Businesses are focusing too much on the 'science' and not enough on the 'art' of information security compliance.
So says David Luyt, associate at Micahlsons, who will be presenting on 'Information has value: the art and science of information security law compliance', at the ITWeb Security Summit 2018, to be held from 21 to 25 May at Vodacom World in Midrand.
He says 'science' includes the safeguards that can be purchased, such as encryption or video surveillance. "That's the easy stuff, because if you spend enough money on it, you can get it done."
The 'art', on the other hand, includes the safeguards that can't be bought, such as a culture of information security and leadership awareness. This is the hard stuff, because a business could spend a lot of money on it, and still not benefit, if it is done in the wrong way.
What's it worth?
He says businesses need to identify how their information has value before trying to comply with information security laws. "What's it worth to your customer, to you or to a cyber criminal?"
The act of working out what the most valuable information is helps streamline the business by knowing what information needs the most protection, and enabling it to direct more resources, in terms of time and money into protecting that information.
According to Luyt, this means that more of the businesses information will be appropriately protected, which makes it more likely that it will still be there when it is needed by the business or its customers, and that unauthorised individuals will be less likely to get their hands on it.
Delegates attending Luyt's talk will get an introduction to the art and science of information security law compliance, and will understand the main rules, codes, and standards that form the body of information security law.
In addition, they will expand their understanding of what information security measures really are, as well as learn how to comply with information security law in their organisation at a high level.
Share