Hardening your security configurations is job #1 in preventing breaches and detecting and correcting any subsequent changes that weaken them. Yet in complex corporate IT settings, it’s easy to understand how basic steps to security are overlooked. Especially when everything you are doing is a #1 priority.

Perceptions About Network Security from the Ponemon Institute

In a 2011 June report entitled “Perceptions About Network Security,” the Ponemon Institute found that 80 percent of the 583 IT security practitioners in the U.S. who responded to a survey said they had experienced at least one data breach. Of those who were able to calculate the cost of security breach — including cash outlays, internal labor, overhead, revenue losses, and other related expenses — 41 percent said the breach cost them $500,000 or more.

What’s more, 53 percent of respondents to the Ponemon survey said they have little confidence that they would be able to avoid one or more cyber attacks in the next 12 months.

If these companies haven’t focused on laying a sturdy foundation for their company’s security, they have good reason to worry.

With SCM “you’re creating a baseline of security and you have the opportunity in doing that to eliminate a very large percentage of weaknesses,” says CEO and Co-Founder Daniel Blander at InfoSecurityLab. Commercial software is always shipped with vulnerabilities, and that’s something companies must deal with. “We must build our systems with a level of security to eliminate weakness, to a level that is better than the settings software manufacturers provide, to raise the expected level of security. If we don’t pay attention to those, we allow for weaknesses.”

Tripwire whitepaperIf you are getting serious about security fundamentals, i.e. hardening ever-changing IT configurations and keeping them that way, you would be interested in this quick guide on SCM.

Download the SCM: The “Blocking and Tackling” of IT Security white paper here.

All the best,
Other topic-related blog posts to read: College Ball, Configurations, and IT Security,  Back to the Basics of IT Security

Categories IT Security and Data Protection, , , Risk-Based Security for Executives, , , IT Security and Data Protection, , IT Security and Data Protection,

Tags , , , ,

SANS Endpoint Security Maturity Model
  • http://orthographiccorrector.com/ Nataly Anders

    Become an integral part of a diverse team that leads the world in Mission, Cyber, and Intelligence Solutions. At ManTech International Corporation, you will help protect our national security while working on innovative projects that offer opportunities for advancement.
    As a Cyber Security Analyst, the tasks will include analyzing all relevant cyber security event data and other data sources for attack indicators and potential security breaches; produce reports, assist in coordination during incidents; and coordinate with the O&M team to maintain all security monitoring systems are on-line, up to date, and fully operational.
    Responsibilities Include:
    • Monitor intrusion detection and prevention systems and other security event data sources on a 24x7x365 basis.
    Determine if security events monitored should be escalated to incidents and follow all applicable incident response and reporting processes and procedures.
    • Ability to problem solve, ask questions, and discover why things are happening.
    • Correlate data from intrusion detection and prevention systems with data from other sources such as firewall, web server, and DNS logs.

    With best regards
    Nataly Anders

Previous Contributors

View all posts by Previous Contributors >