2.4.11 Independent testing: KIU should have a testing plan that identifies control objectives; schedules tests of the controls used to meet those objectives; ensures prompt corrective action where deficiencies are identified; and provides independent assurance for compliance with security policies. Security tests are necessary to identify control deficiencies. An effective testing plan identifies the key controls, then tests those controls at a frequency based on the risk that the control is not functioning. Security testing should include independent tests conducted by personnel without direct responsibility for security administration. Adverse test results indicate a control is not functioning and cannot be relied upon. Follow-up can include
…show more content…
"If you're looking for malware you won't see breaches using legitimate credentials," Kurtz explained. Simply put, hackers are stealing login information and using those credentials to access applications and sensitive data. As a result, it's hard to identify when organizations are breached, and many have lost data, only to discover those intrusions months and years later.
2.5.2 Lateral hacker movement/breach containment: Once cybercriminals find their way inside corporate networks, they're moving laterally between applications until they find the most sensitive and valuable data. "Cryptographic isolation and end-to-end encryption prevents lateral movement."
This information security challenge is why Gartner predicted that micro-segmentation technologies will be one of the must-haves for enterprise security in 2016. The research firm explained that by cryptographically isolating workloads and encrypting network traffic end-to-end, organizations can prevent lateral "east/west" hacker movement, contain breaches and better secure
"If you're looking for malware you won't see breaches using legitimate credentials," Kurtz explained. Simply put, hackers are stealing login information and using those credentials to access applications and sensitive data. As a result, it's hard to identify when organizations are breached, and many have lost data, only to discover those intrusions months and years later.
2.5.2 Lateral hacker movement/breach containment: Once cybercriminals find their way inside corporate networks, they're moving laterally between applications until they find the most sensitive and valuable data. "Cryptographic isolation and end-to-end encryption prevents lateral movement."
This information security challenge is why Gartner predicted that micro-segmentation technologies will be one of the must-haves for enterprise security in 2016. The research firm explained that by cryptographically isolating workloads and encrypting network traffic end-to-end, organizations can prevent lateral "east/west" hacker movement, contain breaches and better secure