Solved

potential Security Risks

Posted on 2014-04-01
6
323 Views
Last Modified: 2014-04-07
i need some potential Security Risks which i can add to our Risk Register. pls forward me your ideas and recommendations,thank you!
0
Comment
Question by:DukewillNukem
  • 3
  • 2
6 Comments
 
LVL 54

Expert Comment

by:McKnife
ID: 39969246
It would be kind of helpful to see what is already in there (complete list) to get an idea of where you are heading.
0
 

Author Comment

by:DukewillNukem
ID: 39969322
risk: Security breaches due to unauthorized use of private devices is one.
solution: Provide secure alternatives like RSA,Citrix and Good technology

risk:Lack of Firmwide document retention standard
solution: Create guidelines on documents which are marked to be deleted or passed the retention period


stuff like that.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39972080
Have a look at my artilces
http://www.experts-exchange.com/members/richrumble.html
click ->Articles Published at the top.
Lot's of risks there to think/read about.

Now matter where I go for an engagement I always see some of these issues:
Insufficient backup's, Users are Local Admins, no patch management, default configurations being used, no password auditing, default passwords being used, clear-text protocols containing passwords, no pentesting being done, coding best practices ignored (lack of SDLC), no security awareness efforts, no log management, insufficient logging levels, no egress filtering... and on and on...
Lack of policies and procedures is another. If your company needs to be PCI or SOX compliant, then you can check off 90% of those requirements as not being done.
-rich
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 

Author Comment

by:DukewillNukem
ID: 39972152
great! thats what im looking for,i will read thru it and let you know
0
 

Author Comment

by:DukewillNukem
ID: 39977849
but i need Infos like Gartner which list the current threats and risks for an enterprise,especially lawfirms
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 39977920
The current threats haven't changed much... I'd suggest you read the Verizon/Microsoft reports and the OWASP top 10. Every year the threats are the same, they just switch places...
https://www.owasp.org/index.php/Top_10_2013-Top_10
http://www.verizonenterprise.com/DBIR/2013/
http://www.microsoft.com/security/sir/archive/default.aspx
https://www.sophos.com/en-us/threat-center/security-threat-report.aspx

Basically search for "threat report" or "risk report" maybe "enterprise risk report".
-rich
0

Featured Post

Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Admin Certificates in my browser 2 40
PGP software 3 36
How long to crack a 8 chars alphanumeric password 18 83
Blocking outside IP Addresses 16 36
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question