Page 67 - index
P. 67
• Communicate and inform associate, manager, and Senior leaders with security awareness
campaigns focused on do behavior as opposed to don’t behavior
• Enforce automatic controls where possible and ensure notifications of enforcement are
received by key business stake holders
• Follow basic rules and common-sense security measures both practical and pragmatic in
nature
• Do not reject security policies when a business impact occurs – learn and adjust
• Build a strong partnership between business and IT to avoid misperceptions and
misunderstandings
C – Technology / Technical
Challenges:
• Design weakness: identify software, architecture, engineering, and security requirements
late / post production
• Security exploits not identified prior to deployment
• Bug or misconfiguration on a system which can be used by an attacker (internal / external)
to gain unauthorized access
• Business perception of Technology improvements impacting business operations
Suggestions to overcome / solve these challenges:
• Include security, audit, risk, and compliance in all projects; from the minor tactical ones to
the most strategic ones
• Audit, review older projects and implementations to avoid unknown security risks
• Implement tools to prevent malware, exploits, and over entitled / access definitions for
people
• Enforce the organizations change management procedure
• Align technology to the business NOT business to the technology
About the Author
An industry leader and innovator, Kyle F. Kennedy is a Senior Executive who focuses within the
areas of Information Security, Risk Management, Audit, Disaster Recovery, IT Solutions, Business
Process Management (BPM), and Information Technology Governance-Risk-Compliance (GRC).
Kyle is a leading expert on identity management, access management, user account provisioning,
entitlement management, federation, privileged identity management, role design and management,
and identity management as a Service. Kyle also covers enterprise fraud management, which has
many synergies with identity and access management when an organization needs to protect
against risk and wants to manage fraud appropriately.
67 Cyber Warnings E-Magazine – February 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
