Thought leaders within the IT community are beginning to view cybersecurity not just as part and parcel of the everyday cost of doing business, but as an enabler, a direct driver of business continuity and bottom line growth. This shift in perception has begun to have a dramatic impact on the position and role of security within organizations, from a view of “security means you can’t…” to “security means you can.” Over the past year, fences, walls and moats have become outdated as the ROI of security takes priority with a focus on measuring detection, responding to legislation and the automation of remediation, patch management and minimizing dwell time of an attacker. While a lot has changed in 2015, the speed of security means there’s only more to come. These are Raytheon|Websense Security Labs™’ predictions for 2016.

>> Download the Complete Report

( Read more: Security Technology Implementation Report- Annual CISO Survey )

The Top 8 Predictions for 2016:

• The U.S. elections cycle will drive significant themed attacks

• Mobile wallets and new payment technologies will introduce additional opportunities for credit card theft and fraud

• The addition of the gTLD system will provide new opportunities for attackers

• Cybersecurity insurers will create a more definitive actuarial model of risk – changing how security is defined and implemented

• DTP adoption will dramatically increase in more mainstream companies

• Forgotten ongoing maintenance will become a major problem for defenders as maintenance costs rise, manageability falls and manpower is limited

• The Internet Of Things will help (and hurt) us all

• Societal views of privacy will evolve, with great impact to defenders

( Read more: Checklist to Evaluate A Cloud Based WAF Vendor )

Why Read This Report

In Forrester’s 36-criteria evaluation of distributed denial of service (DDoS) services providers, we identified nine of the most significant companies — in a crowded field of competitors. We researched, analyzed, and scored them to determine which are best able to protect their customers’ business. The DDoS services space is growing in importance because distributed denial of service attacks now represent a considerable percentage of the total number of threats against organizations of all sizes. DDoS has historically focused on disruption, but today it is more frequently an opening salvo for more complex attacks that result in theft of sensitive data or valuable intellectual property. This report details how well each vendor measures up against our criteria and against each other with their DDoS prevention services.

>>Download the Complimentary Forrester Report

Effectively combating cybercriminals requires understanding how they operate. How do they render endpoint protection solutions inoperable? What methods do they use to sidestep two- factor authentication? How do they trick device ID systems and behavioral analytic and risk engines into believing their transactions are legitimate?

This white paper provides an overview of how cybercriminals circumvent security measures at each stage of a transaction’s lifecycle—pre- login, during login and post-l ogin—and offers strategies to help financial organizations combat malware-driven attacks.

Why Read the Report? 

• Why malware is the weapon of choice for cybercriminals
• How cybercriminals use malware to evade your defenses
• What you can do to stay ahead

>> Download the Complete Report

This buyer’s guide can help you find the right IAM solution for your organization—one that meets your unique needs for compliance, provisioning, access management and governance, along with the identity intelligence to stay ahead of threats from the data center to the cloud.

Why Read the Buyer's Guide? 

To help you evaluate whether an IAM solution effectively supports your short- and long- term objectives, this guide includes, checklists of key features and capabilities in the following areas:

• Identity governance and management
• Access management for web, cloud and mobile environments
• Policy- based entitlements and access controls
• Identity intelligence (for monitoring and auditing)
• Time to value

>> Download the complete Buyer's Guide

IBM Managed Security Services continuously monitors billions of events per year, as reported by more than 8,000 client devices in over 100 countries. This report is based on data IBM collected between 1 January 2014 and 31 December 2014 in the course of monitoring client security devices as well as data derived from responding to and performing analysis on cyber attack incidents. Because our client profiles can differ significantly across industries and company size, we have normalized the data for this report to describe an average client organization as having between 1,000 and 5,000 employees, with approximately 500 security devices deployed within its network.

Why Read the Report? 

