SlideShare ist ein Scribd-Unternehmen logo

Avoiding The Seven Deadly Sins of IT

Envision Technology Advisors
Envision Technology Advisors
Technologie
1 von 3
Downloaden Sie, um offline zu lesen
Kaseya IndustryAlert Avoiding the Seven Deadly Sins of IT Security A holistic, forward-looking and flexible IT security strategy can help organizations avoid common pitfalls and meet security threats head on in a cost and time efficient manner. www.kaseya.com
Deadly Sin #1: Ignorance “Prevention is more important than detection.” Crawford says that there is no sin greater than thinking you can prevent security threats from breaking into your IT environment. Organizations need to recognize that they have already been penetrated, and malicious code is waiting on a server, someone’s laptop or a mobile device to steal information or wreak havoc. Detecting these threats is just as important as preventing them, and a successful security strategy needs to embrace both strategies to keep the organization safe. Situational awareness is key. Organizations need to know their current security posture, where the defenses lie, where there are vulnerabilities and whether end points are patched and up-to-date on maintenance.A security strategy that stresses prevention and detection will help you mitigate the effects of threats. Deadly Sin #2: Unpreparedness “We have anti-virus so we’re covered.” Most security strategies are focused on specific threats, whether its antivirus, network security or phishing attacks, but hackers today are sophisticated enough to evade conventional defenses. Organizations need to better understand where the last line of defense stands and develop a comprehensive and holistic security strategy that is able to break down the silos of defense and create awareness. Data flows freely throughout the IT environment from systems to the network to the data center, and information needs to be protected at all levels and stages. According to Crawford, this is where IT systems management (ITSM) solutions come in.They have the framework in place to follow data throughout the environment and the ability to embrace a holistic approach. ITSM solutions already have processes in place to remediate issues in addition to providing defense and awareness. Deadly Sin #3: Neglectfulness “We scan regularly for vulnerabilities.” While scanning is a critical part of vulnerability management, it only covers the assessment and not the remediation aspect of preventing attacks. Organizations also need an action plan to combat threats and bring systems and the network back to normalcy. Crawford suggests the PDCA plan of action, which stands for Plan, Do, Check and Act. Scanning encompasses the planning and doing aspects of the plan, but organizations also need to monitor for deviations in systems’ status and then have a plan of action that administrators can use to remediate issues. According to a study conducted by EMA, organizations that define, follow and enforce policies report having half as many instances that require remediation than organizations that are lacking enforcement mechanisms. Deadly Sin #4: Short-Sightedness “Our defenses are up-to-date.” Organizations shouldn’t plan to just win the day; they need a forward-looking strategy that prepares them to confront security threats that may come up in the future.The nature of attacks is changing daily—essentially mirroring the changes in technology. Consider that viruses used to be spread on five and a half inch floppies. Then they spread through the internet and email. Now the battleground is on social media and mobile devices. Crawford says that organizations need to have the flexibility in action, insight and integration.What he means Kaseya IndustryAlert | The Seven Deadly Sins of IT Security ...there is no sin greater than thinking you can prevent security threats from break- ing into your IT environment. ” “ Most security strategies are focused on specific threats, whether its antivirus, network security or phishing attacks, but hackers today are sophisti- cated enough to evade conventional defenses. “ ” Security is full of assumptions. Organizations think they’re covered, that their networks are safe, systems are updated and that their critical data is protected. In actuality, assumptions are dangerous, taking administrators off their guard while making users complacent.You could even say that assumptions are sinful, causing actions and reactions that put organizations, data and users at risk. We asked Scott Crawford, managing research director for analyst firm Enterprise Management Associates (EMA), to identify the Seven Deadly Sins of IT security and how organizations can avoid these pitfalls.
Kaseya IndustryAlert | The Seven Deadly Sins of IT Security by that is having a framework in place that allows you to respond to future issues through configuration changes, recoveries and restores. ITSM solutions need to provide you with the visibility into your IT environment and individual systems.And new strategies, policies and tools need to be able to interoperate within your existing environment. Deadly Sin #5: Pride “Security can’t be measured and managed like other aspects of the business.” Crawford says that this is simply not true. Organizations can measure security in any number of metrics, including the percentage of systems covered and uncovered, the percentage of successful security updates versus failed updates and the rate of patch latency. It’s not easy to collect this information, but that’s where automation comes in. In addition to enabling this automation, ITSM solutions can audit the network to identify known assets and their security status, ensuring security policies are being met fully across the entire organization while uncovering previously unknown exposures.Trends can be analyzed to demonstrate progress and determine need. Crawford suggests visiting benchmarks.cisecurity.org for more information about what security metrics are important. Deadly Sin #6: Arrogance “Our people can cover what our technologies can’t.” It’s dangerous for organizations to rely too much on human intellectual capital for their security needs.As life plays out, people move on, and their knowledge isn’t easily replaced.A combination of technology automating the mundane, repetitive aspects of IT security management and the technicians to plan, assess and remediate is a much more consistent and safer strategy. Deadly Sin #7: Avoidance “Taking a more serious approach to our security will overwhelm our resources.” While building a robust and reliable information security apparatus is not a simple undertaking—especially when you’re talking about large enterprise environments, it is not a herculean feat.Yes, it will require human and monetary resources to purchase, set up and maintain the necessary infrastructure. However, there are options out there that are ideally suited for just about any sized IT staff and budget.According to Crawford, organizations should consider all of their options carefully including properly vetting solutions and partners and considering both hosted and Software as a Service (SaaS) models. What should you do now? Organizations should focus on building security strategies that are comprehensive, forward-looking and flexible. Kaseya can give organizations the automation framework they need to implement a holistic strategy that runs through the service desk where administrators have a single console in which to prevent, monitor, detect and respond to security threats in an efficient manner. Visit www.kaseya.com/features.aspx to learn how Kaseya can help you avoid these seven deadly sins and get a better handle on IT security management. www.kaseya.com About Kaseya Kaseya is the leading global provider of IT Systems Management software. Kaseya solutions empower virtually everyone –– from individual consumers to large corporations and IT service providers –– to proactively monitor, manage and control IT assets remotely, easily and efficiently from one integrated Web-based platform. Go to www.kaseya.com/download for a FREE trial. Visit: www.kaseya.com | Email: sales@kaseya.com | Like: Facebook.com/KaseyaFan | Follow: @KaseyaCorp ©2012 Kaseya.All rights reserved. Kaseya and the Kaseya logo are among the trademarks or registered trademarks owned by or licensed to Kaseya International Limited.All other marks are the property of their respective owners. It’s dangerous for organizations to rely too much on human intellectual capital for their security needs. ” “ ...organizations should consider all of their options carefully including properly vetting solutions and partners and consid- ering both hosted and Software as a Service (SaaS) models. ” “

