Its remarkable how much can change over the course of just a couple of years. We've seen bring-your-own-device (BYOD) evolve from a buzzword to an accepted practice with a strong business use case. Cyber criminals are savvier than ever and using mobile-optimized techniques and malware to obtain more targeted prizes, such as Social Security numbers and credit card information. Decade-old attacks are even resurfacing under new guises, and with far greater precision than their predecessors. And of course, the proliferation of mobile devices available to an increasingly remote workforce continues to plague IT security professionals who are all too aware of the potential threats.

 

However, for all the considerable hype around each emerging mobile threat vector, one simple truth remains often overlooked: The only secure way of handling mobile devices is in a managed way. But what exactly does a managed approach look like?

 

IT security professionals and cyber criminals are continuously battling to gain the upper hand. The trouble is, for the most part, the good guys are being more reactive than proactive. While we are learning from mistakes or flaws in security frameworks as they are breached, cyber criminals are already plotting the next attack, carefully considering areas of  network security that are most susceptible to infiltration. How many more high profile incidents, such as the Adobe or Target hacks, must we endure before going on the offensive? As an industry, it's time to realize that mobile security has been, and continues to be, a systemic problem. Unfortunately, despite myriad expert warnings and sensitive data being put at risk, many mobile technology companies' primary focus remains on the consumer market instead of the enterprise market.

 

To put it bluntly, endpoints like personal laptops, smartphones or tablets remain the weakest points within a security infrastructure. That's why it's so befuddling how organizations are still permitting unmanaged devices on their corporate networks. With the technical ability of today's cyber criminals, intercepting unencrypted communications, for example, is as simple as taking candy from a baby. While proactive steps to combat threats such as these are clearly necessary, it's important to note that  there is no one magic technology that can efficiently safeguard against every type of malicious situation or attack.

 

It boils down to this – there is no substitute for fundamentally robust network security components being seamlessly implemented to establish defense in depth. Ideally, this will include everything from client device firewalls to IPsec VPNs. An important caveat to include here is, even these rigorous security mechanisms aren't failsafe against users ignoring common safety precautions, such as blindly clicking on links or opening suspicious e-mail attachments. This means companies should not take for granted that everyone within their organization is equally savvy about basic technology and security protocols—they must continuously educate and reinforce best practices.

 

Comprehensive solutions are hard to come by, as many security solutions designed to combat mobile threats can, at best, be described as siloed solutions that lack integration between critical security functions and the ability to be managed by IT. To be clear, these solutions do not lack sophistication because, in many cases, they are perfectly functional for the tasks they are designed to perform. Rather, the issue is that threat detection, mitigation and response requires an integrated and managed approach that is often difficult to obtain, considering the way mobile threats are currently tackled. 

 

For instance, because mobile devices are constantly exposed to different and often hostile public networks, the best security technologies are barely enough to secure a user. Therefore, in the absence of a one-size-fits-all security product – which does not appear to be on the horizon – the best option is to interconnect the range of best-of-breed security products and technologies and have them work together, focusing on providing defense-in-depth rapid threat response. IF-MAP, for example, is an open standard that is well-positioned to deliver in this area. IF-MAP provides the possibility to interconnect different IT security systems for an accurate representation of the health status of an IT network.

 

 

All things considered, the problem with mobile devices remains a systemic one. Organizations must be more and more proactive about patching up the holes in their remote access strategies at every stage, from policy creation to the technologies' implementations. IT administrators must reach out across the aisle to everyone, from designers, software architects, company management and end-users, to ensure that the necessary security precautions are being taken, and that corporate compliance is being adhered to. If this collaboration and holistic approach can be accomplished, we are likely to see fewer headlines about major corporate network breaches. Let's make 2014 the year that we take action.

http://www.droidreport.com/appthority-app-risk-management-6886

Appthority App Risk Management provides service that employs static, dynamic and behavioral analysis to immediately discover the hidden actions of apps and empower organizations to apply custom policies to prevent unwanted app behaviors. Only Appthority combines the largest global database of analyzed public and private apps with advanced policy management tools to automate control over risky app actions and protect corporate data.

According to a recent Appthority blog post, the National Cyber Security Alliance recently promoted its internationally recognized annual holiday, Data Privacy Day. The theme of Data Privacy Day, "Respecting Privacy, Safeguarding Data, and Enabling Trust," came just on the heels of new revelations from the N.S.A. around how they target mobile. The company indicated that the New York Times, the National Security Agency let it slip that they use mobile apps as a method to access personal information. These "leaky apps" such as the popular gaming app Angry Birds give away things such as smartphone identification codes and pinpointed locations throughout the day.

