AberdeenGroup. The Importance of Database Vulnerability Assessments. Business Value Research Series. September 2005
|
|
- Logan Scott
- 8 years ago
- Views:
Transcription
1 e AberdeenGroup The Importance of Database Vulnerability Assessments Business Value Research Series September 2005
2 Executive Summary Why a Vulnerability Assessment is Important A mid all the gains of the Information Age comes an increasingly threatening trade-off: the exposure of confidential, sensitive information that can wound a company or person. With increased government regulation covering such areas as corporate disclosure and information privacy, it s necessary for businesses to make sure the information residing in their databases is secure. Aberdeen research has found that senior executives are making best security practices a major improvement initiative for three key reasons: avoiding fallout from customer and corporate data leakages (especially from within the company), passing regulatory audits, and maintaining agility in a rapidly changing global economy. All the more reason to ensure data is protected. That s why many organizations rely on database vulnerability assessments as part of their information security strategies to guard against information theft that could expose a company to liability. A database vulnerability assessment hunts for weaknesses in databases and searches for anything out of the ordinary, allowing organizations to act before they re subjected to a devastating attack. Policies and Procedures First Organizations must first establish policies and procedures for accessing information, since a vulnerability assessment can make sure they re being followed. When they re not, an assessment can help alert the company to potential attacks and risks to company data. Automated assessment tools can do the job, and with the heavily increased focus on information security, automation is yielding strong, positive results and allowing IT to focus more of its energy elsewhere. In a recent Aberdeen report, Best Practices in Security: Information and Access, some firms employing best practices in securing information and access to their databases came to realize that automation found hundreds of vulnerabilities, and plugged gaps in complying with growing government regulations, especially Sarbanes-Oxley. Also, automated improvements in auditing helped slash audit deficiencies by 20% to 45%. Aberdeen believes strongly that regular vulnerability assessments of corporate databases should be a cornerstone of sound, ongoing management of database security, and of overall security strategy. The stakes are too high to ignore them, with growth, market share, profitability, brand image, and compliance in an expanding regulatory environment all near the top of many corporate agendas. Automating assessments has the potential to offer a comprehensive way of doing the job, providing much savings in time, labor, and money. Aberdeen believes that specific solutions that test for database vulnerabilities and information risks constitute a best practice. ii AberdeenGroup
3 Aberdeen Recommendations Aberdeen recommends that organizations take the following actions: Test and validate databases and configuration vulnerabilities where critical customer and business data reside. Be sure any tool you re considering is based on industry-accepted best practices and is customizable to meet business needs in supporting as many of your organization s internal security policies and procedures as possible. The degree of competition your organization faces, its brand image, and the degree of government and industry regulation it must follow should dictate how often it should conduct a vulnerability assessment. For instance, a financial services organization should check more often; so should any organization that must adhere to Sarbanes-Oxley. AberdeenGroup iii
4 Table of Contents Executive Summary... ii Why a Vulnerability Assessment is Important...ii Policies and Procedures First...ii Aberdeen Recommendations...iii Chapter One: What is a Database Vulnerability Assessment?...1 Policies and Procedures First... 2 Why Frequent Database Vulnerability Assessments Are Important... 3 Checking for Vulnerabilities... 4 Chapter Two: Aberdeen Recommendations...5 Appendix A: Research Methodology...6 Appendix B: Related Aberdeen Research & Tools...7 About AberdeenGroup...8 Figures Figure 1: Focus of Business Improvements to Automate Information Access...2 AberdeenGroup
5 Chapter One: What is a Database Vulnerability Assessment? T he Information Age has, without question, changed the workplace in numerous ways, creating a near universal reliance on electronic devices that can make it easier to work. The trade-off, however, is the exposure of confidential, sensitive information that can wound a company or person. With increased government regulation covering such areas as corporate disclosure and information privacy, it has become necessary for businesses to make sure that the information residing within their databases is locked down tightly. That applies especially to data on customers. The key constituency provided with access to this information is a corporation s customers. This makes sense. After all, it s the customers whom employees should be interacting with in order to produce positive financial results. The percentage of companies automating access to information for customers supersedes automation in other focus areas of business improvement (Figure 1). This should not be surprising given the strong linkage between customer sales and service, and the business imperative to increase customer retention and efforts to improve top-line growth. So, there s little reason why Aberdeen research has found that senior executives are making best security practices a major improvement initiative for three key reasons: avoiding fallout from customer and corporate data leakages (especially from within the company), passing regulatory audits, and maintaining agility in a rapidly changing global economy. All the more reason to ensure data is protected. That s why many organizations rely on database vulnerability assessments as part of their information security strategies to guard against internal information theft that could expose a company to liability. A database vulnerability assessment hunts for weaknesses in databases and searches for anything out of the ordinary, allowing organizations to act before they re subjected to a devastating attack. AberdeenGroup 1
