The WSJ’s ‘IT Security’ Section

Today’s Wall Street Journal contains a special advertising section called “IT Security” paid for by the Risk and Insurance Management Society.  The two-page section doesn’t seem to be available online, but it’s fairly prominent in the print edition on pages A19 and A20.

The three articles focus on insider threat, mobile device security, and social media, but contain little that will surprise anyone who has been paying attention to the information risk landscape.  That said, several data points cited in the articles might catch the attention of your senior executives.  Here are the highlights:

Insider Threat:
Privileged insiders pose a greater threat to organizations because of their access and knowledge of how systems work.  The article cites several anecdotes to suggest this threat vector is increasing.
Key ideas/data:

  • Only one-third of data breaches attributed to insiders are unintentional in nature.
  • Data Loss Prevention tools can “identify, monitor, and protect data, alerting network administrators when select information is being e-mailed” and subsequently prevent that traffic.
  • Cyber insurance can be purchased to offset the risk of a data breach.

Mobile Security:
Lost laptops and other mobile devices can be costly and it’s important to track and secure the devices to reduce the risk.
Key ideas/data:

  • The cost of a lost laptop ranges from $8,950 to $115,849 depending on how quickly it is identified as missing. (Source: Ponemon Institute)
  • Nearly one-third of companies don’t know how many laptops were missing or stolen in 2008.

Social Media:
The rapid growth of social media tools is having an impact on businesses across the globe.  Viral videos and social networks can have both negative and positive impacts.
Key ideas/data:

  • Firms should have social media policies in place to limit the risks associated with company employees posting information to the internet.
  • “Listening” tools can gauge how (e.g. tone) and where a firm is being discussed on the Internet.

If I find a link to the material online, I’ll post it.  We’ll be back later today with a more detailed reaction and the IREC perspective.  In the meantime, Council members can check out a few of our recent resources:

Insider Threat: Managing the Threat from Malicious Insiders
Data Loss Prevention: Preventing Data Leakage
Social Media: Social media Policy Builder, Sample Corporate Social Media Policies

Explore posts in the same categories: Information Risk Governance, Insider Threat, Regulation/Compliance

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: