auditing

Managing mobile threats

Sun, 06 May 2007 20:01:38 -0400

Mobile platforms are a critical part of the enterprise IT infrastructure for many business organizations. Managing the threats to mobile devices by eliminating them from your inventory just isn't an option for most groups. The first step is getting executives to take the problem seriously, and then developing a set of policies that will keep information safe while maintaining user satisfaction. Keeping close track of your devices, carefully working out the justifications for new devices, and continuously auditing the information accessed by and stored on those mobile devices are just three of the critical steps you can take to keep users productive and data safe.

For more on managing mobile security:
- Read the how-to at Optimize

Do you know where your data is?

Sun, 11 Mar 2007 20:01:38 -0400

Six times a year. That's how often some companies lose data according to a new report from the IT Policy Compliance Group. In 2006, the group benchmarked 201 organizations of varying sizes. They found that 12 percent do reasonably well, suffering two or fewer data-loss incidents per year. Over 70 percent of the organizations they studied, though, don't consider data auditing (outside the minimums required for regulatory compliance) important to their business. Although this is true, the study found that companies recognize that data losses are expensive both in compensation and remediation terms.

For more on data loss:
- read the article at eWeek

Auditing, risk assessment a mandate

Sun, 14 May 2006 20:01:38 -0400

If you've spent more than a few years toiling in the IT environment, you probably remember the days of 'hubs' and how excited everyone was to plug them into corporate networks. You also probably remember the horrible experience related to the security risks involved in making such a move. The same is true with today's wireless networks, which is why experts are pushing IT leaders to implement and establish strong audit processes and procedures. Risks come from several different segments of the network system and wireless LANs are much more insecure than internal network environments.

The continual quest to get users access everywhere and anywhere creates a substantial security element. Tech leaders need to assess this security threat and then formulate approaches to stop intruders and protect the information being shared. One of the easiest and most common strategies is using the hidden service set identifier, but that isn't foolproof since it also relies on the user's knowledge and responsibility. That's why auditing has become such a valuable tool. As enterprise use a variety of security tools to keep intruders out, the wireless review must become part of the annual IT risk assessment effort. It's the only way potential wireless problems can be treated, like the traditional network issues of authentication, access control, availability and encryption. Article