The complexities associated with Y2K pale into insignificance when compared to the imminent information security crisis which threatens to affect digital economies around the world.
This was the central theme of discussion at the inaugural Global Information Security (InfoSec) Summit, held in Washington DC during October. Four hundred delegates from 42 countries, including South Africa`s own Piet Opperman, head of information security authority ISIZA, attended the summit to discuss the critical issues surrounding information security and infrastructure assurance.
"The main outcome of the summit was a global partnership between industry and government leaders from around the world, including South Africa, to address critical communications and information sharing issues surrounding information security in a digital economy," reports Opperman. "The partnership will seek ways to continue international information sharing on information security and will focus on solutions to the people, process and technology challenges surrounding information security."
Organisation of the partnership will encompass a steering committee, and working groups for best practices, workforce, research and development, cybercrime and law enforcement, and public policy and legal frameworks. Each will meet virtually over the upcoming months, developing work plans and goals, and will convene at the second Global Infosec Summit in Northern Ireland in May 2001.
"The fact that the US government is holding meetings at presidential level, and establishing ministerial task forces is a clear indication of the level of seriousness it attaches to the information security crisis," says Opperman. "Unlike Y2K, which presented a static problem with a known workable solution, information security has to keep pace with technology and business practices that are constantly changing. This, together with the fact that one is dealing with an `enemy` that is increasing not only in intelligence but also in number makes it all the more difficult to come up with a solution. Consequently, the time has come for industry to get its house in order."
Because e-business transcends global trading barriers, Opperman says accompanying legislation has to be consistent across all participating countries. "While some countries such as the US, Singapore and Taiwan have made significant advances in this regard, others are seriously lagging behind. Urgent attention needs to be given to the global harmonisation of information security legislation."
As far as developing countries are concerned, Opperman says rigorous Codes of Practice such as ISO 17799 cannot be blindly applied in these areas. "A staged approach is required which gives these organisations an entry level commitment to information security practices which they can then develop further as the company grows," he says.
To address these and other issues pertaining to information security, ISIZA will be convening an advisory panel comprising government and industry representatives. "The aim of the panel is to define appropriate level of security for businesses in the South African environment," Opperman explains. "Additionally, ISIZA will provide tools with which organisations can perform a self-assessment of their own information security practices. The level of information security an organisation decides to implement will depend on how high its risk is. ISO 17799 provides a guideline to help them determine how far they should go."
Share