Security Summit 2009, 28 May 2009
There is a huge security skills shortage in SA and the security testing industry is largely unregulated. A movement of IT professionals aims to start a security chapter to address these issues.
“The business environment is continuously changing and so is cyber crime,” said Yvette du Toit, manager of risk advice for Ernst & Young, speaking at the ITWeb Security Summit, in Midrand, this week.
Du Toit sits on the board of the Council of Registered Ethical Security Testers (Crest). The non-profit organisation, based in the UK, aims to maintain a high quality in the provision of commercial security penetration testing services.
“The aim of Crest is to represent the information security testing industry and offer a provable level of assurance as to the competency of organisations and individuals within those organisations.”
Du Toit noted that Crest intends to act as the voice for the security testing industry, to address the issues around an organisation's security. She hopes to start an arm of Crest in SA.
According to Du Toit, the number of threats is increasing, because of the exponential growth of data residing on the Internet. “Software is more complex and hacking tools are far more sophisticated. Businesses are looking at securing data rather then focusing as much as they did on infrastructure.”
Security is far more pervasive and increasingly being seen as an enabler to do business on a much wider level. However, Du Toit pointed out that the biggest shift a business can make in security is around building awareness.
Security, as well as governance, risk and compliance, has changed from being viewed from a single point to a multi-dimensional risk management approach. Chief technology officers are becoming more hands-on in defining the security strategy, she added.
“Security is not just an IT function. Security needs to be a business enabler to do things better and run smoother. This allows for a fuller understanding of what the business needs are, as well as its risks.”
Share