110608_wor_stu_isaca

Sie sind hier: Das Magazin für alle IT-Security-Themen » Markt » World-wide News » Studies


Rubrik: World-wide News/Studies
61 Percent of UK IT Leaders Believe Employee-Owned Mobile Devices Are Riskiest to the Enterprise
2011 ISACA IT Risk/Reward Barometer also Reveals Concerns Surround Cloud Computing in UK and Projected Increase in Information Security Jobs
(08.06.11) - According to a new member survey by global IT association ISACA, 61 percent of information technology leaders in the UK believe that any employee-owned mobile device poses a greater risk to the enterprise than company-supplied devices do, as opposed to 31 percent who said a mobile device supplied by the company is riskiest (*). When asked, "What is the riskiest behaviour you are aware of an employee doing with a mobile device that has access to the corporate network?", storing company data in an unsecured manner was reported as the riskiest by 48 percent of the respondents; losing the device was said to be the riskiest by 26 percent. Just 23 percent of respondents believe that the benefits of employees using personal devices for work activities outweigh the risk to the enterprise.Despite their concerns, IT professionals are pragmatic about balancing risks with rewards and are actively involved in managing mobile security. More than 8 out of 10 have a security policy in place for mobile computing - although 31 percent admit their policy needs updating or communicating."The Risk/Reward Barometer is a reliable and trusted indicator for senior IT and business managers. The opportunities and rewards in IT are there, but new risks and cyber threats are rapidly becoming part of our day-to-day reality. Protection and risk management are more important than ever, and they should be seen as strategic priorities." said Rolf von Roessing, CISA, CISM, CGEIT, CISSP, international vice president of ISACA.The global 2011 ISACA IT Risk/Reward Barometer surveyed IT professionals who are members of ISACA. Full results are available at www.isaca.org/risk-reward-barometer. This year"s study revealed some interesting geographical differences:In the US, 58 percent say employee-owned mobile devices pose the greatest risk, compared to 33 percent who chose a work-supplied device*. In Europe, 45 percent chose personal mobile devices as the riskiest vs. 46 percent who chose a work-supplied device*. Just 36 percent of members in India and 33 percent in China shared the opinion that personal devices posed the greatest risk.IT organizations are increasingly being asked to manage the growing trend of "BYOD" (bring your own device) as employees take advantage of more powerful and affordable mobile devices that let them work from any location."Mobile devices usually are not under the full physical control of the enterprise. However, they still should be managed, controlled and secured by enterprise-wide policies, standards and procedures. Creating a mobile device strategy will help ensure that risks are accounted for and managed appropriately," said Ramsés Gallego, CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, COBIT Foundations, Six Sigma Black Belt, who is a member of ISACA"s Guidance and Practices Committee and chief evangelist officer of Entel IT Consulting. "Establishing a program that creates value for the business and properly leverages available technology, while mitigating risks, is very challenging and difficult. However, a mobile devices enterprise strategy should always start with a comprehensive policy and finish with a full device lifecycle support program."The IT Risk/Reward Barometer is based on March 2011 online polling of 2,765 ISACA members worldwide. The European results are based on 657 respondents, of which 147 are UK-based. The study, now in its second year, helps gauge current attitudes and organizational behaviours related to the risks and rewards associated with IT projects and emerging trends. Serious doubts still exist around cloud computing Both UK