Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The top 10 security issues in NZ -- and why they should be on the board agenda

Divina Paredes | Oct. 15, 2014
KPMG conducted penetration tests for 200 New Zealand organisations and was able to gain admin access and unauthorised access to applications and premises of all of them. So what are some lessons for local organisations?

He noted one does not need to be an IT professional in order to do these activities. "I can do it, you don't need to be an IT person," said Whitmore, whose background is in accounting and law.

"The threat is real, we are a target in New Zealand just because we are here, we have money, we have IP and valuable assets," he said.

A security breach can "kill a company in nanoseconds".

He said security risks should be treated as a regular boardroom issue, "on a par with financial reporting, regulatory issues and strategic direction."

This way, "it gets the attention they need."

He said it is important that there are clear roles and responsibilities for security.

Most medium or large sized organisations will have two key roles — a chief information security officer who is responsible for information and protecting it, and an IT security manager, who is a senior person in the IT team. In smaller organisations, this may be a shared role.

He also recommended establishing a security risk management process at an organisation level and during the development or purchase of any new systems.

"Understand your risks, test your security systems, so that you are in a position to manage them," he concluded.


Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.