Regulatory compliance and IT security are not always synonymous. You can easily be compliant with a regulatory body yet be very non-secure. Many organizations view malware protection as a check-off item — “I have to have it and I have to maintain it, but that’s all I have to do.” Regulatory compliance often involves a “top down” approach. A cookie-cutter template typically defines the initiative. The company must look at its products and processes to figure out how they can mesh with the template.
Security, on the other hand, is a bottom-up initiative when done correctly. Whether you are designing a software product or the architecture for your organization’s new network, security elements should be included. When you are designing product architecture, for example, just as a good initial pass would describe communication, localization, versions, and so forth, so should it describe the security elements that need to be built into the application from day one. The security elements should be revisited and refined throughout development.
Compliance may provide an illusion of security to those who do not understand the complexities of securing the digital business world. Compliance alone should not be the end goal.
End-user demands for access to the World Wide Web and all of the communication vehicles that it affords are at an all-time high. Business demands for those same communication vehicles are also on the rise. The mobility of employees and company data present a growing challenge and keeping up with the exponentially growing cyber crime threat is daunting.
As a result, and often without their knowledge or understanding, many IT departments have become accomplices to cyber crime. This slideshow explains the various ways that corporate IT departments are enabling cyber crime in our environments, and provides some guidelines to prevent this dangerous, destructive practice from continuing.
This slideshow features 10 ways that IT departments are enabling cyber criminals today, as identified by Kaspersky Lab experts, and offers ways to stop them.
Future IT leaders will need to seek technologies that eliminate silos in order to deliver the right information to the right person within the right application environment at the right time. ... More >>