Whitepapers

  • Three Tips to Prevent USB Insecurity In Your Enterprise

    15 August 2013

    With great advantages come great responsibilities. The usefulness of USB devices has made them indispensible to most of us today. However, the ease with which data can be copied and the ubiquity of these devices has also exposed organisations to three serious risks: data loss, data theft and malware propagation. Learn how removable device policy enforcement can mitigate these risks while enabling the flexible and managed use of these necessary productivity tools.

    10 pages

    itemtype/whitepaper
    - - - - -
  • Four steps to respond and recover from sophisticated security attacks

    19 July 2013

    Like so many other things in today’s world, cyber attacks along with those who perpetrate them are becoming more sophisticated every year. At the same time, IT resources are moving outside the firewall and enterprises are distributing their applications and data across multiple devices. It’s now clear that simply protecting an organisation’s perimeter is not enough. These sophisticated attacks which include advanced persistent threats, or APTs are bypassing traditional defenses.

    In this paper we’ll discuss the four proactive steps that you can and should take now to help keep your organisation safe.

    12 pages

    itemtype/whitepaper
    * * - - -
  • Surviving The Technical Security Skills Crisis

    19 July 2013

    Technical information security skills are in higher demand today than ever before. As IT environments become more complex and the threat landscape grows more malicious, organisations need skilled technical staff to meet increasing security and compliance demands. However, this has been a losing battle. 

    This paper outlines Forrester's in-depth research study of CISOs challenges in recruiting and retaining technical security roles, details four key and somewhat surprising findings and address what you can do to overcome these challenges.

    22 pages

    itemtype/whitepaper
    - - - - -
  • Best Practice Guide to Minimising Your Insider Risk

    11 July 2013

    In today’s increasingly collaborative and always-accessible working environment, organisations are challenged to balance the need to put information at the fingertips of productive workers with the responsibility to preserve the privacy and integrity of sensitive data stores. Balancing productivity with security is a fine line, but by taking advantage of security best practices, your organization can go a long way toward minimising insider risk and protecting data.

    9 pages

    itemtype/whitepaper
    - - - - -
  • IT Pros Guide to Data Protection: Top 5 Tips to Securing Data in the Modern Organisation

    11 July 2013

    While many organisations have spent a lot of time and effort moving toward the very worthwhile goal of implementing content-filtering-based technology such as data leak prevention (DLP), the truth is that a lot of fundamental groundwork needs to be laid before an organisation should even think of DLP. The following five steps are some very effective ways to improve data security in a cost-effective manner and are the first steps toward readying an organisation for more robust data protection measures such as DLP.

    8 pages

    itemtype/whitepaper
    - - - - -
  • Best Practice Guide to Addressing Web 2.0 Risks

    11 July 2013

    With the rise of user-generated content, social networks and readily available information offered by the Web 2.0-enabled workplace, users are more connected to people and ideas than ever before. This new level of connectivity also introduces significant risk. Organisations need to find the proper balance of risk vs. productivity through improved policy, controls and education of users.

    8 pages

    itemtype/whitepaper
    - - - - -
  • DDoS and Downtime: Considerations for Risk Management

    10 April 2013

    As critical business functions become increasingly dependent on the availability of it resources, chief financial officers (cfos), chief risk officers (cros) and other senior executives are beginning to re-assess whether their organization’s risk management strategy adequately addresses the threat of network, application or service downtime.

    Given the complexity of the risk management framework, it is beyond the scope of this paper to address all the details of DDoS risk assessment and prioritization, or to suggest a cyber risk management plan. Rather, the purpose of this paper is to start a conversation about the often overlooked risk of downtime caused by DDoS attacks and to provide sufficient context for risk managers to account for the DDoS threat as they evaluate threats to their day-to-day operations and long-term mission.

    itemtype/whitepaper
    * * * * -
  • Thales and Ponemon Institute: Global Encryption Trends Study

    26 March 2013

    In February of this year, Thales and the Ponemon Institute released the Global Encryption Trends Study which is a study surveying 4,205 professionals across 7 countries to examine how encryption has evolved over the last 8 years, and how this technology is impacting on the security posture of organisations.

    The primary areas of focus of the research were:

    • The threats organisations face, and how encryption is reducing risks
    • The types of encryption technologies involved
    • The most salient threats to confidential information 
    • Data protection priorities
    • Budgeted expenditures for encryption

    In this report is a complete overview of the most salient findings. The findings demonstrate the relationship between encryption and a strong security posture, and how organisations with a strong posture are more likely to invest in encryption and key management to meet their security aims. 

    itemtype/whitepaper
    * * * * *
  • Advanced Spear Phishing: The Rise of Industrial Phishing Attacks

    19 March 2013

    Phishing has evolved, until recently, email defence systems have been fortunate in that attackers faced a cost/volume trade-off. That is, crafting an email-borne attack that was highly unique and highly randomized (and thus more likely to pass defence systems) was a largely manual effort, which limited the scope of such customized attacks. Attacks that were more broadly-distributed were less customized and more easily filtered by email security solutions, as a result. Both types of attacks resulted in sufficiently low penetration rates that IT teams often had a chance to detect and remediate such breaches before significant harm occurred.

    However, today’s advanced phishing tactics may have overcome the cost/volume trade-off. Borrowing tactics from cloud computing and database marketing, attackers are now engaging in industrial-scale phishing attacks that leverage sophisticated customization and delivery techniques.

    This whitepaper dubs these new techniques 'longline' phishing or advanced spear phishing. These attacks have markedly higher penetration rates than the traditional phishing attack. They also have surprisingly high recipient clickthrough rates - higher than 10% in the attacks studied for this report.

    itemtype/whitepaper
    * * * * -
  • The legal obligations for encryption of personal data in Europe and Asia

    12 February 2013

    Driven on by relentless news about security breaches and data loss, law makers and regulators the world over are increasingly engaged in implementing new legal frameworks and defining new obligations for data security.

    This white paper examines the legal obligation to encrypt personal data firstly in the EU (focusing on the United Kingdom, France, Germany and Spain) and secondly in Asia (focusing on Singapore, South Korea and Japan), making the argument that, whether expressly or by implication, the laws in those jurisdictions give rise to a clear requirement to deploy encryption technologies to protect personal data. We also touch upon how financial services law requires encryption in some jurisdictions.

    itemtype/whitepaper
    - - - - -