High-profile attacks, inadequate defenses burden IT security programs
A plethora of high-profile data security breaches that marred the first half of 2011, and other recent high-profile attacks, such as Stuxnet, Operation Aurora and state-sponsored persistent threats, have dominated the discussion in the information security community. These incidents have highlighted a critical question for nearly all enterprises: How can an organization be more proactive, monitoring the threat landscape for actionable information to improve IT security programs?
While log management, security reporting tools and automated patch management systems can be effective in helping prevent successful attacks and collecting data after the fact, experts say in most organizations a more proactive security program is sorely needed, namely one that get’s employees thinking about risk management to thwart attacks before they infect endpoint machines. But turning around a security program stuck in a reactive mode is easier said than done.
- Cloud computing contracts and security’s role
Cloud computing has put the spotlight on contracts and service-level agreements, along with security’s role in the contract process. There are many security provisions that need to be included in cloud computing contracts to ensure corporate data is protected, making it critical for security managers to participate in contract preparation and negotiation, experts say.
- Gartner: Dodd-Frank Act adherence demands compliance bureau
All companies, not just financials, must comply with the Dodd-Frank Act; Gartner recommends having a compliance bureau monitor the implications. The act has a number of compliance hurdles, including several which enterprise security and compliance managers should give scrutiny.
- Security awareness tips: Making programmes more effective
Several information security pros, via LinkedIn, share their best security awareness tips.
- IT security awareness training tutorial: Employee compliance education
Learn best practices for employee awareness training — an essential aspect of compliance, as well as overall security — in this tutorial.
In this video (right), Senior Site Editor Eric B. Parizo spoke with two government infosec practitioners about a variety of issues, including risk management strategy, cloud computing security and the consumerization of IT at the 2011 Gartner Security & Risk Management Summit.
- Podcast: Marketing security services: Ideas for marketing your business
Get advice for marketing security products and services, including how much to spend on marketing, using video and talking up breaches.