This article comes to us from Computer World:
Information security may be put in place mostly at the IT level, but to work well it must go right to the top, says security expert Basie von Solms.
The visiting South African security governance specialist and president of the IFIP (International Federation of Information Processing) was speaking to a NZ Computer Society meeting earlier this month.
IT security must be initiated and controlled by the board or top management of the organisation, said the security governance specialist from the University of Johannesburg. Von Solms is currently writing a book on information security governance. He has also published a number of scholarly papers on the subject.
For security control, the results of various security measures taken – both positive and negative – must be reported up the chain to the top echelons. These are the people who are increasingly being asked to take personal responsibility for any failure to manage information assets competently, says von Solms.
Read on.
Tags: Information Security, Security Priority
