Secrecy shrouds hacking attempts on a company's computers, with only a tiny fraction being recognised and made public. Regulatory compliance, bad press and commercial damage push companies to invest into security products. Then again, companies have to look among their staff for the biggest threat, and not to the outside world.
The reality of IT security was made clear at a recent workshop organised by RS2 Software, a local company that for over 20 years has been designing and implementing card management solutions for the financial services industry worldwide, an industry which obliges rigorous IT security compliance. The event, organised in collaboration with Oracle, the world's largest business software company, aimed to highlight the need for IT security.
Security standards, at a minimum, call for strict internal controls on access, disclosure or modification of sensitive information. Lack of security could have detrimental consequences to an organisation. These could include fraud, identity theft, financial irregularities and financial penalties, just to mention a few.
Michael Bürger, Oracle product director of security for south east Europe, gave a presentation entitled "Lock Risks, Unlock Potential, Business Drivers for Security". He underlined the business drivers for security and security challenges being faced today and pointed out that business drivers for identity management include new applications, flexible business processes, compliance, cost reductions, ease of use and security threats.
Quoting the findings of a Goldman Sachs Security Spending Survey, Mr Bürger said that compliance is by far the largest driver behind organisations' investment in security (98 per cent). He continued by providing some interesting facts on security violations - 87 per cent of all databases are compromised over the operating system; 80 per cent of all hacks are insider threats; one per cent of all professional hacks are recognised; 10 per cent of all "standard" hacks are made public.
Mr Bürger stated that the key drivers which lead to companies purchasing security products include: the risk of negative publicity, sabotage, espionage, external hackers, regulatory compliance, insider threats, auditing and data privacy, in addition to increasing regulations calling for strict internal controls to protect the privacy of employees and customer data.
He continued by bringing to light the important role of risk management to identify and manage operational risks such as financial losses, intellectual capital, public image and the role of governance for the sake of measurement and transparency. He pointed towards a need to address three security focus areas - access control, data privacy and compliance.
The Oracle executive concluded that the regulatory and controls environment is so complex that, without information technology, an ongoing governance, risk and compliance programme is not feasible.
Theodoros Demosthenous, senior sales consultant of Oracle Cyprus, further outlined business drivers for security, adding that business-critical data is increasingly under attack and that in-depth defense is critical to protect an enterprise's data. He also gave an informative demo of various Oracle security products.
The session continued with Mr Bürger giving a second presentation. He pointed out that there is an identity provisioning problem. For this reason, an identity manager is essential to reconcile accounts and systems for compliance and to reduce costs to manage password resets more efficiently. It is required to automate user provisioning and the identity administration process by creating, changing and deleting users according to security policies.
Mr Bürger delved into information rights management (IRM) and the crucial role that it plays within an enterprise. It allows an enterprise to "seal" (encrypt) documents and e-mails and a central server manages access rights, and audits usage. It is easy to use and is a seamless extension to familiar office tools like Word and Power Point. In addition, it is very manageable, for it is intuitive and provides a policy-based control of thousands of documents and e-mails.
Godwin Schembri, RS2 Software chief technical officer, concluded the seminar by emphasising the importance of encryption of data. RS2, an Oracle certified partner has recently undergone PA-DSS compliance. To this end, RS2 ensures that sensitive data is stored in an encrypted form and that sensitive data is transferred over the network in an encrypted form. It also makes certain that data is masked when printed or viewed, that there is controlled access to data, and that separation of duties is enforced.
The reality of IT security was made clear at a recent workshop organised by RS2 Software, a local company that for over 20 years has been designing and implementing card management solutions for the financial services industry worldwide, an industry which obliges rigorous IT security compliance. The event, organised in collaboration with Oracle, the world's largest business software company, aimed to highlight the need for IT security.
Security standards, at a minimum, call for strict internal controls on access, disclosure or modification of sensitive information. Lack of security could have detrimental consequences to an organisation. These could include fraud, identity theft, financial irregularities and financial penalties, just to mention a few.
Michael Bürger, Oracle product director of security for south east Europe, gave a presentation entitled "Lock Risks, Unlock Potential, Business Drivers for Security". He underlined the business drivers for security and security challenges being faced today and pointed out that business drivers for identity management include new applications, flexible business processes, compliance, cost reductions, ease of use and security threats.
Quoting the findings of a Goldman Sachs Security Spending Survey, Mr Bürger said that compliance is by far the largest driver behind organisations' investment in security (98 per cent). He continued by providing some interesting facts on security violations - 87 per cent of all databases are compromised over the operating system; 80 per cent of all hacks are insider threats; one per cent of all professional hacks are recognised; 10 per cent of all "standard" hacks are made public.
Mr Bürger stated that the key drivers which lead to companies purchasing security products include: the risk of negative publicity, sabotage, espionage, external hackers, regulatory compliance, insider threats, auditing and data privacy, in addition to increasing regulations calling for strict internal controls to protect the privacy of employees and customer data.
He continued by bringing to light the important role of risk management to identify and manage operational risks such as financial losses, intellectual capital, public image and the role of governance for the sake of measurement and transparency. He pointed towards a need to address three security focus areas - access control, data privacy and compliance.
The Oracle executive concluded that the regulatory and controls environment is so complex that, without information technology, an ongoing governance, risk and compliance programme is not feasible.
Theodoros Demosthenous, senior sales consultant of Oracle Cyprus, further outlined business drivers for security, adding that business-critical data is increasingly under attack and that in-depth defense is critical to protect an enterprise's data. He also gave an informative demo of various Oracle security products.
The session continued with Mr Bürger giving a second presentation. He pointed out that there is an identity provisioning problem. For this reason, an identity manager is essential to reconcile accounts and systems for compliance and to reduce costs to manage password resets more efficiently. It is required to automate user provisioning and the identity administration process by creating, changing and deleting users according to security policies.
Mr Bürger delved into information rights management (IRM) and the crucial role that it plays within an enterprise. It allows an enterprise to "seal" (encrypt) documents and e-mails and a central server manages access rights, and audits usage. It is easy to use and is a seamless extension to familiar office tools like Word and Power Point. In addition, it is very manageable, for it is intuitive and provides a policy-based control of thousands of documents and e-mails.
Godwin Schembri, RS2 Software chief technical officer, concluded the seminar by emphasising the importance of encryption of data. RS2, an Oracle certified partner has recently undergone PA-DSS compliance. To this end, RS2 ensures that sensitive data is stored in an encrypted form and that sensitive data is transferred over the network in an encrypted form. It also makes certain that data is masked when printed or viewed, that there is controlled access to data, and that separation of duties is enforced.