6 Figure 1: Focus of Business Improvements to Automate Information Access Source: AberdeenGroup, June 2005 Policies and Procedures First Organizations must first establish policies and procedures for accessing information, since a vulnerability assessment can make sure those processes are being followed. When they re not, an assessment can help alert the company to potential attacks and risks to company data. To be sure, there are knowledgeable information security consultants who can do the job and provide solid advice for organizations whose security practices need tune-ups or overhauls. But they would need some time to become familiar with a client s information security policies and procedures as well as its competitive and regulatory landscapes before probing the databases. Then, of course, there s the separate issue of whether they are available for the time slot in which you would need them. But there are automated assessment tools that can do the job. With a heavier focus on information security, automated tools are helping companies yield strong, positive results, and allowing IT to focus more of its energy elsewhere. In a recent Aberdeen report, Best Practices in Security: Information and Access, some firms employing best practices in securing information and access to their databases came to realize that automation found hundreds of vulnerabilities and plugged gaps in complying with growing govern- 2 AberdeenGroup
7 ment regulations, especially Sarbanes-Oxley. Also, automated improvements in auditing helped slash audit deficiencies by 20% to 45%. All companies in the report also cite data and knowledge as their most critical tools for improving the performance of their security programs. The stance these sites take: What you don t know is much more important than what you do know. Some of these sites track and aggregate data from their information and access procedures, creating real-time risk management dashboards. What s interesting to note is that all companies are discovering the benefits security is providing business operations, especially lower costs in support and IT operations. Further, almost all the companies rate protection, segmentation, and monitoring of customer and corporate data among the most important criteria for their security programs. Why Frequent Database Vulnerability Assessments Are Important According to the report, many firms cite regulatory audit pressures for moving ahead with greater controls over access to information. Firms are also concerned about protecting their brands, especially in such data-intensive and regulation-heavy industries as finance, healthcare, and financial services. Along with that comes external factors that impact database security, such as software upgrades, application changes, a constant flow of patches, and an omnipresent hacker community that s much quicker at exploiting new, patched, and upgraded software and gaining access into an organization s information jewels. But the largest problem may lie with people, the end users who handle most of the information that rests within corporate databases. They may use data either maliciously, or accidentally, say, by leaving a password on a desk for someone else to write down, or downloading software onto a desktop that opens a security hole. All this points up to the importance of vulnerability assessment tools. Aberdeen considers the use of them a best practice, especially those dedicated to corporate databases that can protect data on a wide variety of devices and media. Consider a vulnerability assessment as an occasional checkup in which the organization is being tested for potential illnesses (data loss), warning signs that could presage a potential illness (a security hole), and if the organization is doing the right things to guard against illness. They may include such operations standards as making sure employees are adhering to information security policies and procedures and that the IT organization is doing its part, such as monitoring software upgrades and password refreshes. Indeed, the inverse of accelerated information sharing, the security controls imposed on who can access what information, under what circumstances, and when, depend on the nature of three critical inputs: 1) The organization s polices and standards 2) The need to keep the firm s name out of the media by avoiding mishandling of customer data 3) The need to pass a number of different audits A financial services company profiled in the Aberdeen report deployed a wide range of vulnerability assessment technologies to identify weaknesses. As part of this evolution, AberdeenGroup 3
8 the firm decided to automate security scanning, vulnerability assessment, and remediation for its databases, where most core data resides. The company has been able to verify the locations of core data, vulnerabilities in its databases and their underlying operating systems, and the changes to data. The firm is using alerts for conditions that exceed its risk thresholds, while ensuring that configuration mistakes and security vulnerabilities in the databases are fixed. In addition, the company has been able to identify and eliminate inappropriate privilege conditions, authorized and unauthorized access to data, and suspicious behavior regarding its most valuable IT assets: its data and customers data. If your organization considers top-line growth, global competitiveness, and increased regulation among its foremost concerns, automated vulnerability assessments make sense, conducted regularly, make sense. Checking for Vulnerabilities Before devising a strategy for vulnerability assessments, evaluate the business risks involved with data leakage, including the potential of lost and disaffected customers, the costs of legal action, regulatory compliance problems, delays that may be caused in sourcing products, and lost business opportunity due to stolen product designs. Then, do a complete mapping of the technology infrastructure by major business processes to understand how the systems, networks, applications, and information flows should be operating to support business operations. For companies with Sarbanes-Oxley programs underway, this additional effort should not have to be too extensive. All firms should pinpoint where sensitive data resides in their organizations and develop a gap analysis between the desired and actual conditions. After evaluating the business risk impact, find and fix the security blind spots in your organization by identifying and resolving vulnerabilities in key databases. A tool that can store your organization s information security policies, especially role-based access controls, can determine if those policies are being followed and be especially helpful in detecting potential vulnerabilities within the company. 4 AberdeenGroup
