Information security assessments conducted by Dimension Data during 2005 have revealed that corporate SA is not faring well in terms of administering and managing the people element of information security. Companies surveyed achieved an overall maturity score of 43% with some sectors, such as manufacturing, scoring as low as 3%.
Maturity relates to the responsibility assumed for a security programme, how it is administered as well as how aware and educated employees are about an organisation`s security policies and procedures. The companies assessed did, however, fare relatively well with regard to perimeter security, and achieved an overall score of 56%.
"Security is no longer a technical risk but a business risk that needs to be addressed at a board level," says Gary Middleton, general manager of security solutions at Dimension Data.
South Africa scores poorly with regard to risk management and information security and boards are not aware of how much risk they are facing, or what measures are in place to protect their organisations.
"Many organisations are still unaware of the serious consequences that the mismanagement of information security can have. The loss or compromise of information assets has a very real impact on an organisation`s risk profile."
Dimension Data has developed a chief security officer (CSO) service to provide customers with guidance in managing information security-related issues and achieve a compliant environment in relation to various corporate governance requirements. It is aimed at an organisation that understands the importance of security, but that does not have the capacity to employ a full-time chief security officer.
An information security assessment is used to determine a company`s initial security posture, corporate governance status as well as identify areas for improvement. Dimension Data will highlight the top 10 security priorities that have to be addressed. A PricewaterhouseCoopers security study found that companies that conducted security best practice assessments had less downtime and suffered fewer financial losses. Companies conducting such assessments are more aware of their security posture and are therefore more likely to measure their security performance more closely.
Through its CSO service, Dimension Data will deliver global security best practices to customers as and when required, improve their security posture and assist them to address various business risks. Middleton notes that while customers have the option of outsourcing the management of their security, the ownership of security strategies should reside with customers.
"Although corporate SA is faring relatively well in terms of global security best practices, it has to do more to manage and mitigate risk to an acceptable level," concludes Middleton.
Share
Dimension Data plc (LSE:DDT), a specialist IT services and solution provider, helps clients plan, build and support their IT infrastructures. Dimension Data applies its expertise in networking, security, operating environments, storage and contact centre technologies and its unique skills in consulting, integration and managed services to create customised client solutions.
Editorial contacts