This article can also be found in the Premium Editorial Download "Information Security magazine: Top forensics tools for tracking down cybercriminals."
Download it now to read this article plus other related content.
"Exploits are so pervasive that keeping systems current is more important than ever. It's a challenge because there's always the balance of needing to minimize system downtime," Stanford says. "There's also a lack of real expertise in vulnerability management. It's hard to find and hire staff who has the training and experience to assess systems for secu-rity control effectiveness and manage mitigation efforts."
|What's On Tap For 2006??|
"When a vulnerability alert comes out, I get information from the lists and newsletters. If it pertains to our organization, I submit call tickets for research," says Justin Francis, a security administrator for a national entertainment retail chain. "The process is there, but it's manual."
Tying it all back to risk, respondents want to have better automation around reporting mechanisms in order to placate not only management, but auditors. Many rely on homegrown reporting applications that produce outputs in spreadsheets and PDFs, or via Crystal Reports.
"Giving management the warm and fuzzies is always important," Kramer says. "Sometimes, varying communications with a common message is needed. You can't tell whether your audience is tactile, visual, or auditory in receptiveness, so you just have to keep trying."
This was first published in December 2005