classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn

Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2017

Data security is essential for Government
May 2015, Government and Parastatal (Industry), Cyber Security

Cybercrime is a burgeoning threat, not only to business but also to governments all over the world. The increasing number of highly publicised examples of cybercrime activities being used against governments or for political gain highlights this trend.

The need for controls to protect unauthorised access to sensitive information is clear. However, while cybercrime may be the main driver behind these efforts, data security covers so much more than just cybercrime. Worldwide, data protection legislation is driving a growing body of best practice with regard to securing information from all manner of threats, both internal and external, and government will benefit significantly if they become part of this movement in order to prevent data from falling into the wrong hands.

With regards to data security in government, breaches are a global phenomenon, perpetrated for a number of reasons including financial gain, political leverage and more. South Africa is no different, as recent events have highlighted, and cybercrime is one of the biggest culprits of such events. From commercial enterprises to the public sector, cybercrime costs billions of Rand each year, and revisions to local legislation are thus underway in an effort to curb this alarming trend.

However, online threats are by no means the only danger to sensitive information, and many incidents of data breaches have occurred as a result of the simplest of methods, from printing confidential documents to copying unauthorised files onto a USB drive and simply walking out of the building. Government is faced with a number of challenges in this regard. There are so many ways of leaking information, from email hacking to unauthorised copying of information and everything in between. In addition, different departments have different priorities and different sensitive data.

Levels of classification

Compounding this is the fact that there are currently many different levels of maturity across the organisation, so it is not possible to have the same standards applied across the board. As a result, while frameworks and guidelines can be put into place, specifying the type of controls that should be in place, the specifics and details will vary from one department to another.

Ensuring data security requires governments to control the flow of data, understand their infrastructure, and most importantly, begin security with the process of collecting data. Starting from the beginning of the data lifecycle is key from the perspective of auditing and forensics. Understanding which information is confidential or sensitive, and classifying data accordingly, is essential. From there it is possible to implement logging, monitoring and alerting systems to flag incidents of unauthorised data access. This is crucial, however, it is only one element in the chain of security, as it provides no protection – only a reactive view of events once they have already occurred.

Once data classification and monitoring has been implemented, government can examine other technologies for the protection of information. The key here is to understand what data there is, and what government priorities are. This comes back to the importance of data classification, as without this no organisation, government or otherwise, can implement proper controls. It is simply not practical to protect everything, particularly in light of the rapid rate at which data volumes are expanding, so prioritisation is essential.

Agile adaptation

Simeon Tassev, director and QSA at Galix.
Simeon Tassev, director and QSA at Galix.

Preventative technology is the next step, along with vulnerability management and continuous vulnerability monitoring. Data security requires an understanding of the environment as well as the potential risks, which are constantly evolving, so security needs to adapt in an agile manner to these changes. Network access controls, mobility management systems and more can then be implemented on top of this.

When protecting data, there are many technologies that can be used to develop a tailored and layered solution to address the various requirements of government. However, any security solution starts first and foremost with the data itself.

Data must first be classified, after which policies, procedures and frameworks need to be implemented and enforced across all departments. Without these, security, no matter how sophisticated the technology, cannot be enforced. Data security begins with strategy, not with specific tools, and hinges on a solid understanding of where data is, what data is, and which information is sensitive, confidential or in need of protection.

For more information contact Simeon Tassev, Galix, 086 1 2 GALIX,

Supplied By: Galix Networking
Tel: +27 11 472 7157
Fax: +27 11 472 8841
  Share via Twitter   Share via LinkedIn      

Further reading:

  • Packaged cyber-threat service
    October 2017, GNL Cyber, News, Cyber Security
    Gold ‘N Links Cyber introduces GNL CYBER 360, a per user, next generation cyber-threat packaged service.
  • More than physical intrusion
    October 2017, Mining (Industry), Cyber Security
    Mining and manufacturing sectors are becoming increasingly vulnerable to cyber attack. This is highlighted in Dimension Data’s Global Threat Intelligence Report for 2017.
  • Mining botnets are back
    October 2017, This Week's Editor's Pick, Cyber Security
    The Kaspersky Lab anti-malware research team has identified two botnets made of computers infected with malware, which silently installs cryptocurrency miners.
  • Back to the future
    September 2017, Adamastor Consulting, This Week's Editor's Pick, Cyber Security, Integrated Solutions, Residential Estate (Industry)
    The future is not what it used to be. Rob Anderson looks at estate security in 2027.
  • Managing technology risks for effective estate security
    September 2017, Technews Publishing, Residential Estate (Industry), Cyber Security, Integrated Solutions, Conferences & Events
    Hi-Tech Security Solutions and Rob Anderson hosted the Residential Estate Security Conference 2017 in Johannesburg earlier this year.
  • Deepening the value of surveillance
    September 2017, Hikvision South Africa, Residential Estate (Industry), CCTV, Surveillance & Remote Monitoring, Cyber Security
    Deep Learning has swept through the IT industry, bringing benefits and better classifications to a number of applications. Now it’s changing security as well.
  • Breaking the chain
    September 2017, This Week's Editor's Pick, Cyber Security
    How attackers hide a backdoor in software used by hundreds of large companies around the world.
  • Prevention is better, and cheaper
    August 2017, J2 Software, This Week's Editor's Pick, Cyber Security, Integrated Solutions, Healthcare (Industry)
    Securing healthcare data across the ecosystem will not only prevent fraud, it will also improve service delivery in the public and private sectors.
  • Only the paranoid survive
    August 2017, This Week's Editor's Pick, Cyber Security, Integrated Solutions, IT infrastructure
    Whether you’re a government, a hospital, a global corporation, a small business or an individual, you should be paranoid because they are out to get you.
  • Will artificial intelligence replace our jobs?
    August 2017, Integrated Solutions, Cyber Security, Security Services & Risk Management
    Many welcome the possibilities brought about by rapid advances in artificial intelligence, but there is also growing uncertainty about the long-term impact on jobs.
  • Cyber attacks to the left, ransomware to the right
    August 2017, This Week's Editor's Pick, Cyber Security, News
    We all need to be agile and responsive to the new unknowns; here are some tips for preventing future nasties like WannaCry and Petya.
  • Growing concern over global cybersecurity
    August 2017, News, Cyber Security
    The average cost of a security breach in the UK is R40,5 million, while DDoS attacks costs an average of R500 000 an hour to defend.

Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Terms & conditions of use, including privacy policy
PAIA Manual
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.