In the most recent update of the King IV Code, reference is made to information governance. The code goes to great lengths to differentiate between the usual IT governance, and this expanded responsibility of the organization to ensure that the data, information and intellectual property of the organization is adequately protected.
Under principle 12 of the Code, it is recommended that the governing body should ensure that the implemented information management processes, sustains and enhances the intellectual property protection of the organization, that there are adequate data protection controls in place and that there are compliance with information security legislation.
Historically organizations approach IT Security proactively through policies, procedures and the associated management assurance protocols. However, information and data security, as it pertains to verbal communication, meetings, telephone conversations and strategic engagements, are often more reactively addressed.
Conventional Technical Surveillance Counter Measures (TSCM) or Debugging ‘sweeps’ lack the required proactive requirement of good information governance. The world has also changed, a verbal communication data interception is no longer limited to the real-time conversation interception but can now also be intercepted on the electronic data side, therefore, having an intersection with the IT environment.
In response to the evolution of the communication data risk, our service has evolved and has been adapted to fulfil both pro-active and reactive functions. It is also no longer limited to conventional surveillance “sweeping” but has been designed to be a comprehensive and scalable data security assurance review or audit. Scalability of the service ensures that we respond in sync with client needs.
ความคิดเห็น