Mark is a director with KPMG Advisory Services, specialising in Information Technology Advisory. Currently Mark is head of KPMG South Africa’s Information Security, Privacy and Continuity (SPC) business unit.  Previously he was head of IT Governance advisory.  Mark also plays an active role in managing the operations and finances of KPMG’s IT Advisory (ITA) unit. 
Mark has been with KPMG since 1988, except for a two-year period, where he was employed by a large short-term insurer as the head of their internal IT audit department.  He started his career in KPMG audit before joining the specialised IT Advisory division.

Mark has been actively involved in providing IT advisory solutions and IT audit to a wide range of clients. He is experienced in all aspects of IT auditing, IT risk management and IT Advisory, across various industries. 

Mark has a BComm degree and is a Certified Information Systems Auditor (CISA).

Presentation

Security is Dead, Long Live Security
In recent years, businesses have given much attention to the issue of information security, although this has typically been limited to the technical and operational levels – the “I have a firewall and passwords, so my information is secure” mindset.  Fortunately KPMG has noticed a recent trend towards improving other aspects of information security such as security governance, security policies and security processes (amongst others).  Unfortunately this is still not enough. 

In this presentation I will present several case studies where despite good information security practices, things still went horribly wrong.  I will (briefly) present KPMG’s approach to implementing the ISO17799 standard of good security practices and we will discuss whether this is even enough.  I will round off with a discussion on what we believe to be the key aspects to focus on in information security.

return to program