Subscribe

Security industry viewpoint

By Anthony Olivier, MD of Performanta Consulting.


Johannesburg, 03 May 2012

I consulted this week for one of South Africa's premier organisations - a company that not only uses, but sells IT services; with A-grade marketing budgets, its name is on the lips of the nation. The administration centre accommodates 700 people, but it has an equal number of developers in a separate centre. In short - an organisation for which information security excellence should be core business practice.

I wasn't surprised, though, to learn that it has one information security officer in total - or that this individual is, confidentially, poised to leave, citing management disinterest.

This is worse, perhaps, than an equally illustrious - but non-IT - organisation with which we are all acquainted, having just redeployed its sole information security officer into a developer's role in the interests of cost rationalisation.

Both examples highlight the same issue: that however much industry commentators call information security a business problem, business doesn't think so. More specifically - unless the company is handling confidential information (and sometimes even when the company is handling confidential information) - information security is perceived as so coincidental to business as to not matter.

It leaves ISOs with the worst of dilemmas - knowing not only what has to be done, but trying to impress the urgency upon indifferent management teams. I hear the same lament at organisation after organisation, until it has become part of the consultancy repertoire, explaining to managers where they are failing.

Creating an information security team without management support is abdication; it allows managers to feel conscientious, but achieves little else - least of all reduce risk. South Africa is littered with committed, knowledgeable and ethical ISOs. The next time your security team tries to highlight its concerns, stop. Listen. Act. Measure results. Take accountability.

Information security IS a business problem. Time for business to step up to the plate.

ITWeb Security Summit

The ITWeb Security Summit takes place from 15 to 17 May 2012. For more information and to reserve your seat, please click here.

ITWeb's 7th annual Security Summit, taking place from 15 to 17 May, at the Sandton Convention Centre, is tailored to address the current IT security concerns of SA's CISOs and strategic decision-makers. The 2012 Summit features two days' of informative sessions presented by leading international and local security experts, and a full day of interactive workshops. The event will focus on reinventing information security where trusted technologies have failed. Among the issues to be focused on will be the cyber war threat, IT security and politics, the growing IP theft problem and the rise of hacktivism.

You will be able to assess and compare new tools and services within the IT security space at the Security Summit exhibition. Equip yourself with the latest IT solutions, and benefit from commentary on new trends and threats, which may inform your security strategy.

Among the international speakers who will present talks at the Summit are renowned white hat hacker, Moxie Marlinspike, and US Naval Intelligence cyber defence expert, Kenneth Geers.

For more information and to book your seat, visit www.securitysummit.co.za.

Share

Editorial contacts

Leigh Angelo or Jean Haupt
ITP Communications
(011) 869 9153
leigh@tradeprojects.co.za