6-16-14 Podcast References

“People will forget what you said, people will forget what you did, but people will never forget how you made them feel.”

– Maya Angelou


Target top security officer reporting to CIO seen as a mistake

http://www.csoonline.com/article/2363210/data-protection/target-top-security-officer-reporting-to-cio-seen-as-a-mistake.html

C-IT Recommendation

  1. Analyze the reporting structure of your organization
    1. Interview your CISO and ask him or her where it is optimal in your organization to report. Ask questions such as “Do you believe security priorities have been bottlenecked by the current reporting structure?”
  2. If necessary, move CISO’s reporting structure directly into a top level officer or directly to a top level board

Article Resources

Who should the CISO report to?

http://www.csoonline.com/article/2131227/infosec-staffing/who-should-the-ciso-report-to-.html

The Global State of Information Security® Survey 2014

http://www.pwc.com/GX/EN/CONSULTING-SERVICES/INFORMATION-SECURITY-SURVEY/INDEX.JHTML


 

Android ‘SMS Stealer’ hides in World Cup-themed apps

http://www.scmagazine.com/android-sms-stealer-hides-in-world-cup-themed-apps/article/355717/

C-IT Recommendation

  1. Perform an asset inventory of all company owned Android devices using company provided cell phone service. Your company should have a configuration management database to show which devices have which operating systems versions.
  2. Ensure anti-malware service is deployed on all company owned Android devices. If you have a mobile device management solution, enable the company webfiltering option where applicable and force the cellular devices to pass through the company webfilter/proxy before accessing the internet.
  3. Provide mobile device security awareness informing your employees not to visit pornographic sites. Also, instruct employees not to apps from unofficial stores

**If you do not have a mobile device management solution in a BYOD model, Strongly recommend users to install the security updates. Failure to do so may result in your employees devices compromising your company information and/or costing the employees or your organization a ton of money**

 

Leave a Reply

Your email address will not be published. Required fields are marked *