• Find out the current threat landscape
• Find out the volume of attacks & the top 5 industries most affected
• Find out the prevalent types of attacks & attackers & key factors enabling them

>> Download the Complete Report

This year’s study examines the costs incurred by 36 Indian companies in 12 industry sectors after those companies experienced the loss or theft of protected personal data and then had to notify breach victims and/or regulators as required by laws and business contracts.The number of breached records per incident this year ranged from 3,000 to 77,000 records. This year the average number of breached records was 28,798. We do not include organizations that had data breaches in excess of 100,000 because they are not representative of data breaches normally experienced by companies and to include them would skew the results.

Why Read the Report? 

• Find out the Factors that influence the cost of data breach
• Find out the Trends in the frequency of compromised records & customer turnover
• Find out the Trends in the cost components of data breach

>> Download the Complete Report

India study at a glance:

• 36 companies participated in this study
• 88.5 million INR is the average total cost of data breach
• 6% increase in total cost of data breach
• 3,396 INR is the average cost per lost or stolen record
• 9% increase in cost per lost or stolen record

>> Download the Complete Report

CISO Platform Launches India’s First Ever Study Of The Salary Of Cyber Security Professionals

New Delhi, Bangalore, India, June 4, 2015: CISO Platform, an online community for senior IT Security Professionals announces the official launch of its comprehensive salary report for security professionals across India. The detailed report was launched during CISO Platform Decision Summit held in New Delhi today.

According to the report, the average salary of security professionals in India is Rs. 7.8 lakhs per annum. The global average according to the study ‘Job Market Intelligence report’ by Burning Glass is $93,028. CISO Platform conducted this study with the data of 2400 IT security professionals in India between January and April, 2015.

Priyanka Aash, Managing Director of CISO Platform said -“Even though security is one of the greatest concerns, there is a lack formal statistical study of security as a profession in India. At CISO Platform, our vision is to help security professionals excel in their role through knowledge and collaboration. Hence we decided to embark on conducting the first such formal study for Indian security professionals.”

Over the last couple of years, security industry in India has seen good growth along with rising concerns of hacking threats as well as cross border cyber espionage.  During the year 2014, a total number of 32,323 websites were hacked as per CERT India. India ranked second among nations that were most targeted for cybercrimes through the social media in 2014, after the USA. In the three years up to 2013, registered cases of cyber-crime were up 350%, from 966 to 4,356, according to statistics from the National Crime Records Bureau (NCRB).

India’s cyber security Industry is young and growing rapidly. India will require five lakh cyber security professionals by 2015 to support its fast growing internet economy as per an estimate by the Union ministry of information technology. There is a big gap between the demand and supply and this is a great opportunity for individuals who are interested to adopt IT security as career.

( Read More: Major Components Of IT GRC Solutions )

Key Insights from the study

Experience wise salary of Security professionals

• Salary of security professionals ranges from 1.25 lakhs per annum to 80 Lakhs per annum with an average of 7.8 lakhs per annum.
• Salary of Ethical hackers ranges from 2 lakhs per annum to 15 lakhs per annum with an average of 5.7 lakhs per annum.
• Salary of CISOs ranges from 12 lakhs per annum to 80 lakhs per annum with an average of 23.7 lakhs per annum.
• Bangalore has highest number (20.46%) of security professionals followed by NCR (20.27%).
• Telecom/ISP is the highest paying vertical with an average salary of 11.75 lakhs per annum followed by Banking/financial services with an average salary of 10.52 lakhs per annum.
• NCR has the highest average salary (8.6 lakhs per annum) for security professionals followed by Bangalore (8.44 lakhs per annum).
• The average work experience for security professionals is 6.8 years.
• Chennai has security professionals with highest average work experience (8 years followed by Mumbai (7.3 years)

Location wise analysis

• Bangalore tops in the list in terms of most number of security professionals with 20.46% of total security professionals. While NCR comes at 2^nd place with 20.27% of security professionals and Mumbai comes at 3^rd place with 16.26% of security professionals.