Empfohlen

Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_print
james morris
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-Effectiveness
Ayham Kochaji
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven Security
EMC
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attention
Ramón Gómez de Olea y Bustinza
 
What is WebSense?
What is WebSense?What is WebSense?
What is WebSense?
touchdown777a
 
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Inno Eroraha [NetSecurity]
 
Plan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestPlan for the Worst; Fight for the Best
Plan for the Worst; Fight for the Best
Hewlett Packard Enterprise Business Value Exchange
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Sarah Nirschl
 

Empfohlen

Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_print
james morris
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-Effectiveness
Ayham Kochaji
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven Security
EMC
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attention
Ramón Gómez de Olea y Bustinza
 
What is WebSense?
What is WebSense?What is WebSense?
What is WebSense?
touchdown777a
 
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Inno Eroraha [NetSecurity]
 
Plan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestPlan for the Worst; Fight for the Best
Plan for the Worst; Fight for the Best
Hewlett Packard Enterprise Business Value Exchange
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Sarah Nirschl
 
Get Prepared
Get PreparedGet Prepared
Get Prepared
Hewlett Packard Enterprise Business Value Exchange
 
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Puneet Kukreja
 
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams
Arun Chinnaraju MBA, PMP, CSM, CSPO, SA
 
Information security governance
Information security governanceInformation security governance
Information security governance
Koen Maris
 
CISO-Fundamentals
CISO-FundamentalsCISO-Fundamentals
CISO-Fundamentals
Gary Hayslip CISSP, CISA, CRISC, CCSK
 
