Microsoft policy makes sense

Security Experts agree that Microsoft's approach in patch management makes process more predictable. Microsoft Corp. has moved to a monthly patch-release cycle one year ago. Uncertainty of Microsoft's earlier approach in which the patch is released as soon as it is developed makes it costly for users to manage patches, the current approach drastically alleviate the issue. "What it gives you is the consistency you need to factor patching into your overall [systems management] process," Krauthamer, director of information systems at Advanced Fibre Communications Inc. in Petaluma, Calif., said. "It's a great thing if you can spend just one night a month doing patches." To read the article by Jaikumar Vijayan, click here.

A new proposal for information security regulations

Ira Winkler, CISSP, CISM, argues that self-relating will no longer work for information security. He proposes a set of regulating rules that every computer, system, or network should obey when it is connected to the public network. He points out that we can't continue to ignore the fact that we're negligently enabling the attackers. While we can always expect miscreants to attack us, either maliciously or for profit, studies by the Defense Information Systems Agency and the Computer Emergency Response Team indicate that more than 97% of successful attacks are preventable. To read his opinion, click here.

Information Security is an economics problem rather than a technical one

Bruce Schneier, a security expert and chief technology officer at Counterpane Internet Security Inc. , stresses that information security isn't a technological problem. It's an economics problem. And the way to improve information technology is to fix the economics problem. Do that, and everything else will follow. To read more, from computer world.

Liability in Information Security

Bruce Schneier of Counterpane Internet Security Inc. has articulated that we should start thinking about liability in dealing with information security problems. He also pointed out that "There are no real consequences to the vendors for having bad security or low-quality software. Even worse, the marketplace often rewards low quality. More precisely, it rewards additional features and timely release dates, even if they come at the expense of quality. " You can read more on this issue in his recent article.

Fear Does Sell in Security

According to a survey by Watchguard, almost half of the respondents admitted that fear is the most effective way for the security vendors to motivate customers to invest in a particular security technology. 30 % of 150 customers surveyed identified that rational assessment of costs and benefits is the most effective driver to persuade themselves to make an security investment decision. To read more, http://www.nwfusion.com/newsletters/vpn/2004/1025vpn1.html.

Firms Take Government Regulations Seriously

Firms are revising their IT spending to improve their compliance with new regulations. The Sarbanes-Oxley Act is seen as having the most impact on enterprises’ information security management planning in 2004 with 36 per cent of the companies surveyed by NetSec. Basel II came in as the second most important piece of regulation with 25 per cent naming it as having the most impact on information security management planning. BS7799-2:2002, the government's gold standard for information security, came in third with just 19 per cent even though it was rated as the best framework for defining companies’ Information Security Management Systems. To read more, http://www.theregister.co.uk/2004/10/27/netsec_security_survey/.

Big UK Businesses straggle with Vulnerabilities and Patches

Security consultancy NetSec reported that most large companies are struggling to protect themselves against security threats based on a survey conducted in UK. It revealed that a new security threat could take more than six hours to contain accross big organizations. To read more, http://www.theregister.co.uk/2004/10/27/netsec_security_survey/.

New Worm Targets Google and Microsoft

A new variant of the Zafi worm, Zafi.C, was discovered October 27, 2004. Zafi.C attempts to launch a distributed denial-of-service (DDoS) attack against Google.com, Microsoft.com, and miniszterelnok.hu, the website of the Hungarian prime minister. http://www.silicon.com/0,39024729,39125376,00.htm

Information Security is Crucial for IT Security

Vnunet.com reported that UK chief security and intelligence coordinator, Sir David Omand, says increased information-sharing between government departments and businesses and increased staff training are keys to improving the UK’s information technology security. Following the publication of the government’s first review of UK public and private sector security initiatives, Sir David said cyber-security now affects all sectors of the government and economy, and that the public and private sector must work together to address vulnerabilities and threats as soon as they are discovered.
To read the full story, please go to http://www.vnunet.com/news/1159016 .

Security News Mailing List

Institute For Security Technology Studies at Dartmouth College has been preparing reports called Security in the News. Security in the News provides security professionals, and government and law enforcement officials with timely and salient information on cybercrime, cyberterrorism, malware and other information-security issues at the strategic level. You can access to the daily report at http://news.ists.dartmouth.edu/todaysnews.html. You can also subscribe to the daily email update at http://news.ists.dartmouth.edu/cgi-bin/signup.cgi.