From The Security Pipeline:

<!-body->One in four enterprises have been victimized by intrusions into their networks and servers in the last two years, according to a VanDyke Software-commissioned survey. More than 40% of these companies reported that the intrusions were successful.

Out of the 360 enterprise IT security professionals surveyed, nearly 93% had installed a network firewall. Half of those surveyed use a network analyzer, turn off non-secure protocols, and installed a user-based firewall. More than 40% implemented WiFi security.

“In the final quarter of 2005, it is somewhat surprising that only slightly more than half of enterprises indicated they have turned off nonsecure protocols like Telnet or FTP. It is an important step to decreasing intrusion vulnerability and yet the number of enterprises that actually do so is far from being an ‘overwhelming majority’,” Jeff P. VanDyke, president VanDyke software said in a statement.

Sixty nine percent of those surveyed visit security-related Websites for information about security best practices. Over sixty seven percent read trade magazines for security-related information. Half of the enterprises surveyed also used training courses, conferences, newsletters, online discussion forums and books. Local training courses are used by 36%, and 33% utilize Usenet groups and security-related blogs.

From Bank Info Security:

We all know the threats posed by spyware to enterprise networks: user ID and password theft, financial loss, productivity drain, intellectual property theft. Security practitioners have two defenses at their disposal: the human and the technical. While the technology for combating spyware is improving, antivirus vendors have only recently started adding functionality to target it. That means the best defense is the human one – employees and end users. They can help in the battle against spyware through security awareness training and information security policies.

Educating end users about spyware should be part of any comprehensive security awareness training. It should be part of at least half-day or, preferably, whole-day training required by all employees at all levels, from the executive suite down to the receptionists and security guards at the front door. Everybody uses a computer today. Training should be a condition of employment with mandatory attendance noted as part of annual performance reviews. As the number of security threats keeps growing every year, training should be updated annually and employees should be required to take it once a year.

To read the complete article, CLICK HERE…

From Security Pipeline.com

One of the nice things about security is that there’s a lot of information out there. In fact, just about everyone has a favorite theory, a pet practice, or even a set of guidelines that will tell you what to do to be safe.

Problem is, not all of those practices will really improve security in your enterprise, and some may even make things worse.

Still, the beliefs about security perpetuate themselves through companies and agencies. They’re viewed as gospel, and in many cases repeated from one expert to another. Most of the time those beliefs – good and bad – are never really put to the test. We just believe them because we’ve heard it all so often. In the process, these security beliefs have become myths.

To read the complete article…CLICK HERE.

From the FFIEC (Web Site) Press Releases:

The Federal Financial Institutions Examination Council (FFIEC) today released updated guidance on the risks and risk management controls necessary to authenticate the identity of customers accessing Internet-based financial services. The guidance, Authentication in an Internet Banking Environment, was issued to reflect the many significant legal and technological changes with respect to the protection of customer information, increasing incidents of identity theft and fraud, and the introduction of improved authentication technologies and other risk mitigation strategies. The continued growth of Internet banking and other forms of electronic banking activities and the increased sophistication of threats to those environments have resulted in higher risks for financial institutions and their customers. An effective authentication system is necessary for financial institutions’ compliance with requirements to safeguard customer information; to prevent money laundering and terrorist financing; to reduce fraud and the theft of sensitive customer information, often the precursor to identity theft; and to promote legal enforceability of financial institutions’ electronic agreements and transactions.

CLICK HERE to read complete article…