Computerworld Singapore had the honour of interviewing Robert E. Stroud, international vice president of global nonprofit organisation dedicated to driving strong IT governance and security practices, ISACA (the Information Systems Audit and control Association), on the occasion of the Asia-Pacific Computer Audit, Control and Security (CACS) Conference held in Kyoto, Japan in late February. The discussion came at a time when the global economy hit a new low, when job losses were at a new peak, and discretionary budgets for new projectseven in key areas like staff training and information securitywiped out. And so the first question.
Computerworld Singapore: Will infosecurity go down in ranking among the top priorities in this current economic situation?
Robert E. Stroud: Infosecurity will continue to be important for enterprises as well as small and medium businesses during the present economic downturn. Companies may have smaller IT budgets than before and they will subsequently have to use whatever resources they may have more effectively and efficiently.
What is important to CIOs in the current economic atmosphere will be the alignment of business processes and management objectives. I believe that the business processes focus will include the improvement of business processes, delivering on the promise of better customer service and of course reducing costs, especially in this difficult economy.
This will require management priorities set on the alignment of IT with business objectives, improving IT planning processes and reducing green costs, identification of strategic applications, continued standardisation and consolidation of IT infrastructure, and improvement of continuity and security. The focus on information security will be critical as we continue to see to adoption and use of disruptive technologies such as the continuing emergence of Web 2.0, social networks and the evolution of SaaS [Software-as-a-Service] and cloud computing.
Do you see greater emphases being placed on infosecurity in some geographies as opposed to some others?
Information security focus tends not to vary along geographic boundaries but rather on the market segment of the business and the legislation or compliance that the organisation is subject to. For instance, in the banking and finance sector, information has and will continue to be a critical component, and the integration with business risk assessment is a frontier that is currently of high focus. Government organisations globally are working on data privacy and security requirements. When you combine this with the changing business models that are being experienced with the integration of outsourcers into the value network that delivers service, it is critical for a business to have an information security policy that associates business risk and impact to the data.
Weve often heard that infosecurity professionals are in constant catch up mode, trying to keep in pace with the bad guys (malware producers, hackers etc). What are your thoughts on that belief?
Sign up for MIS Asia eNewsletters.