Legislation Is Not The Answer For Information Security
Professor Mervyn King Addresses Over 500 Senior It Security Professionals At The Information Security Forum Annual World
Congress In South Africa
In his opening address at The Information Security Forum's 18th Annual Congress in South Africa last week, Professor
Mervyn King, Chairman of the King Committee on Corporate Governance in South Africa, told over 500 delegates that,
"legislation is not the recipe for good corporate or IT governance and that it is impossible to legislate against
dishonesty." Professor King added that, "quality is more important than quantity when it comes to governance; and the
market is the ultimate compliance officer."
Professor King was addressing security professionals from leading companies and organisations around the world who
convened in Cape Town to tackle the security challenges they will face in 2008 and beyond. The ISF Congress is the
leading information security conference in the world and provides a unique peer-to-peer, confidential environment for
sharing knowledge and experiences, hearing from industry experts and gaining practical advice on current and emerging
information security risks.
A former Judge of the Supreme Court of South Africa and former Governor of the International Corporate Governance
Network, Professor King told his audience at the Cape Town Convention Centre that, "IT governance is specific to each
business and a 'one size fits all' approach is not possible; alternative standards such as Cobit and ITIL should be used
as a framework for IT governance."
Professor King also believes that company Boards need to have a better understanding of the implications of strategic
decisions on information availability. He said that, "IT governance is a Board level issue and because of this it is
increasingly important to have the CIO as a Board member."
This year's Information Security Congress boasted an impressive line up of speakers, dealing with a range of important
issues from the growth in organised online crime and cybersecurity to the increasing demands of IT governance and global
legislation. Other topics under the spotlight included mobile security; security tools and techniques; managing risk;
culture, awareness and behaviour; security strategies and outsourcing.
In his presentation called 'Zen and the art of Cybersecurity', Ira Winkler, President of the Internet Security Advisors
Group warned delegates of a false sense of knowledge and the importance of getting the basics right. Mikko Hyppönen,
Chief Research Officer for F-Secure raised increasing concerns about the threats of organized crime while Stuart
McIrvine, Director of Corporate Security Strategy at IBM provided advice on ways to improve IT governance. Also speaking
was Anton Musgrave, author, futurist and Director of FutureWorld International looking at 'Life 2.0' and Reggie Butler,
Senior Consultant and Master Facilitator for Global Lead Management Consulting.
Attendance at the Annual Congress is exclusive to ISF Members and is one of the benefits of ISF membership. The ISF is a
not-for-profit international association of over 300 leading international organisations, which fund and co-operate in
the development of practical, business driven solutions to information security and risk management problems. The ISF
undertakes a leading-edge research programme and has invested more than US$100 million to create a library of over 200
authoritative reports along with information risk methodologies and tools that are available free of charge to ISF
Members.
For more information visit www.securityforum.org
ENDS