|
Dated: 1 November 2002
Ever pictured a scenario like this: You go to the nearest ABM machine to get some cash for lunch or shopping, but it’s down. Annoyed, you go to other locations and they’re also out; before long you’re running into other persons having similar experiences at other locations.
Why is that happening? Because the network handling the ABM transactions has failed, or more precisely, has been compromised, violated, hacked, call it what you will.
Or another instance: you hire an individual and said individual has a high level of access to your corporate data. However, what you weren’t aware of is that the individual is crooked and can’t resist the temptation to sell sensitive information on your business decisions to your competi tors behind your back, costing you millions.
The preceding, while imagined, are not far-fetched. Welcome to the world of information security, the latest frontier in the security industry. Of course, protecting information isn’t a new activity, but in this post dot-com world, it’s rapidly growing in importance.
That’s the premise on which Fitzroy Roswell, founder and Director of i-Security Business Services (i-SBS), is seeking to build a business. The young company focuses on what he terms a “holistic approach to security — looking at people and processes as well as technology.”
Most companies, he asserts, have bought into one of the conventional methods, firewall, or password-protected access. “But those don’t really protect against internal threats … the people who actually work for you and have access to your information or control over your IT systems.”
Instead, Roswell, who comes to the enterprise with over 14 years IT consulting experience, believes in putting in security from the pre-installation phase of an IT system. Three criteria guide secure info access: Confidentiality, Integrity and Availability. Satisfying these, he says, are the keys to preventing a denial of service event, such as in our aforementioned ABM scenario.
In addition to tech and training certifications from most of the existing IT heavyweights (Microsoft, CISCO Novell), Roswell also holds the Certified Information Systems Security Professional, the most coveted non-vendor certification in the industry (Think of it as the info-guard’s equivalent to the CPA).
There’s no single metric for measuring information security throughout all companies. However, one thing i-SBS does insist on universally is executive buy-in: “The CEOs and senior executives must be sensitive to the risks to their corporate information and to the implications of losses. You have to be able to answer the question, what would be the full cost to us if this information were lost or compromised?’
To that end, i-SBS helps companies develop information security policies that are not only applicable to the needs of their business, but fit in with the country’s still archaic legal code. The policy includes a written, signed statement on appropriate use of information, and a commitment to auditing info-security on regular basis.
So, who’s bought in to Roswell’s concept? Well, he wonít name actual clients, but points to the financial and public sectors are areas of interest. While he bemoans the fact that concern is not more widespread among Jamaican businesses, he is seeing some progress and fields calls from heavyweights in other sectors wanting to know more almost on a daily basis. He also sees opportunities in the Internet Service Provider (ISP) sector.
Having the critical human support in place then facilitates the use of the various technology products available. And he insists that the model is not only applicable to the majors. “Any company of any size, once it is handling information ,should be concerned about the confidentiality and integrity of that information.”
He attributes the growing interest partially to the fact the Internet is figuring more prominently in Jamaican business at this time. With the info-boom comes all the risks associated with the “gold rushes” of yore: increased risk due to the general absence of structure.
All this from a small but welcoming office in the midst of a New Kingston high-rise. i-SBS has on staff three persons plus an additional three that Roswell refers to as “virtual consultants” who carry out the development, installation and monitoring work. The company also conducts seminars to boost public awareness.
For the future, he is pressing for changes to Jamaica’s Byzantine legal code so as to recognize not just the information security industry, but the information technology sector as a whole, and he’s looking beyond Jamaica to other Caribbean islands to assist them in establishing their own information security infrastructures.
So when next you hit that local ABM machine, be thankful that you don’t have to spare a second thought as to the safety of your information.
|
