Global trade and logistics now require local attention. If ICT governance and security is left unaddressed, the outcomes could compromise worldwide transactions, increase the time needed to complete deals, expose confidential information and hinder important data from being used effectively. All of these factors can cause enterprises to lose value and reduce profits.
It is very important that involved and supporting organizations such as ISACA pay proactive attention to increase the awareness and encourage the management of governance and security controls in developing countries and their governments’ agencies. Private-sector organizations also should step in and ensure that this issue is addressed internationally.
To provide such support, many tools and mechanisms should be involved. For example, organizations could develop international contracts and audit computer transactions between parties such that they contain all or part of COBOT, 27001 or any other standard to ensure that large part for a start is executed..
During different assessments with the government and private sectors, the issue was raised and was basically understood, but this understanding was limited to the use of simple governance, virus scanner and some firewalls when it comes to large companies. Small businesses do little more than install a purchased virus scanner. Now imagine when you discuss the application of COBIT and 27001 controls or IT service management (ITSM) or any other standard tool. If it is not related to banking or other important financial business issues, then you probably will not find a responsible security officer or an assigned IT professional who could take care of such issues.
To summarize, institutions need to be involved at a higher level to increase ICT governance and security awareness among developing country government agencies and private sector companies. This could be done by, among other activities:
- Execute an assessment project selecting a number of local companies using an assessment or survey sheet carefully selecting a sample of SME and Government agencies. The assessment or benchmarking would be against COBIT controls through one visit.
- Using the outcome a real assessment report of such situation can be formulated together with recommendations
- Possible through the recommendation a number of selected organization could be selected and obtain a COBIT certification or certificate of readiness
- Using the assessment probably we could also get the number of local assessors, number of those who would be certified.
- Share or reduce the cost of related materials and tools, such as security books, membership at security institutions and attendance at security educational events.
- Share workshops with government institutions or involved ministries to increase the awareness and the importance of security to life and business.
- Localize the materials and/or have local subject matter liaisons.
- Compromise profit at the beginning to have a market share of governance and security officers who are not only educated in the subject matter, but also certified.
- Involve COBIT curricula into ICT education
- Arabization.
---
Autor(en)/Author(s): Hassan El-Meligy
Quelle/Source: Zunia, Aug. 2011
Bitte besuchen Sie/Please visit:
