Successfully reported this slideshow.
Your SlideShare is downloading. ×

Survey - Add IAM to Improve Security

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad

Check these out next

1 of 22 Ad

Survey - Add IAM to Improve Security

SURVEY: Management of Access Privileges Cited as Critical to Reducing Risk and Increasing Security

If you are a Chief Information Security Officer (CISO), chances are you may not be getting much sleep lately according to a recent survey of IT security executives at companies of 500 or more employees. The survey, conducted in March 2014 by Courion, a leading provider of intelligent identity and access management (IAM) solutions, revealed that 78 percent of respondents are anxious about the possibility of a breach at their organization.

What’s more, IT security executives are increasingly aware that they are on the front line, maintaining brand equity and protecting customers’ privacy and personal data. 58.8 percent identified “protecting the privacy of our customers” as their primary goal in addressing a significant security breach, and 62.7 percent admitted they most fear “negative publicity affecting the company brand,” should a breach occur within their organization.

“Our recent survey confirmed what we’ve been hearing from many customers over the past few years, the role of the senior IT security executive is consistently changing,” said Christopher Zannetos, president and CEO of Courion. “Not only are they thought of as the front line defense for protecting sensitive company and customer information, they also feel responsible for brand image and customer satisfaction. IT security cannot tackle all this alone, however. We believe, and this survey confirmed, that better employee education and management of user access can provide much needed support for the security team.”

Respondents cited “managing user access” and “communicating or enforcing company policies” among top security priorities in 2014, but also believe other stakeholders may not consider the careful control of user access an important issue. For example, respondents said that while 95 percent of their IT security team considers preventing security breaches a serious issue, they believe only 45 percent of the employee base feels the same.

Indifference at the employee level, lack of knowledge and malicious acts by trusted insiders can present a challenge for IT security, as evidenced by the 2014 Verizon Data Breach Investigations Report, which included “insider misuse” as one of the nine basic patterns that all breaches can be described by. Within this pattern, “privilege abuse” was the top threat action observed in 88 percent of security incidents.

This is meaningful, since “Account Monitoring and Control”, “Controlled Access Based on the Need to Know” and “Controlled Use of Administrative Privileges”are three of the Top 20 Critical Security Controls recommended by the SANS Institute, one of the largest sources for information security training and security certification in the world.

To learn more about how you can use intelligent identity and access management solutions as part of your security controls, contact 866.Courion or info@courion.com.

SURVEY: Management of Access Privileges Cited as Critical to Reducing Risk and Increasing Security

If you are a Chief Information Security Officer (CISO), chances are you may not be getting much sleep lately according to a recent survey of IT security executives at companies of 500 or more employees. The survey, conducted in March 2014 by Courion, a leading provider of intelligent identity and access management (IAM) solutions, revealed that 78 percent of respondents are anxious about the possibility of a breach at their organization.

What’s more, IT security executives are increasingly aware that they are on the front line, maintaining brand equity and protecting customers’ privacy and personal data. 58.8 percent identified “protecting the privacy of our customers” as their primary goal in addressing a significant security breach, and 62.7 percent admitted they most fear “negative publicity affecting the company brand,” should a breach occur within their organization.

“Our recent survey confirmed what we’ve been hearing from many customers over the past few years, the role of the senior IT security executive is consistently changing,” said Christopher Zannetos, president and CEO of Courion. “Not only are they thought of as the front line defense for protecting sensitive company and customer information, they also feel responsible for brand image and customer satisfaction. IT security cannot tackle all this alone, however. We believe, and this survey confirmed, that better employee education and management of user access can provide much needed support for the security team.”

Respondents cited “managing user access” and “communicating or enforcing company policies” among top security priorities in 2014, but also believe other stakeholders may not consider the careful control of user access an important issue. For example, respondents said that while 95 percent of their IT security team considers preventing security breaches a serious issue, they believe only 45 percent of the employee base feels the same.

