The eSecurity and eCrime Thought Leadership Forum, addressing IT vulnerabilities in the government, begins tomorrow in Vanderbijlpark.
The two-day event will feature security experts from the South African Police Service, the State IT Agency and the corporate sector.
"With 10 new vulnerabilities reported every day, it is a full-time job for government to just patch up the cracks in security infrastructure, let alone take a proactive approach," notes Kenny Nkosi, public sector executive manager at Faritec, who will address the forum.
Cryptography
One of the speakers at the forum, Coltrane Nyathi, cryptography expert and director of security consultancy Knowledge Portal Consulting Services, will outline some of the main issues facing the government.
He believes threats to the security of government information come from three main areas: private sector organisations that want to prepare themselves for upcoming tender publications, foreign governments seeking access to information, and companies searching government databases to look for incriminating evidence against competitors.
"The departments most at risk are those such as the National Intelligence Agency, the Department of Communications, and departments involved in legislating the business and electronic environment," he says.
Present levels of IT security are "definitely not good enough", he notes.
Government departments, with the exception of the Department of Defence, which has its own secret algorithms, use public key encryption and advanced encryption standard techniques, he adds.
Nyathi says that in his presentation, he will refer to the balance that must be reached between comprehensive security and allowing people access to information.
He believes SA needs to develop in the cryptography field: "As a country we have a limited supply of cryptographers, and because of this we have to rely on international products."
Mission-critical aspects
Gordon Love, divisional manager of IT services company Faritec, says three representatives from the company will speak at the forum on issues of asset-based threat management, security control framework and forensic analysis.
"In many government departments, as with lots of organisations, there`s no clear understanding of the mission-critical aspects - the aspects crucial to running the organisation or delivering services," he says.
The percentage of security budget spending on an aspect of an organisation or department should be determined according to its value - and mission-critical aspects are obviously much more valuable, he adds.
He says threats to government security can be either internal or external. "Internal threats are threats with specific intent from people within state departments, such as an unauthorised user accessing procurement systems, the payroll server, or the Home Affairs database, for instance."
External threats comprise general malware and viruses, and threats with specific intent from individuals outside of government, he explains.
Share