Security Best Practices A Big FAIL In Most Organizations

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/cloud-security/167901092/security/news/231002850/security-best-practices-a-big-fail-in-most-organizations.html

By Kelly Jackson Higgins
Dark Reading
July 28, 2011

New data released today reveals how enterprises and government agencies 
are failing to adopt best practices for security: nearly all of the 420 
organizations that participated in the survey were at some risk in 
security or compliance.

The Echelon One/Venafi-sponsored survey, 2011 IT Security Best Practices 
Assessment, was based on 12 best security practices defined by Echelon 
One.

Here's how the organizations fared in the top five best practices:

Some 77 percent don't perform quarterly security and training compliance 
training; 64 percent don't encrypt all of their cloud data and cloud 
transactions; 82 percent don't rotate their SSH keys every 12 months; 55 
percent don't have a process in place in the event of a certificate 
authority compromise; and 10 percent don't use encryption throughout 
their organizations.

"Training once a year is not enough. It has to be done on a regular 
basis, and quarterly is best," says Bob West, founder and CEO of Echelon 
One, who says he was shocked by the high rate of failure in the survey. 
"But 77 percent are not doing this."

[...]


___________________________________________________________
Attend Black Hat USA 2011, hosted at Caesars Palace in
Las Vegas, Nevada July 30-Aug 4, offering over 60 training
sessions and 9 tracks of Briefings from security industry elite.
To sign up visit: http://www.blackhat.com