and European respondents are still slow to embrace cloud computing, considered a key IT trend by other regions, as 47 and 43 percent respectively believe the risks outweigh the benefits. One third of respondents in Europe use cloud computing, and and 30 percent of organisations in both regions say they do not currently use cloud computing for any IT services. Twenty percent of the UK sample added that they have not finalised their plans with regard to cloud computing at the time of the survey. The three frequently cited cloud concerns are data security, loss of control, and issues surrounding ownership of data.This is in stark difference to the US where this year"s Barometer shows that the number of enterprises that do not use cloud for any IT services has decreased by 5 points to 21 percent, and those that plan to use it for mission-critical IT services has increased four points to 14 percent. This shift in attitude matches a growing spend on the cloud model as enterprises seek lower total cost of ownership, greater efficiency and increased flexibility.Cloud computing is one of the issues on the agenda at ISACA"s World Congress: INSIGHTS 2011 conference 27-29 June near Washington DC. Senior-level government officials and executives from Fortune 500 companies will share expertise on emerging technologies in the context of business value and compliance at this inaugural event.
Information security and risk jobs on the rise
Despite a sluggish economic recovery, a surprisingly high percentage (43 percent) of respondents expects their organization"s staffing requirements for information security to increase over the next year, with an additional 51 percent expecting to remain at current levels. Similarly, 40 percent expect risk management staffing requirements to go up."Today"s rapid acceleration in data volume, IT complexity and privacy regulations are fuelling a need for a greater focus on information security and risk management. ISACA is seeing a similar growth in interest in its CRISC and CISM certifications, as professionals seek to better understand and demonstrate proficiency in the critical areas of managing security and risk, said Ken Vander Wal, CISA, CPA, international vice president of ISACA.ISACA"s CISM certification program is developed specifically for experienced information security managers. CRISC is designed for IT professionals who have hands-on experience with risk identification, assessment, evaluation, response and monitoring. Since it was established one year ago, the CRISC certification has been earned by more than 8,000 professionals.
IT risk management becoming more strategic
Overall, this year"s IT Risk/Reward Barometer indicates that striking a balance between reducing risk and enabling reward is evolving toward a more strategic, cross-enterprise view. Thirty-two percent of UK survey participants felt that the most important action an enterprise can take to improve IT risk management is to provide executive management with a "single view of risk," closely followed by improving coordination between IT risk management and overall enterprise risk management at 30 percent; and increasing risk awareness among employees at 29 percent. Unfortunately, budget limits are cited as an organisation"s greatest hurdle when addressing IT-related business risk at 36 percent.Compliance is still the primary driver behind managing IT risk (23 percent); however, avoiding negative incidents is now joint-second alongside aligning functionality with business needs - both scoring 22 percent."Managing information and the technology used to transform it into competitive advantage is a boardroom imperative. As forward-thinking leaders roll IT risk into their overall enterprise risk management, they will be far better positioned to reap the rewards of new technologies like mobile and cloud without feeling overwhelmed by the risk," said Vander Wal. (ISACA: ma)
* smart phones, laptops,/netbooks, tablet computers, broadband cards or flash drives

