Security News

The US Department of the Interior spectacularly failed its latest computer security assessment, mostly for a lack of Wi-Fi defenses. The infosec experts also noted other security shortfalls, such as a lack of network segmentation that would allow intruders to casually move between systems, incomplete inventory records of wireless networks, and a reliance on pre-shared keys that could be exploited by miscreants to eavesdrop on network traffic.

CISOs are tasked with preparing for more than three audits on average in the next 6-12 months, but struggle with inadequate tools, limited budgets and personnel, and inefficient manual processes. "This survey clearly shows that CISOs at major companies are caught between a rock and hard place when it comes to security and compliance audits over the second half of 2020 and want automated tools to help dig them out. Unfortunately, they're simply not able to find them," said Scott Schwan, Shujinko CEO. "Teams are cobbling together scripts, shared spreadsheets, ticketing systems and a hodgepodge of other applications to try to manage, resulting in inefficiency, lengthy preparation and limited visibility. More than two-thirds of CISOs are looking for something better."

Calendars for security and compliance audits are largely unchanged despite COVID-19, but the pandemic is straining security teams as they work remotely, according to the findings of a recent survey by automated audit prep provider Shujinko. The survey of North American CISOs documented the challenges facing security and compliance professionals preparing for a wave of upcoming audits and was conducted by Pulse in late June 2020.

Thousands of valuable ISO management system certifications earned by UK companies may now be at risk because auditors from Certification Bodies may not have been able to attend organizations' premises to conduct essential re-certification audits during the current coronavirus pandemic. Worldwide, hundreds of thousands of certifications are at risk of lapsing as lockdown conditions look set to continue for the foreseeable future.

Chief audit executives and internal audit leaders report their next-generation competency levels in three vital areas - governance, methodology and enabling technology - to be remarkably low, a Protiviti survey reveals. Nearly 780 Chief Audit Executives and internal audit leaders were surveyed across industries to uncover the pressing priorities for internal audit functions when it comes to next-generation auditing skills.

Quest Software, a global systems management, data protection and security software provider, announced new capabilities available within On Demand Audit to support the industry-wide shift to the cloud and ensure Microsoft environments remain secure in the face of growing malware and cyber threats. To further help customers tighten their security posture, streamline auditing processes, and adhere to compliance requirements, On Demand Audit now features new support for Teams and delivers the necessary auditing and alerting on all critical events to minimize vulnerabilities across the business collaboration tool.

A notice emitted by the certificate biz explained that a number of its intermediate certificate authorities had issued EV certs to customers despite not being included in DigiCert's WebTrust audits - which goes against the rules for EV certs. "Although there is no security threat, the EV Guidelines require that we revoke EV certificates signed by the affected ICAs by July 11, 2020 at 12pm MDT.".

During the audit, Kudelski was given access to the source code of Boxcryptor for Windows and to the internal documentation. The goal of the audit was to give all interested parties an indirect insight into the software so that they can be sure that no backdoors or security holes are found in the code.

In light of this, incident management programs are more important than ever, and with ISACA's newly launched Security Incident Management Audit Program, audit professionals now have the tools to more effectively evaluate incident management programs and achieve greater assurance. The audit program covers process areas of security incident management programs and clearly outlines process sub-areas-like detection and analysis, forensics, and change management during program implementation as well as control objectives, controls and testing steps in a customizable spreadsheet.