Fighting fire with fire

Alex Kayle
By Alex Kayle, Senior portals journalist
Johannesburg, 20 Apr 2009

The ITWeb Security Summit 2009 will feature Craig Rosewarne, senior manager for Enterprise Risk Services at Deloitte and Touche. He will discuss aligning security and assurance functions to business requirements.

The summit will be held at the end of May at VodaWorld, in Midrand. Rosewarne will demonstrate how companies can establish vertical assurance teams comprising skills from various assurance functions such as information security, IT, physical security and HR.

Rosewarne has chaired previous ITWeb Security Summits. He is the founder and chairman of the Information Security Group of Africa.

Times of war

He compares security issues that companies face today with the Boer War. “When the Boers declared war on 11 October 1899, the British public expected it to be over by Christmas,” says Rosewarne.

ITWeb Security Summit 2009

More information about the ITWeb Security Summit, which takes place from 26 to 28 May 2009 at Vodaworld, is available online here.

“Two-and-a-half years later, at a cost of £200 million, and the lives of over 22 000 men, Britannia had suffered a very bloody nose in one of their most humiliating wars to date.”

In the same way as the Boers brought a completely different approach to warfare tactics, and the British having underestimated those tactics, organisations today are making similar mistakes when it comes to mitigating risk, Rosewarne says. Companies need to rethink their guerrilla warfare tactics for today's complex threat environment.

Assurance functions within companies need to move away from a silo-focused structure to one better structured to help the business achieve its key objectives, he adds.

“The tactics of yesterday are not going to work today. Companies need to change their mindsets from having a siloed departmental approach, to putting business first and having a business assurance steering committee in place to support the business to achieve its objectives. This will not only protect and help drive the business to reach its objective, but is also an effective way of a company utilising its budgets and mitigating risk across the organisation.”

Related stories:
Network security crucial
Fraudsters cash out
Is open source safer?
Privacy not a guarantee
Speakers reveal top security issues
Top black, white hats at Security Summit