Opening Remarks by Mr. Harold Codrington, Deputy Governor, Central Bank of Barbados at Regional Central Banks Information Systems Specialists (RCBISS) Annual (XXIII) Conference

Opening Remarks
by
Mr. Harold Codrington
Deputy Governor, Central Bank of Barbados

Regional Central Banks Information Systems Specialists (RCBISS)
Annual (XXIII) Conference

Opening of the IT Exhibition

Barbados Hilton
June 5, 2013

The Honourable Darcy Boyce, Minister in the Prime Minister’s Office and Acting Minister of International Business
Central Bank Management,
Presenters at the various sessions
Representatives of IT Vendors,
Participants,
Ladies and gentlemen,

Welcome to this Exhibition of IT Security hard and software under the theme “Opportunities, Risks and Threats of New Technologies”.

A special welcome to Minister Boyce, who, as fate would have it, was the first manager of the Bank’s IT Department when it was established in 1980. He is therefore no stranger to the Bank or to IT issues and can speak from the perspective of one who has been there and done that.

Let me first state that the Central Bank of Barbados is pleased to be involved in this venture. Congratulations must go to Janice Marshall, Peter Rochester and the rest of the Management Information Systems team as well as the Barbados Chapter of the information Systems Security Association for conceptualizing this event and for bringing together such a stellar collection of IT specialists to draw attention to the issues touching on IT security.  The vendors who are represented here are some of the most reputable names in the industry and their presence here underscores the importance that the Bank attaches to IT and IT security.
Since its establishment the MIS Department has done much to sensitise the rest of the Bank to the need to pay attention to information security.  This is evident from the initiatives that have been taken over time. It was in 1988 that the MIS Department first addressed the security issue with the publication of two documents entitled “A Security Policy” and “Security Guidelines”. This was followed in 2003 by the appointment of an Information Security Officer whose main responsibility was to develop and police information security policies and guidelines. During 2004, that officer conducted an information security awareness programme for the staff.

The Department underwent a major security audit in 2008 and the main outcome of that exercise was the formation of an Information Security Governance Committee which is responsible for the oversight of Information Security within the Bank.  The Bank’s revised Information Security Policy was issued in 2009.  This Policy requires staff to be constantly aware of the hazards which attend the use of information technology and essentially advises them that prevention is better than cure.

I am not sure how the Bank’s approach to IT security stacks up alongside the rest of the region or even further afield. But clearly there is still much work to be done as we try to incorporate IT security into the overall institutional risk management Plan.

As everyone here can appreciate, end-users are by and large singularly focused on their access to IT services. They want to have as few restrictions as possible in their way while they manipulate information or data and the need for rules and regulations is the last thing on their minds, that is, until their own privacy is compromised. A good analogy is the attitude of road users to traffic signals; no one wants to stop at a red light unless they really have to but will bemoan the absence of controls when an accident occurs.

This quest for unfettered access by users makes the task of promoting and enforcing IT security awareness a difficult one. The persons charged with this responsibility have to achieve the correct balance between accessibility and protection. It is not a job for the faint-hearted or for those who will back off at the first sign of dissent or disagreement with guidelines.

In this regard, let me recognize the efforts of our own Information Security czar, Mr. Terry Burke. Terry is always seeking to educate the staff by bringing to their attention a variety of information on IT security. This has included security updates, news about companies whose websites were hacked and the dangers associated with going remote or even using social media. This is not to say that Terry has managed to convert everyone in the Bank to his way of thinking, but if nothing else his timely reminders serve to prick the conscience of those skeptics who are tempted to break the rules. And believe me, there are skeptics.

And it is true that despite our best efforts, people will break, or attempt to break, the rules. This is where the IT vendors come in. They can assist the organization with its risk management by providing tools that can prevent or detect security breaches. And what better way to highlight the wide range of services they offer than by bringing several of them together in one space.

This is not the first time that the MIS Department has used this kind of intervention to promote aspects of information technology. In March 1998, the Department held its first Bank-wide Seminar and Exhibition and during 2004, hosted a highly successful Information Technology Fair for 1200 secondary school students. Today’s exhibition is more focused and the first to involve regional central banks.

From the Bank’s perspective, it is an opportunity to showcase to our central bank colleagues some of the best names in the IT industry. It is also an opportunity to solicit the support of the vendors in validating the messa?ge that IT security is serious business.

In sum, this Exhibition is a win-win for everyone and should add to the richness of the technical discussions at the Conference. I am not techno-savvy but I am eager to see what is on display. Again, congrats to the organisers and all the best.

Thank You.