Date(s) - 16/03/2017
12:00 pm - 4:00 pm
Strategic meeting of stakeholders in Information Security
Apart from the increasingly sophisticated nature of attacks, information security professionals often find themselves fighting a culture of disbelief in the businesses they support. Many businesses still do not believe they will be targeted by cyber-attacks, typically arguing they have no data worth stealing.
Consequently, the business is unwilling to invest in basic security management and control systems, and assumes the IT department will take care of any security issues that may arise. It is important for the business to understand the nature of the threat against the business and the impact of a breach on production, finances, intellectual property and reputation. Organizations need to be able to continually monitor their networks and have the ability to detect and mitigate intrusions as quickly as possible.
Every organizations must develop information security policies, procedures and plans; and these need to be updated regularly and enforced to help keep pace with the constantly evolving threat landscape. Human beings are often the weakest link. Consequently, an extremely high proportion of attacks involve social engineering approach. Many Nigerians, and even people all over the world, are still increasingly fallen victims of socially engineered attacks. In 2016, there are records that financial institutions in Nigeria faced Distributed Denial of Service Attacks (DDoS). This confirmed that online activities are not completely secured. Security awareness and training are therefore indispensable. Attackers may be using customized attacks, but operating methods typically remain the same.
Looking ahead at the future, security will probably be established by balancing controls and risks to produce a scalable and flexible strategy. More persistent internal monitoring and sharing of security intelligence are necessary for a more effective security approach. Invasive security controls will be limited as organizations are quickly losing control of the devices and services that the workforce uses, as “Bring Your Own Device (BYOD)” is becoming the norm. Organizations will likely lose control of the way employees and customers protect information. We are shifting into a time where organizations will probably no longer own their IT infrastructure and thus will no longer have direct control over their security.
For a security strategy to be workable for the present and the long terms, it is important to look ahead. Organizations tend to focus on reacting to security threats rather than being proactive. Functioning in this way provides no future growth in the adoption of the security framework. It is essential that organizations remain flexible and adaptable to achieve the long term security benefits. The organizations current security state, relative to the risk they are willing to take and effective security alignment will determine the achievable desired security posture for the future.
Finally, it is important to understand that information security in not only about firewalls, antivirus software and passwords. Information security is a continuous process that requires modern approaches and persistent management. Collaborative strategy and efficient practices that are required in protect valuable assets of organisation to achieve sustainable, Confidentiality, Integrity and Availability (CIA).
In order to address both present and future information security challenges, Information Technology Systems & Security Professionals (ITSSP) is organising stakeholders meeting in formation security. ITSSP became one of the Interest Groups of the Nigeria Computer Society (NCS) in January 2014. The primary aim of the group is the advancement and development of Information Security in Nigeria. The group has been involved in the development of capacities needed protect national digital assets and cyberspace.
The strategic meeting, which will be held on Thursday, 16th March, 2017, will provide a platform for reviewing existing information security strategies and initiating collaborative efforts for addressing current challenges. Other objectives are to:-
- To sensitize stakeholders in Information Security towards the creation of a synergy for an overall achievement of an adequate protection for all ICT infrastructures in Nigeria.
- To develop a template towards improvement on available knowledge and research on information security.
- To prepare adequate grounds for the upcoming Annual Information Security Congress (ANISCO) taking place in October 2017.
Individuals and organisations concerned with information security are expected to attend the meeting.
Prof. A. S. Sodiya