News & Events
Jonna Särs's interview in Tietosuoja magazine
Nixu, Helsinki 07 June 2007
Jonna Särs has been interviewed in Tietosuoja magazine's issue 2/2007. The article deals with information security audits and assessments, which reveal the weaknesses of information security. According to Särs, new problems are discovered continuously and one of the biggest stumbling blocks is change management. Organizations can also assess their security themselves but they often turn to outside auditors due to lack of resources, own inexperience and need for independent evaluation. Many different types of organizations do audits or have them done; audits are usually linked with acquiring a new system, having a new person in charge of information security in the organization or demonstrating to stakeholders that the organization meets the necessary requirements.
Many new information security standards and regulations have been introduced in the last few years, and Särs believes that more regulation is still on the horizon. The purpose of audits is to reveal the problem areas before negative consequences, and there is no room for understatements or exaggeration. According to Särs, it is essential to evaluate the real risk level and the meaningfulness of metrics used. Although measuring benefits is more difficult, it should be aspired to. Technical audits require tools and it is important that they produce reliable results and that they are suitable for measuring the risk factor under scrutiny, Särs says. An expert can compensate the weaknesses of the tools with his own actions. The independence, professionalism and experience of the auditor are basic factors of success.
Source: Tietosuoja 2/2007