Johannesburg, 06 Dec 2007
Ernst & Young`s latest annual Global Information Security Survey shows technology is no longer the priority concern for companies.
Instead, organisations are more concerned about how to align, drive, manage and staff information security initiatives, says Michael Heaney, manager of technology and security risk services.
"These were the four key findings from this year`s survey. Five years ago we were talking about technology; today we are more concerned about people and processes. Gone are the days where information security initiatives operate in silos. The majority of local organisations are constantly enquiring and requesting ways to assess, improve and align the information security posture of an organisation," he explains.
Business looms
Despite executive management still being somewhat removed from information security, Heaney says meeting business objectives is a growing focus for those leading security initiatives.
"Meeting business objectives has been a growing focus for information security for several years; however, in today`s market, organisations are looking to ensure information security is now more integrated into overall risk management process. The survey shows 53% of the respondents are partially integrated, 29% are fully integrated and 18% have no integration," he says.
At the same time, information security owners have to ensure initiatives are practical in a working environment.
"The challenge is to implement initiatives which reduce risks yet assist in improving the organisation`s performance and objectives. The trend within South African organisations is that information security is no longer seen as a hindrance but as a business improver or enabler," adds Heaney.
Facing the law
Although regulatory compliance dominates the US and UK markets, Ernst & Young`s associate director of technology and security risk services Kulu Prinsloo admits there is little impetus in the local market.
"Compliance in SA is typically geared around best practices rather than regulatory adherence. Of course, some sectors - like financial services and mining - are driven to boost information security due to foreign listings, sector regulation or compliance with international partners," he explains.
However, SA`s slow-proceeding privacy Bill could provide a motivation for local organisations to place added weight on information security.
"There is a chance that business will increase information security initiatives as result. However, it will depend on whether compliance is enforced. Previous experience has shown this is not always the case, so some companies may just shrug it off," says Prinsloo.
Related stories:
Vacancies hobble �problematic` department
Nepad takes IT to schools across Africa
E&Y survey deadline extended
Companies �must participate` in survey
Share