9 Chapter Two: Aberdeen Recommendations A berdeen believes strongly that regular vulnerability assessments of corporate databases should be a cornerstone of sound, ongoing management of database security and of overall security strategy. The stakes are too high to ignore them, with growth, market share, profitability, brand image, and compliance in an expanding regulatory environment all near the top of many corporate agendas. Automating assessments has the potential to offer a comprehensive way of doing the job, providing much savings in time, labor, and money, and Aberdeen believes that specific solutions that test for database vulnerabilities and information risks constitute a best practice. Aberdeen offers the following recommendations: Test and validate databases and configuration vulnerabilities where critical customer and business data reside; Be sure that any tool you re considering is based on industry-accepted best practices and can be customized to meet business needs in supporting as many of your organization s internal security policies and procedures as possible; and The degree of competition your organization faces, its brand image, and the degree of government and industry regulation it must follow should dictate how often it should conduct a vulnerability assessment. For instance, a financial services organization should check more often; so should any organization that must adhere to Sarbanes-Oxley. AberdeenGroup 5
10 Appendix A: Research Methodology P rimary quantitative research that contributed to this report includes benchmark research programs conducted with more than 500 qualified respondents, along with more than 100 in-depth interviews. Further research was conducted with more than 200 companies known to be operating at best-in-class levels by Aberdeen. 6 AberdeenGroup
11 Appendix B: Related Aberdeen Research & Tools Related Aberdeen research that forms a companion or reference to this report includes: Best Practices in Security: Information and Access (June 2005) Best Practices in Security: Network and Infrastructure (June 2005) Best Practices in Security: Governance (June 2005) The Automating Information Access Benchmark Report (September 2004) The Security Spend Management Benchmark Report (December 2004) Information on these and any other Aberdeen publications can be found at AberdeenGroup 7
12 About AberdeenGroup Our Mission To be the trusted advisor and business value research destination of choice for the Global Business Executive. Our Approach Aberdeen delivers unbiased, primary research that helps enterprises derive tangible business value from technology-enabled solutions. Through continuous benchmarking and analysis of value chain practices, Aberdeen offers a unique mix of research, tools, and services to help Global Business Executives accomplish the following: IMPROVE the financial and competitive position of their business now PRIORITIZE operational improvement areas to drive immediate, tangible value to their business LEVERAGE information technology for tangible business value. Aberdeen also offers selected solution providers fact-based tools and services to empower and equip them to accomplish the following: CREATE DEMAND, by reaching the right level of executives in companies where their solutions can deliver differentiated results ACCELERATE SALES, by accessing executive decision-makers who need a solution and arming the sales team with fact-based differentiation around business impact EXPAND CUSTOMERS, by fortifying their value proposition with independent fact-based research and demonstrating installed base proof points Our History of Integrity Aberdeen was founded in 1988 to conduct fact-based, unbiased research that delivers tangible value to executives trying to advance their businesses with technology-enabled solutions. Aberdeen's integrity has always been and always will be beyond reproach. We provide independent research and analysis of the dynamics underlying specific technologyenabled business strategies, market trends, and technology solutions. While some reports or portions of reports may be underwritten by corporate sponsors, Aberdeen's research findings are never influenced by any of these sponsors. 8 AberdeenGroup
13 AberdeenGroup, Inc. 260 Franklin Street Boston, Massachusetts USA Telephone: Fax: AberdeenGroup, Inc. All rights reserved September 2005 Founded in 1988, AberdeenGroup is the technologydriven research destination of choice for the global business executive. AberdeenGroup has over 100,000 research members in over 36 countries around the world that both participate in and direct the most comprehensive technology-driven value chain research in the market. Through its continued fact-based research, benchmarking, and actionable analysis, AberdeenGroup offers global business and technology executives a unique mix of actionable research, KPIs, tools, and services. The information contained in this publication has been obtained from sources Aberdeen believes to be reliable, but is not guaranteed by Aberdeen. Aberdeen publications reflect the analyst s judgment at the time and are subject to change without notice. The trademarks and registered trademarks of the corporations mentioned in this publication are the property of their respective holders.
