classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2017


Data security is essential for Government
May 2015, Government and Parastatal (Industry), Cyber Security

Cybercrime is a burgeoning threat, not only to business but also to governments all over the world. The increasing number of highly publicised examples of cybercrime activities being used against governments or for political gain highlights this trend.

The need for controls to protect unauthorised access to sensitive information is clear. However, while cybercrime may be the main driver behind these efforts, data security covers so much more than just cybercrime. Worldwide, data protection legislation is driving a growing body of best practice with regard to securing information from all manner of threats, both internal and external, and government will benefit significantly if they become part of this movement in order to prevent data from falling into the wrong hands.

With regards to data security in government, breaches are a global phenomenon, perpetrated for a number of reasons including financial gain, political leverage and more. South Africa is no different, as recent events have highlighted, and cybercrime is one of the biggest culprits of such events. From commercial enterprises to the public sector, cybercrime costs billions of Rand each year, and revisions to local legislation are thus underway in an effort to curb this alarming trend.

However, online threats are by no means the only danger to sensitive information, and many incidents of data breaches have occurred as a result of the simplest of methods, from printing confidential documents to copying unauthorised files onto a USB drive and simply walking out of the building. Government is faced with a number of challenges in this regard. There are so many ways of leaking information, from email hacking to unauthorised copying of information and everything in between. In addition, different departments have different priorities and different sensitive data.

Levels of classification

Compounding this is the fact that there are currently many different levels of maturity across the organisation, so it is not possible to have the same standards applied across the board. As a result, while frameworks and guidelines can be put into place, specifying the type of controls that should be in place, the specifics and details will vary from one department to another.

Ensuring data security requires governments to control the flow of data, understand their infrastructure, and most importantly, begin security with the process of collecting data. Starting from the beginning of the data lifecycle is key from the perspective of auditing and forensics. Understanding which information is confidential or sensitive, and classifying data accordingly, is essential. From there it is possible to implement logging, monitoring and alerting systems to flag incidents of unauthorised data access. This is crucial, however, it is only one element in the chain of security, as it provides no protection – only a reactive view of events once they have already occurred.

Once data classification and monitoring has been implemented, government can examine other technologies for the protection of information. The key here is to understand what data there is, and what government priorities are. This comes back to the importance of data classification, as without this no organisation, government or otherwise, can implement proper controls. It is simply not practical to protect everything, particularly in light of the rapid rate at which data volumes are expanding, so prioritisation is essential.

Agile adaptation

Simeon Tassev, director and QSA at Galix.
Simeon Tassev, director and QSA at Galix.

Preventative technology is the next step, along with vulnerability management and continuous vulnerability monitoring. Data security requires an understanding of the environment as well as the potential risks, which are constantly evolving, so security needs to adapt in an agile manner to these changes. Network access controls, mobility management systems and more can then be implemented on top of this.

When protecting data, there are many technologies that can be used to develop a tailored and layered solution to address the various requirements of government. However, any security solution starts first and foremost with the data itself.

Data must first be classified, after which policies, procedures and frameworks need to be implemented and enforced across all departments. Without these, security, no matter how sophisticated the technology, cannot be enforced. Data security begins with strategy, not with specific tools, and hinges on a solid understanding of where data is, what data is, and which information is sensitive, confidential or in need of protection.

For more information contact Simeon Tassev, Galix, 086 1 2 GALIX, simeon@galix.com


Credit(s)
Supplied By: Galix Networking
Tel: +27 11 472 7157
Fax: +27 11 472 8841
Email: info@galix.com
www: www.galix.com
  Share via Twitter   Share via LinkedIn      

Further reading:

  • Securing your access security
    November 2017, G4S South Africa, Impro Technologies, This Week's Editor's Pick, Access Control & Identity Management, Cyber Security
    While one may not consider access control solutions a prime hacking target, any connected device is a target in today’s world.
  • The complexity of borders
    November 2017, Government and Parastatal (Industry), CCTV, Surveillance & Remote Monitoring, Access Control & Identity Management, Integrated Solutions, IT infrastructure
    Controlling borders is a critical task for governments the world over, both at official and unofficial entry points where illegal crossings are made.
  • Pelco adds to airport safety and security
    November 2017, Pelco by Schneider Electric, Government and Parastatal (Industry), CCTV, Surveillance & Remote Monitoring
    Nigeria’s international airport equips itself with an intelligent end-to-end IP video solution for proactive response.
  • SOLID webKey is simple security
    November 2017, This Week's Editor's Pick, Cyber Security, News
    Ansys débuts its first consumer cybersecurity product with an all-in-one account protection device.
  • Physical and cyber defence centre
    November 2017, This Week's Editor's Pick, Cyber Security, News
    XON and NEC Africa will launch their joint Cyber Defence Operation Centre (CDOC), the only such facility from a single service provider in Africa that offers end-to-end physical and cyber defence services.
  • Government needs better technology
    November 2017, ZKTeco, Government and Parastatal (Industry)
    Government and related organisations are responsible for holding and managing information that is critical to a country and its citizens.
  • Integrated border management
    November 2017, Betafence South Africa, This Week's Editor's Pick, Perimeter Security, Alarms & Intruder Detection, Integrated Solutions, Government and Parastatal (Industry)
    The most important component in the deployment of a physical security solution is the integration of various security systems into one solution.
  • 21st-century border surveillance
    November 2017, Secu-Systems, Government and Parastatal (Industry)
    The mission of securing a nation’s borders is challenging for many reasons, chief among them is the sheer size of the area that needs to be effectively monitored and patrolled.
  • A thermal border
    November 2017, Zhejiang Dahua Technology, Government and Parastatal (Industry), CCTV, Surveillance & Remote Monitoring
    Like many cutting-edge technologies, thermal imaging was first developed for military use in the 1950s and 1960s for missiles.
  • How to implement physical security
    November 2017, Genetec, Government and Parastatal (Industry), CCTV, Surveillance & Remote Monitoring
    Utility providers and operators will now have to upgrade better security systems to help tighten security.
  • Danish scanning customs
    November 2017, Government and Parastatal (Industry), Asset Management, EAS, RFID
    Adani has been chosen as a supplier of the mobile X-ray body screening solution for the Danish Customs Service, SKAT.
  • Advanced malware protection
    November 2017, Duxbury Networking, Products, Cyber Security
    Intercept-X includes root-cause analytics and advanced malware clean up together with advanced anti-exploit features that block zero-day threats without the need for traditional file scanning.

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.