Web Links Directory - Free human edited web sites directory  - Article Details
STATISTICS
  • Active Links: 293864
  • Pending Links: 810009
  • Todays Links: 678
  • Total Articles: 2460
  • Total Categories: 14
  • Sub Categories: 687

Cyber Security Compliance - Prevention is better than cure

Date Added: November 14, 2011 04:00:14 AM
Author: Astal Mark
Category: Computers & Internet
If prevention is better than cure, then good compliance is better than cleaning up after a breach, at any time. The first step is to collect, analyze and store data about how your organization operates. Undertaking a threat risk assessment (TRA) will establish the data to collect and monitor in order to protect your organization and information assets. The questions to ask to define these data are: • What information assets go to the core value of your organisation? • What is potentially at risk of cyber attack (from outside or within)? • What are the likely impacts if such an attack is successful? When collecting and retaining records of electronic activities, keep in mind that the onus of proof will be on you in the event of an adversarial claim. Should you not have complete, evidentiary records; your ability to respond effectively will be limited. Good record‐keeping may sound like just good housekeeping, but in the event of an incident, it’s irreplaceable. Equally important is the risk of data breaches by employees. Reports suggest that employees, especially disgruntled ones seeking to ‘get even’, are responsible for close to 70% of all data leakage, theft or misuse (McAfee, E‐Crime Congress, London, and March 2009). Those with high level access or familiarity with your IT and cyber security systems pose a serious risk; they have passed Access Control and know how to access your IT systems with impunity. The operational and financial impact of a compliance breach can be profound, which makes preventative efforts crucial. Once the key organizational risks are identified, a few simple steps can be taken to effect compliance management and safeguard your assets: • Develop scalable monitoring and control processes and systems; • Use compliance frameworks to establish and enforce policies for systems usage; • Deploy competent technology to simplify the process and maximise control; • Ensure that all IT activities are logged and retained in full; • Audit IT and security systems for measurable information; and • Report and remediate any non‐compliant information access or use. Automated technology will lighten the burden of collecting and analyzing huge amounts of information, but don’t be fooled: compliance is not ‘set and forget’. Compliance testing should be ongoing in your organization with regular internal audits. If Zurich UK had done that, the exposure may have been obvious long before the breach occurred. More recently, the Sony Play station hack exposed 77 million customer details, which weren’t even encrypted. It was only after the event that Sony decided to appoint a CSIO (Sony must learn from PlayStation Network attacks: Sophos, Norton Computerworld, 27 May, 2011) Verizon’s annual survey found that 96% of breaches were avoidable through simple or intermediate controls, so clearly compliance isn’t hard to do. The same survey found an astonishing ‘89% of organizations suffering payment card breaches had not been compliant with PCI DSS at the time of the breach.’ (Verizon 2011 Data Breach Investigations Report). The take‐away here is that having security systems, processes and policies in place isn’t enough, and collecting event logs of your electronic transactions isn’t either: you need to monitor the effectiveness of your security systems, examine your event logs on a regular basis, and validate your compliance with your industry’s regulations frequently. Put another way, you can’t stay fit by standing still.
Ratings
You must be logged in to leave a rating.
Average rating: (0 votes)
Comments

No Comments Yet.


You must be logged in to leave a Comment.
ARTICLES
How to remove link from Wldirectory
Here is the short description, how to remove your link, if you no longer need it.
Get started with jewellery online shopping and find yourself many discounts and offers to avail
Today, Internet is the most versatile tools in the field of marketing. People generally uses it, as to advertise their business and products, as to attaing more and more money and also to get some merchandise.
Shared Hosting Cons And Professionals
Tie this to the fact that Bluehost offer a one month, full money back guarantee if you are unsatisfied for just about any cause. This would be particularly so as it pertains to multiple web hosting.of datacenters.
Monster Beats Headphones Outlet
A center channel is also included. When you are experienced enough, try your hand on starting your own recording studio.
Are you purchasing quality furniture?
When it comes to purchasing furniture you have so many places to choose from.