RSS Alerts

Related Links

  • BT
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Complying to a false sense of security
    Simply ticking the boxes to comply with legislation can give companies a false sense of security, finds Wendy M. Grossman
  • Someone’s got to pay
    Consumers are increasingly trading the high street for the home computer, and in both cases getting more than they bargained for. Rob Stringer investigates the fraud and fuzzy legislation of retail security
  • Spend less on IT security, says Gartner
    Organisations should aim to spend less of their IT budgets on security, Gartner vice-president John Pescatore told the analyst firm’s London IT Security Summit on 17 September.
  • UK should introduce data breach notification law, say Lords
    The UK should make banks liable for online fraud and follow US states in forcing organisations to notify victims of information leaks, according to a wide-ranging report published on 10 August by the House of Lords science and technology select committee.
  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace

News

Automation is the key to IT vulnerability discovery

08 October 2009

Automation should be the main focus of enterprise IT departments if they want to discover their network security vulnerabilities, said experts at the recent Security Risk & Compliance Forum, held in London at the Royal Exchange Theatre

Speakers at the BT/Skybox Security-sponsored event said that their research and observations highlighted the need for continuous management of risks and vulnerabilities to keep data and networks secure against key threats.

The event - which brought together 40 senior IT and infosecurity staff from several organisations - highlighted the scale of the challenges faced by IT staff, with 75% reporting significant growth in their networks in the past year.

According to Craig Coward, a spokesperson for Skybox Security, the majority (63%) said they used automated solutions for identifying risk and compliance issues, and vulnerabilities in their network.

"When asked to name the single IT risk or compliance issue that kept them awake at night, 44% named identity and access management", he said, citing polling research carried out at the event.

"38% also expressed concerns about board-level interference with security policy decisions, and 18% said cutting risks of data leaks and losses was the issue that concerned them the most".

Speaking at the event was Ray Stanton, BT's global head of business continuity, security and governance requirements, who used his presentation to show how organisations that manage risks effectively are better positioned to respond to - and remedy - adverse events, helping to protect their brand reputation and control costs.

Stanton cited the example of Credit Suisse, which deployed Skybox's risk management solution to automate risk assessments, performing these daily instead of semi-annually.

This, he said, gave Credit Suisse a full return on investment (ROI) within one year and a 300% ROI in three years.

Also speaking was Stephen Bonner, global head of information risk management for the Barclays Group, who made the point that organisations can either approach compliance as a checklist of controls to satisfy auditors without managing or reducing risks.

Alternatively, he said, they can use compliance methodology and risk management tools to improve their security and compliance stance and cut costs.

 

This article is featured in:
Application Security Compliance and Policy Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water