The Purchasing Card Benchmark Report. Best Tactics to Increase Program Growth
AberdeenGroup The Purchasing Card Benchmark Report Best Tactics to Increase Program Growth ABRIDGED EDITION Complete Edition Available at: http://www.aberdeen.com/link/sponsor.asp?spid=30410131&cid=1641
More informationAberdeenGroup. Procurement in New Product Development: Ensuring Profit from Innovation. Business Value Research Series
AberdeenGroup Procurement in New Product Development: Ensuring Profit from Innovation Business Value Research Series March 2006 Executive Summary P roduct innovation is a team sport. Product strategists
More informationAberdeenGroup. New Product Development: Profiting from Innovation. Business Value Research Series. December 2005
e AberdeenGroup New Product Development: Profiting from Innovation Business Value Research Series December 2005 Executive Summary D eveloping a new technology or solution that fills a need for a customer
More informationOnboarding Benchmark Report. Technology Drivers Help Improve the New Hire Experience
Onboarding Benchmark Report Technology Drivers Help Improve the New Hire Experience August 2006 Executive Summary Key Business Value Findings First impressions last. Future-looking companies recognize
More informationLeveraging a Maturity Model to Achieve Proactive Compliance
Leveraging a Maturity Model to Achieve Proactive Compliance White Paper: Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance Contents Introduction............................................................................................
More informationMobility, Security Concerns, and Avoidance
By Jorge García, Technology Evaluation Centers Technology Evaluation Centers Mobile Challenges: An Overview Data drives business today, as IT managers and security executives face enormous pressure to
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationBest Practices for Building a Security Operations Center
OPERATIONS SECURITY Best Practices for Building a Security Operations Center Diana Kelley and Ron Moritz If one cannot effectively manage the growing volume of security events flooding the enterprise,
More informationSymantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,
Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security, streamline compliance reporting, and reduce the overall
More informationLeveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs
IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government
More informationKaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management. www.kaseya.com
Kaseya White Paper Endpoint Security Fighting Cyber Crime with Automated, Centralized Management www.kaseya.com To win the ongoing war against hackers and cyber criminals, IT professionals must do two
More informationData Loss Prevention Program
Data Loss Prevention Program Safeguarding Intellectual Property Author: Powell Hamilton Senior Managing Consultant Foundstone Professional Services One of the major challenges for today s IT security professional
More informationManaging IT Security with Penetration Testing
Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to
More informationProfitable Product Development for SME. Small to Midsize Enterprises Profiting from Innovation
Small to Midsize Enterprises Profiting from Innovation March 2007 Executive Summary S mall to midsize enterprises (SMEs) are actively pursuing product development improvements to deliver more innovative
More informationFormulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements
A Forrester Consulting Thought Leadership Paper Commissioned By Oracle Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationA Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More informationData Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan
WHITE PAPER Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan Introduction to Data Privacy Today, organizations face a heightened threat landscape with data
More informationREGULATIONS FOR THE SECURITY OF INTERNET BANKING
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
More informationEnforcing IT Change Management Policy
WHITE paper Everything flows, nothing stands still. Heraclitus page 2 page 2 page 3 page 5 page 6 page 8 Introduction How High-performing Organizations Manage Change Maturing IT Processes Enforcing Change
More informationThe Challenges of Administering Active Directory
The Challenges of Administering Active Directory As Active Directory s role in the enterprise has drastically increased, so has the need to secure the data it stores and to which it enables access. The
More informationSimply Sophisticated. Information Security and Compliance
Simply Sophisticated Information Security and Compliance Simple Sophistication Welcome to Your New Strategic Advantage As technology evolves at an accelerating rate, risk-based information security concerns
More informationFIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationWhite paper September 2009. Realizing business value with mainframe security management