Indifference at the employee level, lack of knowledge and malicious acts by trusted insiders can present a challenge for IT security, as evidenced by the 2014 Verizon Data Breach Investigations Report, which included “insider misuse” as one of the nine basic patterns that all breaches can be described by. Within this pattern, “privilege abuse” was the top threat action observed in 88 percent of security incidents.

This is meaningful, since “Account Monitoring and Control”, “Controlled Access Based on the Need to Know” and “Controlled Use of Administrative Privileges”are three of the Top 20 Critical Security Controls recommended by the SANS Institute, one of the largest sources for information security training and security certification in the world.

To learn more about how you can use intelligent identity and access management solutions as part of your security controls, contact 866.Courion or info@courion.com.

Advertisement
Advertisement

More Related Content

Recently uploaded (20)

Advertisement

Survey - Add IAM to Improve Security

  1. 1. Survey Results: IT Security Executives Survey conducted in March 2014 by Courion At companies of 500+ employees, all geographies Polled over 4,000 IT security executives Response rate of 3 percent
  2. 2. IT Security Executives are Not Getting Much Sleep Lately . . .
  3. 3. 78% are Anxious About a Possible Breach . . . Source: Courion survey of 4,000+ IT security executives conducted in March 2014
  4. 4. With Good Reason: Breaches are on the Rise Source: Risk Based Security, Open Security Foundation, February 2013
  5. 5. Source: PWC Global State of Information Security Survey, 2014 In Case You Need More Convincing . . .
  6. 6. IT Security Executive Becomes Brand Champion
  7. 7. IT Security Executive: the New Front Line for the Brand If a breach occurred to your organization, what do you fear most? Source: Courion survey of 4,000+ IT security executives conducted in March 2014
  8. 8. Aware of Possible Negative Media Fallout from a Breach
  9. 9. They Understand a Breach Could Damage Reputation
  10. 10. And Have a Material Effect on Stock Price
  11. 11. IT Security Executive as Key to Customer Privacy
  12. 12. They Know Job #1 is Protection of Customer Data What is your #1 goal in addressing a significant security breach? Source: Courion survey of 4,000+ IT security executives conducted in March 2014
  13. 13. 2014 IT Security Priorities: Employee Education + Better Access Management What do you feel should be the top security priority within your organization in 2014? Source: Courion survey of 4,000+ IT security executives conducted in March 2014
  14. 14. Research Agrees on Need to Focus on Inside Threat: Privilege Abuse Cited in 88% of Insider Misuse Cases Source: Verizon Data Breach Investigatios Report 2014 Top 10 Threat Action Varieties Within Insider Misuse
  15. 15. So While Identity Management is Top of Mind for IT Security Source: 451 Group
  16. 16. Employee Indifference May be a Challenge
  17. 17. Perhaps Not All Stakeholders Take Security Seriously Do you feel each of these stakeholders takes preventing security breaches seriously: Source: Courion survey of 4,000+ IT security executives conducted in March 2014
  18. 18. Access Privileges Must Be Proactively Controlled, Abandoned Accounts Eliminated Recommended Controls for Insider & Privilege Misuse - Verizon DBIR 2014 • Know your data and who has access to it • Review user accounts • Watch for data exfiltration • Publish audit results Source: Verizon Data Breach Investigations Report 2014
  19. 19. So What Can You Do? Make Identity & Access Management part of Your Security Strategy
  20. 20. Improve Security with Identity & Access Management Source: SANS.org
  21. 21. Recommendations for Access Control: Visa Data Security Alert, August 2013 • Create segregation of duties (SoD) policies between payment and non-payment application access • Apply access controls lists segmenting public facing and backend database systems • Assign strong passwords to prevent application modification • Implement least privileges and access control lists on users and applications • Limit administrative privileges on users and applications • Use intelligence to analyze and uncover malicious behavior Source: VISA Data Security Alert August 2013 http://usa.visa.com/download/merchants/Bulletin__Memory_Parser_Update_082013.pdf
  22. 22. Thank You. To Learn More: 866.Courion Improve Security with Identity & Access Management

×