Companies are bending over backwards to ensure the security of their network from external threats, but in SA, with its high statistics of hardware theft, physical security is not receiving the attention it deserves.
At the third annual Information Security South Africa Conference, held at the Sandton Convention Centre this week, industry experts from around the world commented on how important it is to address this sort of physical security, by creating a culture of security in companies.
"Early indications are that companies that pay significant attention to security culture have a more committed staff and are more likely to prevent or overcome disasters," said Prof Stephanie Teufel, director or the International Institute of Management in Telecommunication in Switzerland.
The conference heard how in California, a law was passed recently that requires all parties to be notified of a security breach that could affect them. The law was passed after a laptop containing taxpayers` private information was stolen from a government office.
Lessons from 11 September
Great emphasis was placed on a two-prong approach incorporating information security and business continuity. After the events of 11 September, corporate America was shown a worst-case scenario for business continuity. Companies that had their backup servers located in the basement or the other tower of the twin towers were left with nothing from which to rebuild their business.
"Many more companies are much more aware now that they need a business continuity plan. The concern, however, is that the testing and execution of plans are not anywhere near where they should be," said Rich Schiesser, a senior technical planner at US-based Option One Mortgage.
"Many companies looking at business continuity are spending more on technology than on the people and the processes that are needed to have a viable plan," Schiesser added. "The real issues needed to make it work have been identified but have not been fully put in place."
South African needs
Rikus Matthyser, a Telkom Business Integration Services executive, outlined the two basic requirements for the South African security industry. "There must be commercialisation of security, where it becomes affordable and gets the attention it should get, and affordability, driven by standardisation and a minimum acceptable level of security for organisations."
He also added that security should be a company-wide concern, and not only limited to the IT department. "It seems hardly productive if 15% of the IT department`s resources are spent on security measures when its main focus should be on support to keep a business running smoothly."
Share
