Latest news
Dr. Eric Cole is a security expert with over 20 years of hands-on experience. He is a member of the Commission on Cyber Security for the 44th President and several executive advisory boards. He is a SANS faculty fellow and course author.In this interview he discusses managing information-related risks in the enterprise, threat evolution, compliance, security awareness, as well as his SANS "Security Essentials Bootcamp Style" training course he's hosting at SANS London in late November 2012.
With threats evolving at a breakneck pace and the underground working on a seemingly endless budget, what are the biggest challenges security professionals face when trying to protect their organizations? What should they especially be on the lookout for?
The biggest challenges organizations face is properly prioritizing what they should be working on and staying focused. Organizations today are doing good things that will help protect their organization long term but they are not doing the right things that will protect against the current threats. Focusing in on risk is how an organization wins. Before they spend a dollar of their budget or an hour of their time they should always ask three questions:
- What is the risk?
- Is it the highest priority risk?
- Is it the most cost effective way of reducing the risk?
How important is security awareness in the overall security architecture?
Security awareness is very important because it helps align and reshape user behavior. For security awareness to be effective organizations it has to be aligned within the triad of policy-training-awareness. Policy tells people what to do, training gives them the skills for doing it and awareness changes their behavior.
To move beyond cartoons and posters organizations need to tie metrics to each policy statement. Awareness sessions should focus in on the policies that receive the lowest score in terms of compliance. If awareness is done correctly organizations should see a measurable improvement in compliance with the policies.
Spotlight
Review: Logging and Log Management
Posted on 22 May 2013. | Every security practitioner should be aware of the overwhelming advantages of logging and perusing logs for discovering system intrusions. But logging and log management comes with its own set of difficulties.
Experts highlight top data breach vulnerabilities
Posted on 22 May 2013. | Hidden vulnerabilities lie in everyday activities that can expose personal information and lead to data breach, including buying gas with a credit card or wearing a pacemaker.
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
