The Weakest Link in Information Security

In IT Security, we say that users are the weakest link and a program that works towards increasing education training and awareness to users. This is immediate requirement to ISO standards, and the achievement of these ensures organization have a very robust IT security and risk management procedure. 

What are the biggest challenges companies face in Information Security?

The biggest challenge with companies is that they do not implement a well-rounded information security program. This is normally demonstrated by the fact that most users in the organizations do not understand the issues around protecting the password information and protecting corporate information. So, our programs try to bring that gap by assuring that all users and all people in the organization from the executives, to the line managers to the end users understand the role they need to play in protecting information that belongs to the company and the information that belongs to password information. 

What challenges do you face while implementing ISO 27001?

The biggest challenge that we face with ISO 27001 implementation is the lack of understanding from many clients. Many clients do not understand the need, why they need to implement, or why do they need to implement a program to drag them towards conformance towards ISO 27001. In some jurisdiction, you find that compliance to ISO 27001 is mandatory. All organizations that deal with public information for instance are required to comply to that standard and get certified. But in starting jurisdiction outside of their country, they found out that the law does not exist for organizations to comply and to be certified with ISO 27001. So, that brings out very big challenge in term of organization understanding why do they need to be certified or why do they need to comply to that particular standard or implement the best practices for information security management.

How should companies convince top management to implement ISO 27001?

The best way of achieving that is to create a very elaborative business cases for the champions in the organizations who want to implement ISO 27001 or information security management system the biggest static point to develop a business case. So, that can be taken to top management for them to buy a tool for the program of documented information security according to ISO 27001. Then the moment we have the info for the top management, then everything else becomes easy to provide the resources and everything that is needed for the implementation. 

Speaker

Evanson Ikua A Lead Consultant at LANet Consulting Group, Mr. Ikua is an experienced project manager with an expertise in Management Systems Implementation, expert in IT Risk Management, IT Governance, Compliance, Business Continuity, Information Security and Cyber Security, and expert in CoBIT IT Governance framework implementation, Capability Maturity Modelling, Information Security Management Systems (ISMS) implementation (Certified ISO/IEC 27001 Lead Implementer, ISO 14001 Lead Implementer, Cyber Security Lead Manager) and other Quality Management systems.