[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Security Best Practices A Big FAIL In Most Organizations
By Kelly Jackson Higgins
July 28, 2011
New data released today reveals how enterprises and government agencies
are failing to adopt best practices for security: nearly all of the 420
organizations that participated in the survey were at some risk in
security or compliance.
The Echelon One/Venafi-sponsored survey, 2011 IT Security Best Practices
Assessment, was based on 12 best security practices defined by Echelon
Here's how the organizations fared in the top five best practices:
Some 77 percent don't perform quarterly security and training compliance
training; 64 percent don't encrypt all of their cloud data and cloud
transactions; 82 percent don't rotate their SSH keys every 12 months; 55
percent don't have a process in place in the event of a certificate
authority compromise; and 10 percent don't use encryption throughout
"Training once a year is not enough. It has to be done on a regular
basis, and quarterly is best," says Bob West, founder and CEO of Echelon
One, who says he was shocked by the high rate of failure in the survey.
"But 77 percent are not doing this."
Attend Black Hat USA 2011, hosted at Caesars Palace in
Las Vegas, Nevada July 30-Aug 4, offering over 60 training
sessions and 9 tracks of Briefings from security industry elite.
To sign up visit: http://www.blackhat.com