Confidently ensuring confidentiality

28 February 2020 | Business

Ester Kamati

In an environment filled with new technologies and specifically one where there is a multitude of sensitive data being dealt with, the need for information security is high. At the Government Institutions Pensions Fund (GIPF), Martin Hamukwaya is the information security officer, whose mandate is to proactively research, develop, test, implement and review the organisation’s information security. This is to ensure that GIPF’s information systems are secured to prevent unauthorised access.

Hamukwaya’s tasks include ensuring that the GIPF’s information systems applications, infrastructure and operations divisions comply with international information security standards to ensure security is integrated within the organisation’s information systems. Having been part of the development of the information systems, Hamukwaya finds this an advantage as implementing it will not be difficult for him. He has the main objective to ensure that his division “supports the business in achieving its objective.”

Hamukwaya told Careers that he has thus far achieved quite an acceptable information security “maturity level” as well as developed an Information Security Management System (ISMS) for GIPF. He also successfully created employee awareness at the Fund and has received positive responses from them through better understanding about the importance of information security.

As many people in the workforce are often ‘technologically challenged’, Hamukwaya mentioned that his greatest challenge is ensuring that his colleagues are up to date with emerging threats and he says that “humans are the weakest link in the technology.” He however expressed that his colleagues are receptive to the initiatives, which makes it easier for him to keep them informed.

Setbacks with information security according to Hamukwaya also occur due to new technologies being used, which may not have been thoroughly tested to ensure that security measures are well addressed prior to being used.

“Another challenge is the potential insider threat. This is commonly known as a malicious threat to the organisation by its own employees which may be accidental, unintentional or caused by human error.” A key highlight of Hamukwaya’s tenure at the Fund includes the support he receives from executive management in executing initiatives that are aligned to the GIPF’s strategy.

“This is very key as it allows me to implement initiatives that conform to the information security principles, (which are) confidentiality, integrity, availability and non-repudiation.” He is also intrigued by being able to keep up with trends and the latest technology. “As the digital space evolves, you need to know the imminent changes and the risks they pose to GIPF if any,” he said.

GIPF provides skills development support for their team, which Hamukwaya highly appreciates “because information covers a broad spectrum of information systems, the organisation is doing everything to assist me in this regard to be skilled up and ready for the next day.”

“My career is important and I love what I do. Family is what I live for. I don’t think I will ever be in a position to perfectly juggle between work/career and family especially wife and kids,” he said.

He therefore tries not to work long hours so that he can spend as much time as possible with his family. In his spare time, Hamukwaya enjoys reading as well as researching on things that spark his interest. In addition to being a sport fanatic, he enjoys outdoor activities and is also fond of travelling. He hopes to continue creating awareness among the GIPF team and to ensure that the Fund’s beneficiaries keep their information safe.