White paper September 2009 Realizing business value with mainframe security management Page 2 Contents 2 Executive summary 2 Meeting today s security challenges 3 Addressing risks in the mainframe environment
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationWHITEPAPER. Addressing Them with Secure Network Access Control. Executive Summary... An Evolving Network Environment... 2
WHITEPAPER Top 4 Network Security Challenges in Healthcare Addressing Them with Secure Network Access Control Executive Summary... 1 Top 4 Network Security Challenges Addressing Security Challenges with
More informationAccess is power. Access management may be an untapped element in a hospital s cybersecurity plan. January 2016. kpmg.com
Access is power Access management may be an untapped element in a hospital s cybersecurity plan January 2016 kpmg.com Introduction Patient data is a valuable asset. Having timely access is critical for
More informationBossier Parish Community College
Bossier Parish Community College Department of Cyber Information Technology Welcome to the Program! Network Security & Networking Tracks Code of Conduct This marks the beginning of your journey through
More informationImproving Network Security Change Management Using RedSeal
SOLUTION BRIEF Mapping the Impact of Change on Today s Network Security Infrastructure Improving Network Security Change Management Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom
More informationI D C E X E C U T I V E B R I E F
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com I D C E X E C U T I V E B R I E F P e netration Testing: Taking the Guesswork Out of Vulnerability
More informationSymantec Control Compliance Suite. Overview
Symantec Control Compliance Suite Overview Addressing IT Risk and Compliance Challenges Only 1 in 8 best performing organizations feel their Information Security teams can effectively influence business
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationLOG INTELLIGENCE FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become
More informationPCI Data Security Standards (DSS)
ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants
More informationINTRODUCTION TO PENETRATION TESTING
82-02-67 DATA SECURITY MANAGEMENT INTRODUCTION TO PENETRATION TESTING Stephen Fried INSIDE What is Penetration Testing? Terminology; Why Test? Types of Penetration Testing; What Allows Penetration Testing
More informationCA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.
TECHNOLOGY BRIEF: REDUCING COST AND COMPLEXITY WITH GLOBAL GOVERNANCE CONTROLS CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes. Table of Contents Executive
More informationBoard Portal Security: How to keep one step ahead in an ever-evolving game
Board Portal Security: How to keep one step ahead in an ever-evolving game The views and opinions expressed in this paper are those of the author and do not necessarily reflect the official policy or position
More informationWebsite Security: How to Avoid a Website Breach. Jeff Bell, CISSP, CPHIMS, ACHE Director, IT Security and Risk Services CareTech Solutions
Website Security: How to Avoid a Website Breach Jeff Bell, CISSP, CPHIMS, ACHE Director, IT Security and Risk Services CareTech Solutions www.caretech.com > 877.700.8324 An enterprise s website is now
More informationGetting a head start in Software Asset Management
Getting a head start in Software Asset Management Managing software for improved cost control, better security and reduced risk A guide from Centennial Software September 2007 Abstract Software Asset Management
More informationIncident Response Plan for PCI-DSS Compliance
Incident Response Plan for PCI-DSS Compliance City of Monroe, Georgia Information Technology Division Finance Department I. Policy The City of Monroe Information Technology Administrator is responsible
More informationSecurity and Privacy of Electronic Medical Records
White Paper Security and Privacy of Electronic Medical Records McAfee SIEM and FairWarning team up to deliver a unified solution Table of Contents Executive Overview 3 Healthcare Privacy and Security Drivers
More informationWeb application security Executive brief Managing a growing threat: an executive s guide to Web application security.
Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction
More informationAberdeenGroup. Avoiding Extinction. Small Business Retailer Survival in the 21 Century. Business Value Research Series. March 2005
AberdeenGroup Avoiding Extinction st Small Business Retailer Survival in the 21 Century Business Value Research Series March 2005 Executive Summary The Issue at Hand Making a living as an independent retailer
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,
More informationGovernment Worker Privacy Survey. Improper Exposure of Official Use, Sensitive, and Classified Materials
Government Worker Privacy Survey Improper Exposure of Official Use, Sensitive, and Classified Materials 1 Introduction Data privacy is a growing concern for the US government as employees conduct business
More informationSYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.
