The growing stature of IT security professionals was confirmed at the recent Infosecurity Europe 2011. Tools and techniques for the modern professional were discussed at the cyber security convention as was the necessarily dynamic role of the security specialist. The following messages, announcements and trends emerged for our specialist band of IT professionals during the expo.
Prioritise – or die
Organisations must accept change, embrace consumerisation of IT, and enforce security by focusing on the most sensitive data. The most important task for information security representatives in all organisations is to decide what data needs to be secure and put multi-layered defences around that.
Lord Erroll cross-bench peer
Sandboxing skills
Organisations should be looking for ways of using all the latest devices while retaining control over sensitive data such as sandboxing it within any device. Strategy should not be about locking down devices to such an extent that they cannot be used: the whole point of employees bringing their own kit to work is to be more flexible and efficient by being able to work anywhere.
Lord Erroll cross-bench peer
Hardening guides
The most common threat organisations face is data leakage through the copying and distribution of unauthorised documents. Nearly a quarter of security breaches are paper-based. Canon has launched the first in its series of 'hardening guides' advising on best practice security configuration for printers to help lower the risk of exposure to potential threats.
Canon: Hardening guide
Centrally control mobile devices
The challenge of managing disparate personal devices that are flooding the corporate world is very taxing for the IT administrator. Cisco has solved the ‘any device’ security challenge by building context-aware access security policies into a single tool. This distinguishes between organisation-owned devices and personal user devices and automates security across the organisation with network-enforced access policies and encryption.
Standard reduces breaches
Organisations that comply with the payment card industry data security standard (PCI DSS) have far fewer data breaches, according to a study by security firms, Imperva and the Ponemon Institute. The study found that in 2010, 99% of compliant organisations suffered no more than a single credit card related breach compared with 85% of non-compliant organisations. while 64% of compliant organisations had no breach at all compared with 38% of non-compliant organisations.
Secure web gateways
London-based Institute of Directors (IoD) has cut security administration by 75% by deploying a secure web gateway to protect users of its UK-wide network. Cutting cost was also an important driver for the not-for-profit organisation that provides 65,000 Wi-Fi logins for members each month, he told Infosecurity Europe 2011 attendees in London.
With thanks to Computer Weekly.
Search CWJobs for security jobs
