Johannesburg, 09 Mar 2006
Scholtz provided an overview of information security and strategies for the coming five years at the ITWeb Security Summit in Bryanston yesterday.
He said security practice is too often driven by hype, but he urged security managers to avoid the hype and rather try to anticipate it. "Manage the risk, don`t manage the hype."
He spoke of a "changing threatscape" as business and technology environments become more complicated and the challenge of finding out "what`s on your system" increases. "Web services is going to complicate our jobs almost exponentially," he added.
Scholtz said organisations should anticipate "an increased frequency of targeted, focused" attacks with financial motives. "Today`s attackers are financially motivated, and inherently do not want to be known."
He provided tips on how information security professionals should go about raising security threat awareness. "There`s a need to move away from over-reliance on attack-signature-based protection. There`s going to be an increased need for pre- and post-attack forensics data."
[VIDEO]Scholtz anticipates a shift to data-focused protection. He recommended that organisations look at managed service providers or outsourcing some security aspects, and join or form industry coalitions.
He also urged application of "basic best practices": making security efforts process-centric, doing measurements, practising governance and making continuous improvements.
Scholtz said CIOs are showing an indication of awareness. "We are seeing a stabilisation of information security budgets in leading organisations."
He said companies should understand document processes and policies, make informed decisions and be transparent.
"Effective security is ingrained in the culture of an organisation," he concluded.
Related stories:
Architecture, vendors at fault, says MS architect
Mitnick warns of 'holes in human firewall`
Share