SYMANTEC MANAGED SECURITY SERVICES Superior information security delivered with exceptional value. A strong security posture starts with a smart business decision. In today s complex enterprise environments,
More informationThe Challenges of Administering Active Directory
The Challenges of Administering Active Directory As Active Directory s role in the enterprise has drastically increased, so has the need to secure the data it stores and to which it enables access. The
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More informationDefending the Database Techniques and best practices
ISACA Houston: Grounding Security & Compliance Where The Data Lives Mark R. Trinidad Product Manager mtrinidad@appsecinc.com March 19, 2009 Agenda Understanding the Risk Changing threat landscape The target
More informationImproving Unstructured Data Governance. Ryan Jancaitis Product Management Symantec
Improving Unstructured Data Governance Ryan Jancaitis Product Management Symantec Agenda 1 2 3 4 Overview Data Management Data Protection and Compliance Summary Unstructured Information Growth Leads to
More informationGuide to Vulnerability Management for Small Companies
University of Illinois at Urbana-Champaign BADM 557 Enterprise IT Governance Guide to Vulnerability Management for Small Companies Andrew Tan Table of Contents Table of Contents... 1 Abstract... 2 1. Introduction...
More informationManaged Security Services
Managed Security Services 1 Table of Contents Possible Security Threats 3 ZSL s Security Services Model 4 Managed Security 4 Monitored Security 5 Self- Service Security 5 Professional Services 5 ZSL s
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationHow to Secure Your SharePoint Deployment
WHITE PAPER How to Secure Your SharePoint Deployment Some of the sites in your enterprise probably contain content that should not be available to all users [some] information should be accessible only
More informationBreaking down silos of protection: An integrated approach to managing application security
IBM Software Thought Leadership White Paper October 2013 Breaking down silos of protection: An integrated approach to managing application security Protect your enterprise from the growing volume and velocity
More informationHow To Audit The Mint'S Information Technology
Audit Report OIG-05-040 INFORMATION TECHNOLOGY: Mint s Computer Security Incident Response Capability Needs Improvement July 13, 2005 Office of Inspector General Department of the Treasury Contents Audit
More informationReining in the Effects of Uncontrolled Change
WHITE PAPER Reining in the Effects of Uncontrolled Change The value of IT service management in addressing security, compliance, and operational effectiveness In IT management, as in business as a whole,
More informationOnboarding Benchmark Report. Technology Drivers Help Improve the New Hire Experience
Onboarding Benchmark Report Technology Drivers Help Improve the New Hire Experience August 2006 Executive Summary Key Business Value Findings First impressions last. Future-looking companies recognize
More informationAdopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.
Security solutions To support your IT objectives Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services. Highlights Balance effective security with
More informationA Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards
A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security
More informationcase study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME:
The Computerworld Honors Program Summary developed the first comprehensive penetration testing product for accurately identifying and exploiting specific network vulnerabilities. Until recently, organizations
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationReal World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services
Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons
More informationAnatomy of a Healthcare Data Breach
BUSINESS WHITE PAPER Anatomy of a Healthcare Data Breach Prevention and remediation strategies Anatomy of a Healthcare Data Breach Table of Contents 2 Increased risk 3 Mitigation costs 3 An Industry unprepared
More informationSimplifying the Challenges of Mobile Device Security Three Steps to Reduce Mobile Device Security Risks
Smartphones and tablets are invading the workplace along with the security risks they bring with them. Every day these devices go unchecked by standard vulnerability management processes, even as malware
More informationCA Vulnerability Manager r8.3
PRODUCT BRIEF: CA VULNERABILITY MANAGER CA Vulnerability Manager r8.3 CA VULNERABILITY MANAGER PROTECTS ENTERPRISE SYSTEMS AND BUSINESS OPERATIONS BY IDENTIFYING VULNERABILITIES, LINKING THEM TO CRITICAL
More informationAudit Report. Management and Security of Office of Budget and Program Analysis Information Technology Resources. U.S. Department of Agriculture
U.S. Department of Agriculture Office of Inspector General Southeast Region Audit Report Management and Security of Office of Budget and Program Analysis Information Technology Resources Report No. 39099-1-AT
More informationAberdeen City Council IT Security (Network and perimeter)
Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationSECURITY RISK MANAGEMENT
SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationHow To Monitor Your Entire It Environment
Preparing for FISMA 2.0 and Continuous Monitoring Requirements Symantec's Continuous Monitoring Solution White Paper: Preparing for FISMA 2.0 and Continuous Monitoring Requirements Contents Introduction............................................................................................
