Skip to main content

Home/ WPPS C-Suite News/ Group items tagged awareness

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
sandy ingram

Study Finds U.S. Small Businesses Lack Cybersecurity Awareness and Policies | Reuters - 0 views

www.reuters.com/...144244+27-Oct-2009+PRN20091027

privacy security Fraud employees Cybersecurity

shared by sandy ingram on 29 Oct 09 - Cached
  • Small business owners' cybersecurity policies and actions are not adequate enough to ensure the safety of their employees, intellectual property and customer data, according to the 2009 National Small Business Cybersecurity Study. The study, co-sponsored by the National Cyber Security Alliance (NCSA) and Symantec [Nasdaq: SYMC], as part of this year's National Cyber Security Awareness Month, surveyed nearly 1,500 small business owners across the United States about their cybersecurity awareness policies and practices.
  • The survey shows discrepancies between needs and actions regarding security policies and employee education on security best practices.
  • The study found that while more than 9 in 10 small businesses said they believe they are safe from malware and viruses based on the security practices they have in place, only 53 percent of firms check their computers on a weekly basis to ensure that anti-virus, anti-spyware, firewalls and operating systems are up-to-date and 11 percent never check them.
  • ...7 more annotations...
  • "The 20 million small businesses in the U.S. are a critical part of the nation's economy. While small business owners may understandably be focused on growing their business and the bottom line, it is imperative to understand that a cybersecurity incident can be disruptive and expensive,"
  • small businesses seem out of sync with some Internet security risks. 75 percent of small businesses said that they use the Internet to communicate with customers yet only 6 percent fear the loss of customer data and only 42 percent believe that their customers are concerned about the IT security of their business.
  • Laptops, PDAs and wireless networks are great conveniences to businesses, yet they carry with them an added responsibility to ensure the data is secure. Today, more than 66 percent of employees take computers or PDAs containing sensitive information off-site.
  • Wireless networks are gateways for hackers and cyber criminals and must be secured by complex passwords
  • "Security threats are becoming more complex and employees of small businesses are increasingly the target of attacks that expose their organizations to data loss,"
  • "Security awareness and education, combined with a comprehensive security solution, can empower small businesses and their employees to protect themselves and their information."
  • The demographic makeup of the small business polled
  • sandy ingram on 29 Oct 09
     
    "Small business owners' cybersecurity policies and actions are not adequate enough to ensure the safety of their employees, intellectual property and customer data, according to the 2009 National Small Business Cybersecurity Study. The study, co-sponsored by the National Cyber Security Alliance (NCSA) and Symantec [Nasdaq: SYMC], as part of this year's National Cyber Security Awareness Month, surveyed nearly 1,500 small business owners across the United States about their cybersecurity awareness policies and practices."
sandy ingram

Security awareness: Helping employees really 'get' company policy - CSO Online - Securi... - 0 views

www.csoonline.com/...yees-really-get-company-policy

security awareness Privacy Best Practice employees training

shared by sandy ingram on 30 Nov 10 - Cached
  • Employee awareness of their companies' security policies is high—if you ask the employees. In a survey of 2,000 office workers, software security company Clearswift found almost three quarters, 74 percent, felt 'confident' that they understand their employers' Internet security policies. That is, policy designed to safeguard data and IT security, as well as maintain productivity.
  • But the confidence is misplaced, Clearswift suggests in their summary of the findings, because a third of those surveyed have not received any training on IT security since joining their firm. And more than two thirds of those who have not had recent training joined their organization more than five years ago—a 'technological lifetime,' notes Clearswift.
  • "When security is kept in the shadows and not discussed openly, and only referred to when things go wrong, it is all too easy for office 'folk-law' to become perceived as official policy very quickly. If employees are not aware of when they have broken policies—in some cases because the policy is not even enforced—it can lead to a false sense of security or a belief that what they are doing is actually in line with the corporate policy."
  • ...1 more annotation...
  • The research raises a question that is frequently discussed, but very rarely measured, among organizations: What kind of awareness training is effective? Is it regular and incremental? Is it most effective when done through courses, formal sessions or informal discussions? And how does an organization gauge its effectiveness?
  • sandy ingram on 30 Nov 10
     
    "Research finds while most employees believe they understand their company's security policies, a large number have never received any formal policy education or training. How can an organization really ensure people understand risk?"
sandy ingram

Deloitte | E-Discovery: Mitigating Risk Through Better Communication | Deloitte Discove... - 0 views

www.deloitte.com/...10VgnVCM200000bb42f00aRCRD.htm

Best Practice e-discovery deloitte legal

shared by sandy ingram on 27 Jul 10 - No Cached
  • The Deloitte Forensic Center’s analysis of the E-Discovery: Mitigating Risk Through Better Communication survey results1 identified three interrelated challenges. They are: Communication Awareness Readiness
  • At the heart of e-discovery are two corporate functions that historically have had little in common, and tend to speak their own technical languages: legal and IT
  • Neither can be truly effective in the e-discovery process without a clear understanding of the other, yet communication and coordination between these two departments appears to be unclear to many survey participants: More than one-third of respondents (36 percent) don’t know the answer to how their legal and IT departments communicate.
  • ...13 more annotations...
  • Deficient communication and a lack of coordination between departments can lead to an organizational lack of awareness about e-discovery.
  • Awareness Issues
  • Communication Hurdles
  • According to the survey, more than one-third of respondents, including C-suite, (36 percent) don’t know how committed their company’s C-suite is to finding a solution for e-discovery issues.
  • Only 20 percent of respondents think legal resources are appropriately allocated to e-discovery
  • Many companies also lack the resources and sophistication to manage e-discovery effectively.
  • For respondents that say their firms are challenged by e-discovery, the most common complaints are: a lack of funds to address e-discovery requirements (25 percent
  • Of those respondents with an opinion, 62 percent say their company is concerned about e-discovery challenges posed by social media web sites and blogs
  • Given the extensive use today of social media such as Facebook and Twitter during employees’ work and personal time, this suggests an e-discovery challenge that may require attention by many companies.
  • Three Years from Now
  • E-discovery is anticipated to become harder: 44 percent of respondents expect e-discovery challenges, along with government rules and regulations, to increase over the coming three years
  • Mismanaged e-discovery has led to many tales of litigation woe, involving sanctions, lost cases and fines. Improper ESI management, as the Sedona Conference points out, is simply bad business.
  • Five Areas of Potential Improvement
  • sandy ingram on 27 Jul 10
     
    "As the volume of electronically stored information (ESI) rises rapidly, improving the understanding among the C-suite, legal and IT functions is key to controlling costs and better managing e-discovery risks."
sandy ingram

Organisations fail to meet security awareness and compliance training best practices - ... - 0 views

www.scmagazineuk.com/...208893

SC organisations security awareness compliance best practices UK

shared by sandy ingram on 12 Oct 11 - No Cached
  • “If this assessment demonstrates anything, it's that IT and security departments have got to gain greater visibility over all of their security and compliance activities and take steps to better understand and manage them.”
  • sandy ingram on 12 Oct 11
     
    A survey of high-risk organisations has found that more than three quarters fail to perform quarterly security and compliance training. According to a survey by enterprise key and certificate management solutions provider Venafi and IT security research provider Echelon One, 77 per cent of respondents failed to perform quarterly security and compliance training while 64 per cent failed to encrypt all of its data in the cloud. However 90 per cent did use encryption throughout the organisation. The survey of 420 enterprises and government agencies also found that almost 100 per cent of respondents had some degree of unquantified or unmanaged risk. When asked if their organisations encrypted data stored in public clouds such as Google Apps, Salesforce.com and Dropbox, 40 per cent said they did not know.
sandy ingram

How long can CISO's avoid Cloud Computing? | CISO - 0 views

ciso.in/...567

security Privacy compliance Best Practice cloud computing workplace ipad tablets windows

shared by sandy ingram on 23 Feb 12 - No Cached
  • Network & Systems delivering the cloud service How does the authentication to access the network devices and operating system implemented? Does it use any two factor authentication? About the availability of the network and security infrastructure? does it implement load balancing or high availability solutions for the critical infrastructure components like firewalls, IPS, reverse proxies etc… Is the underlying cloud systems are secured? Do they have a baseline configuration implemented? How does the configuration managed? Does the cloud computing provider got a plan and/or policy to perform configuration management, patch management, anti-malware etc. Does the network undergoes periodic penetration testing? Does it undergo internal vulnerability assessment periodically? How is it ensuring that a compromised client with privileged access to the operating system is separated internally? Does it undergo periodic audits against standards like ISO27001, SAS70 etc? How is the customer data separated from one another? What are the security controls implemented to ensure this separation? What are the protection and response controls against the Denial of Service attacks?
  • Cloud Applications & Data Protection What are the security controls in the application development process? Does it include security code reviews of the code being developed or used? Is there a documented change and configuration management process? How does the application servers patched and what frequency? What are the mechanisms for managing the access control? How is the database protected from unauthorized access? How are they identifying the access reset requests are from the actual user. How do they create and delete/disable user accounts? what are the procedures for these activities. IS the data encrypted? If encrypted, how is the encryption keys are protected? What is key management process being followed? How is the data loss prevention ensured? Details of the DLP controls implemented? Is there a backup mechanism established? How is the data protected in the backups? Does the cloud service provider meets the regulatory requirements? For example, if the service is a ecommerce service then the cloud service could become part of the card holder environment and thus the PCI DSS regulation as there are potential card data being processed. Similarly, if the health information is processed, it can be HIPAA and similar other regulations. Is the cloud computing service provider meets the compliance requirements? Where is your data being hosted? Is it within your country or its jurisdiction? Is your organization comfortable with the legal system in the country where your data resides? How about cloud computing service provider who has a network of data centres across the globe and your data is scattered across these data centres? Can it limit the countries where the data is stored?
  • What are the conditions / scenarios where the data is revealed without the consent / approval of the organization? Does the application provide enough audit trials to review the incidents? Does it corporate with local legal system? Often the local law authorities require access to the processing computers, how is it support those requests?
  • ...1 more annotation...
  • Security Management What are the information security management policies and procedures implemented and documented? Are all employees required to undergo the security awareness training and acknowledge their acceptance to the policies and procedures at least annually? Is the cloud computing service provider has a dedicated information security professional? What are the network security capabilities established by the service provider? Are these personal technical qualified and certified? How is the insider threats within the cloud service provider being addressed? What is the background verification process being followed by the cloud service provider? Is there a privileged activity monitoring of systems and databases? How is the security incidents and violations are handled? Does it have a documented policy? How is the log integrity ensured? What are the mechanisms implemented to ensure that the logs cannot be altered and / or stopped. How long the logs are kept online and on the backup? What are the business continuity and disaster recovery capabilities of the cloud service provider? Many organization look at cloud as a BCM solution. Does the underlying cloud service provider is capable of delivering a BCM aware cloud service?
sandy ingram

CERT's Podcast Series - 0 views

www.cert.org/...20090120pethia.html

Cert podcast

shared by sandy ingram on 12 Feb 09 - Cached
sandy ingram liked it
  • sandy ingram on 12 Feb 09
     
    CERT'S PODCASTS: SECURITY FOR BUSINESS LEADERS: SHOW NOTES Tackling Tough Challenges: Insights from CERT's Director Rich Pethia Key Message: Rich Pethia reflects on CERT's 20-year history and discusses how he is positioning the program to tackle future IT and security challenges. Executive Summary CERT's vision is a securely connected world. CERT's mission is to enable informed trust and confidence in the use of information technology. To achieve this vision and mission, CERT has broadened its perspective to include the full system/software engineering and operations life cycle and is reaching out to thought leaders in the global IT and security community. In this podcast, Rich Pethia, director of the CERT Program at Carnegie Mellon University's Software Engineering Institute, discusses the past, current, and future state of Internet security and CERT's role in tackling future challenges as CERT celebrates its 20th anniversary. PART 1: LOOKING BACK, LOOKING FORWARD: THE GOOD, THE BAD, AND THE UGLY CERT's Vantage Point CERT's vision is a securely connected world, supported by CERT's mission of enabling informed trust and confidence in the use of information technology. As the director of CERT, Pethia has unique access to government, commercial, and industry leaders. The Good News Internet use continues to grow, not just in size (number of people, volume of traffic) but also in utility, for example: * the increasing amount of real government and business operations * the introduction of new applications * the growing use of new mobile appliances User awareness of the need to address security is increasing along with increasing attention from service providers (firewalls, virus protection, anti-spyware, data backup). Developers are paying more attention to building security into their products. Vendors have more mature processes for providing cost-effective, timely updates for software vulnerabilities. Users are more willing
sandy ingram

Complex Global Risks, Boardroom Demands to Challenge Risk Managers in 2010: Marsh | EON... - 0 views

eon.businesswire.com/...permalink

risks security privacy Compliance

shared by sandy ingram on 02 Jun 10 - Cached
  • “With the ever-increasing complexity of global exposures, successful risk management today depends on timely information, regulatory awareness, and thoughtful anticipation of the range of local and global scenarios,”
  • sandy ingram on 02 Jun 10
     
    Global risk managers are challenged by new boardroom demands of insurer security, balance sheet transparency, and heightened accountability.
sandy ingram

Targeting U.S. Technologies - 0 views

dssa.dss.mil/2009

privacy security cybersecurity Fraud

shared by sandy ingram on 07 Apr 10 - Cached
  • United States defense-related technologies and information are under attack: each day, every hour, and from multiple sources. The attack is pervasive, relentless, and unfortunately, at times successful
  • Defense contractors with access to classified material are required to identify and report suspicious contacts and potential collection attempts as mandated in the National Industrial Security Program Operating Manual (NISPOM)
  • DSS encourages all Facility Security Officers to use the information in this report to supplement security awareness and education programs at their facilities.
  • sandy ingram on 07 Apr 10
     
    United States defense-related technologies and information are under attack: each day, every hour, and from multiple sources. The attack is pervasive, relentless, and unfortunately, at times successful. As a result, the United States' technical lead, competitive edge, and strategic military advantage are at risk; and our national security interests could be compromised. Defeating this attack requires knowledge of the threat and diligence on the part of all personnel charged with protecting classified information, to deter or neutralize its effect. The Defense Security Service (DSS) works with defense industry to protect critical technologies and information. Defense contractors with access to classified material are required to identify and report suspicious contacts and potential collection attempts as mandated in the National Industrial Security Program Operating Manual (NISPOM). DSS publishes this annual report based on an analysis of suspicious contact reports (SCRs) that DSS considers indicative of efforts to target defense-related information.
sandy ingram

Most Large Enterprises Already Active in Cloud Computing: Survey - Cloud Computing - Ne... - 0 views

www.eweek.com/...-Cloud-Computing-Survey-476848

cloud compliance Privacy security enterprises

shared by sandy ingram on 21 Dec 10 - No Cached
  • The results indicate that "there are more cloud implementations within the enterprise than people were aware of," Jay Fry, vice president of marketing for the cloud computing division at CA Technologies, told eWEEK. The report indicates that IT administrators are starting to get some visibility on what the various groups within the organization are working on, he said. As more people begin to discuss the cloud within the enterprise, the visibility will continue to improve, said Fry.
  • In the past, there were "rogue deployments" that the company’s IT staff didn’t even know about, because the individual line of business was purchasing software-as-a-service offerings without involving IT.
  • Collaboration tools such as hosted e-mail, antivirus and spam filtering and Web conferencing software accounted for a bulk of cloud deployments, at 75 percent, according to the report
  • ...2 more annotations...
  • The primary incentive for initially going to the cloud is to trim costs, he said. While that result was expected, the report found that IT staff considered other benefits, such as agility and adaptability as soon as six months after deployment, said Fry.
  • Many large organizations are already active in cloud computing in some form and are planning more deployments, according to a CA Technologies study.
  • sandy ingram on 21 Dec 10
     
    "More than 80 percent of surveyed enterprises and 92 percent of the largest enterprises, have at least one cloud service, the report found. Additionally, more than half, or 52 percent, of organizations using the cloud claimed to have more than six cloud services."
sandy ingram

CEOs underestimate security risks, survey finds - 0 views

www.computerworld.com/...te_security_risks_survey_finds

Best Practice privacy security CEO Ponemon suvey

shared by sandy ingram on 18 Jul 09 - No Cached
  • Computerworld - Compared to other key corporate executives, CEOs appear to underestimate the IT security risks faced by their own organizations, according to a survey of C-level executives released today by the Ponemon Institute.
  • of 213 CEOs, CIOs, COOs and other senior executives reveals what appears to be a perception gap between CEOs and other senior managers concerning information security issues.
  • 48% of CEOs surveyed said they believe hackers rarely try to access corporate data
  • ...5 more annotations...
  • On the other hand, some 53% of other C-level executives believe that their company's data is under attack on a daily or even hourly basis.
  • The survey also found that the top executives were less aware of specific security incidents at their companies than other C-level executives and are more confident that data breaches can be easily avoided.
  • CEOs and other top managers differed in their opinion of who is responsible for protecting corporate data.
  • While eight out of 10 respondents said they believe there is one person responsible for data protection in their organization, there was a sharp difference of opinion on just who that person was.
  • More than half of the CEOs said that CIOs are responsible for protecting data at their companies; only 24% of other senior managers felt the same way
  • sandy ingram on 18 Jul 09
     
    Computerworld - Compared to other key corporate executives, CEOs appear to underestimate the IT security risks faced by their own organizations, according to a survey of C-level executives released today by the Ponemon Institute.
sandy ingram

symantec state of security 2011 survey - 0 views

www.symantec.com/...ymc_state_of_security_2011.pdf

symantec awareness survey Best Practice

shared by sandy ingram on 12 Oct 11 - No Cached
  • sandy ingram on 12 Oct 11
     
    classifying confidential, sensitive information, knowing where it resides, who has access to it, and how it is coming in or leaving your organization . 
1 - 11 of 11
Showing 20 items per page