| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Auditing
|
|
Patch Management
|
|
Risk Assessment
|
|
The Risks of "Big" Vulnerabilities Recently the IT industry was awakened by the announcement of two security vulnerabilities that represent an exposure for nearly every network in the world. Cisco, an industry leader in networking gear, announced a vulnerability affecting nearly every version of their IOS running on routers that move data across most of the networks for companies worldwide, and the Internet. Almost as if planned, Microsoft announced at the same time a vulnerability affecting most, if not all versions of Windows, from the servers to the desktop, which could have serious ramifications of not mitigated.
03/21/2004
|
|
Vulnerability Protection - A Buffer for Patching The purpose of this paper is to identify the problem facing the network security community regarding vulnerabilities and patches. It explains why current security technologies such as firewalls, intrusion detection and prevention systems, and automated patch management solutions have failed in preventing vulnerabilities from being exploited. Finally an alternative approach is proposed that incorporates and builds upon existing security technologies.
03/21/2004
|
|
OCTAVESM Catalog of Practices, Version 2.0 The Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVESM) Method enables organizations to identify the risks to their most important assets and build mitigation plans to address those risks. OCTAVE uses three 'catalogs' of information to maintain modularity and keep the method separate from specific technologies. One of these catalogs is the catalog of good security practices. It provides the means to measure an organization’s current security practices and to build a strategy for improving its practices to protect its critical assets.
03/03/2004
|
|
Challenges of Predictive Analysis for Networks As of today, there is limited ability to analyze networks and predict risks to the mission associated with these networks. Risk analysis is limited by the mistaken assumption that threat changes slowly - that there is time to recognize new vulnerabilities and new intruders and incorporate this new information into comprehensive threat assessments. In many cases, today's threat assessments also are self-limiting because of a lack of understanding of the driving factors behind security incidents in networks.
03/03/2004
|
|
Page: 12 3 |
