[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
Obviously, the big news is suspected hack of the OPM
So onto the news:
Assessing Cyber Risk in Business is About More than Just Counting Vulnerabilities
Matt Alderman -VP of Strategy at Tenable Network Security will explain the core requirements needed for real risk evaluation and how to prioritise risk across the organisation.
– the components needed for real risk evaluation
– the importance of business context and interrelationship of business components
– outline the various algorithms for calculating risk, including their strengths and weaknesses
– Offer a five step plan of how organisations can measure risk
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=804ab91242&e=20056c7556
New survey suggests high board interest in cybersecurity, but CISOs are poor communicators
A survey of nearly 200 directors of public companies reveals that 80% of companies now discuss cybersecurity in the boardroom. Alarmingly, however, one in five companies admit to only discussing it after an incident had occurred internally or within their industries.
Interestingly, the survey shows that 35% of companies discuss cybersecurity at every meeting, while 46% discuss it at most meetings.
Expertise in crisis communications was also considered an essential element of the CISO’s range of skills. Nearly two-thirds of respondents indicated a strong preference for either risk metrics or high-level strategy descriptions, rather than descriptions of security technologies. Only 9% wanted information on the security audit and compliance status, while 1% were interested in actual security anecdotes.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d058ee4701&e=20056c7556
** According to the 2015 study:**
Not knowing where sensitive or confidential data resides is an increasing concern of IT practitioners worldwide, with the inability to understand the extent of data risk endemic in most organizations (80 percent). Sensitive and confidential data is considered more at risk in the cloud, yet only a third of survey respondents possess an automated solution for discovering and monitoring their sensitive cloud-based data. Top data security solutions in place today include data classification, monitoring and discovery tools, with respondents believing that compliance and security can be improved through intelligent solutions, such as automated user access history with real-time monitoring (75 percent), policy workflow automation (74 percent) and automated data discovery/risk assessment (68 percent).
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=34c2f3340a&e=20056c7556
Most infosec pros forget to change keys after a breach
One of the things that hackers look for when they break into an enterprise is encryption keys and security certificates, but most security professionals don’t know how to respond if the keys are compromised during a breach.
That’s the result of a survey released today by security vendor Venafi, which canvassed 850 security professionals at last month’s RSA conference.
Only 43 percent of survey respondents said that they were using a key management system and 14 percent said they were using a manual process. Of the rest, 16 percent said that they didn’t know, and 22 percent said it was someone else’s responsibility.
n addition, 38 percent of respondents said that they didn’t know how to detect compromised keys or certificates.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=75d35bf298&e=20056c7556
Proofpoint Extending Targeted Attack Protection to Stop Social Phishing, Safeguards Employees’ Social Media Accounts
SUNNYVALE, Calif., June 4, 2015 (GLOBE NEWSWIRE) — Proofpoint, Inc., (Nasdaq:PFPT), a leading next-generation security and compliance company, today announced that it is extending its Proofpoint Targeted Attack Protection solution to enable organizations to safeguard individual social media accounts from advanced malware, social phishing and compliance violations. With this new capability, Proofpoint will protect email, branded social networking pages and key employees’ social media activities from advanced targeted attacks.
Proofpoint Targeted Attack Protection uses the latest in big-data anomaly detection and advanced malware sandboxing to protect users from sophisticated, targeted phishing attacks. Proofpoint Targeted Attack Protection for Social Media will extend the Proofpoint Nexgate capabilities to stop social media users from seeing and clicking on malware, spam and abusive language. Backed by Deep Social Linguistic Analysis (DSLA) classifiers, Proofpoint Targeted Attack Protection for Social Media also will enforce policies to maintain compliance with a wide-range of social media regulatory requirements, including FTC, FINRA, FFIEC, FDA, HIPAA, PHI, SEC, ABA and more.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=db65eb8003&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage1.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=cd890d1e01)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)