Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
 
Latest Comments
"Good! Its very good blog the for the people who are having debit collection and credit report ..."
on Fake Microsoft anti-spyware site stealing credit card info
by identity theft lawyers | Jul 4, 2009 6:55 PM
 
"nothing"
on Ads on Facebook serving up adware
by UMAIR | Jul 4, 2009 5:54 PM
 
"Thank you "
on Search engine promises completely private surfing
by Dr. Holub | Jul 4, 2009 11:17 AM
 
"Agree that wireless hotspots are an easy way for hackers to gather information from connected ..."
on New devices make hotspots a hacker's paradise
by Patrick Hooper | Jul 3, 2009 4:06 AM
 
"Katarzyna what has this got to do with Symantec?? "
on Mobile phone directory service faces consumer uproar
by PaulC | Jul 2, 2009 12:55 PM
Corporate Data

IT security policy enforcement struggles

  • Email a Friend
  • Print Page
Related Articles
By Dan Raywood
Oct 31, 2008 10:47 AM
Tags: IT | security | policy | enforcement
Companies are struggling to come to grips with the basics of vulnerability management, says Chris Schwartzbauer, vice president of development and customer operations at Shavlik Technologies.
Companies are struggling to come to grips with the basics of vulnerability management, says Chris Schwartzbauer, vice president of development and customer operations at Shavlik Technologies.

During a presentation at the PCI Europe conference in Brussels, Schwartzbauer said organisations often seem to be working in the dark when it comes to enforcing IT security policy and compliance with external regulations, such as the Payment Card Industry Data Security Standard (PCI DSS) or ISO 27002. He added that security administrators are recognising the need to develop a meaningful overview of what machines are on and connecting to their network.

“You can't secure what you don't know about, and unfortunately the unknowns are many," Schwartzbauer said. "IT administrators are often unaware of all of the servers live on their network, let alone their relevance or desired configuration, mobile computers are missed during scheduled vulnerability checks, old or unauthorised account privileges persist. And virtualisation has made it all too easy for users to ‘create' more machines that must be protected.”

In his remarks, he said organisations are challenged by the complexity of their heterogeneous networks, an overwhelming amount of log data that is too time-consuming to interpret, and a reticence to automate where manual processes are no longer adequate.

“Decision makers, the CIO, security and risk managers assume the basics are resolved because the investment has been made in sophisticated security strategy and technologies,” he said. “But it is in the mundane processes, the policy and configuration management, where the vulnerability gaps are left wide open.”

He continued: “Until these basics are effectively managed, there will always be a risk to company security and any effort at compliance with security policy or external regulation.”

See original article on scmagazineus.com

Secure Computing Magazine

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Exclusive Data Centre - Sponsored Content by Microsoft
 
Breaches & Exposures Whitepapers
 
Popular Tags
apple auscert corporate data email gartner google government homeland information mac malware mcafee online security software spam symantec web windows