Companies lack confidence in the effectiveness of controls

Subscribe for free

Browse archive

Latest news

Review: LOK-IT Secure Flash Drive

Twitter supports “Do Not Track” option

Facebook IPO advanced fee scam hitting inboxes

Hacker jailed for targeting Call of Duty gamers

Worm targets Facebook users via PMs

Spam with malicious attachments rising

Malicious fake Android AV apps pushed onto users

Common Vulnerability Reporting Framework updated

Password creation policies are the enemy of secure passphrases

MacScan 2.9.3 with Google Chrome and SeaMonkey support released

Secure data on Android devices with SecureZIP

Flashback botmasters earned less than $15K

Anti-Anonymous hacker takes credit for The Pirate Bay DDoS

SSL governance and implementation across the Internet

Companies lack confidence in the effectiveness of controls

Posted on 17 December 2010.

A significant number of Global 1000 companies still lack the proper internal controls over, and visibility into, employee access to sensitive applications and data, according to SailPoint.

More than half of the 100 IT managers and directors polled in the survey reported they are not confident that an employee’s access privileges are appropriately granted when a new hire joins the company or promptly revoked when an employee leaves. 63% of the participants do not have full visibility into their employees’ access rights.

Two-thirds of the participants said the recession has had no impact on their company’s policies and controls around access privileges. Yet, 28% admitted they failed an IT audit and 19% have experienced a security breach in the last two years.

The survey also polled respondents about their expectations for 2011. More than 80% of the companies are concerned about potential security breaches in 2011.

They see four key business drivers for identity management projects:

Compliance
Security
Enabling key business units
Automating user administration.

To help address these business imperatives, the majority of companies expect the same or higher budgets for identity management in 2011.

authentication

Spotlight

How executives understand and manage IT risks

Posted on 17 May 2012. | Corporate boards and executives are taking risk management seriously but there is still a gap in understanding the link between IT risks and enterprise risk management.

Posted on 17 May 2012. | Approximately 80% of the breaches that led to loss of data assets were executed via content-layer attacks. These include attacks via social networks, browser and file format vulnerabilities as well as phishing.

Ads on Wikipedia can point to malware infection

Posted on 16 May 2012. | Every now and then, Wikipedia's popularity and brand are misused by malware peddlers, typosquatters and scammers.

IT is embracing BYOD

Posted on 16 May 2012. | A new Cisco study shows some of the quantifiable benefits and complexities associated with allowing employees to use their own mobile devices on their employers' networks.

Kickstarter bug granted access to unlaunched projects

Posted on 16 May 2012. | A bug in the private API of Kickstarter, exposed details about 70,000 projects that will be launched on the website in the near future.

Daily digest

By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.

Weekly newsletter

With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.

DON'T
MISS
Fri, May 18th

18 May 2012.

Spam with malicious attachments rising

18 May 2012.

Common Vulnerability Reporting Framework updated

18 May 2012.

Worm targets Facebook users via PMs

17 May 2012.

Most CCTV systems accessible to attackers

17 May 2012.

How executives manage IT risks