Subscribe

The art and science of infosec law compliance

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 09 Apr 2018
David Luyt, associate at Micahlsons.
David Luyt, associate at Micahlsons.

Businesses are focusing too much on the 'science' and not enough on the 'art' of information security compliance.

ITWeb Security Summit 2018

Registration is open for the ITWeb Security Summit 2018 in Johannesburg and Cape Town. Ex-perts from around the world will be presenting, including global security expert Mikko Hypponen, who has been instrumental in uncovering and bringing down several infamous threats, and has assisted law enforcement agencies across the globe. In addition, several other top speakers will be sharing their knowledge, including Intel's Rodrigo Branco who will unpack blinded random block corruption attacks for the audience. Get involved in #SS18HACK and choose from three half day workshops or a full day bootcamp, plus five training courses, and much more. For the agenda, click here.

#SS18HACK is open for registration - click here for more information.

To find out more and register for the ITWeb Security Summit 2018, go to: http://v2.itweb.co.za/event/itweb/security-summit-2018/?page=agendaday1

So says David Luyt, associate at Micahlsons, who will be presenting on 'Information has value: the art and science of information security law compliance', at the ITWeb Security Summit 2018, to be held from 21 to 25 May at Vodacom World in Midrand.

He says 'science' includes the safeguards that can be purchased, such as encryption or video surveillance. "That's the easy stuff, because if you spend enough money on it, you can get it done."

The 'art', on the other hand, includes the safeguards that can't be bought, such as a culture of information security and leadership awareness. This is the hard stuff, because a business could spend a lot of money on it, and still not benefit, if it is done in the wrong way.

What's it worth?

He says businesses need to identify how their information has value before trying to comply with information security laws. "What's it worth to your customer, to you or to a cyber criminal?"

The act of working out what the most valuable information is helps streamline the business by knowing what information needs the most protection, and enabling it to direct more resources, in terms of time and money into protecting that information.

According to Luyt, this means that more of the businesses information will be appropriately protected, which makes it more likely that it will still be there when it is needed by the business or its customers, and that unauthorised individuals will be less likely to get their hands on it.

Delegates attending Luyt's talk will get an introduction to the art and science of information security law compliance, and will understand the main rules, codes, and standards that form the body of information security law.

In addition, they will expand their understanding of what information security measures really are, as well as learn how to comply with information security law in their organisation at a high level.

Share