Last week I was fortunate enough to be conducting keynote presentations in Hong Kong and Singapore. Amongst other things, it was fascinating to contrast the Asian perspective on information security with other geographic regions, each of which has their own particular set of interests and skills, though globalization is gradually diluting traditional stereotypes.
US enterprises, for example, seem most keen on technology, though they have also woken up to the need for a greater focus on process. In the UK, process has always dominated, though the importance of the human factor has been gaining ground. In contrast, continental Europe and the Middle East have a better appreciation of people and politics.
So how does the Far East compare? Where does it excel? In my view, the answer is in their unique interest in both people and technology – arguably the more important future dimensions of the ‘people-process-technology’ triangle. Compliance might be the contemporary driver, but processes can be swiftly copied. In a modern commercial environment, it is essentially no more than an audit trail for the regulators. An interest in people, however, and a thirst for technology take much longer to cultivate.
Organisations concerned about information security need to take account of these differences. Whether or not you agree with me, the key learning point is to accept that different regions and cultures have varying skills and interests. A one-size-fits-all approach will not work in a global business environment.