Friday, January 23, 2015
OTA: over 90% of data breaches in the first half of 2014 “could have been avoided”
January 22, 2015 by Neil Ford
The Online Trust Alliance (OTA), the global non-profit organisation
“with the mission to enhance online trust and empower users, while promoting
innovation and the vitality of the internet”, released its 2015 Security &
Privacy Best Practices and Security &
Privacy Risk Assessment guides yesterday.
According to its analysis of “nearly 500 breaches reported in the first
half of 2014”, more than “90% could have been avoided had simple controls and
security best practices been implemented.”
OTA recommends the following best practices:
- Enforce effective password management
policies.
- Employ least privilege user access (LUA)
to provide protection against malicious network behaviour and system faults.
- Deploy multi-layered firewall
protection; use up-to-date antivirus software; enable patch management for operating
systems, apps and add-ons; disable auto-running of removable media; and employ
whole-disk encryption.
- Conduct regular penetration tests and
vulnerability scans.
- Require email authentication on all
inbound and outbound mail streams to detect phishing and spoofed emails.
- Implement a mobile device management
programme.
- Continuously monitor the organisation’s
infrastructure security.
- Deploy web application firewalls to
mitigate common threats, as identified by OWASP.
- Only permit authorised devices to
connect wirelessly to the network and encrypt communications with wireless
devices.
- Implement Always On Secure Sockets Layer
(AOSSL) for all servers requiring login authentication and data collection to
prevent data sniffing.
- Review server certificates for
vulnerabilities and risks of domain hijacking.
- Develop, test, and continually refine a
data breach response plan.
Organisations that are concerned about information security and want to
implement OTA’s recommendations will be pleased to learn that there is a single
best-practice solution that can be employed to address all of the points listed
above.
ISO 27001,
the international information security standard, sets out the requirements of
an enterprise-wide information security management system (ISMS) that
encompasses people, processes and technology.
IT Governance ISO 27001 packaged solutions – Get A Little Help
IT Governance’s recently relaunched ISO 27001 packaged solutions provide
ISMS implementation resources for all organisations concerned about information
security. The ISO 27001 Get A Little
Help Package contains three international standards, two
training course places, two essential implementation guides, a comprehensive
documentation toolkit, the ISO 27001-compliant risk assessment software tool
vsRisk, and two hours’ Live Online consultancy support.
It is aimed at organisations that already have some management system
expertise and an initial understanding of information security management, as
well as the necessary available internal resources and a corporate culture of
using best-in-class tools and skills to accelerate learning and implementation
while still essentially following a do-it-yourself approach to project
management.
Posted by CommsCloud
Labels: Communications, Future Technology, ISO 27001, Security, Understanding your customers infrastructure, Vodacom;Data Costs
Subscribe to:
Post Comments (Atom)
What this blog is all about?
About CommsCloud
Labels
- 3G (13)
- 4G (3)
- 8ta (1)
- Acronyms (2)
- ADSL (4)
- Africa (2)
- Android (5)
- Apple (4)
- Are Premicells still an option (1)
- ASUS (1)
- Bandwidth (2)
- Blackberry (8)
- BPO (1)
- Broadband (5)
- Business Intelligence for Voice (3)
- Carrier Preselect [CPR's] (1)
- Cell Phone (3)
- Cell Phone Costs (16)
- CellC (8)
- Cellphones (1)
- Choosing a telecoms expense management partner (2)
- Cloud Computing and Services (12)
- CommsCloud (4)
- Communications (3)
- Connectivity (2)
- Contact Centers (1)
- Convergence (6)
- data costs (7)
- Disruptive Technology (2)
- DSL (2)
- Email (1)
- Fast pace of change (3)
- Fiber (1)
- floLIVE (1)
- Future Technology (6)
- GSM Modems (2)
- Hosted PBX and IPT (5)
- ICASA (10)
- ICT (1)
- Interconnect rates (18)
- Internet Solutions (1)
- IoT (3)
- IoT Devices (3)
- ISO 27001 (1)
- LCR management (3)
- Learning (2)
- Local Loop (1)
- Managing cell phones and 3G cards in business (45)
- Managing cell phones and 3G cards in business;Cell Phone Costs (1)
- Managing cell phones and 3G cards in business ;Cell Phone Costs (1)
- Managing costs and sustaining the monthly savings (7)
- Managing Infrastructure (11)
- Managing telecoms costs and sustaining the monthly savings (3)
- Managing voice costs made easy (2)
- Mango (1)
- Mimecast (1)
- Mobile Data (3)
- MPLS (6)
- MTN (12)
- Neotel (4)
- network management (1)
- pathview (1)
- Phones (1)
- RICA (3)
- RIM (1)
- Samsung (4)
- SAP (1)
- Seacom (1)
- Security (1)
- Smartphone (4)
- sms (1)
- Social Media (2)
- Tablets (13)
- Telecoms Expense Management (14)
- Telkom (23)
- TEM (1)
- TMS (1)
- Understanding your customers infrastructure (2)
- Video and Audio conferencing (4)
- Virgin Mobile (1)
- Vodacom (12)
- Vodacom;Data Costs (2)
- Vodacom. MTN (1)
- Voice over Wi-Fi (1)
- VOIP (4)
- VOIP;Telecoms Expense Management (1)
- Vox Telecom (6)
- VPN (1)
No comments:
Post a Comment