Data security is essential for Government
May 2015, Government and Parastatal (Industry), Cyber Security
Cybercrime is a burgeoning threat, not only to business but also to governments all over the world. The increasing number of highly publicised examples of cybercrime activities being used against governments or for political gain highlights this trend.
The need for controls to protect unauthorised access to sensitive information is clear. However, while cybercrime may be the main driver behind these efforts, data security covers so much more than just cybercrime. Worldwide, data protection legislation is driving a growing body of best practice with regard to securing information from all manner of threats, both internal and external, and government will benefit significantly if they become part of this movement in order to prevent data from falling into the wrong hands.
With regards to data security in government, breaches are a global phenomenon, perpetrated for a number of reasons including financial gain, political leverage and more. South Africa is no different, as recent events have highlighted, and cybercrime is one of the biggest culprits of such events. From commercial enterprises to the public sector, cybercrime costs billions of Rand each year, and revisions to local legislation are thus underway in an effort to curb this alarming trend.
However, online threats are by no means the only danger to sensitive information, and many incidents of data breaches have occurred as a result of the simplest of methods, from printing confidential documents to copying unauthorised files onto a USB drive and simply walking out of the building. Government is faced with a number of challenges in this regard. There are so many ways of leaking information, from email hacking to unauthorised copying of information and everything in between. In addition, different departments have different priorities and different sensitive data.
Levels of classification
Compounding this is the fact that there are currently many different levels of maturity across the organisation, so it is not possible to have the same standards applied across the board. As a result, while frameworks and guidelines can be put into place, specifying the type of controls that should be in place, the specifics and details will vary from one department to another.
Ensuring data security requires governments to control the flow of data, understand their infrastructure, and most importantly, begin security with the process of collecting data. Starting from the beginning of the data lifecycle is key from the perspective of auditing and forensics. Understanding which information is confidential or sensitive, and classifying data accordingly, is essential. From there it is possible to implement logging, monitoring and alerting systems to flag incidents of unauthorised data access. This is crucial, however, it is only one element in the chain of security, as it provides no protection – only a reactive view of events once they have already occurred.
Once data classification and monitoring has been implemented, government can examine other technologies for the protection of information. The key here is to understand what data there is, and what government priorities are. This comes back to the importance of data classification, as without this no organisation, government or otherwise, can implement proper controls. It is simply not practical to protect everything, particularly in light of the rapid rate at which data volumes are expanding, so prioritisation is essential.
Simeon Tassev, director and QSA at Galix.
Preventative technology is the next step, along with vulnerability management and continuous vulnerability monitoring. Data security requires an understanding of the environment as well as the potential risks, which are constantly evolving, so security needs to adapt in an agile manner to these changes. Network access controls, mobility management systems and more can then be implemented on top of this.
When protecting data, there are many technologies that can be used to develop a tailored and layered solution to address the various requirements of government. However, any security solution starts first and foremost with the data itself.
Data must first be classified, after which policies, procedures and frameworks need to be implemented and enforced across all departments. Without these, security, no matter how sophisticated the technology, cannot be enforced. Data security begins with strategy, not with specific tools, and hinges on a solid understanding of where data is, what data is, and which information is sensitive, confidential or in need of protection.
For more information contact Simeon Tassev, Galix, 086 1 2 GALIX, firstname.lastname@example.org
||+27 11 472 7157
||+27 11 472 8841
- Making cents out of the security mix
May 2018, Cathexis Technologies, Panasonic South Africa, Xone Integrated Security, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Cyber Security, Integrated Solutions, Financial (Industry)
Hi-Tech Security Solutions chats to industry specialists about the security mix, cybercrime and the onslaught of artificial intelligence in the financial sector.
- More of the same, but more sophisticated
May 2018, Duxbury Networking, This Week's Editor's Pick, Cyber Security, Integrated Solutions, IT infrastructure
We’ve been protecting networks from criminals for many years, but as soon as the defences improve, the attacks get more sophisticated.
- Make sure the channels are safe
May 2018, This Week's Editor's Pick, Cyber Security, IT infrastructure
Companies should be aware of how many possible data leakage sources they have: e-mail, phone calls, instant messengers and social networks, cloud storage, external storage devices – to name a few.
- Transform your security
May 2018, This Week's Editor's Pick, Cyber Security, IT infrastructure
In this digital era, data is the currency of choice, unfortunately, opportunities are presented for both organisations and their adversaries.
- Surviving cybersecurity challenges
May 2018, Axis Communications SA, This Week's Editor's Pick, Cyber Security
South Africa has the third highest number of cybercrime victims worldwide, with the country losing billions of rand annually.
- Real-time network visibility
May 2018, Networks Unlimited, IT infrastructure, Cyber Security
When it comes to network downtime in any industry, the underlying statistics tell us one thing: it costs money and lots of it.
- Cybersecurity awareness is key
May 2018, GNL Cyber, Training & Education, Cyber Security
GNL Cyber offers a wide range of tailored cybersecurity training courses, designed to address the changing cyber threat landscape.
- The cybersecurity of physical security
April 2018, This Week's Editor's Pick, Cyber Security
Being aware of the dangers is one thing, but actually knowing what you need to look out for and do to secure your surveillance infrastructure, is quite another.
- The network is the camera
April 2018, IT infrastructure, Cyber Security
Protecting your network is a critical step in protecting your security infrastructure as well as your business. Hi-Tech Security Solutions talks to Aruba Networks about network security.
- The question of value
April 2018, Technews Publishing, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Cyber Security, Integrated Solutions
How do you know your surveillance installation is delivering value? Do your service providers deliver value?
- Beyond the hype: tomorrow’s surveillance, today’s reality
April 2018, Technews Publishing, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Cyber Security, Integrated Solutions, IT infrastructure, Conferences & Events, Training & Education
iLegal 2017 once again lived up to its reputation and saw a host of presenters offering insights and advice into a range of aspects related to the surveillance world.
- Protecting the nerve centre
April 2018, CCTV, Surveillance & Remote Monitoring, Cyber Security, Integrated Solutions
A control room is seen as a secure location that is tasked with securing other locations, but it is not unheard of in South Africa that a control room is hijacked. What can be done to secure these locations?