|
|
|
|
|
|
Building for global competitiveness: Information Security Challenges and Solutions for West Africa Overview: Information security is a
significant boardroom issue. In today's world, companies rely on their
internal computer systems and the Internet to conduct business and
cannot afford to have disruptions to their operations. A security
incident can have a wide-ranging negative impact on a company's revenue
streams, customer confidence, and public relations. This dilemma makes information
security an essential component to an effective overall business
strategy. Establishing an information security program that addresses
the risks that your business faces should be a high priority. Appreciating the above, provides
a useful start point to the issues I will raise in this presentation, as
the challenges faced by businesses trying to protect themselves and
staying competitive have altered greatly in a relatively short space of
time. Three significant Information
Security Challenges for West Africa: - Constant Growth and
Complexity of Information Security Attacks Theft of proprietary information
is also a major risk to information security. When intellectual property
(IP) is in an electronic form, it is much easier to steal. If this
information is stored on computers connected to the Internet, thieves
can potentially steal it from anywhere in the world. According to the 2003 CSI/FBI Computer Crime and
Security Survey, theft of IP remains the highest reported loss. Two recent high-profile examples
include an operating system product for a major software company and a
version of an operating system for a major networking company. The
software company theft was from an authorized third party, whereas the
networking company appears to have been compromised by an unauthorized
intruder. These types of security problems will only get worse as the
Internet continues to grow in usage and complexity. Three major issues have fueled
the growth in security incidents: the increased number of
vulnerabilities, the labor-intensive processes required to address
vulnerabilities, and the complexity of attacks. The threats are expected to
continue to grow in magnitude, speed, and complexity, making prevention
and clean-up even more difficult. These factors contribute to the need
for a proactive plan to address information security issues within every
company. - Immaturity of the
Information Security Market The information security industry
is at a similar stage today, with several companies offering individual
solutions such as firewalls that address only a portion of a company's
security needs. As a result, their customers face the challenge of
making all these solutions work together. Only early versions of
standards exist, forcing companies to complete multiple installations of
"point" solutions that provide individual components of their
security systems. As with the ERP systems, this
will change as a small number of vendors emerge as leaders and offer
complete solutions that can support the majority of a company's
information security needs. Smaller niche players in the market will
integrate their products with these leaders' standards because their
customers will no longer be willing to have their IT staff perform this
role. However, until this day comes, the IT staff continues to bear the
daunting task of cobbling all these solutions together. They must deploy
a constantly expanding list of products and complete the integration
work to ensure that these components are working together. Another significant challenge
that IT technicians face is the sheer amount of data they need to absorb
to understand and manage the current state of their computing
environment. Each product generates alarms, logs, and so on that they
must review to determine whether something is wrong. Security products generate a
great deal of data; however, only a small number of problems or
"incidents" might be affecting the company. It is difficult
for security staff to get an overall picture of the security environment
and put plans in place to address the critical concerns. This is similar
to the business challenge in the 1990s when executive information or
decision support systems were developed to mine through large volumes of
data to determine critical business trends. Several vendors now offer
decision support systems to address this issue for business executives.
The "holy grail" for the information security industry is to
develop similar systems to solve this problem in the security arena. An additional challenge is the
relative low priority that the software industry places on security. Although some leaders in the
software industry have announced a new emphasis on security, the
majority of the industry has yet to follow this example. They currently
focus on making software easy to use and are under tremendous pressure
to deliver new products and services, often sacrificing security. This
results in the growing number of vulnerabilities. Until the software
industry receives more pressure to prioritize security, even at the
sacrifice of new features, this situation will continue. It will take some time for
information security vendors to offer mature solutions to protect your
business. In the meantime, you must develop strategies to mitigate these
risks. The good news is that the security industry is following a
similar pattern to other enterprise software industries, so solutions
will be forthcoming. - Shortage of Information
Security Staff Finding qualified information
security staff is a difficult task, which will likely continue to be the
case in the near future. Driving the hiring challenge is the immaturity
of the solutions from information security vendors, the limited number
of qualified staff available, and the unique blend of information
security skills required. Business executives will need to invest more
in this area to overcome these challenges. Due to the immature market, lack
of standards, and numerous point solutions, training is a problem for
security staff. The industry has not had the time to grow the staff
necessary for these roles. In addition, the information security
challenges keep growing at a rapid pace, constantly expanding the list
of technology to be deployed, and the information security staff just
can't keep up. This translates into more time and money to get your
staff trained on commercially available products. Obtaining the necessary
credentials for information security requires considerable training and
experience. Executives will need to consider
longer-term strategies to address these needs because finding trained
staff is not just a question of money but also of the time necessary to
build the team around a limited number of qualified staff. By: Isaac Rockson II Isaac Rockson II is Multimedia
& Content Manager, AITI-KACE, Accra, Ghana. Excerpts of paper, “Building for global competitiveness: Information Security challenges and solutions for West Africa” he delivered at the International Conference on Computer Security and Cybercrime in Africa held on March 28-30, 2006 in Lagos, Nigeria
What Do you Have to Say? Post Your Comments about this article Here COMMENTS for "Building for global competitiveness: Information Security Challenges and Solutions for West Africa":
Join the African Information Security Association (AISA) Read the 2006 Computer Security and Cybercrime in Africa Conference Report Objectives of the African Information Security Association (AISA)
Link to this Content/Resource We appreciate you notifying other webmasters about our Content and Resources. You can even link directly to this content article!
|
Subscribe to the FREE IT Career Newsletter with valuable information bringing you practical, how-to tips and articles.
|
