Slva Information Security MD, and a speaker at ITWeb Security Summit 2015, Kris Budnik, highlights the top five challenges organisations face when implementing security systems.
Budnik says companies mostly face these challenges because of a lack of capability. "Here I refer to the balance between technical, risk, business and change management skill sets and the ability to integrate them effectively."
1. Knowing whether investments are actually resulting in an improvement in security.
2. Knowing where to deploy systems for maximum effectiveness.
3. Knowing what to protect and to what extent, such as how much security is enough.
4. Underestimating the extent of effort that is required in order to make the most of technology investments.
5. Keeping up with the changing landscape in respect to security and maintaining a proportionate and effective response to prevailing threats.
Budnik says these challenges can be overcome if companies adopt a more holistic approach; recognising own strengths and weaknesses, and supplementing weaknesses by sourcing security advisory or managed service capabilities to close the gaps.
"Expecting to manage security without specialist support is unrealistic and cost-prohibitive."
Budnik notes change management is also vital to the process, but is also more subtle than a single awareness or training intervention. He says change management must be baked into the information security management system and maintained on a consistent basis.
"It must also be tailored for the organisation, and individual stakeholder groups in the business," and also be relevant at a point in time.
Budnik will present at ITWeb Security Summit 2015, which takes place at Vodacom World in Midrand next month. His talk will cover how best to embed security as an integral part of the business, and he will take a critical look at current best practices.
Share