4 ST_IT_Q2_2010

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ious incidents. ■ You are fighting a large and wellfunded adversary. Attacks are being orchestrated by organized criminal gangs, and often targeted against 10 S TRAIGHTTALK I T Wishful thinking seems to be taking the place of commitment to information security Many people are cynical about the cost of security incidents, but the researchers have a well-defined methodology that errs on the side of underestimating the losses. While the main impact is on the reputation and brand of the victim, which is hard to quantify, the Ponemon Institute has researched the level of customer churn following security incidents. It estimates the cost of a security incident as that of remediating the vulnerability, repairing the damage as much as possible, notifying the victims, stabilizing the customer base, and replacing customers that leave. Protect security budgets It becomes more critical to identify precise objectives for corporate security provision when overall budgets are under pressure. Wishful thinking seems to be taking the place of commitment to information security. Deloitte reported that 58% of businesses thought they were better protected in 2009 than they had been in 2008, but 26% had suffered a reduction in their security budgets. Cuts have been particularly prevalent in the retail sector. Only 30% of businesses were compliant with the Payment Card Industry Data Security Standard (PCI DSS), a requirement for businesses that handle payment cards. This is consistent with the finding of Verizon Business that 81% of the companies it had investigated following a data breach were not PCI DSS compliant, although most believed they were compliant. a rapidly growing threat from the traditional menaces. Vendors ignore this at their peril. Prioritize defending against the most serious threats Vendors should support service providers securing the SME sector It is important to prioritize security spending to address the most significant threats. The surveys show a more mundane view of the threat landscape than industry leaders frequently p...
View Full Document

This document was uploaded on 12/31/2013.

Ask a homework question - tutors are online