Advertise on ITWeb         Sat, 27 May, 19:29:51 PM

Cyber security standards not doing enough

Manuel Corregedor, chief operations officer at Telspace Systems.

Manuel Corregedor, chief operations officer at Telspace Systems.

Cyber security standards are not doing enough to protect organisations from cyber crime.

That was the word from Manuel Corregedor, chief operations officer at Telspace Systems, speaking during the ITWeb Security Summit 2017 today.

Corregedor, who joined information Telspace last month, says although organisations are implementing standards such as ISO/IEC 27001, among others, they are still being breached.

The main problem with standards, he said, is that they can't keep up with the rapid changes the technology space is going through. Faced with ever more frameworks, policies and documents, organisations often adopt a tick box approach to pass an audit, but lack the knowledge for it to be meaningful. 

"We all need to do cyber security but we lack the basic fundamentals," says Corregedor.

He urges organisations to get the basics right first by thoroughly auditing all their IT assets, as well as implementing user account management.

Understanding vulnerability management as well as risk management is also key. "Cyber security professionals need to create a balance between governance, risk and compliance and their operational security," he adds.

Organisations often appoint people without the requisite skills to run cyber security, he says. "For example, you will find someone being promoted from a position in risk into a cyber security expert's role. In the end, these individuals end up just Googling about what they should be doing because they lack the proper knowledge."

I always tell people that I can give them skills but not passion.

But for cyber security to be really effective within organisations, information security professionals need to have a passion about their job. "I always tell people that I can give them skills but not passion."

Enjoyed this story? Subscribe to ITWeb's Security News newsletter.

Our comments policy does not allow anonymous postings. Read the policy here




 

 

 

Sponsors Message

Event Videos


ITWeb Events: The Infosec International Boys Club


ITWeb sits down with a few male international speakers on the agenda at the Security Summit 2017 to discuss how hacking is perceived in the media and how the ’threatscape’ has changed.