Mobile Risk: Bring Your Own Data Breach

op .

According to ISACA’s 2012 IT Risk/Reward Barometer: North America, 72 percent of organizations in the US allow (in one way or another) bring your own device (BYOD) in the work environment. This new computing practice exposes businesses to unique risk that can threaten corporate security and reverse the productivity gains that were originally intended. Due to their portable nature and integration with public cloud applications, personal mobile devices greatly increase the risk of data theft or leakage. In fact, a study by Decisive Analytics revealed that nearly half of the enterprises that allow BYOD to connect to their network have experienced a data breach.

Security experts believe the next wave of enterprise hacking will be carried out via mobile attack vectors. As organizations improve defenses against direct network attacks, hackers will move to a path of least resistance and exploit mobile applications to gain backdoor access to enterprise networks through BYOD. In this context, it becomes essential to manage mobile application and device risk, and control their access to trusted networks. So, what are the steps an organization can take to realize the productivity gains and cost-savings associated with BYOD, while proactively managing and mitigating the security risk associated with this practice?

Mobile Risk: Bring Your Own Data Breach >


Forensic Readiness Planning

op .

With all the developments in IT, IT infrastructure and governance, there have been corresponding increases in risk, threats and attacks. It has also become imperative for organizations to respond to attacks and breaches and to ensure that their reputation and assets are safeguarded. The response to such violations is usually legal (or disciplinary when no laws are broken, but internal policies of such organizations are taunted or violated); to achieve this successfully, evidence must be collected and provided in a legally acceptable manner. There are also other claims that can be leveled for or against the organization (e.g. insurance claims, accusations of negligence) that would require presentation of evidence.

Forensic readiness planning helps to ensure that digital evidence is readily available in a legally acceptable manner in the event one of the aforementioned issues occurs.

Read more about Forensic Readiness Planning >


Possible Solutions to DDoS Attacks

op .

Distributed denial of service (DDoS) is one of the most diffused types of cyberattacks and represents a great concern for governments and enterprises today. These attacks are an insidious foe to Internet service providers (ISPs) as these businesses depend on the availability of their web sites for critical business functions and productivity. My recent ISACA Journal article focuses on the types of DDoS attacks, the trend and changing frequency, the business impact and countermeasures that organizations can take to prevent successful DDoS attacks, and building a strategic approach to defend against this growing cyberthreat.

Given the extraordinary and rapid changes in DDoS attack techniques, traditional DDoS mitigation solutions (e.g., bandwidth provisioning, firewall and intrusion prevention systems) are no longer sufficient to detect and protect an organization’s network or applications from sophisticated DDoS attacks.

Read more about DDos attacks >



ISACA geeft examentrainingen om de titel CISA te mogen voeren. CISA is een wereldwijd erkend certificaat voor IS audit control. Het toont aan dat u de benodigde ervaring, skills en kennis heeft om veiligheidsrisico's te detecteren en betrouwbare audits uit te voeren.

Lees meer over de CISA-training


Als CISM bent u in staat om zelfstandig informatieveiligheid te analyseren. ISACA verzorgt een examentraining voor CISM, die zowel ruimte biedt voor het bijspijkeren van kennis als concrete oefeningen voor het examen.

Lees meer over de CISM examentraining