Jidaw Systems
(MASTERCOMPUTERS)


Building for global competitiveness:
Information Security Challenges and Solutions for West Africa

Overview:

Information security is a significant boardroom issue. In today's world, companies rely on their internal computer systems and the Internet to conduct business and cannot afford to have disruptions to their operations. A security incident can have a wide-ranging negative impact on a company's revenue streams, customer confidence, and public relations.

This dilemma makes information security an essential component to an effective overall business strategy. Establishing an information security program that addresses the risks that your business faces should be a high priority.

Appreciating the above, provides a useful start point to the issues I will raise in this presentation, as the challenges faced by businesses trying to protect themselves and staying competitive have altered greatly in a relatively short space of time.

 

Three significant Information Security Challenges for West Africa:

- Constant Growth and Complexity of Information Security Attacks

Theft of proprietary information is also a major risk to information security. When intellectual property (IP) is in an electronic form, it is much easier to steal. If this information is stored on computers connected to the Internet, thieves can potentially steal it from anywhere in the world. According to the

2003 CSI/FBI Computer Crime and Security Survey, theft of IP remains the highest reported loss.

Two recent high-profile examples include an operating system product for a major software company and a version of an operating system for a major networking company. The software company theft was from an authorized third party, whereas the networking company appears to have been compromised by an unauthorized intruder. These types of security problems will only get worse as the Internet continues to grow in usage and complexity.

Three major issues have fueled the growth in security incidents: the increased number of vulnerabilities, the labor-intensive processes required to address vulnerabilities, and the complexity of attacks.

The threats are expected to continue to grow in magnitude, speed, and complexity, making prevention and clean-up even more difficult. These factors contribute to the need for a proactive plan to address information security issues within every company.

- Immaturity of the Information Security Market

The information security industry is at a similar stage today, with several companies offering individual solutions such as firewalls that address only a portion of a company's security needs. As a result, their customers face the challenge of making all these solutions work together. Only early versions of standards exist, forcing companies to complete multiple installations of "point" solutions that provide individual components of their security systems.

As with the ERP systems, this will change as a small number of vendors emerge as leaders and offer complete solutions that can support the majority of a company's information security needs. Smaller niche players in the market will integrate their products with these leaders' standards because their customers will no longer be willing to have their IT staff perform this role. However, until this day comes, the IT staff continues to bear the daunting task of cobbling all these solutions together. They must deploy a constantly expanding list of products and complete the integration work to ensure that these components are working together.

Another significant challenge that IT technicians face is the sheer amount of data they need to absorb to understand and manage the current state of their computing environment. Each product generates alarms, logs, and so on that they must review to determine whether something is wrong.

Security products generate a great deal of data; however, only a small number of problems or "incidents" might be affecting the company. It is difficult for security staff to get an overall picture of the security environment and put plans in place to address the critical concerns. This is similar to the business challenge in the 1990s when executive information or decision support systems were developed to mine through large volumes of data to determine critical business trends. Several vendors now offer decision support systems to address this issue for business executives. The "holy grail" for the information security industry is to develop similar systems to solve this problem in the security arena.

An additional challenge is the relative low priority that the software industry places on security.

Although some leaders in the software industry have announced a new emphasis on security, the majority of the industry has yet to follow this example. They currently focus on making software easy to use and are under tremendous pressure to deliver new products and services, often sacrificing security. This results in the growing number of vulnerabilities. Until the software industry receives more pressure to prioritize security, even at the sacrifice of new features, this situation will continue.

It will take some time for information security vendors to offer mature solutions to protect your business. In the meantime, you must develop strategies to mitigate these risks. The good news is that the security industry is following a similar pattern to other enterprise software industries, so solutions will be forthcoming.

- Shortage of Information Security Staff

Finding qualified information security staff is a difficult task, which will likely continue to be the case in the near future. Driving the hiring challenge is the immaturity of the solutions from information security vendors, the limited number of qualified staff available, and the unique blend of information security skills required. Business executives will need to invest more in this area to overcome these challenges.

Due to the immature market, lack of standards, and numerous point solutions, training is a problem for security staff. The industry has not had the time to grow the staff necessary for these roles. In addition, the information security challenges keep growing at a rapid pace, constantly expanding the list of technology to be deployed, and the information security staff just can't keep up. This translates into more time and money to get your staff trained on commercially available products.

Obtaining the necessary credentials for information security requires considerable training and experience.

Executives will need to consider longer-term strategies to address these needs because finding trained staff is not just a question of money but also of the time necessary to build the team around a limited number of qualified staff.  

By: Isaac Rockson II

 

Isaac Rockson II is Multimedia & Content Manager, AITI-KACE, Accra, Ghana.

Excerpts of paper, "Building for global competitiveness: Information Security challenges and solutions for West Africa" he delivered at the International Conference on Computer Security and Cybercrime in Africa held on March 28-30, 2006 in Lagos, Nigeria

Join the African Information Security Association (AISA)

Read the 2006 Computer Security and Cybercrime in Africa Conference Report

Read the communiqué on the 2006 International Conference on Computer Security and Cybercrime in Africa

Objectives of the African Information Security Association (AISA)

AISA Country Secretariats

 

Link to this Content/Resource

We appreciate you notifying other webmasters about our Content and Resources. You can even link directly to this content article!

For instance. If you like this resource or any of our resources, please add a
link to our website using the following HTML code: 

<a href="http://www.jidaw.com/security/aisa/westafrica.html">Information Security West Africa</a><br>
Information Security Strategy

MORE ..Attend the next FREE IT Career Seminar.. and Get IT Career Tips and Insights: 


More Information Security Resources

What Do you Have to Say? Post Your Comments about this Content Resource Here.

 

 

Comments

comments powered by Disqus

 

May 9, 2007

 

Daniel Lekettey from Port Harcourt, Nigeria says:

 

 

Resourceful and educative piece. Pls would want to contact Mr Rockson for paper delivery at an international conference for security professionals organised by the American Society for Industrial Security (Port Harcourt Chapter 236). 

 

 

May 4, 2007

 

Felix from Freetown, Sierra Leone says:

 

 

We of the West African sub region need to work together to make information security a reality, or else we lose the benefits of technology.

 

 


Innovation is integral to Sustainability

Read more

Samsung Galaxy Grand Prime: Important Features and Sincere Impressions

Read more

Girls in ICT Day Events and Activities

Read more

Self Worth, New Year

Read more

Girls in ICT Day Events and Activities

Read more

Level of OSS deployment and usage in Nigeria

Read more

Self Worth, New Year

Read more

Students face the Reality

Read more

DISRUPT THE STATUS QUO!

     
1.

Ideas are not enough. You must be action oriented to improve your future.

 

 
2.

Don't just think but act. You get results not only from thinking but from acting.

 

 
3.

You have ideas. You want to achieve. You want opportunity.

 

 
4.

But what are you still doing in your comfort zone? The comfort zone is a dangerous place.

 

 
5.

"I wanted to", "I was going to" cannot put on a light bulb, not to talk of moving you forward.

 

 
6.

Aren't you tired of hoping and criticizing? Stop defending status quo that locks you down.

 

 
7.

GO on the offensive now with IT Education and Empowerment.

 

 
8.

What is the use of ideas without action?

 

 
9.

Start becoming the achiever you deserve to be.

 

 
10.

MAKE SURE THERE IS NO STANDING ROOM FOR EXCUSES.