Study: Corporate South Africa lacks IS maturity

IS assessments conducted by Dimension Data during 2005 have revealed that corporate South Africa is not faring well in terms of administering and managing the people element of information security.

Companies surveyed achieved an overall maturity score of 43 per cent, with some sectors, such as manufacturing, scoring as low as 3 per cent.

Maturity relates to the responsibility assumed for a security program, how it is administered as well as how aware and educated employees are about an organization’s security policies and procedures.

The companies assessed did, however, fare relatively well with regard to perimeter security, and achieved an overall score of 56 per cent.

“Security is no longer a technical risk, but a business risk that needs to be addressed at a board level”, says Gary Middleton, GM of security solutions at Dimension Data.

SA scores poorly with regard to risk management and IS, and boards are not aware of how much risk they are facing, or what measures are in place to protect their organizations.

“Many organizations are still unaware of the serious consequences that the mismanagement of information security can have. The loss or compromise of information assets has a very real impact on an organization’s risk profile,” Middleton adds.

Dimension Data has developed a chief security officer (CSO) service to provide customers with guidance in managing information security-related issues and achieve a compliant environment in relation to various corporate governance requirements.

Through its CSO service, Dimension Data will deliver global security best practices to customers as and when required, improve their security posture and assist them to address various business risks.

Middleton notes that, whilst customers have the option of outsourcing the management of their security, the ownership of security strategies should reside with customers.

“Although corporate SA is faring relatively well in terms of global security best practices, it has to do more to manage and mitigate risk to an acceptable level,” concludes Middleton.