[SecurityRatty] tag: examines

A Successful CIO: More Leadership, Less Technical Jargon

Thu, 20 Nov 2008 21:00:00 +0000

This paper, written by Nicholas Purcell, examines the role of the CIO and the challenges they face, as well as the officers themselves moving beyond their chosen role in order to help better relate to their employees.

Download: H1 2008 Desktop OS Vendor Report - Vulnerabilities and Days-of-Risk

Mon, 27 Oct 2008 04:00:00 +0000

This report looks at all of the vulnerabilities fixed by Apple, Microsoft, Red Hat and Ubuntu during the first half of 2008. At the vendor level, the report examines all vulnerabilities as well as Days of Risk (DoR) associated with those vulnerabilities. The report further drills down to examine just those issues affecting the commonly installed desktop operating system components.

The key findings for 1H08:

The four vendors fixed a total 585 vulnerabilities in 1H08. 26.8% affected multiple vendors and of those, only 8 were fixed on the same day – the rest had an average 35 day delay between the first available fix and the last available fix..
Microsoft had the lowest average Days of Risk for all vulnerabilities fixed at 24.22 days, with the next closest vendor at 72 days.
For desktop OS vulnerabilities, Windows Vista had the fewest vulnerabilities in 1H08 at 21. The next lowest number was Windows XP SP2 at 26.
Windows Vista customers experienced full or partial mitigation for 46% of the 26 vulnerabilities affecting Windows XP SP2 in 1H08, but also experienced one additional vulnerability in new code.

In addition to these measurements for the vendors and products, the body of the report also provides weighted analysis which provides a lesser consideration for lower severity issues. Please read the full report for details.

Portable Operating Systems and Information Security Risks

Tue, 14 Oct 2008 20:00:00 +0000

This paper, written by Thomas Hyslip, examines the threat of portable operating systems to computers and computer networks, as well as the security measures available to prevent such exploits.

Identity and Security Management and Strong Information Technology Governance: Novell's Soultion Suite Automates the Approach to the Perfect Union

Thu, 11 Sep 2008 09:00:00 +0000

(Source: Novell) This IDC White Paper examines Novell's identity and security management (ISM) solutions and how these integrated offerings can play a key role in enforcing security compliance for enterprise organizations.

The New Encryption Generation: Closing the Gap

Wed, 06 Aug 2008 09:00:00 +0000

(Source: Credant) Enterprises view encryption as a backstop to prevent information from ending up in the wrong hands. But first-generation encryption technologies may leave critical gaps in security or even foster operational compromises. This white paper examines those limitations and an alternative, multilayered approach that can automatically safeguard data without complicating essential IT and user operations.

How the Human Brain Buys Security

Thu, 31 Jul 2008 09:30:24 +0000

Bruce Schneier examines prospect theory and how it applies to computer security. The solution is not to sell security directly, but to include it as part of a more general product or service. Vendors need to build security into the products and services that customers actually want. Security is inherently about avoiding a negative, so you can never ignore the cognitive bias embedded so deeply in the human brain. But if you understand it, you have a better chance of overcoming it.

Dont become a statistic says Sophos

Thu, 24 Jul 2008 14:56:51 +0000

Alot of numbers and stats, but a must read for those who want to take no changes while online.

clipped from www.istockanalyst.com

Hackers Attack Businesses, Blogs and Web 2.0 Sites, Sophos Security Threat Report Reveals

Sophos, the largest privately held vendor in the secure content and threat management market today published new research into the first six months of cybercrime in 2008. The Sophos Security Threat Report examines existing and emerging security trends and has identified that criminals are increasingly using creative, new techniques in their attempt to make money out of internet users.

Silicon Valley's Wi-Fi Situation

Wed, 09 Jul 2008 06:11:40 +0000

The Palo Alto Weekly exhaustively examines its city's and Silicon Valley's state of public Wi-Fi: The paper looks at the failures of various networks around the valley, the current state of Wi-Fi plans, and how a non-profit, WiFi101, is building (with a grant) a new effort that could be a model for how to offer free service for those without Internet access.

The Weekly also mentions Palo Alto considering fiber to the home, which the city incorrectly calls "Fiber to the Premise" (not "premises") in their request for proposal. Palo Alto installed an early city-owned fiber ring in the mid-1990s. That 40-mi. ring cost just $1.9m (in 1996 dollars) to build. The new effort would be entirely funded by partners, who would receive certain assets and contracts to anchor the project.

Seven Steps to Secure and Seamless Field Mobility

Wed, 02 Jul 2008 09:00:00 +0000

(Source: Columbitech) This white paper examines the unique challenges of the wireless world and what an IT department should consider when evaluating a security solution for its mobile workforce. Additionally, it compares the third-generation mobile VPN with older VPN technologies, and their ability to handle these challenges.

The ROI and TCO Benefits of Data Deduplication for Data Protection in the Enterprise

Tue, 01 Jul 2008 09:00:00 +0000

(Source: datadomain) Deduplication storage is quickly becoming the standard for disk-based backup and nearline storage use in enterprise data centers across many industries. This paper examines and quantifies the costs and benefits of backup with deduplication storage as strategic assets for data protection.