Lack of training institutions for information security management has made IT investment expensive for many organizations in Kenya.

Companies have invested in training IT managers abroad, which is expensive for small and medium-sized businesses in Africa, said James Gathage, lead consultant at QualityPlus, an information-security-management-systems training company.

This has led some companies to neglect information security and management as integral parts of business and organizational growth, he said. So, to reduce costs and make courses affordable, training companies are bringing experts in to train local IT managers.

The reduced cost is expected to encourage government offices as well as corporate entities to start addressing the issue of information security management.

"Today's professionals have learned to travel light, keeping only what's necessary. They do not need to steal the whole computer to destroy the company. A simple flash disk can be used to steal sensitive data from the office," he said.

Gathage sees this security challenge as the main reason government offices have resisted full computerization and digitization of all services.

According to Gathage, government offices have huge cabinets where they file tax records and payroll information -- records that are now being transferred to computers. In a corporate setting, the computer system is likely to have financial data from suppliers and credit-card numbers from customers.

"In the hands of an identity thief, this information is a tool for draining bank accounts, opening bogus lines of credit and going on the shopping spree of a lifetime -- at the expense of your company, your employees and the customers who trust you," Gathage said.

To safeguard client information and corporate espionage, companies are forced to adopt an information security management system (ISMS).

The key concept of ISMS is for an organization to design, implement and maintain a coherent suite of processes and systems for effectively managing information security, thus ensuring the confidentiality, integrity and availability of information assets and minimizing information security risks.

The ISMS makes business sense, because customers want to do business with entities that will not expose their personal information and businesses want to seal all loopholes that may expose them to risks.

The IDG News Service is a Network World affiliate.

Whitepapers

• The Trend from UNIX to Linux in SAP(r) Data Centers
• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology

View more SECURITY whitepapers

Webcasts

• The Secure Web Gateway. Mission Critical For Business - Webcast
• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports