Kicking off ISSA 2010 – the ninth Annual Information Security South Africa Conference


This is the 9th time that ISSA takes place. This year ISSA is co-sponsored by IFIP and the IEEE. The proceedings will be published as part of the IEEE digital library.  This no doubt increases the visibility of ISSA papers.

The first keynote speaker is Mark Politt. He comes from a very strong law enforcement perspective. His talk is entitled “Information Security in the 21st Century. In the 1940 – 1980’s life was simple. Everything belonged and were controlled by the IT department – IT lived in a glass house. Then along came the PC… This gave IT new turf in the organisation. We thought we could control the PCs!? And then came the rise of the Internet. All was about eyeballs and bandwidth.  Focus shifted to network/application from information/computer security. The threat became a very real economic threat.

So where do we stand today. Mark thinks we are better off today because we understand things better than say 5 years ago. But he qualifies his statement by saying that that is only because we were really bad five years ago… Today we need to manage the tradeoffs: cost vs tradeoff, complexity vs flexibility and ease of use.

But the coming of social networking change must specifically as far as human behavior is concerned.  The youth of today define themselves by things such as Facebook. If they’re not on Facebook it’s (for them) as good as if they don’t exist. Sadly people are mostly oblivious to information/operational/personal security. Welsch‘s Theory of Media Ecology was mentioned, one of the interesting observations that people don’t really work in groups, but rather in flocks/tribes. Generally these kinds of environments get characterised by “freedom” rather than control. We need to mediate changes in behavior.

His conclusion: information can only be hardened, not controlled. Social behaviors will have a critical impact on security, technology enables “information citizenship”. We need to make information classification, privacy enhancing technologies and security education needs to work together to ensure that we get better at securing our information assets.

The next guest speaker was Johann van der Merwe from PWC.  He says the we have exactly the same problems that we have a couple of years.  Audit report findings look exactly the same as previous years – we are caught in a “hamster wheel of a pain”. Part of the problem seems to be that we only have perceived risk, based on experience since the complexity does not allow us to understand everything.  Perceived risk is further influence by legislation and economic forces. But he sees the Information Security Organisation to operate silo-based, rather than as a business. He then described some things to do in terms of the ISACA Business Model and Value chain concepts.

After Johann, Elize van der Linde provided some information regarding the King III report and information security.  The King III report of course explicitly makes the board responsibility for information security, ensuring that IT align with performance and sustainable objectives. The board must see that they implement an IT governance framework. The risk and audit committee must assist board carrying out its IT responsibilities. She then concentrated on the “I” side of IT Governance. Information governance is a shared responsibility between business and IT. It is complex, needs a multi-year project and a roadmap to be measured against.

OK, time for tea…

I will be blogging at least the keynote speeches and maybe selected individual talks throughout the conference.

Advertisements

2 Responses to Kicking off ISSA 2010 – the ninth Annual Information Security South Africa Conference

  1. Dominic White says:

    Thanks for the summary. Useful for those that missed it. Quick correction: Johann is with PwC.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: