Global surveillance, trust and the changing role of the CISO

Wednesday, 02 April 2014 07:40 Written by Tracy Burrows

Charlie Miller, security engineer at TwitterCharlie Miller, security engineer at Twitter


SA’s premier information security event, the ITWeb Security Summit, will be staged in May, with a focus on high-profile breaches and global surveillance.

Last year’s Snowden revelations and a number of high-profile breaches have shaken confidence in information , say stakeholders. In addition, a changing market and rush of new technology is posing new problems for the chief information officer (CISO). The solution: it’s time for information to get back to basics, say experts.

At the ITWeb Security Summit, to be staged at the Sandton Convention Centre from 27 – 29 May, local and international information experts will assess the repercussions of the Snowden revelations, the impact of a new technology environment, and strategies to safeguard the ‘new oil’ – enterprise data.

Addressing the top-of-mind issue of state surveillance, , principal technologist and senior policy analyst with the Speech, Privacy and Technology Project at the American Civil Liberties Union, and , hacker and independent computer researcher, will analyse the issues of privacy and trust, and the role of Internet companies in state surveillance.

, founder of Thinkst, says the Snowden revelations pointed to the vulnerable position technology consumers find themselves in. “South Africa is largely a technology consumer. So, we can hope that a realisation will grow that you cannot simply buy more imported technology to address vulnerabilities. The leaks point to the need for more home-grown technology and the need to grow local ecosystems.”

Amid the questions around state manipulation of the cyber world, , head: cyber forensic laboratory: special investigating unit, SA, will outline the relationship between corruption and cyber crime, while Professor will assess the state of cyber counterintelligence.

Also on the agenda is a car hacking demonstration by , engineer at Twitter, and , director of intelligence at IOActive, who will prove it is possible to manipulate certain computer systems found in most cars to control the vehicle. “The more electronics in the car, the more we can do as attackers,” he told DefCon last year.

Privacy, reputational damage and control of vehicles aren’t all that is at stake in a world under siege by cyber criminals. Now, organised cyber crime networks are targeting revenue from high value individuals and businesses.

Mitigating the new risks takes a multi-pronged approach, say experts set to address the event.

“It’s time to get back to basics,” says , MD of event sponsor Performanta’s Services division. “Rushing to adopt the next big thing does little to improve overall information if the basics are not in place. Local companies need to question their maturity around endpoint and management. Enterprises should not blame the kit, they should blame the implementation,” he says.

Meanwhile, , divisional head (GM) of Financial Systems and Processes at , advises against misdirected information spending based on paranoia. Moodley says achieving the right levels of begins with a thorough risk assessment encompassing both information and physical , which combines a firm grasp of processes under the enterprise governance and risk banner. Moodley adds the role of the chief officer has to change in a changing environment. “Now, enterprises need a CSO with a background in both physical and information , who understands overall risk and governance and business issues.”

This view is echoed by , IT audit manager at the South African Post Office, who says enterprises are now wholly dependent on their IT systems, making the CISO a critical link between IT and business.

These experts will present in some of the more than 30 sessions in tracks designed for either senior business management or IT professionals.

This three-day event will also include in-depth training workshops and an expo area.