Vulnerability Risk Assessment

MUST READ Can threat modeling help enterprises? EXPERT ANSWER - Is threat modeling a useful defense mechanism? Is it really possible to think like an attacker? Five ways to simplify the vulnerability management lifecycle TIP - Learn how to quickly and accurately quantify your exposure, communicate that exposure and deploy resources to remediate.

VIDEO: 1 - 3 of 4

	Vulnerability mitigation study shows need for faster patching SearchSecurity.com | 10 Aug 2009 VIDEO - Qualys CTO Wolfgang Kandek says vendors and administrators need to find ways to speed up the patching cycle.

	Newest malware threats SearchSecurity.com | 15 Jul 2009 VIDEO - What are the newest threats to enterprise networks, and how can you subvert these emerging security threats? Greg Hoglund, CEO of HBGary and creator of the first rootkit, answers these questions.

	PCI compliance requirement 6: Systems and applications SearchSecurity.com | 01 Jun 2009 VIDEO - Diana Kelley and Ed Moyle of Security Curve review PCI compliance requirement 6: "Develop and maintain secure systems and applications."

	VIEW ALL VIDEO ON VULNERABILITY RISK ASSESSMENT

NEWS: 1 - 3 of 58

	Patch management study shows IT taking significant risks SearchSecurity.com | 08.13.2009 OPINION - IT pros need to take patch management processes seriously and more dilligently understand the plethora of applications being used by end users.

	Trusteer CEO criticizes Adobe, touts better patch deployments SearchSecurity.com | 13 Aug 2009 ARTICLE - Despite critical Flash and Adobe Reader updates July 30, only a fraction of Adobe users have installed them, Trusteer says. Trusteer's CEO urges better patching mechanisms.

	Microsoft to issue security report card, new tool at Black Hat SearchSecurity.com | 27 Jul 2009 ARTICLE - In addition to updating the public on its new security programs, the software giant is issuing a guide outlining its patching process and how to assess vulnerability data.

	VIEW ALL NEWS ON VULNERABILITY RISK ASSESSMENT

EXPERT TECHNICAL ADVICE: 1 - 3 of 48

VULNERABILITY RISK ASSESSMENT EXPERTS
			Michael Cobb, featured expert Founder and Managing Director, Cobweb Applications Ltd. ASK A QUESTION

	What patch management metrics does Project Quant use? 29 Nov 2009 EXPERT ANSWER - In this Q&A, expert Michael Cobb reviews the open patch management metrics model called Project Quant.

	Screencast: How to launch an OpenVAS scan 27 Oct 2009 TIP - In this screencast, Peter Giannoulis demonstrates the OpenVAS Linux/Unix-based assessment and penetration testing tool.

	Are Web application penetration tests still important? 05 Jun 2009 EXPERT ANSWER - Web application penetration tests continue to be an important part of the secure software development lifecycle process in order to reduce the number and severity of security-related design and coding errors.

	VIEW ALL EXPERT TECHNICAL ADVICE ON VULNERABILITY RISK ASSESSMENT

REFERENCE & LEARNING: 1 - 3 of 10

	Information security book excerpts and reviews SearchSecurity.com | 07 Dec 2009 INFORMATION SECURITY BOOKSHELF - Visit the Information Security Bookshelf for book reviews and free chapter downloads.

	CISSP Essentials training: Domain 10, Operations Security SearchSecurity.com | 12 Sep 2008 SECURITY SCHOOL - Prepare for the final segment of the CISSP exam by learning about operations security.

	Spotlight article: Domain 10, Operations Security SearchSecurity.com | 12 Sep 2008 SECURITY SCHOOL - Get a detailed introduction to CISSP exam Domain 10, Operations Security.

	VIEW ALL REFERENCE & LEARNING ON VULNERABILITY RISK ASSESSMENT

MAGAZINE CONTENT (free subscription required): 1 - 3 of 18

	The Pipe Dream of No More Free Bugs Information Security Magazine | 07 May 2009 COLUMNS - Security researchers have declared they want vendors to compensate them for their independent search for vulnerabilities.

	Security services: Fiberlink's MaaS360 Mobility Platform Information Security Magazine | 28 Nov 2008 HOT PICK & PRODUCT REVIEWS - The MaaS360 Mobility Platform service handles remote device updates, such as OS patches.

	Product Review: Shavlik's NetChk Compliance Information Security Magazine | 28 Nov 2008 HOT PICK & PRODUCT REVIEWS - Shavlik's NetChk Compliance automates compliance and provides control by actively managing system and security settings and allows the IT manager to identify and mitigate risks.

	VIEW ALL MAGAZINE CONTENT ON VULNERABILITY RISK ASSESSMENT

WEBCASTS: 1 - 2 of 2

	Comprehensive threat management: Helping you navigate the data security quagmire - Vendor Webcast VIEW WEBCAST PREMIERED:   27 APR 2006, 14:00 EDT (18:00, GMT) SUMMARY:   Outside attacks continue to threaten your network and drain valuable company resources. This webcast examines how you can protect your network from cyber attacks with an approach that anticipates known and unknown threats.

Solving the Internal Threat - Vendor Webcast VIEW WEBCAST PREMIERED:   17 NOV 2005, 14:00 EST (19:00, GMT) SUMMARY:   Established information security vendors avoid claims of protecting companies from the internal or insider security threat. In today's high-tech world, organizations need a new approach to internal IT security which enables them to detect when their IT infrastructure, enterprise data, corporate policy and government regulations have been compromised. Discover new security solutions in this webcast.

	VIEW ALL WEBCASTS ON VULNERABILITY RISK ASSESSMENT

WHITE PAPERS

The Security Paradox: The First Global Study that Quantifies the Cost of Reactive Versus Proactive Security in a Midsize Organization Published by: McAfee, Inc. | 08 Dec 2009 WHITE PAPER - Medium organizations around the globe are increasingly concerned about cyberthreats, and the rising number of incidents shared publicly certainly justifies their worries. At the same time, most organizations have frozen or cut their IT security budgets. Threats up, budgets down. This is what we call the “security paradox.” Read on to learn more.

Pocket E-Guide-- Alternative Antimalware Testing: Step-by-Step Guide from Joel Snyder Published by: ESET | 25 Nov 2009 EGUIDE - Read this E-Guide to learn about an alternative to traditional antimalware testing, using your perimeter network security tools. Snyder lays out a step-by-step guide to validate your own malware including where to find sample test viruses, equipment needed, and the channels to test.

eGuide: Information Security - Buyer's Guide to Messaging Security Published by: Proofpoint, Inc. | 20 Nov 2009 EGUIDE - Protecting messaging services is an important part of any business messaging strategy. Vulnerabilities abound when you allow messaging traffic for delivery over the Internet. The scope of this guide will focus on email security although many of these concepts will also apply to other types of messaging.

	VIEW ALL WHITE PAPERS IN THIS TOPIC

DEFINITIONS: 1 - 1 of 1

	gray hat 01 Jun 2001 WORD - Gray hat describes a cracker (or, if you prefer, hacker) who exploits a security weakness in a computer system or product in order to bring the weakness to the attention of the owners. Unlike a black hat, a gray hat acts ...

	VIEW ALL DEFINITIONS ON VULNERABILITY RISK ASSESSMENT

	SEE ALSO - Topics Related to Vulnerability Risk Assessment:  Configuration Management Planning, Security Testing and Ethical Hacking, Security Patch Management