Security will never succeed without correctly apportioned attention to people, process and technology, says Richard Peasey, Absa group ISO.
Peasey told delegates at the IT Risk Management Symposium, hosted by the Institute for International Research in Sandton, that although technology plays an important role, IT is not the only area of a business that needs to focus on information security (IS).
"State-of-the-art information security systems are useless, if they are not deployed correctly and the people involved are not trained properly," he said.
Peasey emphasised that security is a group-wide issue and said one of the keys to Absa`s success in applying security principles across a large organisation has been the creation of a specialist ISO function.
"The role of the ISO specialist is to ensure information security is managed in a consistent, cost-effective manner and to provide strategic direction, coordination, monitoring, consultation and policies management across the group as a whole."
Peasey said an important part of communicating group-wide is the development of an information security culture that depends heavily on executive management support and buy-in.
"Once the essential component of executive management support has been established, organisations can focus on educating staff and developing a comprehensive set of information security policies and practices."
He noted that information security is no longer a "nice to have" - it must be accepted and considered as part of the price of doing business.
"Organisations cannot afford to take a half-hearted or part-time view of information security because this approach will fail before it begins."
Share
