why are so many companies getting hacked (21022012) low res-5
DESCRIPTION
A little-known business process used in nearly every corporation is commonly referred to as the Risk Acceptance/Exception process. It’s used when business system data owners make risk management decisions to not implement proper security controls within an enterprise due to a business constraint. This process creates an opportunity for hackers to identify the weak entry points into a corporation. There are many documented cases where a sensitive data environment was properly protected, but unpatched servers in another environment allowed security vulnerabilities to be exploited by hackers as the network entry point.This White Paper gives an in depth overview of the causes, dangers, and prevention of the Risk Acceptance/ Exception Process. It also provides suggestions on what organizations can do to improve the current information security infrastructure and avoid falling victim to security breaches.TRANSCRIPT
Why Are So Many Companies
Getting Hacked?
A White Paper
By Todd Bell, CISSP, PMP, QSA, MPM, MBA
F e b r u a r y 2 0 1 2
EC-Council www.eccouncil.org/cisoEC-Council www.eccouncil.org/ciso
Why Are So Many Companies
Getting Hacked?
www.eccouncil.org/ciso
1
www.eccouncil.org/ciso
2
www.eccouncil.org/ciso
3
It is no secret that when a security breach occurs, somebody is going lose their job. IT Security is not just a “nice thing to have”, but a necessity. The founding premise of an excellent IT
and technology purists that want to drag down the business with IT Security enhancements
ally, internal business issues become the problem of the customers.
www.eccouncil.org/ciso
4
The data owner should be provided with the likeli-‐
are simple and use nominal resources. If the presented security vulnerability is highly probable and the company chooses to ignore the business
leadership opportunity may be more staggering
warned the leadership team well in advance. Companies have the opportunity to change this
only damage the company, but the career of those involved in decision process.
How real is this problem and what is