How critical is procurement process to respond the information Security for a Corporation?
15th May 2019, I was speaking to "RETHINK CIO" event, organized at Sheraton Hotel Ho Chi Minh city.
I myself, John Masud Parvez, CIO / GITD of Hoan My Medical Corporation, Founder & President of Vietnam Social Health Revolution, joined the information security panel discussion on this CIO Conference.
On this occasion I highlighted the different recently incidents of information security about around Asia, also health sector. Then I also added, from those incident how he is learning and suggested other to learn to avoid such incident for Vietnamese corporations. These are the brief incidents he mentioned:
I mentioned on the discussion, those example are being used, mentioned for learning purpose only.
Now a days organization focus about one application. Business Unit Director also case mostly focus about the one application as well. But now we are all living in a digital era. So that one application is seating in our system infrastructure and also we need to connect with other applications as well.
The root case the information security often starts in Vietnamese corporation with that world being "FOCUSED" of one application only. So BUD, CFO often cant see the bigger picture. So on this situation the voice and leadership of the CIO is very crucial. But often in a Vietnamese corporation there is no CIO, they just ending up having a ITM or Head of IT level, keep putting in to their corporation and ending up not listening their voice.
So that results their whole application layer could ended up with large percentage of quick win, short time, focused and cheap applications. So what is the impact?
The impact is, the application layer become something like a house which has the wall made of big holed net.
Now, how is this possible to prevent the mosquito bite? and keep donating the blood to the mosquito's stomach?
On this conference, I also presented a case study of Corporation often make mistakes about - When it comes to procurement the major corporation often fall in to a trap by prioritizing the financial aspect even though they have a very standard procedure and ending up with wrong solution which exposing the Vietnamese corporations at information security risk. The leadership of CIO and understanding of CEO, CFO, BUD is such important on this type of situation. Certainly at the same time, having a capable CIO is also so much important as well for the organization.
Leave a Reply.
We are writing to share you about all the positives we, VSHR Group is making