Thursday, September 4, 2008

ISGA meeting in Bryanston

The turn-out of today’s Information Security Group of Africa (ISGA) meeting at the Cisco Offices in Bryanston was really impressive.

Numerous information security role-players from many different companies (including Discovery, BCX, RSA, Deloitte, and Investec) convened to hear what their peers had to say about the industry.

On the ISGA front, Karel Rode, acting chairman, showed the crowd a slide of the ISGA website’s new look. “We will be displaying security-related live content from various sources onto the homepage,” he said.

The first talker of the day was Dion Fowles from Alexander Forbes who spoke extensively about the new Protection of Personal Information (PPI) Bill and what its impact will be on the corporate environment. He outlined and discussed the Bill’s eight principles, specifically Principle 6 (security safeguards) which is the only principle that deals with IT-related issues.

He took a layman’s approach to explaining the Bill and used his psychology background to make the presentation not only enjoyable, but understandable. All in all, a great presentation.

Mike Silber from Michalson’s Attorneys focused his speech around more ‘fast-tracked’ Bills. He believes that the PPI bill will be put on hold until the next elections.

He attempted to demystify the Companies Bill, the Competition Amendment Bill and the Consumer Protection Bill, which he sees as the mother of all Bills – complicated at best.

It was clear from both Fowles’ and Silber’s presentations, however, that it is a very lucrative time to be in the information security service busines. Once more of these Bills are passed, network breaches and compromised client data will have to be publicly disclosed and even announced through the media.

After the initial break, Jacques van Heerden from GTSP spoke to the audience about virtualisation. He mostly spoke about virtualisation in general – its definition, what a hypervisor is, where to start, pros and cons, although he did touch briefly upon how to handle your security if you plan on rolling out virtualisation.

He mentioned VMWare quite frequently during his talk, particularly pointing out how good their products are. What he did fail to mention, however, was a recent security vulnerability that was reported on milw0rm that exploits an ActiveX method in VMWare.

Finally, Peet Smith from Aptronics discussed security governance in IT. He believes that IT governance is currently maturing as there is a high awareness among corporates. Some of the keys drivers of this include legislation as well as customer requirements.

Well done and thank you to Karel and the Cisco guys for a great opportunity to network and learn. Looking forward to the next one!

No comments: