Building on a long-standing, multifaceted alliance, EMC and Microsoft Corp. today announced they have expanded their technology partnership to help companies better protect sensitive information and share it in a more secure manner. The companies will be working together with a built-in “systems” approach that helps protect information throughout the infrastructure based on content, context and identity.
The partnership will take advantage of resources and technology from Microsoft and RSA, The Security Division of EMC. Microsoft will build the RSA® Data Loss Prevention (DLP) classification technology into the Microsoft platform and future information protection products.
EMA has issued a new advisory that highlights emerging threats in IT Security and Risk Management due to the financial crisis. Including the anticipation of new compliance issues (W3D), “What Washington Will Do”. SOX emerged from a downturn.
Enterprise Management Associates (EMA), a leading IT management research and consulting firm has released a new advisory note titled, “What the Economic Crisis Means for IT Security and Risk Management.” In the advisory note, EMA research director, Scott Crawford, highlights the impact of the current financial industry meltdown, and its implications for the management of security and risk in IT.
“Clearly, the fallout from this crisis poses serious issues for IT security and risk management. Professionals in these fields should be thinking seriously about what they may be facing as a result – but that’s not all,” said Crawford. “They also must understand how this crisis came about in order to be prepared for what will follow – as well as what it says about the mindset of the business when it comes to managing risk in any respect.”
Crawford focused on the increased IT security threats and risk management issues that come into play when the financial industry is unstable. Some examples of the economy’s impact on IT security, risk management and compliance include:
What do you keep on your USB thumb drive? Project information, company information, client files, personal data? If you have data you want to protect with military grade encryption in a rugged USB thumb drive, take a look at the IronKey lineup of USB drives.
Three Versions
IronKey USB thumb drives come in a variety of sizes from 1 GB to 8 GB. You can pick from three versions depending on your need.
- IronKey Basic is the core technology platform for the IronKey family of secure storage and authentication products.
- IronKey Personal is a revolutionary personal security device designed to protect your data, passwords and online identity on any computer.
- IronKey Enterprise is the world’s most secure hardware-encrypted USB flash drive. IronKey devices are easy to use, and there is no need to install software or drivers. You can remotely administer policies across thousands of IronKey devices with the IronKey Enterprise management service. With its embedded strong authentication capabilities, IronKey Enterprise is also a scalable platform for deploying innovative secure enterprise applications.
A recent survey conducted by McAfee revealed that 52% of small and medium sized businesses felt they were too small to be of any value to cyber criminals and that they were adequately protected by default security settings.
For example:
- 35% of SMBs are ”not concerned” about being a target for cyber crime
- 52% don’t think they are well known enough to be a target for cyber criminals
- 45% of SMBs do not think they are a valuable target for cyber criminals
- 46% do not think they could make a cyber criminal any money
- 44% of SMBs think cyber crime is an issue for larger companies
Regardless of size, viruses, hacker intrusions, spyware, and spam can lead to lost or stolen data, computer downtime, decreased productivity, and worst of all lost revenue. And just because a business is small, it does not mean they are immune to security threats.
Verizon Business has released the “2008 Data Breach Investigations Report” that spans four years and more than 500 forensic investigations. It includes analysis of three of the five largest corporate breaches ever reported.
Key findings in the report indicate that 87 percent of all security breaches were avoidable through reasonable security measures.
Other key findings include:
- Most data breaches investigated were caused by external sources. Thirty-nine percent of breaches were attributed to business partners, a number that rose five-fold during the course of the period studied.
- Most breaches resulted from a combination of events rather than a single action. Sixty-two percent of breaches were attributed to significant internal errors that either directly or indirectly contributed to a breach. For breaches that were deliberate, 59 percent were the result of hacking and intrusions.
- Of those breaches caused by hacking, 39 percent were aimed at the application or software layer. Attacks to the application, software and services layer were much more commonplace than operating system platform exploits, which made up 23 percent. Fewer than 25 percent of attacks took advantage of a known or unknown vulnerability. Significantly, 90 percent of known vulnerabilities exploited had patches available for at least six months prior to the breach.
- Nine of 10 breaches involved some type of “unknown” including unknown systems, data, network connections and/or account user privileges. Additionally, 75 percent of breaches are discovered by a third party rather than the victimized organization and go undetected for a lengthy period.
- In the modern organization, data is everywhere and keeping track of it is an extremely complex challenge. The fundamental principle, however, is quite simple – if you don’t know where data is, you certainly can’t protect it.
Aternity Inc. announced today the results of its survey, “IT Management: Key Drivers and Challenges in 2008.” More than 70 senior IT and Line-of-Business (LOB) professionals participated in the survey, ranking their key IT priorities for 2008 and sharing their perspective on end user experience management strategies and best practices.
The top five priorities and key IT challenges for 2008 according to survey respondents in order of importance:
Proactive Problem Detection (35.6 percent)
Gaining a more proactive handle on IT problems before the impact is felt by end users or upon business productivity and performance. This is a key function of proactive management and one of the most beneficial aspects to it. Investment in monitoring software and services is expected to grow 45 percent between 2005 and 2011.
Server Virtualization (21.9 percent)
With a constant need to increase do more with less; server virtualization is a growing industry. With server virtualization, you can consolidate workloads of underutilized server machines onto a smaller number of fully utilized machines. Fewer physical machines can lead to reduced costs through lower hardware, energy, and management overhead, plus the creation of a more dynamic IT infrastructure.
Spyware, viruses and worms continue to plague most organizations, but security challenges tied to the use of handheld devices and mobile and remote computing are growing at a rapid pace, new research commissioned by the Computing Technology Industry Association (CompTIA) reveals.
The CompTIA survey of more than 2,000 individuals found that viruses and worms, cited by 54 percent of respondents, and spyware, selected by 51 percent, continue to be the top two information security threats organizations face today.
But security issues related to handheld devices, and to mobile and remote workers, are clearly emerging concerns. In each of the four countries where surveys were conducted the United States, Canada, United Kingdom, and China more than 50 percent of respondents said security threats related to use of handheld devices has increased significantly compared to one year ago.
The Computing Technology Industry Association (CompTIA), the leading provider of vendor-neutral certifications for the world’s technology workforce, today announced the availability of new objectives for its CompTIA Security+ certification.
Publication of 2008 Edition objectives, which detail the content of the certification exam, is a prelude to the launch of an updated CompTIA Security+ scheduled for the fourth quarter of 2008.
The update of CompTIA Security+ is in keeping with CompTIA’s practice of continuous and ongoing review of its certification content to assure that it addresses the latest changes in technology and reflects the skills needed by tech workers and required by employers.
In the case of CompTIA Security+, greater emphasis is being placed on knowing how to address specific security issues, rather than simply being able to recognize these issues. The new exam will cover six major objectives, or topics:
Security managers often end up being the bad guy when they delay a project. The reason is they are not fully consulted or included in the project. To avoid delays security managers should be included in the project life-cycle management process from the beginning.
Mathias Thurman a security manager by trade came up with 13 criteria that dictate whether a project needs security consideration. Project managers can look over the criteria when they initiate a new project and quickly determine whether it will require the attention of security management.
To ensure the project team includes security management in the project, Mathias has created an easy to use Excel spreadsheet of requirements that project managers can use to ensure that security in included early in the project’s life cycle. A downloadable version of the spreadsheet is available here.
Source: Computerworld
Protecting your Enterprise IT system from threats both external and internal becomes harder each day. There will always be new methods of intrusion and infection that threaten your system. Your Security Management group should develop a set of best practices to ensure that your IT infrastructure is secure and can continue to support your business.