Rubrik: World-wide News/Studies61 Percent of UK IT Leaders Believe Employee-Owned Mobile Devices Are Riskiest to the Enterprise2011 ISACA IT Risk/Reward Barometer also Reveals Concerns Surround Cloud Computing in UK and Projected Increase in Information Security Jobs (08.06.11) - According to a new member survey by global IT association ISACA, 61 percent of information technology leaders in the UK believe that any employee-owned mobile device poses a greater risk to the enterprise than company-supplied devices do, as opposed to 31 percent who said a mobile device supplied by the company is riskiest (*). When asked, "What is the riskiest behaviour you are aware of an employee doing with a mobile device that has access to the corporate network?", storing company data in an unsecured manner was reported as the riskiest by 48 percent of the respondents; losing the device was said to be the riskiest by 26 percent. Just 23 percent of respondents believe that the benefits of employees using personal devices for work activities outweigh the risk to the enterprise.Despite their concerns, IT professionals are pragmatic about balancing risks with rewards and are actively involved in managing mobile security. More than 8 out of 10 have a security policy in place for mobile computing - although 31 percent admit their policy needs updating or communicating."The Risk/Reward Barometer is a reliable and trusted indicator for senior IT and business managers. The opportunities and rewards in IT are there, but new risks and cyber threats are rapidly becoming part of our day-to-day reality. Protection and risk management are more important than ever, and they should be seen as strategic priorities." said Rolf von Roessing, CISA, CISM, CGEIT, CISSP, international vice president of ISACA.The global 2011 ISACA IT Risk/Reward Barometer surveyed IT professionals who are members of ISACA. Full results are available at www.isaca.org/risk-reward-barometer. This year"s study revealed some interesting geographical differences:In the US, 58 percent say employee-owned mobile devices pose the greatest risk, compared to 33 percent who chose a work-supplied device*. In Europe, 45 percent chose personal mobile devices as the riskiest vs. 46 percent who chose a work-supplied device*. Just 36 percent of members in India and 33 percent in China shared the opinion that personal devices posed the greatest risk.IT organizations are increasingly being asked to manage the growing trend of "BYOD" (bring your own device) as employees take advantage of more powerful and affordable mobile devices that let them work from any location."Mobile devices usually are not under the full physical control of the enterprise. However, they still should be managed, controlled and secured by enterprise-wide policies, standards and procedures. Creating a mobile device strategy will help ensure that risks are accounted for and managed appropriately," said Ramsés Gallego, CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, COBIT Foundations, Six Sigma Black Belt, who is a member of ISACA"s Guidance and Practices Committee and chief evangelist officer of Entel IT Consulting. "Establishing a program that creates value for the business and properly leverages available technology, while mitigating risks, is very challenging and difficult. However, a mobile devices enterprise strategy should always start with a comprehensive policy and finish with a full device lifecycle support program."The IT Risk/Reward Barometer is based on March 2011 online polling of 2,765 ISACA members worldwide. The European results are based on 657 respondents, of which 147 are UK-based. The study, now in its second year, helps gauge current attitudes and organizational behaviours related to the risks and rewards associated with IT projects and emerging trends. Serious doubts still exist around cloud computing Both UK and European respondents are still slow to embrace cloud computing, considered a key IT trend by other regions, as 47 and 43 percent respectively believe the risks outweigh the benefits. One third of respondents in Europe use cloud computing, and and 30 percent of organisations in both regions say they do not currently use cloud computing for any IT services. Twenty percent of the UK sample added that they have not finalised their plans with regard to cloud computing at the time of the survey. The three frequently cited cloud concerns are data security, loss of control, and issues surrounding ownership of data.This is in stark difference to the US where this year"s Barometer shows that the number of enterprises that do not use cloud for any IT services has decreased by 5 points to 21 percent, and those that plan to use it for mission-critical IT services has increased four points to 14 percent. This shift in attitude matches a growing spend on the cloud model as enterprises seek lower total cost of ownership, greater efficiency and increased flexibility.Cloud computing is one of the issues on the agenda at ISACA"s World Congress: INSIGHTS 2011 conference 27-29 June near Washington DC. Senior-level government officials and executives from Fortune 500 companies will share expertise on emerging technologies in the context of business value and compliance at this inaugural event. Information security and risk jobs on the riseDespite a sluggish economic recovery, a surprisingly high percentage (43 percent) of respondents expects their organization"s staffing requirements for information security to increase over the next year, with an additional 51 percent expecting to remain at current levels. Similarly, 40 percent expect risk management staffing requirements to go up."Today"s rapid acceleration in data volume, IT complexity and privacy regulations are fuelling a need for a greater focus on information security and risk management. ISACA is seeing a similar growth in interest in its CRISC and CISM certifications, as professionals seek to better understand and demonstrate proficiency in the critical areas of managing security and risk, said Ken Vander Wal, CISA, CPA, international vice president of ISACA.ISACA"s CISM certification program is developed specifically for experienced information security managers. CRISC is designed for IT professionals who have hands-on experience with risk identification, assessment, evaluation, response and monitoring. Since it was established one year ago, the CRISC certification has been earned by more than 8,000 professionals.IT risk management becoming more strategicOverall, this year"s IT Risk/Reward Barometer indicates that striking a balance between reducing risk and enabling reward is evolving toward a more strategic, cross-enterprise view. Thirty-two percent of UK survey participants felt that the most important action an enterprise can take to improve IT risk management is to provide executive management with a "single view of risk," closely followed by improving coordination between IT risk management and overall enterprise risk management at 30 percent; and increasing risk awareness among employees at 29 percent. Unfortunately, budget limits are cited as an organisation"s greatest hurdle when addressing IT-related business risk at 36 percent.Compliance is still the primary driver behind managing IT risk (23 percent); however, avoiding negative incidents is now joint-second alongside aligning functionality with business needs - both scoring 22 percent."Managing information and the technology used to transform it into competitive advantage is a boardroom imperative. As forward-thinking leaders roll IT risk into their overall enterprise risk management, they will be far better positioned to reap the rewards of new technologies like mobile and cloud without feeling overwhelmed by the risk," said Vander Wal. (ISACA: ma)* smart phones, laptops,/netbooks, tablet computers, broadband cards or flash drives

