INFORMATION

Site Map - Cybersecurity

Zero-day approaches

- The time between the disclosure of a computer vulnerability that can allow infection by a worm or virus and the release of an exploit that can attack that vulnerability has dropped from 6.4 days to 6.0 days. Meanwhile, the average time between the appearance of a vulnerability and the release of a patch is 54 days. Those statistics, which come from antivirus vendor Symantec’s most recent Internet Security Threat Report, are even more frightening when you consider that 1,862 new vulnerabilities were found in the first half of 2005. @  The Symantec report is available at SM online.

RFID planning

- The Department of Defense (DoD) is using radio frequency ID (RFID) tags throughout its supply-chain operations; by January 2007, all DoD commodities will have these tags. The Government Accountability Office (GAO) reports that the Pentagon has identified many of the challenges it needs to resolve before this can happen but notes that “it has not yet developed a comprehensive strategic management approach” to guide, monitor, and assess implementation. @  Read the full GAO report at SM Online.

Password frustration

- How many passwords do you need to remember? A survey by RSA Security Inc. of 1,700 enterprise technology end users found that 71 percent had as many as 12, and almost one-quarter had more than 15. To keep track of these, the majority of users said that they keep a record on a PDA or a document on their PC; 19 percent keep a note attached to their computer or have another type of paper record in their office. @ More details of the RSA's security survey are at SM online.

A Site to See

- Web-page bookmarks are a great way to keep track of your own frequently traveled Web sites. But how can you find out what sites are most popular with other people? “Social bookmark” sites allow anyone who stumbles across an interesting site to immediately bookmark it and then post it to a central Web site to encourage others to visit it as well. One of the most prominent of these sites is del.icio.us, which posts hundreds of bookmarks each day. Posters can add comments to their bookmarks and categorize them under any number of different tags, including security, software, and hacks, that allow other users to search for new sites in specific categories. The del.icio.us site also provides a location for saving personal bookmarks that can be accessed from any computer so that if you’re on the road and want to visit a bookmarked page but don’t have your regular computer, you can find the links easily nonetheless. Best of all, the site is completely free.Social bookmarking is a great way to find new sites in any category of interest to you, and that makes del.icio.us A Site to See. @ Get there via SM Online.

DOT’s Security Off Track

- When the Zotob worm appeared only days after Microsoft released a patch that would have prevented infection, 700 Department of Transportation (DOT) computers were infected after a contractor connected a laptop to the DOT’s network against the department’s policy. This incident, which is recounted in a report on the department’s IT security by the DOT’s Inspector General (IG), is just one indication that some federal IT professionals are having trouble in meeting the challenges of locking down networks. Here’s another. The IG notes that “about half of all Federal Railroad Administration computers are not subject to routine vulnerability checks because they are being used by employees who telecommute (or travel around the country) for the majority of the year.” As is made clear by the Zotob example, these laptops, “if infected with hostile software, could become conduits for spreading problems to the rest of the networks.” @ The IG’s full report is available at SM Online.

@ Worth a Look

- Each time a laptop is stolen from a public- or private-sector employee, there is a hue and cry about whether it was encrypted or password protected or otherwise had its data secure from prying eyes. These high-tech solutions sometimes overshadow the low-tech equipment that could have prevented the theft in the first place.

New in Plaintext

- True to the title, this book is easy to understand, and the projects are easy to follow. They range from customizing the desktop panel with shortcuts to installing and running new applications. There’s even a chapter on learning to use the dreaded Terminal.

Quick Bytes: Remote problem

- Should a disaster such as a flu pandemic hit the United States, many companies will deploy their work forces remotely so that business can continue without jeopardizing the health and welfare of workers

Security Goes to School

- New rules for the discovery of electronic evidence go into effect this month. Also, a range of laptop locks, and a study of data theft from higher-education institutions.

Discovery Rules of the Digital Age

- New rules for the discovery of electronic evidence go into effect this month. Also, a range of laptop locks, and a study of data theft from higher-education institutions.

Security Goes to School

- A third of higher-education institutions has experienced a data loss or theft—in particular grades and exam questions—in the last year, with nine percent reporting a loss or theft of student personal information, which could affect millions of university students.

A Look at Laptop Theft

- Twenty-nine percent of all stolen laptops are taken from offices, with thefts from cars responsible for another 25 percent of laptop losses, according to survey data from CREDANT Technologies, a security software provider. Some of the 283 executives who responded to the survey noted that office laptops had been stolen despite being locked or even glued to desktops.  

A Site to See

- If you’re interested to know just how much information about your organization is out there on the Web, you might want to start by taking a look at the history of the company’s Web site. You may not realize it, but most Web pages have been saved on the Internet Archive Wayback Machine (which has archived 55 billion pages since 1996), divided by year and month, and in some cases by the day.
 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.