The problems of putting sensitive information on an easy-to-lose medium such as disks - and not backing up internal policies with good security practice - were brought sharply into focus by the news that the UK’s HM Revenue and Customs has been involved in one of the world’s biggest ID protection failures.
As risk management matures and develops, reputational risk is gripping the imagination of many CEOs. A series of recent surveys illustrate that boards not only consider that reputational risk exposure is increasing, but that it is now the most serious threat to their company.
What can run but never walks,
Has a mouth but never talks,
Has a bed but never sleeps,
Has a head but never weeps?
As independent consultants our advice is often sought by clients about security vendors and their products. Sometimes we participate in the evaluation and buying process overtly, sometimes covertly.
A new report by security researcher David Litchfield claims that thousands of database servers are not sufficiently protected, making them vulnerable to attack via the Internet.
This is the first in a series of short articles on the theme of ‘security measurement’, all based on a presentation given by Dan Geer at the recent Usenix Security Symposium in Boston. This first article will focus on the role of security metrics in supporting risk management.
Two recent pieces of research have highlighted the security threats posed by an organization’s own end users, particularly in relation to their use of mobile devices.
In previous issues of this newsletter we’ve looked at some of the general issues associated with data retention requirements. Here we will focus on a very specific data retention requirement that relates to a regulatory compliance issue in the pharmaceutical industry.
Security Management News is published by Exaprotect.
© Exaprotect. All Rights Reserved | Disclaimer | Privacy | Terms of Use
