Posted by:
admin
15 years, 12 months ago
I recently was goaded into joining the IT Policy Compliance Group so I could read their research report entitled Taking Action to Protect Sensitive Data.
Adam has already questioned the veracity of the 8% drop in revenue claim. And I agree with that point. Seems unlikely that it can be measured, yet I happen to believe that it is true. What also struck me (slowly) was the normal distribution of companies:
]and that knowing where your company is on that normal curve can provide an information security professional a lot of firepower in promoting more investment in information security. If your firm had 2 or fewer breaches in the last twelve months, you're probably doing ok. If you have had 2 breaches in the last 2 months, you're probably going to get in big trouble over the next 10 months and you should take that information to your bosses. If you don't get the support you need, you may want to start looking for work elsewhere because:
- About one in ten—twelve percent—organizations are experiencing fewer than two losses of sensitive data each year
- The vast majority of organizations, almost seven in ten—68 percent—are experiencing six losses of sensitive data annually
- A fairly sizable two in ten organizations—twenty percent—are suffering from 22 or more sensitive data losses per year
- You can be almost positive that there will be more security violations;
- You'll be held responsible for those violations, unless you can CYA;
- I'd bet that their revenue will go down. Companies that can't do information security well also can't do other things well and that means that any hiccup along the way will have bigger repurcussions.
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)