Industry wise analysis

• Industry vertical wise, IT-software industry has attracted most number (49.13%) of security professionals. And highest number (42.56%) of professionals has a profile of consultant/analysts.
• Industry vertical wise, Telecom/ISP is the highest paying vertical with an average salary of 11.75 lakhs per annum. Banking/financial services and IT-Software comes at 2^nd and 3^rd place with an average salary of 10.52 lakhs per annum and 10.28 lakhs per annum respectively.

About CISO Platform

CISO Platform is an Online Social Platform for Information security leaders with the vision to provide highest quality information and collaboration among the security community. CISO Platform has a network of 70,000 global decision makers/influencers in the field of Security and has several initiatives like CISO Platfrom Index (CPI), Technology Taxonomy, IT Security Checklists, CISO Platform 100 and more For more information on the salary report for security professionals, visit us online at http://www.cisoplatform.com/

Gaana.com, one of the  popular music streaming service got hacked. It is reported that 10 million username, email addresses, MD5-encrypted password, date of births, and other personal information has been stolen. 

It is reported by their CEO that they have taken the adequate measures to safeguard post incident. Here are a few things which you should do as a user or any other organization.

If you are a Gaana.com user...What should you do?

• Handling Passwords: Are you using the same password as Gaana.com in other sites? In that case, create different password for the other sites.

• Dealing with personal information: Do not give away your actual sensitive personal information (like date of birth) to different websites if possible. You need to check if you are violating the terms but for your own security it is a good idea to have "fake data" where ever possible without making any legal violation.

• Beware of Social Engineering Attempts: If anybody gets your personal information they may use it to conduct social engineering attacks. Beware of any social engineering attempt on you. If somebody calls you posing as a credit card company/bank who provides credible personal information of yours, Do not trust. Do not give away any financial information like your credit card details over phone.

>> Share with your friends: Click here to tweet!

How secure are the Indian companies?

At CISO Platform we have conducted study of more than 400 Indian Companies and here are some of the findings. The report is to be published next week. The statistical numbers shall be released during the launch of the report but here are some quick observations.

• More than 70% of Indian companies are under prepared when it comes to security. 
• More than 80% of the companies lack in awareness among thesenior management. (For example we observed that a lot of companies believe that they have implemented DDOS security by having firewalls with very limited DOS protection)

How prepared is your organization?

If you are an organization ask yourself the following:

• When is the last time when you conducted a high quality Penetration Testing not just to have tick in the box?

• How long is your remediation cycle?

• Do you have an incident management program in place which is tested? (Just like your fire drill)

• Do you have a security dashboard for the management? Does it make sense?

• Is your Security team (both junior and senior members) spending adequate time in learning about the latest technological changes? Security is a fast changing world. Hackers are continuously learning and evolving. Are you?

Few must read resources..

5 Lessons from Linkedin Breach: Click here

How to implement an automated incident response architecture: Click here

Check if your SIEM is actually detecting breaches: Click here

Why is it easier to hack than to defend: Click here

2 Day Training on "Cyber Forensics and Incident Response": Click here

>> Share with your friends: Click here to tweet!

Don't miss: Wargame on How to respond to a breach?

During CISO Platform Decision Summit (June 4 and 5, New Delhi) we will have a real life strategy simulation on how to respond to a security breach. We have a set of great panelists like

• Brian Mizellle- VP Technology,Cigital
• Steve Ledzian- Director Systems Engineering, Fireeye
• Pawas Agarwal- CISO, Aircell
• Siva Sivasubramanium- CISO, Airtel
• Vibhore Sharma- CTO, Naukri
• Burgess Cooper- Partner, Ernst & Young

>> To claim your pass: Click here

The rapid proliferation of mobile devices entering the workplace feels like divine intervention to many IT leaders. It’s as if a voice boomed down from the mountain ordering all of the employees you support to procure as many devices as possible and connect them to corporate services enmasse. Bring Your Own Device (BYOD) was born and employees followed with fervor.

Forrester’s study of US information workers revealed that 37% are doing something with technology before formal permissions or policies are instituted. Further, a Gartner CIO survey determined that 80% of employees will be eligible to use their own equipment with employee data on board by 2016.

