Automated port scans, which look for open ports that might be candidates for exploitation, are sometimes likened to a thief rattling doorknobs, looking for one that’s unlocked. New research from the University of Maryland shows that this metaphor might be off base. IT researchers at the school concluded that “port scans did not appear to be a good indicator of a future attack,” and more than half of attacks are not preceded by any kind of scan. @ An experimental evaluation to determine if port scans are precursors to an attack is available through paper
In Information Security Governance Simplified, author Todd Fitzgerald provides an excellent overview on how security managers can create an effective information security program without breaking the bank. He shows the reader how to create a governance program that includes all of the necessary managerial, technical, and operational controls.