So you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessSo you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to Success
Gary Hayslip CISSP, CISA, CRISC, CCSK
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
Santiago Cavanna
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
Karyl Scott
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic Technologies
EMC
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
Joseph DeFever
 
Prevent & Protect
Prevent & ProtectPrevent & Protect
Prevent & Protect
Mike McMillan
 
The Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsThe Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian Organizations
Scalar Decisions
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability Management
Mighty Guides, Inc.
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security Study
Scalar Decisions
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Shawn Tuma
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
- Mark - Fullbright
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of Directors
Paul Feldman
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
DMIMarketing
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReport
finance40
 
Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0
Satyanandan Atyam
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
DMIMarketing
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
TheWalkerGroup1
 

Weitere ähnliche Inhalte

Was ist angesagt?

Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Puneet Kukreja
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Shawn Tuma
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
- Mark - Fullbright
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
DMIMarketing
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReport
finance40
 
Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0
Satyanandan Atyam
 

Was ist angesagt? (20)

Get Prepared
Get PreparedGet Prepared
Get Prepared
 
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
 
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams
 
Information security governance
Information security governanceInformation security governance
Information security governance
 
CISO-Fundamentals
CISO-FundamentalsCISO-Fundamentals
CISO-Fundamentals
 
So you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessSo you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to Success
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic Technologies
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
Prevent & Protect
Prevent & ProtectPrevent & Protect
Prevent & Protect
 
The Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsThe Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian Organizations
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability Management
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security Study
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of Directors
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReport
 
Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0
 

Ähnlich wie Avoiding The Seven Deadly Sins of IT

Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
Risk Management
Risk ManagementRisk Management
Risk Management
ijtsrd
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic Security
Chad Korosec
 

Ähnlich wie Avoiding The Seven Deadly Sins of IT (20)

5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
 
Assess risks to IT security.pptx
Assess risks to IT security.pptxAssess risks to IT security.pptx
Assess risks to IT security.pptx
 
CROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martinCROs must be part of the cybersecurity solution by david x martin
CROs must be part of the cybersecurity solution by david x martin
 
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilience
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVault
 
Incident Response
Incident ResponseIncident Response
Incident Response
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber security
 
Understanding the 8 Keys to Security Success
Understanding the 8 Keys to Security SuccessUnderstanding the 8 Keys to Security Success
Understanding the 8 Keys to Security Success
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic Security
 
7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!
 
Threat Intelligen.pptx
Threat Intelligen.pptxThreat Intelligen.pptx
Threat Intelligen.pptx
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...
 

Mehr von Envision Technology Advisors

Mehr von Envision Technology Advisors (20)

How to Migrate Without Downtime
How to Migrate Without DowntimeHow to Migrate Without Downtime
How to Migrate Without Downtime
 
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...
 
The Ultimate Guide To Business Continuity
The Ultimate Guide To Business ContinuityThe Ultimate Guide To Business Continuity
The Ultimate Guide To Business Continuity
 
Defeating Cyber Threats
Defeating Cyber ThreatsDefeating Cyber Threats
Defeating Cyber Threats
 
Cloud Based Email
Cloud Based EmailCloud Based Email
Cloud Based Email
 
Survivors Guide To The Cloud
Survivors Guide To The CloudSurvivors Guide To The Cloud
Survivors Guide To The Cloud
 
Ten Myths About Deleted Files
Ten Myths About Deleted FilesTen Myths About Deleted Files
Ten Myths About Deleted Files
 
Disaster Recovery - Deep Dive
Disaster Recovery - Deep DiveDisaster Recovery - Deep Dive
Disaster Recovery - Deep Dive
 
The State of Global Markets 2013
The State of Global Markets 2013The State of Global Markets 2013
The State of Global Markets 2013
 
Ten Myths About Recovery Deleted Files
Ten Myths About Recovery Deleted FilesTen Myths About Recovery Deleted Files
Ten Myths About Recovery Deleted Files
 
Detecting Stopping Advanced Attacks
Detecting Stopping Advanced AttacksDetecting Stopping Advanced Attacks
Detecting Stopping Advanced Attacks
 
8 Strategies For Building A Modern DataCenter
8 Strategies For Building A Modern DataCenter8 Strategies For Building A Modern DataCenter
8 Strategies For Building A Modern DataCenter
 
Unleashing IT: Seize Innovation, Accelerate Business, Drive Outcomes. All thr...
Unleashing IT: Seize Innovation, Accelerate Business, Drive Outcomes. All thr...Unleashing IT: Seize Innovation, Accelerate Business, Drive Outcomes. All thr...
Unleashing IT: Seize Innovation, Accelerate Business, Drive Outcomes. All thr...
 
