Hardening your security configurations is job #1 in preventing breaches and detecting and correcting any subsequent changes that weaken them. Yet in complex corporate IT settings, it’s easy to understand how basic steps to security are overlooked. Especially when everything you are doing is a #1 priority.
In a 2011 June report entitled “Perceptions About Network Security,” the Ponemon Institute found that 80 percent of the 583 IT security practitioners in the U.S. who responded to a survey said they had experienced at least one data breach. Of those who were able to calculate the cost of security breach — including cash outlays, internal labor, overhead, revenue losses, and other related expenses — 41 percent said the breach cost them $500,000 or more.
What’s more, 53 percent of respondents to the Ponemon survey said they have little confidence that they would be able to avoid one or more cyber attacks in the next 12 months.
If these companies haven’t focused on laying a sturdy foundation for their company’s security, they have good reason to worry.
With SCM “you’re creating a baseline of security and you have the opportunity in doing that to eliminate a very large percentage of weaknesses,” says CEO and Co-Founder Daniel Blander at InfoSecurityLab. Commercial software is always shipped with vulnerabilities, and that’s something companies must deal with. “We must build our systems with a level of security to eliminate weakness, to a level that is better than the settings software manufacturers provide, to raise the expected level of security. If we don’t pay attention to those, we allow for weaknesses.”
If you are getting serious about security fundamentals, i.e. hardening ever-changing IT configurations and keeping them that way, you would be interested in this quick guide on SCM.@crystalmiller Other topic-related blog posts to read: College Ball, Configurations, and IT Security, Back to the Basics of IT Security
Categories: IT Security and Data Protection, File Integrity Monitoring, IT Security and Data Protection, Risk-Based Security for Executives, Risk Management, Risk-Based Security for Executives, IT Security and Data Protection, Security Controls, IT Security and Data Protection, Security Hardening