Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 29 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

NTT: compliant businesses demonstrate better security

by The Gurus
March 27, 2014
in Editor's News
Share on FacebookShare on Twitter

Those companies who are compliant with the PCI data security standard are better at addressing perimeter vulnerabilities.
 
According to a survey by the NTT Innovation Institute, those companies who perform quarterly external PCI authorised scanning vendor assessments have a more secure vulnerability profile and a faster remediation time, with 27 per cent demonstrating this.
 
NTT Com global director of security strategy Garry Sidaway told IT Security Guru that often the problem compliance frameworks such as PCI DSS is that it is seen as a tickbox exercise, and the discipline of doing it to taking action on it is the difference.
 
“You can look at boxes, but there is not much more to it than that; it is not a loose operation that you have got to put it in place. You can do vulnerability scans but if you do not act on it you are just processing lists than risks, he said. “Putting risks into context really makes sense for the business.”
 
He said that discipline and understanding are “born from best practice”, and this will help the operational process and reduce the risk profile.
 
The survey also found that 43 per cent of incident response engagements were the result of malware incidents. Sidaway commented that 77 per cent of businesses do not have an incident response programme. He said: “There is a’set and forget’ tendency and while most technology is great, you have got to operate it and most organisations put it in place and do not operate it, and it needs continuous operation.”
 
John Theobald, CISO of NTT Com, told IT Security Guru that there is a crossover with the business with incident response and the business, as it is not about saying when you get attacked, it is knowing what to do when you are. “Test the process at live events and work through incidents and understand what you need to do now, and understand how the attacker got there in the first place,” he said. “It is cyber security that no one understands or calls for, but with PCI DSS and ISO 27001 put in place people are more savvy.”
 
The survey also found that anti-virus fails to detect 54 per cent of new malware collected by honeypots, while 71 per cent of new malware collected from sandboxes was undetected by over 40 different anti-virus solutions.
 

FacebookTweetLinkedIn
Tags: Complianceincident responsePCI DSS
ShareTweetShare
Previous Post

Target and Trustwave face legal challenges

Next Post

CESG Certified Professional called "too rigid"

Recent News

Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information