ISACA: Kontakt und Steckbrief

Der Informationsanbieter hat seinen Kontakt leider noch nicht freigeschaltet.


Meldungen: Studies

Besuchen Sie SaaS-Magazin.de

SaaS, On demand, ASP, Cloud Computing, Outsourcing >>>

Kostenloser Newsletter

Werktäglich informiert mit IT SecCity.de, Compliance-Magazin.de und SaaS-Magazin.de. Mit einem Newsletter Zugriff auf drei Online-Magazine. Bestellen Sie hier

Fachartikel

Grundlagen

Big Data bringt neue Herausforderungen mit sich

Die Digitale Transformation zwingt Unternehmen sich mit Big Data auseinanderzusetzen. Diese oft neue Aufgabe stellt viele IT-Teams hinsichtlich Datenverwaltung, -schutz und -verarbeitung vor große Herausforderungen. Die Nutzung eines Data Vaults mit automatisiertem Datenmanagement kann Unternehmen helfen, diese Herausforderungen auch mit kleinen IT-Teams zu bewältigen. Big Data war bisher eine Teildisziplin der IT, mit der sich tendenziell eher nur Großunternehmen beschäftigen mussten. Für kleinere Unternehmen war die Datenverwaltung trotz wachsender Datenmenge meist noch überschaubar. Doch die Digitale Transformation macht auch vor Unternehmen nicht halt, die das komplizierte Feld Big Data bisher anderen überlassen haben. IoT-Anwendungen lassen die Datenmengen schnell exponentiell anschwellen. Und während IT-Teams die Herausforderung der Speicherung großer Datenmengen meist noch irgendwie in den Griff bekommen, hakt es vielerorts, wenn es darum geht, aus all den Daten Wert zu schöpfen. Auch das Know-how für die Anforderungen neuer Gesetzgebung, wie der DSGVO, ist bei kleineren Unternehmen oft nicht auf dem neuesten Stand. Was viele IT-Teams zu Beginn ihrer Reise in die Welt von Big Data unterschätzen, ist zum einen die schiere Größe und zum anderen die Komplexität der Datensätze. Auch der benötigte Aufwand, um berechtigten Zugriff auf Daten sicherzustellen, wird oft unterschätzt.

Bösartige E-Mail- und Social-Engineering-Angriffe

Ineffiziente Reaktionen auf E-Mail-Angriffe sorgen bei Unternehmen jedes Jahr für Milliardenverluste. Für viele Unternehmen ist das Auffinden, Identifizieren und Entfernen von E-Mail-Bedrohungen ein langsamer, manueller und ressourcenaufwendiger Prozess. Infolgedessen haben Angriffe oft Zeit, sich im Unternehmen zu verbreiten und weitere Schäden zu verursachen. Laut Verizon dauert es bei den meisten Phishing-Kampagnen nur 16 Minuten, bis jemand auf einen bösartigen Link klickt. Bei einer manuellen Reaktion auf einen Vorfall benötigen Unternehmen jedoch circa dreieinhalb Stunden, bis sie reagieren. In vielen Fällen hat sich zu diesem Zeitpunkt der Angriff bereits weiter ausgebreitet, was zusätzliche Untersuchungen und Gegenmaßnahmen erfordert.

Zertifikat ist allerdings nicht gleich Zertifikat

Für Hunderte von Jahren war die Originalunterschrift so etwas wie der De-facto-Standard um unterschiedlichste Vertragsdokumente und Vereinbarungen aller Art rechtskräftig zu unterzeichnen. Vor inzwischen mehr als einem Jahrzehnt verlagerten sich immer mehr Geschäftstätigkeiten und mit ihnen die zugehörigen Prozesse ins Internet. Es hat zwar eine Weile gedauert, aber mit dem Zeitalter der digitalen Transformation beginnen handgeschriebene Unterschriften auf papierbasierten Dokumenten zunehmend zu verschwinden und digitale Signaturen werden weltweit mehr und mehr akzeptiert.

Datensicherheit und -kontrolle mit CASBs

Egal ob Start-up oder Konzern: Collaboration Tools sind auch in deutschen Unternehmen überaus beliebt. Sie lassen sich besonders leicht in individuelle Workflows integrieren und sind auf verschiedenen Endgeräten nutzbar. Zu den weltweit meistgenutzten Collaboration Tools gehört derzeit Slack. Die Cloudanwendung stellt allerdings eine Herausforderung für die Datensicherheit dar, die nur mit speziellen Cloud Security-Lösungen zuverlässig bewältigt werden kann. In wenigen Jahren hat sich Slack von einer relativ unbekannten Cloud-Anwendung zu einer der beliebtesten Team Collaboration-Lösungen der Welt entwickelt. Ihr Siegeszug in den meisten Unternehmen beginnt häufig mit einem Dasein als Schatten-Anwendung, die zunächst nur von einzelnen unternehmensinternen Arbeitsgruppen genutzt wird. Von dort aus entwickelt sie sich in der Regel schnell zum beliebtesten Collaboration-Tool in der gesamten Organisation.