This raises the inevitable question: how will you support workforce desire to use personal apps and devices while allowing them to be productive in a secure environment that protects corporate data? The Ten Commandments of BYOD show you how to create a peaceful, secure, and productive mobile environment. >> Download the Complete Report

The 10 Commandments of BYOD: 

• Create Thy Policy Before Procuring Technology

• Seek The Flocks’ Devices

• Enrollment Shall Be Simple

• Thou Shalt Configure Devices Over the Air

• Thy Users Demand Self-Service

• Hold Sacred Personal Information

• Part the Seas of Corporate and Personal Data

• Monitor Thy Flock—Herd Automatically

• Manage Thy Data Usage

• Drink from the Fountain of ROI

>> Download the Complete Report

The malware industry supplies all the components cybercriminals need to easily perpetrate malware-driven financial fraud and data theft. In today’s virtual world, the scope of organizations vulnerable to malware-driven cybercrime is quite broad. In addition to banks and credit unions that are subject to online banking fraud, financial fraud can be perpetrated on insurance companies, payment services, large e-commerce companies, airlines and many others.
Most attacks do not target an organization’s systems directly, but rather, their customer and employee endpoints.

>> Download the Complete Report

The reason for this is that organizations have invested substantially in multiple layers of security, such as firewalls, intrusion prevention systems and anti-virus gateways, in order to filter out cybercriminals on the perimeter. Conversely, for endpoint security, organizations have leveraged anti-virus software,which often detects less than 40 percent of financial malware.1 Consequently, cybercriminals focus efforts on conducting malware-driven cybercrime, utilizing malware on user endpoints to commit financial fraud and steal sensitive data. Learn how your organization can combat malware-driven fraud and achieve sustainable threat prevention

Why Read the Report? 

• Check out the 7 basic steps for conducting malware-driven financial fraud
  
• Learn how to combat malware driven financial fraud
• Learn the IBM Security Trusteer cybercrime prevention architecture

>> Download the Complete Report

RSA expo floor is the madness that we love. The fringes are more interesting to me than the center. If you want to spot the new go to the fringes. We tried to have a bit of fun this year by analyzing the buzzwords as seen in the expo floor.

How we did the analysis?

We took hundreds of pics of booths all around the expo floor and tried to do the keyword analysis and find out the most prominent buzz words. We tried to give importance to relative size of the keywords along with frequency. This is not the perfect study but an approximate one. I wanted to get a OCR and automate the process but finally ended up spotting keywords manually. It has it's pros and cons. Cons- I must have missed things. Pros- Anything that is more visible caught my attention...that's what it is supposed to be, isn't it?

Read more: Top Talks from RSA Conference 2015 - San Francisco

Positive Trending  Buzzwords

Threat/Cyber Intelligence

Just like last year Intelligence maintained it's position as the top most buzzword.

Internet of Things - IOT

IOT is the new kid in the block. The same was true at Defcon. Check out our blog on Defcon learning 

Software Defined

Not yet mainstream buzzword but can be the dark horse in the future.

Downward Trending Buzzwords

APT

APT clearly lost the battle this year. Very few highlighted APT in bold and big. The FUD factor that reigned the world for a few years is now dying out. We are happy that the industry is getting mature. Check out our blog on APT which we published earlier. 

As a Service/On Demand

We spotted less of "On Demand" or "as a Service". It seems that SaaS is becoming so mainstream that it is losing the buzzword status. It is not losing important but becoming so common that people are not highlighting it as much as before.

Other Notable Keywords

Here are some other notable keywords seen at the floor

• Mobile
• Cloud
• Phishing
• Insider Threats
• DDOS
• Risk
• Analytics
• Passwords/Identity

Read more: Top Talks from RSA Conference 2015 - San Francisco

I am on my way back from RSA Conference 2015 @ San Francisco. It is a cloudy day at New York. Perfect day to write a quick blog. Here's my interpretation of Amit Yoran's talk with a bit of my thoughts poured into it.

