Information security is multidimensional in nature, and holistic, daily management of it is as important to a business as its network management. This is the message from a panel discussion at IGNITE (Integrating Global Networks and Information Technology for Excellence) 2001 at Sun City.
Professor Basie van Solms, the Rand Afrikaans University`s chairman of the department of Computer Science, chaired the panel.
Discussing the multidimensional nature of information security, the panel comprised Mark Heyink, director of e-commerce legal risk management and head of e-business legal risk management at KPMG; Shaun Solomon, information systems portfolio manager with Eskom; and Kobus Burger, partner, information security solutions and enterprise risk services at Deloitte & Touche.
Van Solms` key message to delegates was that information security is reliant on changing the mindset and behaviour among the staff of any company; instilling a culture of security. This, said Van Solms, forms part of a holistic attitude to information security, which is itself a part of a corporate governance approach to ensuring tight information security within a business.
Another dimension is that of best practice, which Van Solms defined as following the example of and learning from the experiences of other companies which have been faced with the same challenges.
Risky behaviour
Burger addressed the topic of risk management when it comes to information security, which he explained as the protection of the integrity of information, and securing the confidentiality and availability of that information.
The way forward, he said, will rely on companies prioritising security initiatives, with a director level ownership of the project being critical to its success. Other changes include the nature of employee behaviour, such as the habits of writing down passwords and other such risky behaviour.
The business division of any organisation needs to specify the level and extent of protection of information to the technical department, and not the other way around, noted Burger.
He advised that the starting point for any security initiative should be a thorough analysis of the impact and importance of information to an organisation, and the business value of that information.
Risk management
Heyink approached the topic from the aspect of the legal and insurance dimensions of the issue, saying that risk management arises out of situations where there is inadequate law governing a matter, or where the existing laws cannot be enforced - as is in the case of crimes such as hijacking.
He cautioned delegates against expecting a quick change in legislation governing information security, saying that there would be vacuums in the law for the duration of most of the delegates` professional careers.
Solomon discussed the state of information security projects kicked off across Eskom nationwide, noting that inter-departmental communication, ground level awareness and director-driven initiatives have been critical success factors so far.
The summit, hosted by marcus evans at Sun City between 9 and 11 May, plays host to a multitude of product vendors, speakers from local and international IT industries and delegates from SA and other African countries.
Share