Posts Tagged ‘W. Kent Jessee’

« Older Entries

Defense Firms seek Cyber Security Assignments

Wednesday, March 18th, 2009

According to an article in today’s Wall Street Journal, “U.S. agencies from the Pentagon to the Department of Homeland Security have experienced major cyber-break-ins in recent years, even into classified systems. Cyberspies also have siphoned off critical data from Pentagon contractors, including one breach that cost a major aerospace contractor $15 million.”

Annual U.S. losses from cyber breaches are estimated to be in the billions of dollars, and there is legitimate concern that a nuclear power plant or subway line could be hacked via the Internet; or data being breached at the nation’s larger financial firms.

dilbert_data_security1According to the WSJ, “Anticipating the demand, defense companies are bolstering training, buying smaller firms and hiring former top government officials. The move into the cyber-security field could offer new revenue streams for the contractors and help offset declines stemming from budget pressures on the Defense Department’s traditional weapons systems.”

However, third-party contractors also need to watch their own network security, said Tom Kellermann, a vice president at Core Security Technologies, citing a Verizon report last year that found 39% of cyber breaches implicated contractors and other third parties.

The bottom line is that, in order to provide true value in the cyber security arena, Government Contractors must not only provide technology solutions, but also ongoing training and education.

After all, “technology tends to be a reactive measure… Technology is a great thing once we’ve understood the processes, policies, and procedures that we want to use… but you can’t start with technology… If you [do], you’re bound to fail”- John Pironti, BankInfoSecurity Interview, 11/6/07.

Tags: , , , , , , ,
Posted in General Corporate Asset Protection, IT, Information Security | No Comments »

New Insider Threat Emerges in the New Economy

Tuesday, March 17th, 2009

In today’s SecurityWire, sent out by SearchSecurityLumension’s new Whitepaper speaks to the costs of malicious insiders. Excerpts from the white paper support that pairing ongoing training with technology solutions is more effective than technology alone when it comes to minimizing insider threats:

photo source: www.kval.com

photo source: www.kval.com

“Whether an insider steals information for financial gain or simply leaves the organization open to a breach due to sloppy practices, the risks are costly to an organization. According to analysts with Forrester Research, the typical data breach can cost a company between $90 and $305 per lost record

“According to the Internet Threat Resource Center, 24 percent of all data breaches that hit financial institutions in 2008 were caused by insider threat. Similarly, 20 percent of government breaches and 16 percent of other business breaches were caused by internal attacks…

“In order to neutralize the threats posed by insiders, IT departments must take away the means and the opportunities to commit crimes. By creating strategic policies and by automating the monitoring, enforcement and reporting of those policies, organizations can understand how employees and partners are engaging with IT assets and intellectual property.”

Tags: , , , , , , , ,
Posted in General Corporate Asset Protection, IT, Information Security | No Comments »

Cultivate Your Corporate Culture

Monday, March 16th, 2009

risk2Arvin Maskin, a partner in the law firm of Weil, Gotshal & Manges, and is co-chair of the firm’s Products Liability & Mass Tort Practice Group, writes in BusinessWeek that ,”in the event of a product safety problem, product makers should be prepared to defend themselves. Raising awareness among employees is essential to the process.”

Lately, product safety crises have been strewn across the news. Remember the peanut-product recall, melamine in pet food, e-coli in spinach and tomatoes? Lead in toys? These problems highlight a huge challenge for corporations: “Cultivating a culture of risk avoidance and accountability at every level of the business.”

Obviously, averting the crisis in the first place is far more preferable to handling the enduring legal and financial consequences. The best way to avoid these incidences is to emphasize the importance of risk avoidance and accountability, and train employees on an ongoing basis.

According to Maskin, “Creating a culture of risk avoidance and accountability requires education of employees at every level. It is not always intuitive.”

Enterprises must “consciously inject risk avoidance into employees’ thought processes. From the standpoint of corporate governance, the notion of informed and continual risk assessment and avoidance is fundamental.

Given what is at stake, it ought to receive the highest priority.”

Tags: , , , , , , , , , ,
Posted in General Corporate Asset Protection, Grocery, Retail, Safety | No Comments »

Is our Ethical Climate Weakening?

Friday, March 13th, 2009

Turbulent economic times often portend a reduction in ethical behavior. stock_market_turbulent_times

In the January-February 2009 issue of Loss Prevention Magazine, Thomas Matthews cites a recent Corporate Executive Board (CEB) survey, which discovered that, “As the economic crisis worsened across 2008, survey research from more than 1,000 employees across multiple industries shows a weakening ethical climate and, correspondingly, more observations of misconduct.”

Matthews’ recommendation is to “counter these negative trends by coaching senior management on how to exemplify and communicate integrity and use periodic employee training and messages to emphasize how a strong culture enables better performance and morale.”

Now, more than ever, enterprises must focus on strengthening their corporate cultures to place higher value on ethical conduct, compliance, and productivity. A renewed focus in these areas will lead to higher performance and sustainable success.

Tags: , , , , , ,
Posted in General Corporate Asset Protection, Loss Prevention | No Comments »

Increase Security with a Reduced Budget

Friday, March 13th, 2009

As of late, one of the most common phrases heard at the water cooler is “in these tough economic times…” followed by the budget woes of organizations and their employees alike. In an article featured on SearchSecurity.com, Michael Cobb speaks about the challenges of justifying spending on Information Security, “Since IT security benefits have a mostly intangible effect on a corporation’s bottom line, it is an area that, in many cases, may unfortunately be one of the first to get squeezed on budget.”

lifecycle“Any budget cuts, however, shouldn’t lead to a drop in security awareness. As a security manager, make high-level sponsorship of information security a priority within the organization to ensure continued compliance with security policies.”

“The message could be reinforced by compulsory awareness training… This approach gives real protection at a relatively low cost.”

In 2009, every enterprise will become leaner, smarter, and cheaper, or risk going out of business. Information Security will not be a top priority for most organizations… However, organizational change provides a real opportunity to embed security awareness into companies’ corporate culture, preventing the most common causes of security breaches: Negligent Insiders. (According to the Ponemon Institute)

Single Concept Training is an ideal solution to facilitate this culture change.

Tags: , , , , ,
Posted in General Corporate Asset Protection | No Comments »

« Older Entries