RiskIT Logo

Issue 48                                             Friday, November 4, 2011 

 

What IT Security Pros Don't Know

 

What to Do About Glaring Knowledge Gaps

 

IT security pros working in the trenches confess they don't know as much as they should about networks and infrastructure they're paid to defend.

 

Six out of 10 report they don't know the capabilities of the tools they use.

 

More than half of nearly 2,000 IT security folks attending the recent Cisco Live and Lue Hat USA conference say, in response to a survey, they have no idea which internal apps and assets on their networks are accessible to outsiders.

 

 

To read this article in its entirety, please click:

What IT Security Pros Don't Know

Controlled Unclassified Information: 5 Steps to a Successful CUI Compliance Plan

 

By December 6, 2011, all federal agencies must develop a compliance plan for how they will identify and protect Controlled Unclassified Information (CUI). Is your agency ready?

 

In this white paper, Patricia Hammar, executive secretary of the CUI Presidential Task Force, provides expert advice on developing a CUI compliance plan, including templates and best practices from governments that have implemented similar initiatives.

 

  

To read this article in its entirety, please click:

Controlled Unclassified Information: 5 Steps to a Successful CUI Compliance Plan

 

 

Computer Hackers Hit Chemical Firms, Symantec
Says

 

Leading chemical firms fall victim to hackers

 

Computer hackers struck 29 chemical companies in attacks this summer aimed at gathering data on formulas and manufacturing processes, according to Symentec Corp.

 

The targets, which weren't identified by name, included "multiple fortune 100 companies involved in research and development of chemical compounds and advanced materials," Symantec said in a report released Monday.

 

To read this article in its entirety, please click:  

Computer Hackers Hit Chemical Firms, Symantec Says

    

Is Your Vulnerability Management Program Leaving You at Risk?

 

In Aberdeen's research, "Managing Vulnerabilities and Threats: No, Anti-Virus is Not Enough" (December 2010), we saw that companies percieve malware as both high-incidence and high-risk, and that they are spending a material amount of money on their vulnerability management initiatives. But further analysis shows that in spite of these expenditures they may actually be ignoring as much as 80-90% of their endpoint security-related risk.

To read this article in its entirety, please click: 

 Is Your Vulnerability Management Program Leaving You at Risk?

 

Compliance: Telling the Board What it Needs to Know
  

Due to a recent compliance enforcament action, Pfiser was forced to separate its complaince function from its legal function and Lankler began to report directly to the Board.

 

This has led to a tripartite level of reporting at the Board level. There is a monthly meeting of the Audit Committee, to which he reports to, by telephone and bi-monthly in person meeting, to which Lankler also reports.

  

To read this article in its entirety, please click:

 

 
RiskIT Logo 
is an email publication provided by

 

Eminere Group Logo 

 

Disaster Recovery Journal

 

 

 

ISACA Logo

 

 

 

 HIMSS Logo

 

 

More Useful Links...
  
  
  
  
  
  
  
  
  
Join Our Mailing List