Organisations fail to meet security awareness and compliance training best practices

A survey of high-risk organisations has found that more than three quarters fail to perform quarterly security and compliance training.

According to a survey by enterprise key and certificate management solutions provider Venafi and IT security research provider Echelon One, 77 per cent of respondents failed to perform quarterly security and compliance training while 64 per cent failed to encrypt all of its data in the cloud. However 90 per cent did use encryption throughout the organisation.

The survey of 420 enterprises and government agencies also found that almost 100 per cent of respondents had some degree of un-quantified or unmanaged risk. When asked if their organisations encrypted data stored in public clouds such as Google Apps, Salesforce.com and Dropbox, 40 per cent said they did not know.

Jeff Hudson, CEO of Venafi, said: “If this assessment demonstrates anything, it’s that IT and security departments have got to gain greater visibility over all of their security and compliance activities and take steps to better understand and manage them.”

Bob West, founder and CEO of Echelon One, said: “The assessment findings were startling. We suspected we would find that many organisations were challenged, but we had no idea that failure rates would run this high.

“The good news is that with this information and independent assessment, organisations can see where they rank in comparison to peers, determine where weaknesses exist and identify steps they can take to significantly reduce security and compliance risks by leveraging automated processes and multi-layered data security strategies, including managed encryption.”

Regency are now in a position to offer current and new clients, both public and private sector, a fully automated risk management tool, CiticusOne, to assess current level of compliance against the controls they are required to obtain and be compliant with. Example control areas for the public sector maybe, SPF, PIA, IAMM, ISO27001, whilst within the private sector ISO27001, Sabannes Oxley, CoBit and SCADA, however compliance controls bespoke to individual business needs could be also included. Once the risk management process is completed CiticusOne can then produce an easy readable report detailing areas of risk, action plan details and dashboard diagrams that can be presented to the Board.

The use of Citicus will not only reduce the time it will take to carry out the risk management process, the time utilised by in-house security practitioners or consultants but will also reduce the costs of maintaining a real time effective risk management regime that once adopted can be updated as and when required as and when the risks or threats change.

As the sole worldwide implementation partner, Regency can host and manage Citicus in our HMG accredited secure data centre and also provide the expertise to carry out independent evaluations. We can also arrange the training for personnel to use the software to maintain and update their risks and actions by using our hosting service via secure HMG VPN encrypted connections.