Trilight Zone Forum Index Trilight Zone
Privacy & Anonymity is our speciality !
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Security: Next Steps

 
Post new topic   Reply to topic    Trilight Zone Forum Index -> Security
Author Message
tricore
Guest
PostPosted: Thu Jan 11, 2007 7:41 am    Post subject: Security: Next Steps Reply with quote
If you ask most people to free-associate from the trigger term "September 2001," likely responses might be "World Trade Center" or "terrorists." Only people at the epicenter of an enterprise IT operation are likely to recall, without being reminded, that the week after 9/11 was marked by the worldwide attack of the Nimda worm-which many now regard as an inflection point in the sophistication and, consequently, the speed and severity of attacks against e-business.

The University of Calgary, in Alberta, Canada, has since compiled estimates of Nimda's impact that include 2.2 million infected machines within 24 hours and a cleanup cost of $539 million.

That's more than the individual gross domestic products of 15 of the member countries of the International Monetary Fund, not to mention being enough to take every worker in the United States out to Starbucks.

view slide show: Five Steps to Security: Best Practices The IT industry has had five years to recognize the significance of such numbers and to make the best practices of enterprise security the norm rather than the exception. But that recognition has remained largely nominal, and the response superficial.

Two years after Nimda, for example, the Slammer worm successfully inflicted a billion dollars' worth of nuisance and cleanup. Slammer doubled its number of victims every 8.5 minutes, affecting 90 percent of vulnerable targets worldwide within its first 10 minutes in the wild.

Even two years later, the Sober worm in 2005 may have accounted at times for as much as 70 percent of worldwide e-mail volume-succeeding by taking advantage of laxity in risk assessment and prevention; underinvestment in detection and response; and, all in all, a general lack of vigilance.

By no coincidence, those five elements of security-risk assessment, problem prevention, attack detection, incident response and creation of a climate of vigilance-were the five sections of a major eWeek Labs series of articles, titled "Five steps to enterprise security," that was launched in November 2001. Taking no pleasure whatsoever in the continuing relevance of recommendations made five years ago, Labs staff revisit that report in the following pages-with the aim of reiterating what's still critical and also raising consciousness in areas of concern that have emerged or intensified since then.

We hope this update finds a climate of improved awareness and expanded resources for addressing security issues, so that the end of 2011 will find us less tempted to issue a 10th anniversary update to this manifesto for enterprise infrastructure protection.
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Trilight Zone Forum Index -> Security All times are GMT
Page 1 of 1

 


Powered by phpBB © 2001, 2005 phpBB Group