Home > Information Security Magazine > Features > Survey: Security Pros Identify Priorities for 2008
EMAIL THIS LICENSING & REPRINTS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Survey: Security Pros Identify Priorities for 2008
by Marcia Savage
Issue: Feb 2008
printer-friendly
licensing & reprints
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   8  |   9  |   10  |   11  |   12  |   13  |   NEXT PAGE  >

(PRIORITIES2008) vulnerability management

Jagged Edge
Patch and pray isn't good enough any more.


Vulnerability management is always a tough task but organizations are intent on getting a better handle on it this year. Forty-four percent of survey respondents say they will be spending more time on the area and 63 percent say correlating threats to vulnerabilities will be important.

Correlation can help organizations facing an array of vulnerabilities, from software flaws to humans susceptible to social engineering, says Marcus Sachs, director of the SANS Internet Storm Center.

"There's no way to patch every vulnerability, so which ones do you go after?" he says. "One good approach is [to look at] which ones the threats are most likely to go after. ...It at least gives some hope, a place to start for some poor system administrator in this sea of vulnerabilities that their bosses told them to fix."

Sachs says many companies rely on some type of threat intelligence service, such as those offered by IBM Internet Security Systems and VeriSign iDefense, for insight into what hackers are doing.

Others have in-house capabilities based on homegrown honeypots and other sensors that can detect and analyze attack trends.

"Security is about risk management. There's no such thing as perfect security," Sachs says. "Just try to manage it to get to some acceptable level of risk that you're willing to live with."

Video Gaming Technologies' senior network engineer Dan Goldberg agrees correlating threats to vulnerabilities is important but says his firm needs more "bedrock in place" before tackling it.

"It's all really part of risk management," he adds. "Risk assessment is going to be high on my priorities for [2008]."

While companies traditionally have focused on protecting their networks from external attackers, many are increasingly concerned about attacks by trusted insiders-- employees, contractors and vendors who have access to corporate networks and data. Seventy percent of survey participants said they're worried about detecting and thwarting internal attacks.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   8  |   9  |   10  |   11  |   12  |   13  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts