BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Capitol Hill is Moving on Cyber Security Bill

Posted July 23, 2012    Peter McCalister

Will government intervention help reduce the number of security attacks on our nation’s infrastructure or is the proposed Cyber Security Act too restrictive on private business causing forced transparency of operations and raised costs?

The Cyber Security Act 2012 Bill has been floating around for months and is now backed by President Obama. Sen. Joe Lieberman has stated that the Senate will consider the bill by weeks end. We revisit a previous standpoint detailed in Forbes earlier this year in light of this recent movement. There are several reasons why an increased bureaucratic push for compliance might not be good for business.

A large concern for organizations is to be mandated to disclose that their asset data has been compromised. In a recent Cyber Security Watch Survey, 70 percent of insider incidents are handled internally without legal action. Companies want to maintain a reputation as well as avoid the public eye at all costs. It’s much easier to deal with internal controversy without a media frenzy causing the microscope to land on your security practices.

More often now, executive management teams mistake well-planned and executed information security architecture with satisfaction of compliance and regulatory statutes. Unfortunately, this approach often falls short. Nonetheless, having great security practices don’t always mean compliance and vice versa. Satisfying compliance and regulatory mandates to the letter may still leave organizations vulnerable to security breaches.

In order to curb hackers from penetrating critical infrastructure, the government needs to focus on leveraging its vast resources to drive a new architecture of security, product research and development. This can be achieved by advocating software and systems that are needed to protect us – such as protection from the accidental insider, the government stands a much better chance of protecting our nation’s critical assets. The most dangerous security risk “cocktail” that every corporation needs to address is the combination of critical vulnerabilities and over-privileged accounts on corporate assets.

Leave a Reply

Additional articles

VMware Hardening Guidelines-img3

How to Audit VMware ESX and ESXi Servers Against the VMware Hardening Guidelines with Retina CS

Posted February 27, 2015    BeyondTrust Research Team

Retina CS Enterprise Vulnerability Management has included advanced VMware auditing capabilities for some time, including virtual machine discovery and scanning through a cloud connection, plus the ability to scan ESX and ESXi hosts using SSH. However, in response to recent security concerns associated with SSH, VMware has disabled SSH by default in its more recent…

Tags:
, , , ,
dave-shackleford-headshot

Privileged Passwords: The Bane of Security Professionals Everywhere

Posted February 19, 2015    Dave Shackleford

Passwords have been with us since ancient times. Known as “watchwords”, ancient Roman military guards would pass a wooden tablet with a daily secret word engraved from one shift to the next, with each guard position marking the tablet to indicate it had been received. The military has been using passwords, counter-passwords, and even sound…

Tags:
, , ,
Privileged Account Management Process

In Vulnerability Management, Process is King

Posted February 18, 2015    Morey Haber

You have a vulnerability scanner, but where’s your process? Most organizations are rightly concerned about possible vulnerabilities in their systems, applications, networked devices, and other digital assets and infrastructure components. Identifying vulnerabilities is indeed important, and most security professionals have some kind of scanning solution in place. But what is most essential to understand is…

Tags:
, , , , ,