IT In Government - Information Security Requires Proactive Measures From Government

African government departments can no longer afford to sit back and allow security consultants to assess their risk levels, experts say. In addition to deploying security systems to ensure that the environment is secure, government’s internal security officers must understand what the hackers are doing and test the systems on a regular basis, says Hugo Van Niekerk, specialized services director of Carrick Holdings. “Use the services of an ethical hacker, or get fresh eyes to test your system,” he says. Van Niekerk says organisations should also ensure that the solutions being deployed fit the risks that the organization faces. This ensures that the institution does not over-invest in systems, a critical element in an environment where everyone wants to get optimum protection for as little a budget as they can get away with. Van Niekerk advises chief information officers to invite top technical staff to the assessment meetings with potential security consultants. This helps the internal staff gain a thorough understanding of the technologies that will be deployed. Information that comes out of the assessment should be used to draw up a clear and clean service level agreement, he adds. Haroon Meer, technical director of Sensepost South Africa says advices that the contracting organization should not restrict the security vendor to only use tactics that were previously agreed upon during the assessment stage. While laying out expectations for a service level agreement is critical, room should also be made for unexpected developments. Max Melamed, information security manager for Ernest and Young South Africa says institutions should also not be too obsessed with detailed policy documents that outline information security measures. “Policies do not stop a hacker,” he says. The human element should also be factored into information security measures that are put in place. “Government should do background checks on potential employees to build a workforce that is not populated by white collar thieves,” Van Niekerk says. Find more news, views and trend articles about the African and South African ICT industry from ITWeb. Read about the way mobile phones affect the way Africans live, work, learn, play and communicate on her Mobile Life blog.