Site Map - IT Security

Zero-day approaches

- The time between the disclosure of a computer vulnerability that can allow infection by a worm or virus and the release of an exploit that can attack that vulnerability has dropped from 6.4 days to 6.0 days. Meanwhile, the average time between the appearance of a vulnerability and the release of a patch is 54 days. Those statistics, which come from antivirus vendor Symantec’s most recent Internet Security Threat Report, are even more frightening when you consider that 1,862 new vulnerabilities were found in the first half of 2005. @  The Symantec report is available at SM online.

Password frustration

- How many passwords do you need to remember? A survey by RSA Security Inc. of 1,700 enterprise technology end users found that 71 percent had as many as 12, and almost one-quarter had more than 15. To keep track of these, the majority of users said that they keep a record on a PDA or a document on their PC; 19 percent keep a note attached to their computer or have another type of paper record in their office. @ More details of the RSA's security survey are at SM online.

A Site to See

- Web-page bookmarks are a great way to keep track of your own frequently traveled Web sites. But how can you find out what sites are most popular with other people? “Social bookmark” sites allow anyone who stumbles across an interesting site to immediately bookmark it and then post it to a central Web site to encourage others to visit it as well. One of the most prominent of these sites is, which posts hundreds of bookmarks each day. Posters can add comments to their bookmarks and categorize them under any number of different tags, including security, software, and hacks, that allow other users to search for new sites in specific categories. The site also provides a location for saving personal bookmarks that can be accessed from any computer so that if you’re on the road and want to visit a bookmarked page but don’t have your regular computer, you can find the links easily nonetheless. Best of all, the site is completely free.Social bookmarking is a great way to find new sites in any category of interest to you, and that makes A Site to See. @ Get there via SM Online.

DOT’s Security Off Track

- When the Zotob worm appeared only days after Microsoft released a patch that would have prevented infection, 700 Department of Transportation (DOT) computers were infected after a contractor connected a laptop to the DOT’s network against the department’s policy. This incident, which is recounted in a report on the department’s IT security by the DOT’s Inspector General (IG), is just one indication that some federal IT professionals are having trouble in meeting the challenges of locking down networks. Here’s another. The IG notes that “about half of all Federal Railroad Administration computers are not subject to routine vulnerability checks because they are being used by employees who telecommute (or travel around the country) for the majority of the year.” As is made clear by the Zotob example, these laptops, “if infected with hostile software, could become conduits for spreading problems to the rest of the networks.” @ The IG’s full report is available at SM Online.

Intrusion Prevention Fundamentals: An Introduction to Network Attack Mitigation with IPS

- The principal benefit of the book might be its good organization. Intrusion prevention is introduced in the first part, followed by an explanation of the two levels of intrusion prevention in Part Two. The final part of the book is devoted to sample deployment solutions.

Discovery Rules of the Digital Age

- New rules for the discovery of electronic evidence go into effect this month. Also, a range of laptop locks, and a study of data theft from higher-education institutions.


- The bill would have prohibited intentionally copying a program onto a computer to commit a crime or to obtain or transmit personal information with the intent to defraud or injure another person or to cause damage to another’s computer.

Security Controls

- Computer security in government needs help, and NIST has stepped up to the plate with Recommended Security Controls for Federal Information Systems.

Quick Bytes: Educating home users

- It’s commonplace for workers to use home computers to connect to corporate networks, but it’s no secret that these computers are an easy target for attackers, thus jeopardizing corporate networks as well. Stepping in to help is the National Institute of Standards and Technology (NIST), which has released a series of recommendations aimed at users of Windows XP Home Edition.

Financial Services Firms Under Siege

- The malicious side of social networking, financial firms under siege, and a new roadmap for security convergence.

Antisocial Networking Sites

- The malicious side of social networking, financial firms under siege, and a new roadmap for security convergence.

Antisocial Networking Sites

- The next time you visit a Web site on which users contribute much of the content—say, social networking sites like Myspace or photo-sharing sites like Flickr—be aware that some of the content other users are contributing may be malicious.

Top 10 Performing Security Stocks for July 2006

- Top 10 Performing Security Stocks for July 2006

Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.