Integrated risk management in the public sector space
ITWeb events hosted, with Brainstorm, the third Public Sector ICT Forum, sponsored by MTN Business, at The Four Seasons Hotel, Westcliff, last week.
Over 100 C-suite information technology executives from across the public sector gathered to hear opinion from thought leaders in information technology and risk management in South Africa.
The forum's focus was integrated risk management in the public sector space and included insight into data protection and privacy, the impending The Protection of Personal Information Act (POPIA) regulations; the journey towards a connected society and details pertaining to the Public Sector Risk Management Framework, PFMA, MFMA and the risk cycle: identification, assessment, response.
TV and Radio personality Peter Ndoro kicked off proceedings as the programme director. Ndoro is one of the most noteworthy aficionados in the 'New Age of Business' as he spends his day interviewing leaders in government and business for his weekly current affairs programme "New Age Business Briefings".
Mandla Mkhwanazi, chief process officer, Transnet, took centre stage as the chairman of the Public Sector ICT Forum, as did Dudley K Petersen chief information officer, Department of Cooperative Governance and Department of Traditional Affairs in his capacity as chairperson of GITOC and David Mphelo, GM Enterprise Sales, MTN Business. MTN Business is the anchor sponsor for this event and has been instrumental in the management of the Public Sector ICT Forum, which has made dialogue between government and the private sector a priority.
With the formalities over it was time to get into the nitty gritty of the role governance, risk, data privacy, security and compliance play in the public sector. It was imperative that these matters were discussed in depth as the impact of not getting it right would be felt far and wide.
Pria Chetty, regional manager at EndCode, addressed the subject of data privacy and protection in the public enterprise. She unpacked the implications of POPIA in the public sector and exposed delegates to the key roleplayers, urging forum members to "beat down the door" of the information regulator and engage it in conversation. Chetty warned: "If you don't start the process now, you could be found wanting further down the line and the consequences are daunting: criminal penalties of fines (no limit set) or a prison sentences up to 12 months or 10 years or both a fine and imprisonment; administrative penalties of fines up to R10 000 000; an enforcement notices and/or civil actions for damages brought by data subjects or the Regulator on behalf of data subject'.
Mothibi Glenview Ramusi, CIO, National Lotteries Commission, turned the attention of the audience to his reasoning behind why we should all be journeying to towards a connected community. Ramusi exposed his views on what approach needs to be taken to achieve this objective: coordination between private and public sector; joint vision towards an open access model; implementation of flexible legislative framework; removing barriers relating to cost to communicate; alignment of delivered curriculum to today's realities; closing of a communication gap between communities/society; transforming funding institutions - advancing under privileged communities in accessing funds and upskilling of decision-makers in all sectors.
Reducing the impact of common cyber attacks was next on the agenda. Business and management expert Dr Peter Tobin discussed the impact of cyber threats in the public sector. He went on to explain how the public sector can prepare to break the attack pattern i.e. reducing your exposure using essential security controls such as: boundary firewalls and Internet gateways; malware protection; patch management; whitelisting and execution control; secure configuration; password policy and user access control. The audience was given four key takeaway points: follow the PSRM framework; continually scan the threat landscape; understand your specific vulnerabilities and address cyber attack stages and patterns.
Tobin advised the attendees, who were at their wits' end in terms of explaining the value of the integration of the risk management role at board level, to take a three-legged stool to all upcoming meetings. He explained that they should write GRC (governance, risk and compliance) on the top and people, technology and policies and ask their counterparts how they would sit on the stool if any one of these legs were broken.
At the close of the proceedings, delegates got to fire questions; thoughts and comments at the CIO panel, which included: board members Julius Segole, Ramusi, Carol Thomas, CIO, CAA, Dudley Petersen as well as Mphelo and Tobin. This discussion sparked important and relevant debate and ruffled a few feathers but at the end of the day it was clear that collaboration was tantamount to the success of integrated risk management in the public sector.
If you are interested in becoming a member of the Public Sector ICT Forum and would like to be invited to future events and kept up to date with the forum's exploits, click here to visit the Web site.