Taller walls won't solve the problem. We need fundamentally different approach which is not discovered yet.

We need fundamental shifts in computer science research to be more effective in building better security. All our current day approaches are incremental in nature and won't solve the problem. Less than 1% of Advanced Attacks are detected by SIEM. No matter how high the walls are hackers will find a way in.

Stop believing that Advanced Protections work

No matter how high the wall is, focused adversary shall find their way. The Advanced protections don't work against the most motivated and skilled attacker.

CISO Platform's view: We appreciate the honesty. We wish more vendors had been so candid. Here's one of the blogs on CISO Platform which we published on this last year. http://www.cisoplatform.com/profiles/blogs/apt-secrets-that-vendors-don-t-tell

Read more: Top Talks from RSA Conference 2015 - San Francisco

We need pervasive and true visibility along with Identity

Well, this is not new. True visibility of network, end points and identity combined in a smart manner shall be more effective. trusting the trusted can be fatal. We need multi-dimensional information for real analytics.

CISO Platform's view: This is important. However my belief is that it is still incremental and not the fundamental change which the industry needs.

External threat intelligence is important

Threat intelligence once more is the buzzword in the expo floor just like last year. Amit also stressed on external threat intelligence for improving security.

CISO Platform's view: Before you rush for external threat intelligence first ask: Am I utilizing internal threat intelligence/ Threat intelligence should be adopted in a mature manner. Else we will end up having strong iron doors but with wide open windows.

Prioritize- Limited resources for maximum impact

Find out the most important and defend it with everything that you got.

CISO Platform's view: We cannot agree more. Use 80-20 rule. Priortization is an art and science which can not only help in improving security in your organization but also your life. Make prioritization and focus your way of life.

Read more: Top Talks from RSA Conference 2015 - San Francisco

Watch Video: (Webinar) Intelligence Driven Security - SIEM & Beyond

( Read more:  Checklist to Evaluate a DLP Provider )

What will you Learn:  

• How to gain Complete Visibility, Rapid investigations, SIEM and beyond
• How added packet collection and analysis provides the analyst the visibility of a threat being detected
• What the addition of Netflow provides when correlated with packets and logs – “Netflow provides network administrators with access to information concerning IP flows within their data networks”
• The new incident management capability as the central triage and queuing hub for threats

More:  Join the community of 2000+ Chief Information Security Officers.  Click here

We are happy to announce the results of the annual survey of Security Implementation Status and Industry Benchmarking, in which 410 companies have participated in the enterprise segment. This is a preview of the key findings on the implementation of various security technologies.

The data has been collected through the survey conducted online through the "5th Top 100 CISO Awards, 2015" nomination form. With data collected over 5 years, we have planned a series of interesting reports which shall provide deeper insights on the state of security in the Industry. This report aims to help you align your security initiatives with the strategic goals of the business.

( Read More: 8 Questions To Ask Your Application Security Testing Provider! )

About the Report

• Report created through Annual Survey of 410 companies during the nominations of "5th Top 100 CISO Awards, 2015"
• Total sample size of 410 enterprises
• Small and Medium sized companies are excluded in the analysis
• Complete report coming soon...

State of Implementation of Key Security Technologies

Anti Malware/AntiSpam:

Anti Malware can provide real time protection against the installation of malware software on a computer.This type of malware protection works the same way as that of antivirus protection in that the anti-malware software scans all incoming network data for malware and blocks any threats it comes across. 

Anti-malware software programs can also be used solely for detection and removal of malware software that has already been installed onto a computer. To prevent email spam or unsolicited bulk email, both end users and administrators of email systems use various anti-spam techniques. Some of these techniques may be embedded in products, services and software to ease the burden on users and administrators. No technique is a complete solution to the spam problem, and each has trade-offs between incorrectly rejecting legitimate email (false positives) vs. not rejecting all spam (false negatives), and the associated costs in time and effort.

The market has 96% who have already implemented the anti malware-anti spam solution and 4% who want to implement it in 2015.

