RealNews

People Are the Weak Spot in IT Security

A control system is not automatic. A well-designed system with the best procedures won’t work without attention. People – not paper – make it work. – JE Ross and MJ Kami. Risk management and internal control often do not enjoy the same prominence as other requirements for good corporate governance. Yet these are issues that the King committee on corporate governance treated with due gravity. The King 2 report on corporate governance defines risk management as the identification and evaluation of actual and potential risk areas as they pertain to the company as a total entity, followed by a process of either termination, transfer, acceptance (tolerance) or mitigation of each risk. A similar risk management duty was placed on company directors in a recent supreme court of appeal judgment on information technology (IT) risk management, in the case of Minister of Safety and Security v Van Duivenboden. The court found that a person may be held liable for damages or losses that resulted from a “negligent omission” – the failure and/or refusal to do something when reasonably required. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.