This article can also be found in the Premium Editorial Download "Information Security magazine: Top forensics tools for tracking down cybercriminals."

Download it now to read this article plus other related content.

"Exploits are so pervasive that keeping systems current is more important than ever. It's a challenge because there's always the balance of needing to minimize system downtime," Stanford says. "There's also a lack of real expertise in vulnerability management. It's hard to find and hire staff who has the training and experience to assess systems for secu-rity control effectiveness and manage mitigation efforts."

What's On Tap For 2006??

    Requires Free Membership to View

Threat correlation remains a challenge. Organizations struggle trying to normalize and correlate threat and vulnerability data in order to prioritize risk and remediation. Most processes remain manual, more often than not keeping security managers in the dark as to their exposures.

"When a vulnerability alert comes out, I get information from the lists and newsletters. If it pertains to our organization, I submit call tickets for research," says Justin Francis, a security administrator for a national entertainment retail chain. "The process is there, but it's manual."

Tying it all back to risk, respondents want to have better automation around reporting mechanisms in order to placate not only management, but auditors. Many rely on homegrown reporting applications that produce outputs in spreadsheets and PDFs, or via Crystal Reports.

"Giving management the warm and fuzzies is always important," Kramer says. "Sometimes, varying communications with a common message is needed. You can't tell whether your audience is tactile, visual, or auditory in receptiveness, so you just have to keep trying."

This was first published in December 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: