Information Security Fundamentals

Information security breaches seem to be prevalent lately in technology news being reported on the internet.

Total protection from information security breaches is not possible because unethical hackers with enough resources, money, time and motivation can hack into almost any system. This being the reason why most countries are starting to build cyber warriors of their own to help defend themselves from cyber attacks.

I digress.

While total security is a myth, good security is not. Yet it is at this first step that many miss the mark when it comes to security.

Good security includes a methodology of Prevention, Detection and Response, but at these basic points many companies on the continent (Africa) fail to meet the bare minimum.

Best Practices

One of the best things to do to get the basics of security right is to comply to some of the laws and best practices prescribed for information security.

As an example, according to a study done, it was revealed that PCI-DSS (Payment Card Industry's Data Security Standard) compliant companies suffered less infomation security reaches compared to their counterparts who were not PCI compliant.

Being PCI-DSS compliant does not in itself mean that your company will be secure and not suffer any breaches, but it does go a long way in ensuring that you have good security and have measures in place to prevent, detect and respond to any breaches that may occur.

Importance of Compliance

Despite this, some South African companies still ignore PCI-DSS compliance.

This is unfortunate, as being compliant to PCI-DSS and other information security best practices and standards is a good thing for any business to do.

Also, with the implementation of the Protection Of Personal Information (POPI) Act in South Africa, companies that are not compliant are set to face huge fines and possible jail-time for non-compliance.

Compliance is, among other things, one of the measures that any company can have in place for the sake of its own security and bottom-line. Being compliant helps a company to follow and implement best practices as far as information security is concerned.

While many jump and think of information security in terms of the latest tools you have deployed and the latest Honeypots and Intrusion Prevention/Detection Systems one has in place (things which I love by theway), one still has to remember the old age saying :

Stick to the basics.

It's all about making yourself a harder target for your attackers - and compliance to information security best practices is a good place to start.

Image credit: David Goehring

Comments