More informationPCI DSS Reporting WHITEPAPER
WHITEPAPER PCI DSS Reporting CONTENTS Executive Summary 2 Latest Patches not Installed 3 Vulnerability Dashboard 4 Web Application Protection 5 Users Logging into Sensitive Servers 6 Failed Login Attempts
More informationIPLocks Vulnerability Assessment: A Database Assessment Solution
IPLOCKS WHITE PAPER February 2006 IPLocks Vulnerability Assessment: A Database Assessment Solution 2665 North First Street, Suite 110 San Jose, CA 95134 Telephone: 408.383.7500 www.iplocks.com TABLE OF
More informationBuilding a Corporate Application Security Assessment Program
Building a Corporate Application Security Assessment Program Rob Jerdonek and Topher Chung Corporate Information Security Intuit Inc. July 23, 2009 Copyright The Foundation Permission is granted to copy,
More informationStay ahead of insiderthreats with predictive,intelligent security
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
More informationWHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment... 2. Adaptive Network Security...
WHITEPAPER Top 4 Network Security Challenges in Healthcare Addressing Them with Adaptive Network Security Executive Summary... 1 Top 4 Network Security Challenges Addressing Security Challenges with Adaptive
More informationBetter secure IT equipment and systems
Chapter 5 Central Services Data Centre Security 1.0 MAIN POINTS The Ministry of Central Services, through its Information Technology Division (ITD), provides information technology (IT) services to government
More informationTop Ten Keys to Gaining Enterprise Configuration Visibility TM WHITEPAPER
Top Ten Keys to Gaining Enterprise Configuration Visibility TM WHITEPAPER Regulatory compliance. Server virtualization. IT Service Management. Business Service Management. Business Continuity planning.
More informationThe Cloud App Visibility Blind Spot
WHITE PAPER The Cloud App Visibility Blind Spot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Line-of-business leaders everywhere are bypassing IT departments
More informationAD Management Survey: Reveals Security as Key Challenge
Contents How This Paper Is Organized... 1 Survey Respondent Demographics... 2 AD Management Survey: Reveals Security as Key Challenge White Paper August 2009 Survey Results and Observations... 3 Active
More informationAdopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.
Security solutions To support your IT objectives Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services. Highlights Balance effective security with
More informationTripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER
Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER Introduction A decade or more ago, logs of events recorded by firewalls, intrusion detection systems and other network devices were
More informationPCI Compliance for Healthcare
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
More informationSTERLING COMMERCE WHITE PAPER. Four Keys to Effectively Monitor and Control Secure File Transfer
STERLING COMMERCE WHITE PAPER Four Keys to Effectively Monitor and Control Secure File Transfer 2 As more information is digitized and more business data is considered critical, you re spending far more
More informationReal-Time Security for Active Directory
Real-Time Security for Active Directory Contents The Need to Monitor and Control Change... 3 Reducing Risk and Standardizing Controls... 3 Integrating Change Monitoring... 4 Policy Compliance... 4 The
More informationLOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach
More informationSECURITY IN THE CLOUD
Common Knowledge: Kevin Burns SECURITY IN THE CLOUD (aka- Insecurity in the Cloud) Real Issue: You don t know what you don t know For Instance - First Question who is responsible for securing what? Who
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationSecurity in Fax: Minimizing Breaches and Compliance Risks
Security in Fax: Minimizing Breaches and Compliance Risks Maintaining regulatory compliance is a major business issue facing organizations around the world. The need to secure, track and store information
More informationControlling and Managing Security with Performance Tools
Security Management Tactics for the Network Administrator The Essentials Series Controlling and Managing Security with Performance Tools sponsored by Co ntrolling and Managing Security with Performance
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationTripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER
Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER Introduction A decade or more ago, logs of events recorded by firewalls, intrusion detection systems and other network devices were
More information