KI: Neue Spielregeln für IT-Sicherheit

Gerade in jüngster Zeit haben automatisierte Phishing-Angriffe relativ plötzlich stark zugenommen. Dank künstlicher Intelligenz (KI), maschinellem Lernen und Big Data sind die Inhalte deutlich überzeugender und die Angriffsmethodik überaus präzise. Mit traditionellen Phishing-Angriffen haben die Attacken nicht mehr viel gemein. Während IT-Verantwortliche KI einsetzen, um Sicherheit auf die nächste Stufe zu bringen, darf man sich getrost fragen, was passiert, wenn diese Technologie in die falschen Hände, die der Bad Guys, gerät? Die Weiterentwicklung des Internets und die Fortschritte beim Computing haben uns in die Lage versetzt auch für komplexe Probleme exakte Lösungen zu finden. Von der Astrophysik über biologische Systeme bis hin zu Automatisierung und Präzision. Allerdings sind alle diese Systeme inhärent anfällig für Cyber-Bedrohungen. Gerade in unserer schnelllebigen Welt, in der Innovationen im kommen und gehen muss Cybersicherheit weiterhin im Vordergrund stehen. Insbesondere was die durch das Internet der Dinge (IoT) erzeugte Datenflut anbelangt. Beim Identifizieren von Malware hat man sich in hohem Maße darauf verlassen, bestimmte Dateisignaturen zu erkennen. Oder auf regelbasierte Systeme die Netzwerkanomalitäten aufdecken.

DDoS-Angriffe nehmen weiter Fahrt auf

DDoS-Attacken nehmen in Anzahl und Dauer deutlich zu, sie werden komplexer und raffinierter. Darauf machen die IT-Sicherheitsexperten der PSW Group unter Berufung auf den Lagebericht zur IT-Sicherheit 2018 des Bundesamtes für Sicherheit in der Informationstechnik (BSI) aufmerksam. Demnach gehörten DDoS-Attacken 2017 und 2018 zu den häufigsten beobachteten Sicherheitsvorfällen. Im dritten Quartal 2018 hat sich das durchschnittliche DDoS-Angriffsvolumen im Vergleich zum ersten Quartal mehr als verdoppelt. Durchschnittlich 175 Angriffen pro Tag wurden zwischen Juli und September 2018 gestartet. Die Opfer waren vor allem Service-Provider in Deutschland, in Österreich und in der Schweiz: 87 Prozent aller Provider wurden 2018 angegriffen. Und bereits für das 1. Quartal dieses Jahres registrierte Link11 schon 11.177 DDoS-Angriffe.

Fluch und Segen des Darkwebs

Strengere Gesetzesnormen für Betreiber von Internet-Plattformen, die Straftaten ermöglichen und zugangsbeschränkt sind - das forderte das BMI in einem in Q1 2019 eingebrachten Gesetzesantrag. Was zunächst durchweg positiv klingt, wird vor allem von Seiten der Bundesdatenschützer scharf kritisiert. Denn hinter dieser Forderung verbirgt sich mehr als nur das Verbot von Webseiten, die ein Tummelplatz für illegale Aktivitäten sind. Auch Darkweb-Plattformen, die lediglich unzugänglichen und anonymen Speicherplatz zur Verfügung stellen, unterlägen der Verordnung. Da diese nicht nur von kriminellen Akteuren genutzt werden, sehen Kritiker in dem Gesetzesentwurf einen starken Eingriff in die bürgerlichen Rechte. Aber welche Rolle spielt das Darkweb grundsätzlich? Und wie wird sich das "verborgene Netz" in Zukunft weiterentwickeln? Sivan Nir, Threat Analysis Team Leader bei Skybox Security, äußert sich zu den zwei Gesichtern des Darkwebs und seiner Zukunft.

Diese Webseite verwendet Cookies - Wir verwenden Cookies, um Inhalte und Anzeigen zu personalisieren, Funktionen für soziale Medien anbieten zu können und die Zugriffe auf unsere Website zu analysieren. Außerdem geben wir Informationen zu Ihrer Verwendung unserer Website an unsere Partner für soziale Medien, Werbung und Analysen weiter. Unsere Partner führen diese Informationen möglicherweise mit weiteren Daten zusammen, die Sie ihnen bereitgestellt haben oder die sie im Rahmen Ihrer Nutzung der Dienste gesammelt haben. Mit dem Klick auf „Erlauben“erklären Sie sich damit einverstanden. Weiterführende Informationen erhalten Sie in unserer Datenschutzerklärung.