|
Everyone talks about "risk and compliance" in security , but what do companies have to do to make it through audits andmeet regulations related to information security? And what are thecosts? McAfee asks those questions in its "Risk and Compliance Outlook --2012" survey of 438 IT professionals in the United States as wellas Europe and Brazil, Australia and Singapore, finding the mainchallenge is getting visibility into IT operations. Four out offive of those surveyed believe "visibility into the risk posture oftheir IT environment" is important, and one-quarter estimated theyshaved off six to ten hours per week in IT staff time with goodvisibility. [ Keep up with the latest approaches to managing informationoverload and staying compliant in InfoWorld's Enterprise Data Explosion newsletter . Learn how to greatly reduce the threat of malicious attacks withInfoWorld's Insider Threat Deep Dive PDF special report. ] But the patching of software remains a chief stumbling block togood risk management, according to the findings. "Before the advent of numerous regulations and the rise ofmalicious code targeting known vulnerabilities, patch managementwas not a top issue for many organizations," states the McAfeereport. "Today, patch management must be a top priority to mitigatethe continuous threat of malicious code and compliance failure.These concerns have pushed organizations to gain better control andoversight of their information assets. This is seen with nearlyhalf of the surveyed organizations applying patches monthly andnear one third doing so on a weekly basis." But as they patch away, there's the sense this is a time-intensiveprocess that's costly. The IT professionals surveyed indicated theyare tempted to do routine vulnerability patching less in order tosave money. About half of the companies say they are able to pinpoint risksassociated with vulnerabilities and threats well, "and 43% indicatethey over-protect and patch everything they can." This might besubstantial indeed, given that the National VulnerabilitiesDatabase reported 3,532 vulnerabilities last year. But the most disruptive aspect of patching is said to be"out-of-cycle patches" that defy the monotonous, scheduled "PatchTuesday" of every month led by Microsoft , with other vendors also now releasing patch announcements on thatsecond Tuesday of every month. Out-of-cycle patches can have critical security importance, and 70%of the survey respondents said these events do have an impact, Butonly 13% described this as a "major impact." The most important regulations that companies have to comply withare the Payment Card Industry Data Security Standards (PCI-DSS),Sarbanes-Oxley, the HIPAA regulations for healthcare, and otherssuch as the Basel Accords rules for financial. The most popular compliance frameworks are said to be ISO, ITIL, and COBIT. The survey respondents indicated the "most challenging" regulatorymandates revolved around database security, with a focus on accesscontrol for the privileged insider and trying to monitor based on"normal" usage. Other needed controls are encryption of data atrest and establishing separation of duties. The e-commerce company in China offers quality products such as OBD Diagnostic Cable Manufacturer , Airbag Reset Tool Manufacturer, and more. For more , please visit Odometer Correction Tool today!
Related Articles -
OBD Diagnostic Cable Manufacturer, Airbag Reset Tool Manufacturer,
|
