Johannesburg, 23 Nov 2005
By Hannes Rheeder, a sales executive at Computer Associates Africa
In a recent article by security guru Hal Tripton in Computer Security Journal (Vol. X No. 1), he noted that the number of lawsuits against corporate officers, as a result of information security problems that affected their companies, were on the increase.
The reality is that in the last 14 years the number of global cases that identify corporate board members as being personally responsible for the loss of customer information, customer confidence and so forth have grown considerably.
South Africa is no exception, since the promulgation of the ECT Act, companies have become increasingly vulnerable and face, like their international counterparts, possible legal action if proper security processes are neglected.
So, as security solution providers and integrators, what can we do to assist executive management and mitigate the above consequences? Education is an important first step.
Most companies are aware of the need for security but tend to see it as a checklist rather than an in-depth, ongoing process. Also, companies will likely ask the following questions, which is why your assistance is so important.
The first question usually is: what will it take to become 100% secure?
Unfortunately, it is impossible to reach a state of 100% security. There are always the uncontrollable factors such as new vulnerabilities or disgruntled employees. Realistically, a state of 95% is possible; however, the other 5% is virtually impossible without locking the entire company in a vault and filling it with cement.
The key here is to be factual and honest, 100% security is simply not a reality.
The second question most frequently asked is: why do we need to outsource our security needs. Surely once all the equipment and policies are in place we won`t need to outsource them anymore?
Again, the answer is that you will always need a security professional to handle the daily maintenance of your security systems as well as the response team to deal with emergencies.
Thirdly, the CFO will more than likely ask: how do you justify the expense if it doesn`t generate any profit?
While it does not directly generate revenue, information security stabilises a company`s bottom line by keeping it secure. It is imperative that all customer information is kept secure; if leaked it could be detrimental to the entire company. Security provides trust and confidence in a company.
When proposing a security solution, stick with the initial basics and educate from there. Complexity gets in the way of security`s form and function and confuses even the most savvy of management teams.
Let the business dictate the policies and go from there.
Share