Need for IT security legislation

Ken Cutler, the MD of the US-based Information Security Institute and a keynote speaker at the MEITSEC 2003 conference has appealed for the Middle East to draw up legislation that governs IT security.

  • E-Mail
By  Paul Barthram Published  September 30, 2003

Ken Cutler, the MD of the US-based Information Security Institute (ISI) and a keynote speaker at the MEITSEC 2003 conference has appealed to decision makers in the Middle East to draw up legislation that governs IT security practices.

Cutler in Dubai for the Middle East IT security conference (MEITSEC) 2003, between 5-9 October, said the region was suffering in the IT security sector despite drives to educate businesses on the need to protect their systems.

"Despite the continued education drives of many vendors and consultants, security practices in the Middle East are still embryonic. While Internet security, worms, viruses, software faults and wireless vulnerabilities continually grab the headlines, security bodies are at pains to stress that the most effective way of creating a more secure environment is to address trouble spots through the formation of enterprise wide policies," said Cutler.

"It's not just enterprises that are failing to establish proper security processes and procedures. Regional governments have fallen short too of enacting legislation that governs security practices. The deficiency of Security Clearing Houses or Computer Response Teams (CERTs) is yet another sign of the immature security strategies throughout the Middle East," Cutler commented.

Cutler advised the best way to establish a security programme was to start by having an executive steering committee, which comprises the internal audit team who should be full time security professionals, human resources, legal council, physical security staff and also representation from all the major business staff units.

"The goal of this committee is to carry out risk assessment procedures and evaluations, develop detailed security policies and translate them into terms and processes that all employees can understand and implement," said Cutler.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code