Last week I was fortunate enough to be conducting keynote
presentations in Hong Kong and Singapore. Amongst other things, it was fascinating
to contrast the Asian perspective on information security with other geographic
regions, each of which has their own particular set of interests and skills, though globalization
is gradually diluting traditional stereotypes.
US enterprises, for example, seem most keen on technology, though
they have also woken up to the need for a greater focus on process. In the UK,
process has always dominated, though the importance of the human factor has been
gaining ground. In contrast, continental Europe and the Middle East have a better
appreciation of people and politics.
So how does the Far East compare? Where does it excel? In
my view, the answer is in their unique interest in both people and technology - arguably
the more important future dimensions of the 'people-process-technology'
triangle. Compliance might be the contemporary driver, but processes can be swiftly copied. In a modern commercial environment, it
is essentially no more than an audit trail for the regulators. An interest in people, however, and a
thirst for technology take much longer to cultivate.
Organisations concerned about information security need to
take account of these differences. Whether or not you agree with me, the key
learning point is to accept that different regions and cultures have varying
skills and interests. A one-size-fits-all approach will not work in a global business