There is big data potential. The potential to transform health care but structural issues may pose obstacles. Privacy issues will continue to be a major concern. McKinsey estimates $300 billion to $450 billion in reduced health-care spending could be conservative, as many insights and innovations are still ahead. Training initiatives is great. EMarketer estimates that digital pharma US ad spending will reach $1.19 billion in 2013 and climb to $1.33 billion by 2016. This market has remained cautious in its investment strategies following regulations and standards.

Organizations objectives should reach results of quality risk management impacting the overall pharmaceutical quality system. The areas could be evaluated when implemented and also potential opportunities to improve could be identified. The companies that are successful today are collaborative, nimble, smaller and multidisciplinary. Applying compliance to these ecosystems is a priority. The traditional model is going away. Acquisitions of licensing are in a lot of momentum now.

C-Level and supporting senior management would make a significant impact on governance in Pharma. Controlling risk and regulations is a big issue for the industry. Emerging threats could be prevented with patience, time investment and allocating the right resources available. Compliance is a time consuming process.

Read More:
http://dymanassociatesprojects.com/
http://dymanassociatesprojects.com/about.html
http://dymanassociatesprojects.com/cyber.html
http://yuinnelee.edublogs.org/2014/03/02/dyman-associates-risk-management-projects-what-are-you-willing-to-pay/

View Source: http://america.aljazeera.com/articles/2014/1/23/us-brings-fraud-chargesagainstbackgroundcheckcompany.html

The Justice Department filed a civil complaint Wednesday against the company that handled the background checks of National Security Agency leaker Edward Snowden and Navy Yard shooter Aaron Alexis for allegedly submitting thousands of unfinished investigations as complete, and then attempting to conceal their actions after government officials caught wind of what they were doing.

At least 665,000 investigations - or 40 percent of cases submitted to the government over a four-year period - were affected by U.S. Investigations Services' (USIS) actions, the Justice Department said. The alleged fraud continued through at least September 2012.

The complaint said that USIS engaged in a practice known inside the company as "dumping" or "flushing." It involved releasing incomplete background checks to the government but claiming they were complete in order to increase revenue and profit. The company did so knowing that there could potentially be quality issues associated with those reports, the government alleged.

USIS was involved in a background investigation of Snowden in 2011, but his particular job doesn't factor into the lawsuit. The government has contracted USIS since 1996 to vet individuals seeking employment with federal agencies.

[Are you getting the most out of your security data? See Dyman & Associates Risk Management Projects on Patch (http://acworth.patch.com/blogs/dyman-and-associates-projects?content_subdomain=acworth) for techniques and security trends.]

The Falls Church, Va.-based company conducts hundreds of thousands of background checks for government employees and has more than 100 contracts with federal agencies.

In response to the complaint, USIS officials said that integrity and excellence are core values at USIS, which has 6,000 employees.

The government paid the company $11.7 million in performance awards for the years 2008, 2009 and 2010, according to the Justice Department court filing.

USIS senior management "was fully aware of and, in fact, directed the dumping practices," the government complaint said. Beginning in March 2008, USIS' president and CEO established revenue goals for the company. USIS's chief financial officer determined how many cases needed to be reviewed or dumped to meet those goals, the complaint added, and conveyed those numbers to other company leaders.

According to one internal company document, a USIS employee said, "They will dump cases when word comes from above," such as from the president of the investigative service division and the president and CEO.

The background investigations that were dumped spanned most government agencies - including the Justice Department, the Department of Homeland Security, the Defense Department, the Defense Intelligence Agency, the Department of Health and Human Services, the Transportation Department and the Treasury Department.

In one example, the federal Office of Personnel Management (OPM) in April 2011 had raised concerns with USIS after tests showed that a large number of investigation reports were identified as complete when computer metadata revealed that the reports had never been opened by a reviewer. In a response to OPM, USIS falsely attributed the problems to a variety of software issues, said the Justice Department filing.

In addition, USIS ensured that all dumping practices stopped when OPM was on site conducting audits - and then resumed after OPM's auditors were gone, the government alleged.

"Most of the September miss should `flush' in October," an email from USIS's chief financial officer said to the vice president of the investigative service division.

For more details visit our website @ http://dymanassociatesprojects.com.