printer friendly version

Security skills seminar

UNISA held its annual security conference at the end of 2011, Hi-Tech Security Solutions was there.

UNISA hosted its seventh Annual Security Management Skills Updating Seminar at the end of November last year, focusing on the management of information and specialised security. Hi-Tech Security Solutions was fortunate to attend the event along with a variety of industry luminaries.

Prof. Cherita Morrison, associate professor in the Department of Criminology and Security Science was the chairperson for the first half of the day and Prof. Kris Pillay kicked off the day’s proceedings.

The first speaker was Nico Snyman, chief security manager at Bombela Operating Company. Snyman presented an overview of the whole Gautrain operation and went on to discuss the security operation in detail, noting the company approached security in an integrated manner. This was necessary as the company’s operating contract calls for strict controls over incidents such as contract or property crime to avoid penalties. The operator also faces penalties if its transport services are not punctual, hence the focus on integrating security with other aspects of the entire transport systems operations.

The operation’s security is broken down into tiers or layers, starting at the perimeter and working down in concentric layers into the core of the operation. Each layer has its own security requirements, but these work in cooperation with other layers to ensure a comprehensive solution.

Marius Coetzee, CEO of Ideco Biometric Security Solutions was up next. He focused on the concept of identity control and building irrefutable identity trails that promise security and assurance in the enterprise.

Coetzee noted how effective control of identities is a crucial aspect in almost every business today, but companies are not implementing the appropriate measures to protect their data and operations. Proposed new regulations, such as the Protection of Personal Information (POPI) Act will place a large burden on companies that are not prepared to take full responsibility for the data they collect and store.

He went on to explain the three Ps of identity control, namely people, property and processes, ending with an overview of biometric adoption in South Africa and the benefits of using biometrics over traditional PINs and passwords.

Information security overload

Muzi Buthelezi, a senior lecturer in the Department of Criminology and Security Science, chaired the next segment of the seminar. Prof. Anthony Minnaar, programme head of the Security Management programme presented an insightful overview of what electronic crime was and the various ways in which criminals today use technology to commit a variety of crimes.

Minnaar touched on hacking, cybercrime, identity theft, cyber manipulation, mobile threats and malware, among other topics, warning attendees of the dangers faced in the information security field. The estimated costs of cyber attacks globally has been set at about US$ 3 trillion, which serves to highlight the seriousness of effective information security measures.

Craig du Plooy from Risk Diversion spoke on information security and digital forensics, providing an insightful demonstration of how easy it is to recover ‘deleted’ SMS messages from someone’s cellular phone in a matter of seconds. Du Plooy offered a number of tips of how to be prepared for a forensic audit should your company be a victim of a cyber attack. One of his tips is to ensure your network logs are retained and backed up so there is a record of who did what, when.

Sadly, he also said security often takes a back seat in corporate IT as it is not directly related to revenue or market share.

Information management

Jann Schoeman, a lecturer in the Department Criminology and Security Science chaired the last section of the seminar. First up was Doraval Govender, senior lecturer in the department, talking about information management strategies needed to combat crime and prevent losses.

Govender introduced the concept of information management and many of the key concepts in this vast field of study. He then defined different types of information before getting onto information management strategies as pursued in various instances around the world. He also went into security risk management before ending with a note on the benefits of sharing information, giving the examples of Fusion Centres and Symantec War Rooms. He also provided attendees with an information-rich 16-page document from his presentation, which is well worth reading.

Finally, John Kole, a lecturer at the Department Criminology and Security Science ended the day with some insight into managing supply chain security. A supply chain is, by its nature, made up of various players and stakeholders and Kole started by saying that their security requires “an holistic approach of all stakeholders.”

An effective solution therefore requires the four Ps of security: policy, personnel, procedures and physical security, which all need to work in an integrated fashion to deliver the effective security companies require. He went on to discuss the concept as it pertains to supply chains, offering advice on how to go about securing them. Kole also made use of real-world studies from local and international locations.

Minnaar then closed the seminar with an open feedback session and positive reviews from the attendees.

Share this article:

Further reading: