“It’s essential that the management of IT security is not only driven by CIOs but also by general management.”
Leif Caspersen, PA cyber security expert
In a special edition of IT publication Version2, PA experts in cyber security Leif Caspersen and Ali Yaqoob are quoted in a number of articles about how to best protect a company’s vital data.
In the article ‘Know your risks’, Ali discusses the importance of risk management when assessing how to invest in IT security. He says: “IT departments’ focus on IT security is undergoing a change at the moment. However, it is rarely aligned with the business. People seem to give insufficient protection to valuable assets while protecting others that no longer need protection.” Ali adds that, as only a small amount of data may contain valuable information, companies do not necessarily have to protect all of their data.
In the article ‘How to secure employees’ use of mobiles’, Leif Caspersen comments on the importance of regulation covering employees’ use of mobile devices in the workplace: “CIOs are sometimes perceived as people who complicate things. It’s therefore essential that the management of IT security is not only driven by CIOs but also by general management. Alternatively, the credibility of the CIO will become the determining factor of what people validate as important.” Leif adds that, in order for people to understand and respect the rules of IT security, these rules need to be enforced with support from the HR department “If there are no consequences of violating the rules, the company signals that IT security is not that important. This must be addressed, although not necessarily by firing people for violating the rules as happens in some companies.”
In the final article, Leif gives his advice on how to best protect computers and data in utility and production facilities. He comments: “Production systems tend to be old and were often originally designed to work as stand-alone systems. However, many of these older systems have since been connected to the internet to meet the requirements of remote management and monitoring. People are now discovering how incredibly vulnerable these systems really are.”