Information security is a topic that all CXOs would want to have in their business plan for 2017. Having a strong plan to protect your organisation from cyber-attacks is fundamental. It is essential that an evaluation of IT systems is done not only from an external attack but also from an internal threat.
Top Misuse Action Varieties within Insider and Privilege Misuse (n=230)
IT Asset Management is the first step to address these issues. Here are some of the key issues that highlighted:
- Identity & Access Management (IAM) – Unauthorized access to systems are discovered. User access management to critical applications supporting the business is identified. This can be used to initiate, capture, record and manage user identities and their related access permissions. Poorly controlled IAM processes may lead to regulatory non-compliance because if the organisation is audited, management will not be able to prove that company data is not at risk of being misused.
- Unauthorised Hardware & Software – Genuine vs non-genuine software and licensed vs non-licensed software are discovered. Hardware compliance in accordance with IT policies are measured. The use of legitimate vs illegitimate software deployments is identified. Software without genuine licenses, incorrect or cracked software are found.
- Illicit Content – Unregulated contents on a corporate network or a machine are identified
- Possession abuse – Corporate systems used for personal access or bring your own devices (BYOD) to access corporate information can also be a reason for cyber risk
- Unsafe Apps: Using certain applications in the corporate network could open back door entries and make the systems vulnerable. Listing down applications which are safe to be used in the network vs vulnerable or potentially unsafe applications that need IT’s attention
- IT Asset Management is the key to data center planning – Virtualisation is the key to cost optimization. IT Asset Management exercise will highlight:
a. If your IT hardware resources optimally used
b. Is it in compliance with the business requirements
c. Licensing requirements from the principal vendor
Main Security Concerns Related to BYOD
Source: BYOD & Mobile Security 2016
What can Software Asset Management (SAM) do for your business?
- Protect your IT infrastructure from security threats
- Help to manage your licensing costs
- Maximize your licensing assets
- Place you in control of your vendor contract renewals
- Identify unauthorized software installations
- Re-harvest software assets
- Plan IT spend in line with business priorities
- Model future software scenarios
- Meet corporate governance/compliancy goals