Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with IT Risk Management
Showing posts in English
Ben Nahorney | 17 Jul 2009 15:00:44 GMT

In Security Response, our primary objective is to provide virus definitions and firewall signatures to protect our customers from threats in the wild. On the flip side of the coin is Symantec’s Support organization, where we help customers install and configure their security software and, in cases where the worst has happened, help remove threats from a computer or network.

Symantec’s Support organization often receives requests to provide threat outbreak information. In some cases the request is for content aimed at a management level, detailing what their security teams have to do in these cases, which they could use to explain the situation at say, the next board meeting. In other cases the requests come from small business folks who are not necessarily IT or Security managers, but may be the office “computer guy/girl” put in charge of cleaning up an outbreak.

It can be difficult to comprehend what’s happening when a computer is...

Alessandro Deidda | 16 Jul 2009 12:20:28 GMT

Organizations of all types are concerned with threats that could compromise information security. Managing this aspect is usually a primary concern for information technology (IT) departments. In this context, Information Security Risk Management should be an integral part of all information security management activities and should be applied both to the implementation and the ongoing operation of an Information Security Management System (ISMS). In fact, a systematic approach to information security risk management is necessary to identify organizational needs regarding information security requirements and to create an effective ISMS.

The ISO/IEC 27005:2008, a new standard from the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), describes the Risk Management Process and its activities for information security and provides guidelines for Information Security Risk Management and supports the...

Grant Geyer | 16 Apr 2009 16:31:54 GMT | 0 comments

Editor's Note: This is the final installment of a four-part series.

In the three blog articles I have posted so far, we reported on findings from a recent survey to understand security professionals' perception of the threat environment, the loss associated with cyber attacks, and the challenges organizations are facing in handling cyber security. In this final installment, we’ll look at the use of outsourcing to help solve security challenges.

When you combine the...

Grant Geyer | 01 Apr 2009 15:06:51 GMT | 0 comments

Editor’s Note: Part three in a four-part series

In the first two blog posts in our series on the Managed Security in the Enterprise report, we established that cyber security is still a problem and respondents have experienced real loss (see It’s Tough Out There and Threats Equate to Actual Loss). Exacerbating the problems of frequent cyber attacks and mounting losses is the fact that 49 percent of American organizations reported that it is getting somewhat/significantly more difficult to provide security. Our survey respondents attributed their challenges to four areas:...

Grant Geyer | 31 Mar 2009 15:09:41 GMT | 0 comments

Editor’s Note: Part two in a four-part series

In part one of our blog series based on Symantec’s new research report, Managed Security in the Enterprise, I provided an overview of the challenges organizations are facing from cyber attacks. While we aren’t surprised that almost all U.S. respondents (88 percent) stated that their organizations have experienced cyber attacks over the past two years, the cyber loss they’ve experienced is staggering.

Incredibly, 97 percent of respondents reported real, tangible loss as a direct result of cyber attacks. When asked about the kind of cyber loss experienced, 46 percent of respondents in the United States claimed that they experienced downtime of their...

Grant Geyer | 27 Mar 2009 15:33:08 GMT | 0 comments

Editor’s Note: Part one in a four-part series.

Most security practitioners won’t be surprised to hear this: security is tough, and getting tougher. In fact, at times, I’m sure it seems like a perfect storm of problems; the threats are getting worse, losses are mounting, and—in the midst of the global downturn—there are very real concerns around staffing and budgets.

Earlier this week, we announced the findings of a new study, Managed Security in the Enterprise, based on surveys of 1,000 IT managers in U.S. and European enterprises in January 2009. We used this to complement the Symantec Internet Security Threat Report, vol. XIII in order to obtain qualitative data through feedback from security practitioners about changes in the...

Samir_Kapuria | 19 Mar 2008 07:00:00 GMT | 0 comments

This is an issue I explored in a blog post several months ago, IT Risk and the Millennials, which really seemed to resonate with customers and industry peers. Feedback ranged from "great article," to "how are others addressing this choice vs. control dilemma?" to skepticism about this theory and the desire to see more quantifiable research validating my previous thoughts.

So, with all of this in mind, we did just that. We went out and commissioned a study with Applied Research-West to measure IT risk issues surrounding the emerging millennial workforce within companies. The study was conducted with 600 people, including three groups of 200 respondents each: IT decision makers, millennial workers (born after 1980), and older workforce (born before 1980). Our goal was to measure millennial workers' perceptions and...

Jeremy Ward | 12 Feb 2008 08:00:00 GMT | 0 comments

So you think IT risk management is a science? Or maybe you’ve never thought about it—you've just assumed that some clever expert has worked out all the angles. Unfortunately that’s not the case. The latest Symantec IT Risk Management Report gives some figures about how organizations manage (or fail to manage) their IT risk. It makes for interesting reading and includes some data about real incidents, analyzed jointly by Symantec and MIT’s Center for Information Research. However, what is clear is that IT risk management, although not a science, is evolving as a business discipline.

Correlation analysis of the data in the report shows that organizations are beginning to follow a natural progression in the way that they treat the management of their IT risk. They tend to start by looking at the security risk, then move on to consider availability and delivery risk, and finally address performance and compliance risk by implementing the more strategic controls. Experience...

Jeremy Ward | 06 Feb 2008 08:00:00 GMT | 0 comments

So, you think that there’s a magic bullet to deal with IT risk? In fact you probably wish there was, but since you don’t believe in Santa Claus, you know there isn’t! Of course that doesn’t stop people from looking for a quick technology fix. However, the latest Symantec IT Risk Management Report reveals that technology is not necessarily the issue. The report cites a study conducted jointly by Symantec and MIT’s Center for Information Research, showing that the majority (53 percent) of IT incidents have a process-based cause. Interestingly, the report also shows that organizations believe their technological effectiveness is declining. Last year’s number one effective control set was network, protocol, and host security. It’s still up there at the top, but there’s been a reduction of 16 percent in those who think they’re more than 90 percent effective (down from 47 percent to 31 percent).

Experience shows that it’s a balance of technology, process, and people that is...

Jeremy Ward | 04 Feb 2008 08:00:00 GMT | 0 comments

So you’ve got a project to manage the risk to your IT systems? Well, in actual fact you probably haven’t! (It’s more likely that you’re too busy dealing with incidents.) The latest Symantec IT Risk Management Report suggests that bad things are going to happen to your IT and information pretty often. In fact, 69 percent of people thought they would probably have some sort of IT incident about once a month or more (2 percent thought they’d have them every day). Sixty-two percent of people thought they would have a major IT incident and 26 percent expected to have a regulatory non-compliance incident at least once a year, while 25 percent expected data leakage from their IT systems and 8 percent thought they would have a major information loss at least once a year.

From this it’s pretty obvious that a single project isn’t going to address your risk management problems. What is...