In this Newsletter
- CIO Security Priorities
CIO Security Priorities
According to one research firm, there were 25 million new, unique strains of malware released in 2011 -- a number that is expected to skyrocket to 87 million new annual variants by 2015. Cyber crooks are opportunists who employ strategies ranging from advanced malware campaigns to simpler and more obvious avenues of attack.
Trends that CIO’s need to understand and manage:
- Mobile Computing - Mobile devices are an attractive target for cyber criminals. The vulnerabilities of the open-source application marketplace are well known -- smartphone users often download applications without following basic security practices such as equipping their devices with anti-virus software.
- Social Media – As the value and importance of social media increase then social media-based cyber-attacks will become even more prevalent and have move impact. To inoculate themselves, enterprises need to deploy a mix of strategies that include user education and basic security protocols.
- Man-in-the-browser attacks - Best practices call for enterprises to deploy authentication as a primary defense against these attacks. CIOs need to put in place policies and procedures to authenticate users and devices. Similarly, CIO and their organizations should carefully monitor transactions and flag any questionable behavior.
- BYOD – CIOs need to implement BYOD policies that clearly define the proper use of employee-owned devices in the enterprise. BYOD security risks can also be managed and mitigated with robust fraud detection systems and limits on the types of information that can be accessed via BYOD.
- Automated Attacks - On-line identities are the most frequent target for malware attacks today. Attackers are even using malware to automate fraudulent transactions so they can steal on a larger scale, without manual logins. Controls and monitoring techniques need to be put in place.
Security Policy and Procedure Template
Today, more than ever, companies are confronted with a broad array of electronic document issues, including data retention policies and e-discovery during litigateion. Failing to comply with rules regarding such electronic data can cost millions of dollars.
Every CIO needs to implement a universal and comprehensive set of security processes to safeguard the use of their computers, all related equipment and information assets which support enterprise wide operations. The Security Manual Template meets those needs.
For instance in one case, the SEC alleged that a company failed to produce tens of thousands of emails sought by the SEC in two investigations. The court entered an 8-page consent judgment against the company.
Whether it is government agencies, research facilities, banking institutions, credit card processing companies, hospitals or your company's computers - the risk of compromising private information is very high -- especially when when conducting a disaster recovery tests. Since business relies so heavily on technology today, business risk becomes technology dependent. The possibility of litigation is part of business. It has always been a risk of doing business, but because technology and today's business are so intertwined, business risk has a higher threat level.
The Security template complies with Sarbanes-Oxley, HIPAA, Cobit and mandated state requirements. The template includes a sensitive information policy and has been updates to include checklists for employee terminations and other security related forms. In the age of information, organizations live and die on one thing, information. "Security breaches can have dramatic impact the information assets of every organization", stated Janco's CEO.
Implementing an understandable and usable set of security policies and procedures is a necessity. Janco's Security Manual Template provides guidelines and actual policies and procedures for any organizations. It is a model any sized organization can use. It is comprehensive without being wordy or pedantic.
This electronic document is over 230 pages and can be used in the creation of security policies and procedures for any size entity. The process of creating effective policies and procedures that comply with mandated requirements such as Sarbanes-Oxley and Massachusetts Data Protection with the current security threats and tight budgets is daunting.