7 Steps To Developing A Cloud Security Plan
7 Steps To Developing A Cloud Security Plan7 Steps To Developing A Cloud Security Plan
7 Steps To Developing A Cloud Security Plan
 
Cloud or Onsite BDR?
Cloud or Onsite BDR?Cloud or Onsite BDR?
Cloud or Onsite BDR?
 
Forrester Emerging MSSP Wave
Forrester Emerging MSSP WaveForrester Emerging MSSP Wave
Forrester Emerging MSSP Wave
 
RetroFit's Network Monitoring Solution
RetroFit's Network Monitoring SolutionRetroFit's Network Monitoring Solution
RetroFit's Network Monitoring Solution
 
Network Latency
Network LatencyNetwork Latency
Network Latency
 
2013 Threat Report
2013 Threat Report2013 Threat Report
2013 Threat Report
 
Termination of Windows XP
Termination of Windows XPTermination of Windows XP
Termination of Windows XP
 

Kürzlich hochgeladen

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 

Kürzlich hochgeladen (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 

Avoiding The Seven Deadly Sins of IT

  • 1. Kaseya IndustryAlert Avoiding the Seven Deadly Sins of IT Security A holistic, forward-looking and flexible IT security strategy can help organizations avoid common pitfalls and meet security threats head on in a cost and time efficient manner. www.kaseya.com
  • 2. Deadly Sin #1: Ignorance “Prevention is more important than detection.” Crawford says that there is no sin greater than thinking you can prevent security threats from breaking into your IT environment. Organizations need to recognize that they have already been penetrated, and malicious code is waiting on a server, someone’s laptop or a mobile device to steal information or wreak havoc. Detecting these threats is just as important as preventing them, and a successful security strategy needs to embrace both strategies to keep the organization safe. Situational awareness is key. Organizations need to know their current security posture, where the defenses lie, where there are vulnerabilities and whether end points are patched and up-to-date on maintenance.A security strategy that stresses prevention and detection will help you mitigate the effects of threats. Deadly Sin #2: Unpreparedness “We have anti-virus so we’re covered.” Most security strategies are focused on specific threats, whether its antivirus, network security or phishing attacks, but hackers today are sophisticated enough to evade conventional defenses. Organizations need to better understand where the last line of defense stands and develop a comprehensive and holistic security strategy that is able to break down the silos of defense and create awareness. Data flows freely throughout the IT environment from systems to the network to the data center, and information needs to be protected at all levels and stages. According to Crawford, this is where IT systems management (ITSM) solutions come in.They have the framework in place to follow data throughout the environment and the ability to embrace a holistic approach. ITSM solutions already have processes in place to remediate issues in addition to providing defense and awareness. Deadly Sin #3: Neglectfulness “We scan regularly for vulnerabilities.” While scanning is a critical part of vulnerability management, it only covers the assessment and not the remediation aspect of preventing attacks. Organizations also need an action plan to combat threats and bring systems and the network back to normalcy. Crawford suggests the PDCA plan of action, which stands for Plan, Do, Check and Act. Scanning encompasses the planning and doing aspects of the plan, but organizations also need to monitor for deviations in systems’ status and then have a plan of action that administrators can use to remediate issues. According to a study conducted by EMA, organizations that define, follow and enforce policies report having half as many instances that require remediation than organizations that are lacking enforcement mechanisms. Deadly Sin #4: Short-Sightedness “Our defenses are up-to-date.” Organizations shouldn’t plan to just win the day; they need a forward-looking strategy that prepares them to confront security threats that may come up in the future.The nature of attacks is changing daily—essentially mirroring the changes in technology. Consider that viruses used to be spread on five and a half inch floppies. Then they spread through the internet and email. Now the battleground is on social media and mobile devices. Crawford says that organizations need to have the flexibility in action, insight and integration.What he means Kaseya IndustryAlert | The Seven Deadly Sins of IT Security ...there is no sin greater than thinking you can prevent security threats from break- ing into your IT environment. ” “ Most security strategies are focused on specific threats, whether