Jan 06 2011

Security 2020: Reduce Security Risks This Decade

Category: Information SecurityDISC @ 10:59 am

 

Security 2020: Reduce Security Risks This Decade

Identify real security risks and skip the hype. After years of focusing on IT security, we find that hackers are as active and effective as ever. This book gives application developers, networking and security professionals, those that create standards, and CIOs a straightforward look at the reality of today’s IT security and a sobering forecast of what to expect in the next decade. It debunks the media hype and unnecessary concerns while focusing on the knowledge you need to combat and prioritize the actual risks of today and beyond.

IT security needs are constantly evolving; this guide examines what history has taught us and predicts future concerns
Points out the differences between artificial concerns and solutions and the very real threats to new technology, with startling real-world scenarios
Provides knowledge needed to cope with emerging dangers and offers opinions and input from more than 20 noteworthy CIOs and business executives
Gives you insight to not only what these industry experts believe, but also what over 20 of their peers believe and predict as well

With a foreword by security expert Bruce Schneier, Security 2020: Reduce Security Risks This Decade supplies a roadmap to real IT security for the coming decade and beyond.

Order this book for advice on how to reduce IT security risks on emerging threats to your business in coming years. Security 2020: Reduce Security Risks This Decade

From the Back Cover
Learn what’s real, what’s hype, and what you can do about it
For decades, security experts and their IT peers have battled the black hats. Yet the threats are as prolific as ever and more sophisticated. Compliance requirements are evolving rapidly and globalization is creating new technology pressures. Risk mitigation is paramount. What lies ahead?

Doug Howard and Kevin Prince draw upon their vast experience of providing security services to many Fortune-ranked companies, as well as small and medium businesses. Along with their panel of security expert contributors, they offer real-world experience that provides a perspective on security past, present, and future. Some risk scenarios may surprise you. Some may embody fears you have already considered. But all will help you make tomorrow’s IT world a little more secure than today’s.

Over 50 industry experts weigh in with their thoughts

Review the history of security breaches

Explore likely future threats, including social networking concerns and doppelganger attacks

Understand the threat to Unified Communication and Collaboration (UCC) technologies

Consider the impact of an attack on the global financial system

Look at the expected evolution of intrusion detection systems, network access control, and related safeguards

Learn to combat the risks inherent in mobile devices and cloud computing

Study 11 chilling and highly possible scenarios that might happen in the future

Tags: Bruce Schneier, Computer security, Consultants, Doug Howard, Intrusion detection system, Kevin Prince, Security, United States


Sep 09 2010

DHS Cyber security Watchdogs Miss Hundreds of Vulnerabilities on Their Own Network

Category: cyber securityDISC @ 8:36 am
Seal of the United States Department of Homela...
Image via Wikipedia

By Kevin Poulsen @wired.com

The federal agency in charge of protecting other agencies from computer intruders was found riddled with hundreds of high-risk security holes on its own systems, according to the results of an audit released Wednesday.

The United States Computer Emergency Readiness Team, or US-CERT, monitors the Einstein intrusion-detection sensors on nonmilitary government networks, and helps other civil agencies respond to hack attacks. It also issues alerts on the latest software security holes, so that everyone from the White House to the FAA can react quickly to install workarounds and patches.

But in a case of “physician, heal thyself,” the agency — which forms the operational arm of DHS’s National Cyber Security Division, or NCSD — failed to keep its own systems up to date with the latest software patches. Auditors working for the DHS inspector general ran a sweep of US-CERT using the vulnerability scanner Nessus and turned up 1,085 instances of 202 high-risk security holes (.pdf).

“The majority of the high-risk vulnerabilities involved application and operating system and security software patches that had not been deployed on … computer systems located in Virginia,” reads the report from assistant inspector general Frank Deffer.

Einstein, the government’s intrusion-detection system, passed the security scan with flying colors, as did US-CERT’s private portal and public website. But the systems on which US-CERT analysts send e-mail and access data collected from Einstein were filled with the kinds of holes one might find in a large corporate network: unpatched installs of Adobe Acrobat, Sun’s Java and some Microsoft applications.

In addition to the 202 high-risk holes, another 106 medium- and 363 low-risk vulnerabilities were found at US-CERT.

“To ensure the confidentiality, integrity, and availability of its cybersecurity information, NCSD needs to focus on deploying timely system-security patches to mitigate risks to its cybersecurity program systems, finalizing system security documentation, and ensuring adherence to departmental security policies and procedures,” the report concludes.

In an appendix to the report, which is dated Aug. 18, the division wrote that it has patched its systems since the audit was conducted.

DHS spokeswoman Amy Kudwa said in a statement Wednesday that DHS has implemented “a software management tool that will automatically deploy operating-system and application-security patches and updates to mitigate current and future vulnerabilities.”

Tags: Adobe Acrobat, Computer security, Intrusion detection system, Microsoft, National Cyber Security Division, Security, United States, United States Computer Emergency Readiness Team