security audits – WindowsTechs.com

Auditors get guidance on SSH key management

Posted on September 12, 2017 by Shaun Waterman

A new guide for auditors says SSH key management should be on their checklist because the proliferation of unmanaged keys for the ubiquitous encryption protocol means IT networks can’t be guaranteed as secure. The guidance, “SSH: Practitioner Considerations,” was published Tuesday by the nonprofit global membership association, ISACA, previously known as the Information Systems Audit and Control Association. The guidance includes an appendix listing controls that companies can use to ensure proper management of SSH keys. Secure Shell or SSH is an open-source cryptographic protocol used to enable secure, encrypted access by individual users to servers and other computer assets across the networks of a distributed enterprise. It also facilitates automated machine-to-machine communications in the same secure fashion. But without careful management, the digital keys that enable that communication can proliferate and end up stored in insecure, easily found locations on the network. “When auditors sign off on accounts …. when [a publicly traded] company management makes […]

The post Auditors get guidance on SSH key management appeared first on Cyberscoop.

Continue reading Auditors get guidance on SSH key management→

Tech workers are routinely pressured to roll out products that aren’t secure, report says

Posted on April 12, 2017 by Patrick Howell O'Neill

The majority of tech professionals are pressured to roll out projects before they’ve undergone necessary security audits and hardening, according to a new security pressures survey from the security firm Trustwave. 65 percent of full-time IT professionals said management prioritized speed over security, according to the survey of 1,600 tech professionals from around the world. Worldwide, security is actually on a major upswing in this fight compared to 77 percent of IT professionals feeling this pressure in the previous two years. In the United States, however, there has been virtually no change: 71 percent of respondents are pushed to get projects out the door without necessary security checks. Only 35 percent of worldwide respondents said they never faced such pressure. What happens to projects that set aside security in favor of speed? The top two consequences tech professionals fear most from a hacker is personal and corporate reputation damage followed by financial damage to the […]

The post Tech workers are routinely pressured to roll out products that aren’t secure, report says appeared first on Cyberscoop.

Continue reading Tech workers are routinely pressured to roll out products that aren’t secure, report says→

Health insurer Excellus is latest to argue that hacked data could’ve come from anywhere

Posted on March 2, 2017 by Patrick O'Neill

Four years after Excellus BlueCross BlueShield was hacked and more than 10 million members had their data exposed, the insurer remains on the defensive in class action lawsuits claiming it ignored cybersecurity at peril of its own members. Excellus failed last week in an attempt to win dismissal of a suit after arguing unsuccessfully that the data […]

The post Health insurer Excellus is latest to argue that hacked data could’ve come from anywhere appeared first on Cyberscoop.

Continue reading Health insurer Excellus is latest to argue that hacked data could’ve come from anywhere→

Two years after massive breach, U.S. government still fights to keep security audits of Anthem secret

Posted on February 22, 2017 by Patrick O'Neill

Two years after a cyberattack on Anthem, one of America’s largest health insurers, the company and the U.S. government are still locked in court battles over lawsuits that aim to make public a range of critical documents from two security audits conducted both right before and immediately after the massive hack. After some disclosures on the audits in 2016, a federal […]

The post Two years after massive breach, U.S. government still fights to keep security audits of Anthem secret appeared first on Cyberscoop.

Continue reading Two years after massive breach, U.S. government still fights to keep security audits of Anthem secret→