Application/ Database Security:

Application security encompasses measures taken throughout the code's life-cycle to prevent gaps in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application.Database security concerns

the use of a broad range of information security controls to protect databases (potentially including the data, the database applications or stored functions, the database systems, the database servers and the associated network links) against compromises of their confidentiality, integrity and availability. It involves various types or categories of controls, such as technical, procedural/administrative and physical. Database security is a specialist topic within the broader realms of computer security, information security and risk management.

37% have planned to implement application/database security in this year and 61% have already implemented it.

Unified Threat Management:

A single UTM (Unified Threat Management) appliance simplifies management of a company's security strategy, with just one device taking the place of multiple layers of hardware and software.

Also from one single centralized console, all the security solutions can be monitored and configured.

58% has already implemented UTM and 27% say they have plans to implement UTM in this present financial year. 15% do not have any plans as of now.

( Read more: Checklist to Evaluate A Cloud Based WAF Vendor )

Strong Authentication:

Strong authentication is any form of authentication in which the verification is accomplished without the transmission of a password and is useful particularly where access to an account must be linked to an actual person, corporation or trust.

However, strong authentication is not necessarily multifactor authentication. Soliciting multiple answers to challenge questions may be considered strong authentication but, unless the process also retrieves 'something you have' or 'something you are', it would not be considered multi-factor authentication.

The penetration in the market is at 69% (who have already implemented strong authentication) and 26% who want to implement strong authentication this year.

Bio Metrics:

Bio-metrics authentication is used in computer science as a form of identification and access control.

It is also used to identify individuals in groups that are under surveillance.Biometric identifiers are the distinctive, measurable characteristics used to label and describe individuals.Examples include, but are not limited to fingerprint, palm veins, face recognition, DNA, palm print, hand geometry, iris recognition, retina and odour/scent.

66% has already implemented Bio Metrics and 17% who have plans to implement Bio Metrics in this present financial year. 17% do not have any plans as of now.

DLP/ Data Security:

Data Loss Prevention (DLP) solution is a system that is designed to detect potential data breach / data ex-filtration transmissions and prevent them by monitoring, 

detecting and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage). Data loss incidents turn into data leak incidents in cases where media containing sensitive information is lost and subsequently acquired by unauthorized party.

The market has a good amount of requirement of this solution with 40% who have plans of implementing DLP in this financial year.

DOS (Denial of Service Security):

In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users.A DoS attack generally

consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. As clarification, distributed denial-of-service attacks are sent by two or more people, or bots, and denial-of-service attacks are sent by one person or system.

The penetration in the market is at 53% (who have already implemented denial of service security) and 36% who want to implement denial of service security in 2015.

Digital Rights Management:

Digital rights management (DRM) technologies are typically associated with business to consumer systems designed to protect rich media such as music and video. Information rights management (IRM) is a

subset of digital rights management (DRM), technologies that protect sensitive information (mostly in the form of documents)  from unauthorized access.

The market has a good amount of requirement of this solution with 43% who have plans of implementing in 2015 and 28% who have already implemented. Also 29% have no plans of implementation yet.

End Point Security:

Endpoint security system consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the devices or endpoints. 

The server authenticates logins from the endpoints and also updates the device software when needed.Although endpoint security software would be different for various providers you could expect most of the offerings to provide antivirus, anti spyware, firewall and also a host intrusion prevention system (HIPS). 

The market has 85.4% who have already implemented end point security solution and 14% who want to implement it in 2015.

( Read More: 16 Application Security Trends That You Can't Ignore In 2016 )

SIEM/ Incident Response:

Security information and event management (SIEM) is a term for software products and services combining security information management (SIM) and security event management (SEM). 

SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. SIEM is sold as software, appliances or managed services, and are also used to log security data and generate reports for compliance purposes.

The market has a good amount of requirement of this solution with 34% who have plans of implementing SIEM in this year and 62% who have already implemented SIEM.

