Accuracy of information key to attaining appropriate cybersecurity risk posture

8th November 2019

By: Schalk Burger

Creamer Media Senior Deputy Editor

     

Font size: - +

Companies must establish the accuracy and truthfulness of information, including from third parties, in their organisations to achieve an appropriate cybersecurity risk posture, says information technology (IT) services multinational Accenture head of cyber security practice Clive Brindley.

Knowing the veracity of information instantiated through digitalised business processes is critical to ensure that suitable decisions are taken about risks and potential gaps in cybersecurity are determined to allow for risk mitigation to within acceptable levels.

Achieving an acceptable cybersecurity risk posture aligned to the company’s risk appetite and regulatory landscape, especially in a large enterprise, also requires the engagement and input of all stakeholders, including third-party service providers where necessary, he adds.

“Information risk management requires the collaboration of numerous stakeholder groups, from business and technology, to ensure an appropriate risk posture is achieved.”

Organisations must have full knowledge of data regulations and laws, and use enterprise-wide organisational knowledge to further strengthen their compliance posture. The integrated organisational, technology and information governance operating model is a key enabler to information veracity, he states.

Strategic Value

Further, the veracity and strategic value of information also have finite life spans and this informs how it should not only be protected throughout its life cycle but also deleted when it becomes obsolete or of negligible value to an organisation.

“Companies must consider the way in which information is acquired, such as from a client filling in a Web-based application or via third-party data interchanges, and the process to validate the information, such as leveraging commercial and governmental information verification services,” says Brindley.

Subsequently, the way the information is used and processed, and when it is handed over to third parties, must be assessed to determine its life cycle, accuracy, truthfulness and value, and how it will be protected and disposed of.

Achieving a secure information posture requires an understanding of the business and core processes, and identification of the most important and high-risk areas to protect. Further, a business should have formal information and data governance operating models, including data ownership, accountability and stewardship, in place, says Brindley.

“Controls to prevent data breaches and leaks must be developed via due process, which requires accurate and reliable visibility of the use, management and governance of information.”

This process is more intricate for multinational companies, because they have to understand the regulatory and compliance landscape of each territory they operate in, which often requires local specialists to translate the regulations into responses, such as deploying additional controls.

However, all these actions – investigating the flow of data, determining the veracity of information and implementing controls to mitigate regulatory, compliance and cybersecurity risks – have a cost implication.

Therefore, when multinational organisations move to select appropriate, fit-for-purpose information security standards, frameworks and controls, the reuse of existing, standardised processes should prevail over in-house-developed methods, states Brindley.

“The significance of data and its risk to an organisation, typically determined by its risk appetite and local and transnational regulations, will determine the scope of the mitigation measures deployed, including the resources allocated to effect this.”

Edited by Martin Zhuwakinyu
Creamer Media Senior Deputy Editor

Comments

The content you are trying to access is only available to subscribers.

If you are already a subscriber, you can Login Here.

If you are not a subscriber, you can subscribe now, by selecting one of the below options.

For more information or assistance, please contact us at subscriptions@creamermedia.co.za.

Option 1 (equivalent of R125 a month):

Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format

Option 2 (equivalent of R375 a month):

All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.

Already a subscriber?

Forgotten your password?

MAGAZINE & ONLINE

SUBSCRIBE

RESEARCH CHANNEL AFRICA

SUBSCRIBE

CORPORATE PACKAGES

CLICK FOR A QUOTATION