Re: Top Information Security Management Challenges in the Enterprise Today?

Social Engineering/Industrial Espionage.

Annual Security Awareness Training with monthly reminders in the form of
e-mail reminders, Security Awareness posters at entry/exit points and areas
of congregation.  Also included in training is information regarding
industrial espionage. What to watch for and what actions to take should you
suspect internal theft of information or intellectual property. Annual
acknowledgement by all employees of their S.A.T. attendance. Detailed
policies that address the use of communication services and how these
services can be used as a tool to jeopardize the company and customers.
These combined with actual penetration testing. Actually calling random
employees and trying to obtain useful information. It is truly amazing what
a few kind words will get you sometimes.

Lost or Stolen portable devices

Use of SSL VPN with 2 factor authentication to allow remote and traveling
users to access sensitive information with edge devices while preventing
said data from actually leaving the network perimeter. In such cases where
data must leave the perimeter controls, then the edge devices utilize
encryption of the hard drives, thumb drives, and other portable media, to
prevent loss of data. Strict policies that govern the use and maintenance
of all portable devices.


Disaster Recover/Business Continuity


This one is really dependant on your company and the Business Impact
Analysis that should be performed to determine the actual impact to your
line of business in the event of a disaster. FFIEC guidelines are a great
place to start along with NIST, SANS and others.

I would consider these to be my top 3 worries/concerns. I would also add
that the current trend to packing more and more features into cell phones
is cause for concern to security individuals. I am currently working on
policies to restrict the use of certain mobile devices due to the added
risk that comes with allowing these devices into data processing
facilities. Phones with cameras could easily be used to steal data and now
with services such as iTunes being loaded onto mobile phones, I am
concerned with the capability of using the phone as a USB storage device in
the same manner as a common thumb drive.

\_\_\_\_\_\_\_\_\_\_\_/_/_/_/_/_/_/_/_/_/_/
\_    Steve Angell,  MCSE, CCNA            _/
\_    Security and Compliance                _/
\_    Senior Manager, Risk Services    _/
\_    TSYS Debt Management              _/
\_    Norcross, GA                                   _/
\_    Phone 770-409-5570                    _/
\_    Cell      770-365-2986                   _/
\_    Fax      770-416-1752                   _/
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/

This message may contain confidential communications intended solely for
the personal and confidential use of the recipient(s) named above.  If you
are not the intended recipient, you are hereby notified that you have
received this communication in error, and that any review, dissemination,
distribution, or copying of this message is strictly prohibited.  If you
have received this communication in error, please notify me immediately by
e-mail, and delete the original message.  Thank you.


                                                                           
             "Brad Bemis"                                                  
             <bradleyb@bradley                                             
             b.net>                                                     To 
                                       "'Security'"                        
             10/17/2005 08:34          <security-management@securityfocus. 
             PM                        com>                                
                                                                        cc 
                                                                           
                                                                   Subject 
                                       Top Information Security Management 
                                       Challenges in the Enterprise Today? 
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           





-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am interested in hearing about what many of you consider to be the
top information security management challenges that organizations
face today...  and if possible, a short synopsis of the actions that
you've taken to address them within your own organizations.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBQ1RC/wiGfsWIs63wAQJsdw//RjbbCM2t8mf0sjG3TvN9vHG4cRhGXaM0
0nsN3Mz5PSIXLvRUqZhU9x5c4FFPrrrz5WOalM0PiZHX6rylkbMUlWB4RtPfren0
fC6tOfH2xFvyiutIoSFvVIGuAstd4HtZajj+4Q97NQQEVrFBPs5lHfvALOWvrawU
NHVUW7sIlztucxGQ0T5t7nngGxhTGOOEy8W9jgtvyNvBa2MPXYkDIFHdNb6oO4PX
4+D4Sv36iHeS/5DoS4uEVrS4EwCV3VUp6Mhe6qFixTKtx81jdGgNMV5EBR4bf3GL
xZ8AONBxsnEgPkXhyazw3ywOWZL3WfnNCwlGG1bZ6LaY4R4yv/Ly2aGXZzynvTKQ
B+0bCFwlcbRoOluhGSexv/0LwjQ6ZrVviaSWJ9z4u5DNblmxmXKIlTCmZjzfGX9B
Z1wiFfjbdSBHdNgcogNVpp338EdqbjAPxhvy2W6mZaEVXWjv38gVYYBQpt3FYBj3
pbV54nP90P8ds8UQZ1sX1HbhZYOx4HS6AJMKkiMe/HiShG57vt8Qp8OB7f6fObId
2B5LYKjPPZZ5Cz1lWFz3MvCsNBJd35z3svHctJ4xTQ9zT6qGq0d6ELdzbxET+f3l
hc5BFTl3KoVDdMnXLOASUHYsykUvMY5U4syqj3OiRcaSJybQj5/Tlna3aadzP2KZ
VJPpGHTuFiA=
=NQPK
-----END PGP SIGNATURE-----
(See attached file: PGPexch.htm.pgp)

PGPexch.htm.pgp
Description: Binary data