Measure and control IT security

IDC research finds that enterprise companies rank insider sources as their top security threat.

In addition, research from Carnegie Mellon University for the Department of Defense (DoD) finds that when it comes to insider attacks, 86 percent of perpetrators held technical positions. Of these, 57 percent performed the attack after termination.

Both reports found that insider attacks result in costly outages, lost business, legal liability and, inevitably, failed audits. In one case study, it took 115 employees 1,800 hours to restore data deleted by a disgruntled insider. At the time of the attack, the perpetrator was an ex-employee of the IT department who was able to remotely access key systems. According to these reports, IT insiders commonly acquire and maintain powerful system access using privileged accounts and passwords even after termination.

Here are six of the best practices recommended by Calum MacLeod (European director, Cyber-Ark Software) to battle insider menace:

1: Create an inventory of privileged (non-personal) passwords

2: Define the role of identity and access management (IAM)

3: Apply change policies to privileged passwords

4. Make sure privileged passwords are stored securely

5. Create a staged approach to deployment

6: Remember computers are people, too

See full story.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

SupportSoft Inc. analyzed about 2 million IT help desk calls from 20 large companies (average workforce: 75,000 employees). James Morehead, vice president of product management and marketing at the Redwood City, Calif.-based vendor, says the result is his company’s Headache Index of the most common problems end users thrust upon IT support operations.

Yes, password issues top the list, with 20% of all calls involving a variation on the phrase, “I forgot my password.” While you’ve no doubt already automated the response to that one, other problems probably lack automated fixes. Morehead thinks you should consider help desk automation for any problem that accounts for 3% or more of all calls. Take e-mail issues, which came in fifth on the Headache Index, chalking up an 11% share of help desk calls. Morehead points to Outlook’s OST (offline storage) file as one likely suspect. It’s regularly overstuffed, which can cause Outlook to sputter and fail.

And he says a lot of home PC users are contacting his company’s recently unveiled consumer help desk site, www.support.com, to express frustration with Microsoft Corp.’s new Vista operating system. “We’re learning now to help IT later,” Morehead says. Of course, when you roll out Vista, you might want to keep a bottle of aspirin handy just in case.

See full story.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.