NetVision

NetVision Company Blog

A Discussion on Effective Audit of User Access

Ponemon on the role of GRC

Tags: , , ,

Ponemon released a new study on the role of Governance, Risk Management, and Compliance in organizations. And there are some interesting findings:

  • 63% indicated that their GRC effort began in IT (not Legal or Finance)
  • 44% of on-going GRC activity is in IT
  • 76% characterize privacy as ‘very important’ in IT as opposed to 37% for Finance
  • Top barrier to meeting GRC goals: lack of resources
  • Primary focus area of GRC: risk management (not compliance or governance)
  • Regulation most difficult to comply with: PCI-DSS (arguably one of the more specific of the regulations in terms of requirements)

These data points validate what we’ve been saying to our customers in a number of ways. We focus on managing risk more so than regulatory response and we’ve created a solution that is designed to address the ‘lack of resources’ issue. It’s also interesting how IT-centric the overall GRC programs are based on the responses. Give it a read for yourself and let us know what you think.

Verizon Data Breach Report 2011

Tags: , , ,

The 2011 Verizon Data Breach Investigations Report was released recently and there are a number of interesting findings. At a glance, these quick stats caught my eye on page 3:

  • 83% of the attacks were crimes of opportunity
  • 92% of the attacks were not highly difficult
  • 76% of all data was compromised from servers
  • 96% were avoidable through simple or intermediate controls

And of course, the mitigation recommendation on the same page:

“Audit user accounts and monitor privileged activity.”

One puzzling number was that only 17% of breaches were reported to be completed by insiders. I find that strange because greater than 80% were crimes of opportunity, not difficult, and easily avoidable. Those attributes would typically point to insiders who have the most opportunity.

Another interesting point:

“For the second year in a row, it is regular employees and end-users—not highly trusted ones—who are behind the majority of data compromises. This is a good time to remember that users need not be super users to make off with sensitive and/or valuable data.”

Have a read for yourself if you’re interested in more data on breaches and breach activity across the market. As always, I’d recommend to take this report in the context of all other similar reports, news articles, common sense, and your own experience.

© 2009 NetVision Company Blog. All Rights Reserved.

This blog is powered by Wordpress and Magatheme by Bryan Helmig.