July 20, 2009 |
Vol 2009 - Issue
8 |
|
|
IT Toolkits Newsletter
Security Weakness and Defects Identified
Top 5 Factors Impacting Security |
|
|
|
|
Successful
CIOs are utilizing sophisticated, aggressive
hiring tactics to acquire the most desirable
personnel wherever they may be, while at the
same time putting extensive emphasis on
retaining and developing internal talent. This
is not easy given the current economic
situation.
Developing an
adequate in-house talent pool demands more than
a simple training program for employees'
development. Establishing a strong, predictable
internal talent pipeline requires:
-
Clarity of
role and expected performance
-
Management of
employees at every level
-
Guided
training, education, and career planning
-
Assignment of
eligible staff to the most exciting projects
to motivate them and ensure a satisfying
work experience..
Read on..... |
|
|
|
|
Security Weakness and Defects Identified |
Janco has review the detail results of 138 security audit programs conducted between September 15, 2008 and June 15, 2009 and identified the top eight defects mentioned in the audit reports.
Victor Janulaitis the CEO of Janco said, "We did not find a single company that had no security weaknesses or defects reported in their audit reports. The security weakness and defects Janco found were: 1 - Single level verification use on sensitive data (53%; 2 - public workstations connected into secure network (45%); 3 - Shared login used (25%); 4 - Client-side data validation only used for sensitive data(21%); 5 - Access point weak encryption (21%); 6 - Login not encrypted for sensitive data access (17%); 7 - Back-end encryption not utilized (12%); and 8 - Sever Management encryption not utilized (6%).
The data was captured by reviewing the detail findings of the audit reports. If there was a single occurrence of the defect it was counted. Janulaitis added, "What was striking was that there are still over one quarter of all enterprises where users share logins. Interestingly, those enterprise that utilize double levels of verifications the number of shared logins drops to a value that is not statistically significant."
|
|
|
|
|
|
Top Five Factors that Impact Security
|
Everyone talks
about security, but it seems that security and data breaches
are in the news more than ever. Janco has reviewed more than
100 instances of security and data breaches and found a
number of core factors contributing to their occurrences:
-
Data volumes and velocity of change are
increasing at an exponential rate.
In many companies, data is so voluminous, so
disorganized and dispersed so frequently
that IT departments aren't sufficiently
staffed to implement standard security
standards.
-
IT departments are reactive, not proactive. IT departments tend
to respond to problems after the fact versus
identifying solutions before a problem
occurs, largely due to a lack of resources.
-
Users do not want to change or add processes. There is a
wariness toward deploying yet another set of
rules and tasks to follow on each Smartphone,
desktop and laptop that might add
procedures, hog processor cycles, require
frequent updates and slow down users as they
try to do their jobs.
-
Complexity of security compliance. Devising and
implementing a comprehensive, viable
security policy may get in the way of
traditional business practices, requiring
the involvement of not just IT but also
human resources, finance and legal teams,
and business unit managers.
-
Addressing 20% of the problem versus 80%. Many companies
focus on intentional data leakage. In
reality, though, most data leakage occurs
when there is a lapse and simple, proactive
steps (such as enciphering sensitive files
on laptops and ensuring that only authorized
individuals access sensitive information)
could have prevented the problem in the
first place.
Read on...
Order Security Policies and
Procedures Template
|
|
|
|