Security Management
If you aren't familiar with Web threats, you should be. A Web threat uses the ubiquity of the WWW as a threat vector to propagate malicious exploits and payloads. Web threats lead to PCs infected with keyboard loggers, botnet code, or traditional worms and viruses.
Traditional threats like e-mail viruses and ...
Traditional security solutions are sort of like client/server computing. Security vendors take the role of the server, hosting the master software, adding new anti-malware signatures, and distributing them to all of the clients.
This model was adequate in the past, but it is no longer good enough. Why? ...
A recent Network World article stated that Dell is warning customers that a small number of PowerEdge server motherboards sent out through service dispatches may contain malware.
Dell is doing the right thing by alerting potentially impacted customers, but questions remain:
How did the malware get there?
Were the motherboards ...
Government and industry regulations were supposed to improve information security, yet many holes remain. Why? Many organizations adopted a regulatory “check box” mentality which helped them pass audits, but didn’t address dangerous threats or existing vulnerabilities. ESG believes IT risk management can help and many large organizations ...
I'm just back from participating in the Symantec Government Symposium held yesterday in Washington DC. The event was extremely informative, with keynote presentations by Cybercoordinator Howard Schmidt and Director of Plans and Policies for the U.S. Cyber Command Major General Suzanne M. Vautrinot. For my part, ...
I recently finished Richard Clarke's new book, Cyber War, and I have but two words for the former cyber czar: thank you.
I've probably read as much about this subject as Washington insiders and in my opinion, Clarke's book immediately leapfrogs numerous other overly technical or Washington-wonky volumes. ...
In a recent ESG Research survey, we asked security professionals at enterprise organizations (i.e., 1,000 employees or more) whether their organization had suffered a data breach within the last year. Here are the results:
Yes, several incidents: 11%
Yes, one incident: 23%
No: 63%
Don't know: 3%
My analysis:
In total, 34% ...
As Jon Oltsik of Enterprise Strategy Group (ESG) puts it, the critical task of hardening databases and monitoring access to their information is quite often hampered by "too many cooks in the kitchen."
via Database Security Suffers From Leadership Gap - DarkReading.
ESG's research indicates that network security spending will be a focus area for 2010. Nearly half (48%) of midsized (less than 1,000 employees) and enterprise (more than 1,000 employees) organizations will invest in network security technologies like firewalls, IDS/IPS, gateways, and threat management solutions.
Yes, all of ...
Microsoft built upon its Secure Development Lifecycle (SDL) this week with an announcement at the Black Hat conference in Washington DC. With this announcement, Microsoft will provide a simplified implementation of SDL. The goal here is to spread the goodness of SDL to smaller or less sophisticated ...
