IT Security Survey: Issues and Trends in the Middle East

In May 2001, PricewaterhouseCoopers in association with launched a Middle East security survey to quantify the extent of IT security within the region. The results, published in August 2001, make interesting reading...

  • E-Mail
By  Greg Wilson Published  August 7, 2001

IT Security Survey: Issues and Trends in the Middle East |~||~||~|Risk management is, as is revenue, fundamental to trust. Its three stepping-stones are control, security and assurance. Ensuring appropriate control at every level is a first step. The construction of tangible security architecture to protect the organisation builds confidence, which through the affirmation of users and business partners, gives the necessary assurance for trust.

The traditional model of risk focuses primarily on the downside by defining risk as the likelihood of an undesirable event and managing risk by minimizing the opportunities for its occurrence.

The Global Risk Management Solutions (GRMS) group of PricewaterhouseCoopers view is sharply different and defined as “uncertain future events that could influence the achievement of the organizations objectives, including strategic, financial and compliance objectives”.

Risk is pervasive, touching all the activities and processes that constitute the manner in which an enterprise conducts business and is directly linked to financial return and the enhancement of shareholder value.

We believe that organizations should be reacting to the need for the systematic management of risk by creating a single point of responsibility for risk management. Companies around the world have been doing this and their main goal has not been to eliminate risk but to be proactive in assessing and managing risk for their own advantage and shareholder value generation.

More enterprises throughout the world are seeking a comprehensive, integrated approach to identifying and managing risks and committing larger resources than ever before to its successful management and development of far reaching risk management programs. These include rigorous risk assessment and management systems, designated risk managers and risk management sub-committee or board representative. These specialists quantify risk exposures and link objectives and shareholder value creation to risks. These companies have also developed systems to institute a culture of risk awareness in their organizations and made risk management an important top-down message for employees.

Successful businesses will be those that create the trust infrastructure to manage identification and authentication of users, authorisation and access control and non-repudiation of transactions, both for employees within the enterprise and for remote users. We believe that the leaders of these businesses will make sure that they have adequately secured their connected enterprises, assimilated third-party trust infrastructure and managed issues of privacy and confidentiality.

Today, the challenge is not to block outsiders but to manage them carefully to make sure that they access only the information to which they are entitled, as remote access to enterprises systems is a competitive requirement. Securing remote access means applying appropriate technologies at the seams and borders of the enterprise, and whilst this is increasingly complex, it is necessary to exploit the opportunities that access provides whilst minimizing the hazards.

A trust infrastructure provides a way to reduce the risk of conducting business over an insecure network with customers and trading partners who are not well known to the enterprise. The deployment of a trust infrastructure should be a strategic issue for most enterprises, without which there is an increasing risk that business transactions may be corrupted.

The dilemma facing organizations in e-business is how to build trust through openness whilst protecting the organisation interests and assets. This requires placing privacy and confidentiality at the core of its transactions with a technology infrastructure that is safe, reliable, and secure and promotes the growth of the organisation and remains reliable as technology evolves.

Trust is the foundation of sustainable e-business and should be the objective of any organisation as it builds markets, increases revenue and augments shareholder value. It operates as a catalyst because it creates integrity and customers trust organizations with integrity.

Our Information Security Survey, targeted at the Middle East, focuses on trust infrastructure and the elements of security policies, the security organisation and stature and preventative measures.

The results are revealing and indicate that many organizations and their executive across the Middle East have much to do to catch up with their counterparts in other parts of the world.

We hope, that the information we share with you, is both enlightening and an incentive to ensure that we improve and drive the required changes through the boards and organizational leadership, in creating the necessary trust infrastructures to bring us onto the playing field.

Gavin Wehlburg
Partner – Global Risk Management Solutions – Middle East


Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code