Johannesburg, 30 Oct 2003
Delegates who attend the upcoming "Security - IT`s ultimate challenge" conference, to be hosted by the Meta Group and ITWeb in November, will be well positioned to cope with the top 10 security issues as identified by the research house.
"With all the security issues facing organisations today, it is sometimes possible to lose sight of the big picture on how security should be addressed," says Les Stevens, practice leader, security and risk strategies at Meta Group South Africa.
"Meta Group has identified the top 10 security issues as an informal guide for information security managers, giving them a point of departure for information security planning. We will address the most important strategic and technical issues at the conference in November, and present the impact of current South African legislation on security planning, to further equip delegates for strategic and tactical security planning."
The first of these 10 issues is a lack of clear communication between business and IT teams. Meta says security people often do not speak the language of the business they serve, as there is no common grammar between business and IT teams that enables them to reach the level of mutual understanding required to establish an effective way of securing information.
The second issue, says the research house, is that the past 10 years have seen significant changes in the legal and regulatory requirements around security issues. Companies need to adopt a security programme approach to addressing regulatory compliance so changes are manageable rather than addressed retroactively.
Establishing clear ownership in terms of who is accountable as far as security is concerned, on what level and communicating this is also a problem. In addition, says Meta, while information security in many enterprises has done a decent job of translating security policy into some action for their IT organisations, applying overall processes by which security is enabled in applications and infrastructure remains a serious issue.
IT teams also struggle with the fact that while some security technology standards are relatively mature, eg PKI, Kerberos and SSL, others are not, as applications continue to evolve, eg Web applications and Web services. IT security personnel need to balance realistic decisions about established standards adherence at the lower levels of the protocol stack with evolving standards at the application level, says Meta.
Leading on from here, application environments are viewed by many as security issues, as there has been a noticeable lack of security rigor in the initial planning, development, testing and staging of applications for most application environments and in the critical area of application integration.
The requirement for mobility creates its own specific security issue. Accessing applications and information and the various types of access points, such as desktop PCs, laptops, kiosks, mobile phones, PDAs, etc, highlights a potentially serious security weakness - securing the access adequately.
The eighth information security issue raised by Meta is the need for improved awareness of intrusion detention and prevention, while the price of security is the next highlighted area. About two-thirds of IT organisations spend a relatively low amount on security, most of which goes on anti-virus perimeter security such as firewalls and staffing. Clearly this is not sufficient to protect an enterprise`s information.
The final issue highlighted by Meta is the need to communicate the security message effectively. There`s little point in developing a security strategy and attempting to implement the necessary components into the current infrastructure without marketing these measures internally to employees and externally to customers, suppliers, business partners and other stakeholders.
The one-day "Security - IT`s ultimate challenge" conference takes place at The Forum, Dimension Data Campus, on 11 November. Click here for more information.
Share