http://www.darkreading.com/cloud-security/167901092/security/news/231002850/security-best-practices-a-big-fail-in-most-organizations.html By Kelly Jackson Higgins Dark Reading July 28, 2011 New data released today reveals how enterprises and government agencies are failing to adopt best practices for security: nearly all of the 420 organizations that participated in the survey were at some risk in security or compliance. The Echelon One/Venafi-sponsored survey, 2011 IT Security Best Practices Assessment, was based on 12 best security practices defined by Echelon One. Here's how the organizations fared in the top five best practices: Some 77 percent don't perform quarterly security and training compliance training; 64 percent don't encrypt all of their cloud data and cloud transactions; 82 percent don't rotate their SSH keys every 12 months; 55 percent don't have a process in place in the event of a certificate authority compromise; and 10 percent don't use encryption throughout their organizations. "Training once a year is not enough. It has to be done on a regular basis, and quarterly is best," says Bob West, founder and CEO of Echelon One, who says he was shocked by the high rate of failure in the survey. "But 77 percent are not doing this." [...] ___________________________________________________________ Attend Black Hat USA 2011, hosted at Caesars Palace in Las Vegas, Nevada July 30-Aug 4, offering over 60 training sessions and 9 tracks of Briefings from security industry elite. To sign up visit: http://www.blackhat.comReceived on Fri Jul 29 2011 - 02:06:16 PDT
This archive was generated by hypermail 2.2.0 : Fri Jul 29 2011 - 02:03:55 PDT