Posts Tagged ‘Information Security’

Security Outsourcing Gains as Companies Seek Expertise

Tuesday, March 24th, 2009

By Neil Roiter. Senior Technology Editor, Information Security magazine
23 Mar 2009 | SearchSecurity.com

securityMore than 60% of midsized and large enterprises in the U.S. and Western Europe are either outsourcing or considering outsourcing at least part of their security operations, according to a recent survey.

The Symantec survey of 1,000 companies with a median size of 10,000 to 25,000 employees showed that about a quarter were now using managed security service providers (MSSPs) or some other form of outsourced security. Another third are either evaluating outsourced security or plan to do so over the next 12 months.

Dollars and head counts don’t tell the whole story, however. Many companies reported difficult finding and hiring people with the required security skill sets. Accordingly, nearly half the respondents cited access to expertise as a reason to adopt or evaluate outsourcing.

The findings mirror Symantec’s own experience, says Grant Geyer, vice president of managed services at Symantec.

 ”Customers come to us for three reasons,” Geyer said. “They don’t have staff or expertise to handle security in house; they have the staff, but want to keep them focused on more strategic projects; or they have had a breach, have a gap identified and quickly need to shore up the walls.”

 Not surprisingly, reducing overall costs and mitigating security risks were also frequently cited reasons for outsourcing. Enterprises also cited (in descending order) predictability in expenses, the burden of regulatory requirements, focusing in-house IT resources on the core business and easing staffing challenges.

Image source: http://www.conexio.com

Tags: , , , , ,
Posted in General Corporate Asset Protection, IT, Information Security | No Comments »

New Insider Threat Emerges in the New Economy

Tuesday, March 17th, 2009

In today’s SecurityWire, sent out by SearchSecurityLumension’s new Whitepaper speaks to the costs of malicious insiders. Excerpts from the white paper support that pairing ongoing training with technology solutions is more effective than technology alone when it comes to minimizing insider threats:

photo source: www.kval.com

photo source: www.kval.com

“Whether an insider steals information for financial gain or simply leaves the organization open to a breach due to sloppy practices, the risks are costly to an organization. According to analysts with Forrester Research, the typical data breach can cost a company between $90 and $305 per lost record

“According to the Internet Threat Resource Center, 24 percent of all data breaches that hit financial institutions in 2008 were caused by insider threat. Similarly, 20 percent of government breaches and 16 percent of other business breaches were caused by internal attacks…

“In order to neutralize the threats posed by insiders, IT departments must take away the means and the opportunities to commit crimes. By creating strategic policies and by automating the monitoring, enforcement and reporting of those policies, organizations can understand how employees and partners are engaging with IT assets and intellectual property.”

Tags: , , , , , , , ,
Posted in General Corporate Asset Protection, IT, Information Security | No Comments »

Increase Security with a Reduced Budget

Friday, March 13th, 2009

As of late, one of the most common phrases heard at the water cooler is “in these tough economic times…” followed by the budget woes of organizations and their employees alike. In an article featured on SearchSecurity.com, Michael Cobb speaks about the challenges of justifying spending on Information Security, “Since IT security benefits have a mostly intangible effect on a corporation’s bottom line, it is an area that, in many cases, may unfortunately be one of the first to get squeezed on budget.”

lifecycle“Any budget cuts, however, shouldn’t lead to a drop in security awareness. As a security manager, make high-level sponsorship of information security a priority within the organization to ensure continued compliance with security policies.”

“The message could be reinforced by compulsory awareness training… This approach gives real protection at a relatively low cost.”

In 2009, every enterprise will become leaner, smarter, and cheaper, or risk going out of business. Information Security will not be a top priority for most organizations… However, organizational change provides a real opportunity to embed security awareness into companies’ corporate culture, preventing the most common causes of security breaches: Negligent Insiders. (According to the Ponemon Institute)

Single Concept Training is an ideal solution to facilitate this culture change.

Tags: , , , , ,
Posted in General Corporate Asset Protection | No Comments »

Welcome to the WKJ Blog!

Thursday, March 12th, 2009

WKJ welcomes you to our brand-new blog! Visit often to find the latest industry news and trends in the areas of Information Security, Protected Health Information (PHI), Safety, Loss Prevention, Wellness, and many other areas of Corporate Asset Protection.

staytuned1For easy navigation, just choose your category from our posting history, or feel free to browse through our latest across-the-board content.

WKJ is a proud Corporate Asset Protection industry pioneer, and developed Single Concept Training™ to facilitate organizational culture change. Our rich 30 year history brings our clients unparalleled expertise, creativity, and efficiency.

We’ll be posting several times weekly, so remember to stay tuned to WKJ NewsBytes!

[Hint] Bookmark us as a favorite in your browser: http://wkjNewsBytes.wordpress.com

Tags: , , , , , ,
Posted in General Corporate Asset Protection | No Comments »