Latest Security management and policies News

Fraud is relatively straightforward to deter or discover at an early stage with the right systems and procedures in place
posted on 02/11/2011

Whatever tools they use, be it IT based cons and false accounting or other traditional scams, fraud warning signs are often the same. Awareness of the signs and a sound approach to countering them can often deter many opportunistic incidents of fraud, they have published the list here to help executives benchmark their own operations. UKFraud.co.uk has suggested actions that can be taken to counter the risk of fraud are given following each sign. The early warning signs can include: 1. ERRATIC REPORTING: This sign is just as applicable to suppliers and contractors as it is to internal departments and functions within the organisation. Erratic, incomplete, late or excuse laden management reporting is often a classic sign that something is wrong. ACTION: Insist on up-to-date reporting, within a set timetable and then build this into the internal GRC (Governance Risk and Compliance) systems. Wherever appropriate adopt an enterprise-wide approach to technology to help with systems ... [more]

Half of IT security professionals have worked for organisations whose network has been breached by a hacker
posted on 02/11/2011

According to a Lieberman Software survey conducted amongst more than 300 IT professionals, 48 percent of IT security professionals surveyed have worked for organisations whose network has been breached by a hacker. The survey shows that a fundamental lack of IT security awareness in enterprises, particularly in the arena of password control and privileged logins, is potentially paving the way for a further wave of data breaches in 2011. The survey paints a vivid picture of password chaos amongst IT staff and apathy about password security amongst their senior management. · 51 percent of respondents had ten or more passwords to remember for use in their work · 42 percent of those surveyed said that in their organisations IT staff are sharing passwords or access to systems or applications · 26 percent said that they were aware of an IT staff member abusing a privileged login to illicitly access sensitive information · 48 percent of respo... [more]

Wesleyan Assurance Society ensures best practice security measures and compliance with Outpost24's cloud-based solution
posted on 25/10/2011

Wesleyan Assurance Society, the mutual society founded in 1841, provides tailored financial advice and products to select professional groups, including GPs, hospital doctors, dentists, teachers and lawyers. As a leading financial services organisation, Wesleyan is regulated by the Financial Services Authority (FSA), and is subject to a variety of stringent compliance regulations. It is therefore vital that it has robust security measures in place to protect the sensitive information held on its systems. Wesleyan Assurance Society has selected its OUTSCAN and OUTSCAN PCI solutions to meet a rising number of compliance requirements, as well as to ensure best practice security measures within the organisation. Whilst Wesleyan had always carried out annual penetration testing to check for vulnerabilities, it had recognised a need to revise its security procedures, particularly in light of recent compliance initiatives, such as PCI DSS which governs the safeguarding of credit cardholde... [more]

Management is naive when it comes to understanding how much privileged access their IT departments actually have
posted on 20/10/2011

According to a Lieberman Software survey, 42 percent of IT staff can get unauthorised access to their organisation’s most sensitive information – including the CEO’s private documents. The failing is blamed on management’s naivety when it comes to understanding just how much privileged access their IT departments actually have. 39 percent of the technology professionals interviewed in this study confirmed that that their senior management does not have the faintest idea what IT can and cannot access. And, a staggering 78 percent admitted they could walk out the office tomorrow taking highly sensitive information with them. However, perhaps the most alarming revelation is that a third of respondents say they’d still be able to access sensitive information long after leaving the company – as the result of lapses in the organisation’s security practices. Commenting on this research Philip Lieberman, president and CEO of Lieberman Software, said “Companies should wake up to the fact that... [more]

Hospital chief executives and top managers should be held accountable for healthcare privacy protections and breaches
posted on 17/10/2011

According to a recent FairWarning Inc's survey, there is an overwhelming demand for patients’ medical records to be guaranteed against data theft and snooping. The independent poll of 1,001 respondents showed that patients believe that hospital chief executives and top managers should be held accountable for healthcare privacy protections and breaches. The survey also revealed that confidentiality concerns could have a direct impact on people’s health. Nearly four in 10 said they have, or would, put off seeking treatment, and well over half, have or would withhold information from clinicians, if a hospital had a poor reputation for security. Many respondents stated that they would travel substantial distances (37% would go 30 miles or more) to avoid being treated at a hospital they did not trust, in order to keep sensitive information confidential. Kurt Long, founder and CEO of FairWarning®, said: “Modern patient care is very much information-based. Any obstacle to the free flow of ... [more]

Other Security news and resources