The good vibes from GovSym

“I actually like audits,” she said. Did I hear that right?

It was about mid-way through this week’s GovSym conference, when I was moderating a session on crisis mitigation, when Denise Ernst, the director of IT security and recoverability at the Canadian Payments Association, admitted she didn’t suffer from the usual conflict one associates with those being subjected to a security or compliance review.

“The thing is, we can’t be aware of everything. We’re not always out there on the ground,” Ernst said. “If they can show us an area where we can improve, that’s terrific.”

So is her attitude. The interesting thing about GovSym this here was how positive many people were. It started with Symantec CEO Enrique Salem’s opening keynote, where he suggested mitigating risk should be a positive discussion. It continued later in the day in the session on policy development and enforcement. I asked Tim Dafoe, the senior IT security advisor for the government of Ontario, about how to ensure that staff adhered to the rules he helps develop.

“In many cases it’s about raising awareness,” he said. “People may not know, but once you tell them, people generally want to do the right thing.”

This is a departure from some sessions on security I’ve attended, which occasionally painted a very bleak picture of human nature. Not that anyone was being a Pollyanna. I asked Dafoe, for example, about the consequences of flouting policies. Dafoe outlined considerable monitoring capabilities and serious sanctions — including criminal charges — can apply in such situations. “It's not something anyone's taking lightly,” he said.

This got to the heart of this year’s GovSym theme, which was “people are the new perimeter.” People have always been part of the perimeter before, but advances in technology have vastly increased the points of vulnerability along that perimeter, whether it’s a USB stick, an electronic health record, or a Facebook account.

Towards the end of the day, we gathered four of our key speakers back to the front of the room for one more “lightning round” of questions. I ended by picking up on one of the first questions of the day. It came from a gentleman (who I was later told came from the DND) who asked how IT professionals could really improve security because they are dealing with people and, in his words, “you can’t change people’s behaviour.”

I asked our panel whether they agreed. Three of our four didn’t. They thought that with the right education, with clear enough policies and effective monitoring, a culture of security is possible. I don’t think I could have asked for better news to come out of GovSym.


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Shane Schick
Shane Schick
Your guide to the ongoing story of how technology is changing the world

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight