[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Security Best Practices A Big FAIL In Most Organizations



http://www.darkreading.com/cloud-security/167901092/security/news/231002850/security-best-practices-a-big-fail-in-most-organizations.html

By Kelly Jackson Higgins
Dark Reading
July 28, 2011

New data released today reveals how enterprises and government agencies are failing to adopt best practices for security: nearly all of the 420 organizations that participated in the survey were at some risk in security or compliance.

The Echelon One/Venafi-sponsored survey, 2011 IT Security Best Practices Assessment, was based on 12 best security practices defined by Echelon One.

Here's how the organizations fared in the top five best practices:

Some 77 percent don't perform quarterly security and training compliance training; 64 percent don't encrypt all of their cloud data and cloud transactions; 82 percent don't rotate their SSH keys every 12 months; 55 percent don't have a process in place in the event of a certificate authority compromise; and 10 percent don't use encryption throughout their organizations.

"Training once a year is not enough. It has to be done on a regular basis, and quarterly is best," says Bob West, founder and CEO of Echelon One, who says he was shocked by the high rate of failure in the survey. "But 77 percent are not doing this."

[...]


___________________________________________________________
Attend Black Hat USA 2011, hosted at Caesars Palace in
Las Vegas, Nevada July 30-Aug 4, offering over 60 training
sessions and 9 tracks of Briefings from security industry elite.
To sign up visit: http://www.blackhat.com