Print
Current Infosec Trends
April 20, 2009 – 8:05 pm by Lance MichalsonHighlight: There are three current trends in information security:
- Information security is no longer just a technical issue for the IT Department - it is now a legal obligation.
- The emergence of a legal standard against which compliance will be measured.
- A new emphasis on a duty to disclose breaches of information security.
Introduction
The draft report for Corporate Governance for South Africa and the draft Code of Governance Principles (King 3) was released on 25 February 2009 (see our post King 3 published for comment). It is one of three high water marks in the evolution of a body of “information security law” in South Africa.[1]
The other two events were the passing of the ECT Act in 2002 (see our Guide to the ECT Act) and the release of the Protection of Personal Information Bill in October 2005 (”POPI”) - to still be enacted (read our post Privacy: will the wait soon be over?).
The ECT Act:
- provided a framework for public key infrastructures (PKI),
- laid down the requirements for reliable electronic signatures (”advanced electronic signatures”),
- provided the requirements for transactional security[2], and
- introduced a range of cybercrimes into our law for the first time.
POPI has introduced the concepts of providing “reasonable” and “appropriate” security to protect organisational data.[3]
The release of King III marks the emergence of the first trend: Information security is no longer just a technical issue for the IT Department. It is now a legal obligation. .[4]
Trend 1 - Information security is now a corporate obligation
In the Wild West, when Jesse James and Butch Cassidy robbed banks, we felt sorry for the banks and hunted down the outlaws. Today, when someone breaks into a company’s computer system, our response is totally different: we blame the company for failing to provide adequate security.[5] Information security is therefore no longer just a technical issue for the IT Department.
- Subscribe - unlimited access for R495 per month per subscriber. It's quick and easy, and you can unsubscribe at any time. Find out more about the benefits of subscribing. Why you should pay for the content. Subscribe Now.
- Register - limited access for FREE, and without obligation. It's quick and easy to get greater access instantly. Select "Free Account" under the Subscription Options. [ Register ]
Similar:
- Infosec and King II
- Does Your Organization Need Information Security Policies?
- Payment Card Industry Data Security Standard
- When a perfect legal agreement isn’t perfect for you
- The link between the governance principles in King III and the law
Sorry, comments for this entry are closed at this time.