- Active Links: 4697
- Pending Links: 347
- Todays Links: 0
- Active Articles: 32
- Pending Articles: 415
- Todays Articles: 0
- Total Categories: 33
- Sub Categories: 153
- Advisories and Patches
- Authentication
- Biometrics
- Blog
- Books
- Conference
- Consultants
- Country Specific
- Cryptography
- Device Management
- Directories
- Enviromental Safety
- Firewalls
- General Ads
- Hardening
- Honeypots and Honeynets
- Internet
- IPS/IDS
- Job Seeker
- Malicious Software
- News and Media
- Operating Systems
- Patch Management
- Physical Security
- Policy
- Products and Tools
- Public Key Infrastructure
- Security Information and Even Management (SIEM)
- Telecommunication
- VPN
- Vulnerability Management (VM)
- Wireless Networks
compliance is NOT security |
|
| Date Added: February 18, 2010 03:02:28 AM | |
| Author: | |
| Category: Internet | |
IT security breaches in recent years have highlighted the fact that compliance with certain legislation and regulations does not necessarily equate to being secure. So says Datacraft’s general manager for security solutions, Matthew Gyde. “The scale of electronic crime in the area of wireless networks and the Internet is expanding geometrically. An American retailer lost 45 million credit card details as a result of electronic crime. The hacker was charged with two further hacking offences, bringing to over 130 million the total number of card details stolen. One of the victims – a payment card processing company – passed a PCI-DSS audit the month before card details were stolen from its systems.” Today, cybercrime is big business, and incidents like these underscore the findings in research that Datacraft commissioned IDC to carry out in 2009, which shows a prevalent attitude among organizations: most begrudge investment in compliance and will do the absolute minimum required by law or industry regulatory bodies. They also believe that being compliant is being secure. “In fact, compliance is very narrowly focused, whereas good security encompasses compliance – and extends beyond it, ensuring that organizations are best placed to deal with both known and unknown threats,” Gyde explains. The primary research into IT security – carried out by IDC covering 407 companies in 18 countries in Asia Pacific, Western Europe, the Americas, and the Middle East and Africa – reveals that large organizations (1,000+ employees) are more compliant than midsized organizations (500 -1,000 employees). Eric Domage, IDC EMEA program manager, European security products and strategies, found interestingly that very large organizations throughout the world, organizations in the Americas, and the public sector are more concerned about security regulations than other sizes of organizations, regions, or market sectors. The research also shows that the regulations which most concern organizations are those related to general privacy (often local in origin), followed by healthcare privacy laws – because of specific requirements for personal confidentiality, and Personally Identifiable Information (PII) protection. Gyde concurs: “This leaves an enormous range and number of organisations that simply aren’t doing enough to be compliant or secure. What they don’t realize is that being compliant is not simply a matter of preventing theft of organizational and customer data. Indeed, it has a direct impact on an organization’s reputation.”
by : Victor Ng |
|
|
|
|