CEOs and senior managers need more security savvy

6 Oct 2011

Eoin Goulding, managing director of Integrity Solutions

Many Irish organisations aren’t using security systems correctly, or aren’t implementing them at all, because CEOs and senior managers haven’t been trained about the importance of IT security in protecting their business, a specialist information security firm has claimed.

Eoin Goulding, managing director of Integrity Solutions, said intrusion prevention systems are widely deployed in Irish companies but while these ought to be managed every day and the log files checked regularly for suspicious activity, in practice that’s frequently not the case.

Recently, a well-known large Irish organisation installed encryption on all its laptops and portable media but the CEO subsequently ordered it to be removed because it was taking too long for him to use his own computer.

“It wasn’t until we showed him how it was protecting the system that he understood what it was for,” said Goulding.

A lack of awareness about information security among company directors is also leading to confusion, at a time when many sectors are coming under increased pressure to implement security for compliance reasons.

“CEOs and business owners have a massive responsibility. We might be working with the IT manager on a proposal; he then has to go to his board with it, and they don’t understand what they’re buying,” said Goulding.

Lack of security awareness isn’t exclusive to top management, Goulding said. “Many employees have the idea that IT staff are stopping them from doing their job but they’re not; they’re actually trying to protect them.”

IT security training centre

To address the problem, Integrity Solutions has has invested €350,000 in a dedicated IT security training centre beside its headquarters in Sandyford, Dublin. The facility will give Irish organisations the opportunity to study and manage an extensive range of security threats in a live test environment.

Tailored courses will be available, covering security awareness for management, security auditing, compliance, policy management and cyber forensics, aimed at staff at all levels, from administrator to CEO. 

Many of the courses are aimed at a technical audience, including security qualifications such as Certified Information Systems Security Professional (CISSP) and several SANS certifications (GSEC, GWART, GCIH, GCED) under the community mentor programme. Integrity claims many of these courses were not previously available in Ireland, and required organisations to send their staff abroad to become qualified.

Goulding said Integrity Solutions had funded the training centre through accumulated earnings in the business; the company’s profits have grown year-on-year since the company was set up in 2005. It employs 35 people and Goulding said, if possible, he plans to increase headcount by a further 10 staff before year end. However, he cautioned that some technical skills aren’t readily available in the Irish market and the company is having to recruit from locations such as the UK, Hungary and Romania in order to meet demand.

Gordon Smith was a contributor to Silicon Republic