Solved

potential Security Risks

Posted on 2014-04-01
6
328 Views
Last Modified: 2014-04-07
i need some potential Security Risks which i can add to our Risk Register. pls forward me your ideas and recommendations,thank you!
0
Comment
Question by:DukewillNukem
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 55

Expert Comment

by:McKnife
ID: 39969246
It would be kind of helpful to see what is already in there (complete list) to get an idea of where you are heading.
0
 

Author Comment

by:DukewillNukem
ID: 39969322
risk: Security breaches due to unauthorized use of private devices is one.
solution: Provide secure alternatives like RSA,Citrix and Good technology

risk:Lack of Firmwide document retention standard
solution: Create guidelines on documents which are marked to be deleted or passed the retention period


stuff like that.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39972080
Have a look at my artilces
http://www.experts-exchange.com/members/richrumble.html
click ->Articles Published at the top.
Lot's of risks there to think/read about.

Now matter where I go for an engagement I always see some of these issues:
Insufficient backup's, Users are Local Admins, no patch management, default configurations being used, no password auditing, default passwords being used, clear-text protocols containing passwords, no pentesting being done, coding best practices ignored (lack of SDLC), no security awareness efforts, no log management, insufficient logging levels, no egress filtering... and on and on...
Lack of policies and procedures is another. If your company needs to be PCI or SOX compliant, then you can check off 90% of those requirements as not being done.
-rich
0
Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

 

Author Comment

by:DukewillNukem
ID: 39972152
great! thats what im looking for,i will read thru it and let you know
0
 

Author Comment

by:DukewillNukem
ID: 39977849
but i need Infos like Gartner which list the current threats and risks for an enterprise,especially lawfirms
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 39977920
The current threats haven't changed much... I'd suggest you read the Verizon/Microsoft reports and the OWASP top 10. Every year the threats are the same, they just switch places...
https://www.owasp.org/index.php/Top_10_2013-Top_10
http://www.verizonenterprise.com/DBIR/2013/
http://www.microsoft.com/security/sir/archive/default.aspx
https://www.sophos.com/en-us/threat-center/security-threat-report.aspx

Basically search for "threat report" or "risk report" maybe "enterprise risk report".
-rich
0

Featured Post

Want Experts Exchange at your fingertips?

With Experts Exchange’s latest app release, you can now experience our most recent features, updates, and the same community interface while on-the-go. Download our latest app release at the Android or Apple stores today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses
Course of the Month7 days, 22 hours left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question