Government regulation of IT security poses challenges for bank security teams, a leading Australian bank IT security expert has claimed. Regulation forces companies to focus on complying with rules, and may divert attention from other areas, said Andrew Dell, head of IT security services at the National Australia Bank.
“The regulatory environment which we must navigate continues to increase in complexity and is increasingly prescriptive,” Dell said. “Government and regulators are getting more interested not only in how secure we are, but how we secure.”
“Changes in regulation are taking away our ability to protect in the way we see fit, and telling us what controls we need where. That’s not wrong, but it presents a new challenge to how we find and implement infrastructure.”
“We have to become much more agile and proactive – how we look at, how we react to cybercrime. Our posture is changing from ‘observe and analyse’ to ‘detect and respond’,” Dell said, speaking at the 2013 Trend Micro Evolve conference, as reported by The Register. “Possibly our biggest challenge is that criminals don’t have funding cycles.”
Dell said that departments increasingly had to make a “business case” for new security measures, according to CSO.
Author Rob Waugh, We Live Security