Nine out of ten financial web sites contain security flaws that could expose them to phishing attacks, according to a study by Next Generation Security Software (NGS).
More than 90 per cent of web-based applications audited by NGS over the last year contained 'trivial security' or 'logic flaws' and approximately a third of the applications contained vulnerabilities that could be exploited to extract volumes of confidential customer information from back-end databases.
The study also revealed that fraudsters were developing increasingly sophisticated forms of social-engineering to trick customers into giving away financially sensitive information.
It is incredible how poorly prepared businesses are for responding against phishing attacks targeting their own customers.
In another perspective, risk management in organizations is fragmented and lacks central visibility and oversight. This fragmented approach leads to duplication of efforts and technologies trapped in the organization's silos, resulting in islands of information.
AITIL and its Strategic Alliances will help to develop a Enterprise Risk management (ERM) function, ERM framework provides the structured guidance that organizations are currently looking for to accomplish on Technology risk mitigation and protection of their Information Assets.
In summary, confidentiality, integrity and availability generally are considered the cornerstones of the security and they are difficult to achieve. Businesses today are under attack more frequently with less warning and larger negative impact. To preserve uptime and protect your business, and your reputation, AITIL will develop for your company, a proactive approach to security.
We can build a framework to help you meet regulatory and security requirements, using best-practices like ISO17799 (code of best practices for information security). Then perform a baseline study of your environment to figure out where to begin. The study includes:
1. A review of the infrastructure and architecture, including servers, storage and network gear;
2. A review of existing technical security controls and a test of their effectiveness;
3. An external vulnerability assessment to examine business partner connections, Internet gateways, laptop remote access, wireless access, war-dialing, home-office connections and social engineering;
4. An internal vulnerability assessment to examine internal systems, the physical security of systems and data centers, employee and contractor access controls, accidental access, and abuse of systems, resources and data;
5. A review of policies, procedures, standards and guidelines;
6. A review of security staff and needed skill sets;
7. A review of organizational structure, alignment, roles and responsibilities; and
8. Identification of areas to be addressed to meet compliance and best-practices goals
ty flaws that could expose them to phishing attacks, according to a study by Next Generation Security Software (NGS).
