A LOCAL INFORMATION security specialist has suggested that several computer-facilitated information breaches in Barbados may be going unreported.
According to president of the Barbados chapter of the Information Systems Security Association, Charles Walton, the extent to which information gets into unauthorized hands had not yet been measured.
“We are therefore unaware of the extent of the problem here in Barbados and what it may ultimately be costing this country.
“The challenge is therefore how to successfully adopt emerging technologies and manage the benefits while minimizing the risks and also to understand the extent of the problem and implement solutions to effectively reduce the problem,” he said.
Walton made the comments recently during an information security workshop and exhibition at Hilton Barbados which formed part of the 23rd Regional Central Banks’ Information Security Systems Conference at Hilton Barbados.
He noted that the adoption of any technology brought with it the risk of exploitation of vulnerabilities either in the technology itself or in the implementation.
“The threats can include exposure and theft of information at the personal, corporate and national level, compromising utilities at the national level and the utilization of information networks as part of an international cybercrime ring unknown to the owners of that particular network,” he said.
Walton suggested that there should be a mechanism which focused on the monitoring, detection and response to computer security incidents at the personal, organizational and national levels.
“At the national level the presence of a computer emergency response team will aid in the detection of and response to significant coordinated Internet attacks against our banking system, business and Government.
“And the presence of a national response mechanism to such computer security incidents must be seen as a vital part of the national security infrastructure . . . ,” he said.
The president noted that integral parts of the solution were legislation and regulations requiring businesses in both the private and public sector to engage in information security management practices to protect customers’ personal private information as well as corporate and government information. (NB)
