Chapter 22 Access Control

PwC Sidriaan de Villiers, Partner—Africa Cybersecurity Practice, PwC South Africa

CEO Tom, addressing Maria, his chief information security officer (CISO), demanded, “In five words, tell me what is the most important thing to know about access control that is different when it comes to cybersecurity.”

Maria shot back, “Manual controls are simply ineffective.”

Taking a Fresh Look at Access Control

While the cybersecurity risk landscape has dramatically mutated, the approaches that organizations rely on to manage cyber risks have not kept pace. Traditional information security models do not address the realities of today. These models are still largely technology focused, compliance based, and perimeter-orientated, while aiming to secure the back office. IT security hygiene is often lacking, and ineffective access controls contributed directly to the half billion personal records lost or stolen in 2015. (See the foreword for more details.)

It is time to take a fresh look at access controls—to understand how going digital changes the fabric of your organization. This journey starts with the implementation and integration of the latest technologies, trends and platforms, including cloud computing, mobile technologies, and Big Data analytics, allowing stakeholders to interlink their social media environments on shared smart devices for personal and business usage. With the proliferation of Internet of Things (IoT) devices and the expectation of being ...

Get The Cyber Risk Handbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.