Security Management Strategies for the CIOAccess "Tests point out antivirus shortcomings"
This article is part of the January 2009 issue of How to be successful with your security steering committee
Antimalware vendors are loading up-with traditional signature-based detection, heuristic detection, detection based on common attack characteristics and exploits of known vulnerabilities, application controls, host firewall...whew! But how well is all this working? Recent tests from a couple of sources- Virus Bulletin (VB) and Secunia-didn't have all the answers, but the findings were interesting enough to make us wonder, yet again, how effective are these products and how do you test that effectiveness. The annual VB100 certification test-which has been around since 1998- didn't tell us much except that AV vendors can shoot fish in a barrel-in this case, a WildList virus sampling they surely all have signatures for. But other test results, detailed in the October Bulletin, detecting bots and worms, polymorphic viruses and especially Trojans, were more revealing.While all the major vendors scored perfectly on the VB100 test, they missed 5 to 15 percent on the Trojans test. The reason? First, this was a fresh batch of specimens, so the products had to depend ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
CISOs, human resources cooperation vital to security
CISOs work closely with human resources to investigate potential Web or email policy violations by employees, develop security policies and procedures, and plan for disaster recovery.
-
Information security steering committee best practices
Security steering committees bring HR, finance, legal, IT and audit to the same table, helping facilitate the integration of information security into lines of business.
-
Product Review: GoldKey Secure USB Token
The GoldKey Secure USB Token works with Windows and Macintosh operating systems to provide a secure place to stash encryption keys for virtual disks. By keeping encryption keys on a small, removable USB token, GoldKey simplifies the task of locking away important information on laptops and encourages good security behaviors.
-
Product Review: Trend Micro Worry-Free Business Security 5.0
Trend Micro Worry-Free Business Security (WFBS) delivers comprehensive client/server protection for small businesses against a variety of Web threats for Microsoft Windows 2000/XP/Vista, Small Business Server 2003/2008 and Exchange Server.
-
Security services: Mimecast's Unified Email Management
Mimecast offers a multifaceted SaaS package as demand for email services grows and the vendor landscape consolidates.
-
Internal auditors and CISOs mitigate similar risks
Internal audit and information security may often find themselves at odds, but in the end, their respective goals are the same.
-
CISOs, human resources cooperation vital to security
-
-
Implement security and compliance in a risk management context
CFOs live in a world where risk management is the lingua franca. CISOs have to join the conversation.
-
Product Review: Cenzic Hailstorm Enterprise ARC 5.7
Web application security has moved from a niceto- have to a must-have requirement, for data protection and compliance. Cenzic's Hailstorm, which we last reviewed in 2005, reflects the growth in the depth and maturity of Web application vulnerability assessment software.
-
Product Review: Hedgehog Enterprise 2.2
Eight years after the release of Microsoft SQL 2000, we're still looking for help from bolt-on security product vendors to harden and protect critical production database servers. Sentrigo's Hedgehog Enterprise 2.2 is designed to monitor and protect against known and unknown database threats.
-
Rising Profile
Security had the attention of SMB execs; the time for facilitating integration is at hand.
-
Tests point out antivirus shortcomings
Tests suggest antivirus software is somewhat ineffective against today's malware strains.
-
The evolving role of the CIO involves IT and security responsibilities
Technology executives focus on elevating information security in the enterprise.
-
Implement security and compliance in a risk management context
-
Columns
-
Insider threat mitigation and detection: A model for committing fraud
Risk managers should know in order to commit fraud, or any other improper action, an attacker needs access, knowledge/ability and intent.
-
Interview: Protecting data and IT assets in a recession
The Republic First Bank information security officer offers guidance on maintaining a security program in lean economic times.
-
Security steering committee force CISOs to connect with the business
Security steering committees provide a forum for security managers and business leaders to discuss security and privacy issues and explore compliance implications of new projects and technology purchases.
-
State Data Breach Notification Laws: Have They Helped?
There are more than 40 state notification laws, but how have they impacted the security of sensitive data? Our two experts debate the issue.
-
Insider threat mitigation and detection: A model for committing fraud
More Premium Content Accessible For Free
Compliance and risk modeling
E-Zine
You can fight compliance or embrace it, but one way or the other, you can’t escape it. Increasingly, smart organizations are not just accepting ...
Essentials: Threat detection
E-Zine
Antivirus and intrusion prevention aren’t the threat detection stalwarts they used to be. With mobile endpoints and new attack dynamics, enterprises ...
Managing identities in hybrid worlds
E-Zine
The world in which successful IAM programs must be implemented is increasingly complex, a mix of legacy on-premise IAM infrastructures, cloud-based ...