IT security role ‘critical’ in strategic planning: expert
Dubai, June 11, 2014
The role of IT security in companies’ strategic planning is critical, while the size of a company’s information security arm does not necessarily guarantee a secure IT environment, said an expert.
Robert Bigman, former chief information security officer (CISO) at Central Intelligence Agency (CIA), stressed that its influence and centralised management with strong programme and data governance controls is what works and matters most.
“There is a good mix of small and big companies who do it well when it comes to securing their organisations’ IT systems,” said Bigman said during his keynote presentation on the second day of the Gulf Information Security Expo and Conference (GISEC) organised by Dubai World Trade Centre, which concludes today (June 11).
‘’What is essential is the effective participation of IT security in all strategic planning and tactical decision taking, I.T. configuration change requests and monitoring of network interfaces and all use of privileged account accesses.
“Having witnessed also how big companies do it wrong, I also strongly urge that chief information security officers should not work with chief information officers,” he added.
Bigman further revealed that majority of IT vendors place product compatibility ahead of product security and are patching product holes instead of writing secure code.
The best solution to thwart sophisticated hackers and cyber threats include system encryption, white-listing of approved applications, cyber intelligence and sharing big data analytics.
The global physical security services market generated revenues of $62.3 billion last year and is expected to reach $86.3 billion in 2018, according to a Frost & Sullivan Position Paper authored for Gisec.
The paper also forecast that the Middle East and Africa (MEA) region’s IT and physical security services market will likely grow at a rate of 18.4 per cent from 2013 to 1018.
Meanwhile, a PricewaterhouseCoopers (PwC) 2014 Global Economic Crime Survey revealed that cybercrime is currently the second most reported economic crime in the Middle East with high-profile breaches being reported every day. In its efforts at combatting such crimes, the Middle East accounts for nearly 1.4 per cent of global software spending, with long-term prospects of growth as per a recent report by Gartner.
Trixie LohMirmand, senior vice president, Dubai World Trade Centre, said: “The challenge facing us is that today’s cyber threats have grown exponentially in scale and sophistication. Gisec 2014 will equip the information security industry with the latest tools and strategies to deal with this ever-more complex threat.”
The conference included a discussion on countermeasures and solutions to combat cyber security threats, detection and qualification of malicious activities, hardware encryption with benefits of solid state of disk as well as critical patch against security incidents, enhancing productivity through centralised access management, endpoint security solution against APT, and using analytics for risk insight and risk decisions; a panel session on the CISO challenge focused on how to manage the crucial link between information security, operational performance, brand protection and shareholder value.
It also included free-to-attend CISSP Clinic sessions, which focused on information security governance and risk management; and access control. Participants received CISSP certificates at the end of the sessions. - TradeArabia News Service