its antivirus, network security or phishing attacks, but hackers today are sophisti- cated enough to evade conventional defenses. “ ” Security is full of assumptions. Organizations think they’re covered, that their networks are safe, systems are updated and that their critical data is protected. In actuality, assumptions are dangerous, taking administrators off their guard while making users complacent.You could even say that assumptions are sinful, causing actions and reactions that put organizations, data and users at risk. We asked Scott Crawford, managing research director for analyst firm Enterprise Management Associates (EMA), to identify the Seven Deadly Sins of IT security and how organizations can avoid these pitfalls.
  • 3. Kaseya IndustryAlert | The Seven Deadly Sins of IT Security by that is having a framework in place that allows you to respond to future issues through configuration changes, recoveries and restores. ITSM solutions need to provide you with the visibility into your IT environment and individual systems.And new strategies, policies and tools need to be able to interoperate within your existing environment. Deadly Sin #5: Pride “Security can’t be measured and managed like other aspects of the business.” Crawford says that this is simply not true. Organizations can measure security in any number of metrics, including the percentage of systems covered and uncovered, the percentage of successful security updates versus failed updates and the rate of patch latency. It’s not easy to collect this information, but that’s where automation comes in. In addition to enabling this automation, ITSM solutions can audit the network to identify known assets and their security status, ensuring security policies are being met fully across the entire organization while uncovering previously unknown exposures.Trends can be analyzed to demonstrate progress and determine need. Crawford suggests visiting benchmarks.cisecurity.org for more information about what security metrics are important. Deadly Sin #6: Arrogance “Our people can cover what our technologies can’t.” It’s dangerous for organizations to rely too much on human intellectual capital for their security needs.As life plays out, people move on, and their knowledge isn’t easily replaced.A combination of technology automating the mundane, repetitive aspects of IT security management and the technicians to plan, assess and remediate is a much more consistent and safer strategy. Deadly Sin #7: Avoidance “Taking a more serious approach to our security will overwhelm our resources.” While building a robust and reliable information security apparatus is not a simple undertaking—especially when you’re talking about large enterprise environments, it is not a herculean feat.Yes, it will require human and monetary resources to purchase, set up and maintain the necessary infrastructure. However, there are options out there that are ideally suited for just about any sized IT staff and budget.According to Crawford, organizations should consider all of their options carefully including properly vetting solutions and partners and considering both hosted and Software as a Service (SaaS) models. What should you do now? Organizations should focus on building security strategies that are comprehensive, forward-looking and flexible. Kaseya can give organizations the automation framework they need to implement a holistic strategy that runs through the service desk where administrators have a single console in which to prevent, monitor, detect and respond to security threats in an efficient manner. Visit www.kaseya.com/features.aspx to learn how Kaseya can help you avoid these seven deadly sins and get a better handle on IT security management. www.kaseya.com About Kaseya Kaseya is the leading global provider of IT Systems Management software. Kaseya solutions empower virtually everyone –– from individual consumers to large corporations and IT service providers –– to proactively monitor, manage and control IT assets remotely, easily and efficiently from one integrated Web-based platform. Go to www.kaseya.com/download for a FREE trial. Visit: www.kaseya.com | Email: sales@kaseya.com | Like: Facebook.com/KaseyaFan | Follow: @KaseyaCorp ©2012 Kaseya.All rights reserved. Kaseya and the Kaseya logo are among the trademarks or registered trademarks owned by or licensed to Kaseya International Limited.All other marks are the property of their respective owners. It’s dangerous for organizations to rely too much on human intellectual capital for their security needs. ” “ ...organizations should consider all of their options carefully including properly vetting solutions and partners and consid- ering both hosted and Software as a Service (SaaS) models. ” “