Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Preventing Credential Theft: A Security Checklist for Boards
Newest First  |  Oldest First  |  Threaded View
cybersavior
cybersavior,
User Rank: Strategist
10/30/2017 | 5:15:43 PM
Thanks for the article
It's my experience that the "senior execs" or "Board" are the very users that bring the most sense of entitlement to IT/IS.  You know, she wants her email address to just be Renee*AT*megacorp.com, he wants to use his Mac or iPad that isn't supported or get this... A CEO at a major, global corporation that requested thier spouse (not an employee) be given remote access and Outlook email delegation from a non-company asset.  That truely happened, AND that company has regulated messaging!  Digital communications subject to SEC 17a-4.

It really puts our technology and security practitioners between the hammer and the anvil when senior leaders demand unsupported and/or non-compliant configurations.  It represents audit jeopardy and lowers the security posture of the firm.  The Board will be the most resistant users to 'security overhead' such as the Checklist and the target on their CISO's back enlarges.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building the SOC of the Future
While an attacker just needs to find one vulnerability to get in to the network, the defender has to look everywhere. Defenders have to identify, disrupt, and stop attacks in the short period of time between when an attacker gets in and causes damage. One way is a security operations center to get that "all the time" coverage. What's Inside: --AI and cybersecurity response --Automation --Proctive threat hunting --Next-gen SIEM
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-39873
PUBLISHED: 2022-10-07
Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication.
CVE-2022-39874
PUBLISHED: 2022-10-07
Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.
CVE-2022-39875
PUBLISHED: 2022-10-07
Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.
CVE-2022-39876
PUBLISHED: 2022-10-07
Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI.
CVE-2022-39877
PUBLISHED: 2022-10-07
Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.