’ Company, Infosecurity Europe, the Institute for the Management of Information Systems (IMIS), the Institution of Engineering and Technology , the International Underwriting Association of London (IUA), ISACA, (ISC)², ISF, ISSA, the Institute of Information Security Professionals, the Jericho Forum, the National Computing Centre, the National e-Crime Prevention Centre (NeCPC), the Police Central e-Crime Unit, SANS and SASIG.
The forum is chaired by Dr David King and its secretary is Stephan Freeman.