Identity & Access Management:

Identity and Access management (IAM) describes the management of individual principals, their authentication, authorization, and privileges within or across system and enterprise boundaries with the goal 

of increasing security and productivity while decreasing cost, downtime and repetitive tasks. It enables the right individuals to access the right resources for valid reasons. The terms "Identity Management" and "Identity and Access Management" (or IAM) are used interchangeably in the area of Identity access management, while identity management itself falls under the umbrella of IT Security.

55% has already implemented IAM and 36% have plans to implement IAM in this year. 9% do not have any plans as of now.

IDS/ IPS:

Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of 

intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. IDS comes in a variety of “flavors” and approach the goal of detecting suspicious traffic in different ways. There are network based (NIDS) and host based (HIDS) intrusion detection systems.

The penetration in the market is at 80% (who have already implemented IDS/IPS) and 17% who want to implement IDS/IPS this year.

Mobile Device Security:

Mobile Devise Security is of particular concern as it relates to the security of personal and business information stored on smartphones.

Users and businesses not only use smartphones for communication but also for planning and organizing their work and hence smartphones collect and compile an increasing amount of sensitive information to which access must be controlled to protect the privacy of the user and the IP of the company.Different security counter-measures are being developed and applied to smartphones, from security in different layers of software to the dissemination of information to end users. 

53% have plans to implement mobile device security in 2015 with 40% who have already implemented.

( Read More: 5 Questions You Want Answered Before Implementing Enterprise Mobility Management (EMM) Solution )

Patch Management:

Patch management is the process of using a strategy and plan of what patches should be applied to which systems at a specified time.A patch is a piece of software designed to update a computer program or 

its supporting data, to fix or improve it.This includes fixing security vulnerabilities and other bugs, and improving the usability or performance.

The penetration in the market is at 86% (who have already implemented patch management) and 14% who want to implement patch management this year.

Wireless Security:

Wireless security is the prevention of unauthorized access or damage to computers using wireless networks. The most common types of wireless security are Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA).

The current standard is WPA2. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP.Wireless Intrusion Prevention Systems (WIPS) or Wireless Intrusion Detection Systems (WIDS) are commonly used to enforce wireless security policies.

The penetration in the market is at 70% ,who have already implemented and 23% who want to implement wiresell security this year.

Secure email/ web gateway/ content filtering: 

Secure email gateways provide protection from email spam and malware. It also provides outbound email content inspection and encryption of emails.

The market has 92% who have already implemented the Secure email gateway solution and 7% who want to implement it in 2015.

Encryption for servers/storage/database:

Database encryption is the process of converting data, within a database, in plain text format into a meaningless cipher text by means of a suitable algorithm. The database encryption protects

the stored data.Database encryption is done to encrypt sensitive data like credit card numbers, medical records, etc. on the tables, columns, or rows of a database. Database encryption requirements are sometimes governed by regulation or business or data privacy laws specific to different countries.

The market has 58% who have already implemented server/storage/database encryption and 30% who want to implement it in 2015.

IT GRC Management Tools:

IT GRC is the umbrella term covering anorganization's approach across these three areas: Governance, risk management, and compliance.

Governance is the combination of processes established and executed by the board of directors that reflects the organization's structure, how it is managed, led and driven towards the achievement of its goals. Aligned with the risk management, which involves the prediction and management of risks that could hinder the organization to achieve its objectives, and the compliance with the company's policies and procedures, laws and regulations, a strong and efficient Governance is considered key to organization's success. This space has evolved into offerings for both the enterprise GRC (eGRC) and IT GRC.

52% have said that they want to implement ITGRC in the next 12 months and only 22% have already implemented. Also  26% said they still don't have any plans of implementation.

Security Awareness & Training:

Training members of an organization regarding the protection of various information assets of that organization can hugely help improve organizational compliance, security knowledge and change poor security behaviors.

78% have said that they have already implemented/used security awareness and training and 21% who want to implement security awareness and training in the next 12 months.

Credits: Some of the above description text has been taken from Wikipedia.

More:  Want to share your insights? Click here to write an article at CISO Platform

(Read more: Checklist to Evaluate IT Project Vendors)

How to Embed Risk Assessment into your Project Workstream by Michael Calderin - Security Officer, Bupa Global Latin America

Position information security more strategically within your organization by managing information risks early in the project lifecycle. A concise Impact Assessment can help you address serious risks at a time when they can be best addressed. Encourage your audience to participate by creating an unobtrusive process that engages the project team and security team and promotes dialog. This has been key in integrating information security into business and IT workstreams and demonstrating that information security personnel can and should be consulted whenever questions arise. With minimal effort, this type of thinking can create major impact for you and your organization.

(Read more:  How the Heartbleed bug was found by Antti Karjalainen - discoverer ...)

(Read more: Checklist to Evaluate A Cloud Based WAF Vendor)

A journey to protect POS by Nir Valtman Discoverer of Point-of-Sale Vulnerabilities

From Target to other retail chains were all about 'POS'. Point-Of-Sale vulnerability has been at its peak for a while. This talk illustrates the POS vulnerabilities from both retailer and software vendor's perspective. Get an insight into how the POS devices are compromised including difficult methods like memory scraping. This talk will demonstrate the working of POS vulnerability and how threats can be minimized. It will also explain the ways to mitigate the risk while you get the basic concepts and get to know which of these actually work.

(Read more: Checklist for PCI DSS Implementation & Certification)

(Read More: Top 6 'Cloud Security' talks from RSA Conference 2016 (USA))

The Notorious 9 in Cloud Security by Moshe Ferber.

Cloud Computing presents major opportunities and benefits for the organization worldwide. It is scalable, flexible and efficient. But along with those major advantages, comes the threats. Most Cloud Computing threats and risks are well documented, but we are missing information regarding how those threats can be put into practice in the real world, what are the attack vector used and what is the risks and results for those events. In the presentation we will elaborate the notorious nine Cloud computing threats as described by the Cloud Security Alliance, and for each threat we will provide recent examples for known incidents, the attack vectors used and the damage resulted from the incident. By understanding the risks and case studies, we can better prepare our organization for cloud adoption. Among the recent events we will explore: Supply chain attacks, Attacks for Bitcoin mining, Attacks on the management GUI, API manipulation and more. We will talk about recent incidents for such as Code-spaces.com hack, Buffer and Mongo DB OAUTH credential theft, attacks on Twitter and Microsoft and many more.

(Read more: Security Technology Implementation Report- Annual CISO Survey)

(Read more:  APT Secrets that Vendors Don't Tell)

The Heartbleed bug was a catastrophic vulnerability in widely used OpenSSL TLS implementation. This talk at CISO Platform Annual Summit, will give background how the Heartbleed bug was found by Codenomicon. The mechanism that initially detected the vulnerability is presented. It is also discussed what made the Heartbleed bug so severe, and what kind of factors would have mitigated the consequences of the vulnerability.

(Read more: Technology/Solution Guide for Single Sign-On)

Cyber Safety in Cars and Medical Devices by Beau Woods, creator of IOT Security Framework. We are adopting connecting, computerized technology faster than we are able to secure it. When this technology is integrated into life and safety systems, bits and bytes meet flesh and bone. We must know, not just hope, that devices with the ability to impact human life and public safety are worthy of our trust. Learn how the safety impacts of merging cyber security with cars and automobiles impacts all of our safety. Learn the current state of research and what it tell us about these devices' resilience to accidents and adversaries. Understand why our current approaches to cyber security won't work and, in many cases, will be more dangerous than doing nothing.

(Read more:  Can your SMART TV get hacked?)

Bitcoin Transaction Malleability, an Insight by Daniel Chechik.The bitcoin network vulnerability had disturbed the huge bitcoin network. Plenty trading websites like Silk Road,MTGox and more have been victim to "Bitcoin Transaction Malleability." This talk will take you through the vulnerability and how exactly it may be exploited.

(Read more:  How to choose your Security / Penetration Testing Vendor?)

(Read more: Shellshock Bug: A Quick Primer)