I think that the largest challenge will be the information explosion that is continuing, and data stores that are growing. We need to develop a process for dealing with most of the information automatically, and then have our remaining resources deal with the exceptions. I believe that the current interest in risk management reinforces this, as evidenced by the interest we have seen out there for the ISACA Enterprise Risk: Identify, Govern, and Manage RiskThe Risk IT Framework Exposure Draft, available at www.isaca.org/riskit. It is critical that you identify the value and risk of the information you have, or at least the value and risk of your critical information. You need to accomplish that before you can execute on processes to automate and secure its use.
Are there any aspects of infosecurity that organisations ought to be taking care of but often fail to address or even see?
I believe this will depend on the organisation, its business, its size, and the regulations that it needs to comply with. My advice is that organisations must pay attention to the Web 2.0 environment and the collaboration opportunities that they offer and look at embracing them.
And while embracing them, the organisation should look at empowering its employees to deal with the new environment. Giving them a business-based education and running a focused awareness scheme is and remains a good starting point. Remember: our people are our key resource and if we empower them with good information, they can assist us as we develop and automate our systems and process.
Sign up for MIS Asia eNewsletters.