Security

In these days of tightening budgets, management needs quantifiable ROI for all your initiatives. One way you can provide this for a security policy is through the process of risk profiling, in which you determine the probability of a certain kind of attack and weigh it against the potential damage of such an attack. This article offers an introduction to the process.

Right now, somewhere on your network, a piece of software is running that is vulnerable to attack. This vulnerability may be known by many or still undiscovered. How can you hope? This article outlines a systematic approach to break the all-too-familiar "security cycle."

Most security specialists are most worried about attackers on the Internet breaking into a network through high-speed T1 connections. But don't discount war dialing, that old holdover from the days when the modem was everyone's favorite route online. This article covers the basics.

Think your intranet is the only network you need to secure? Think again. Harkening back to the earliest days of hacking and phreaking, attackers are using technical and social means to break into voicemail networks - and are leaving havoc in their wake.

A recent study by the Pew Internet and American Life Project showed that Americans are simultaneously very concerned about their online privacy and largely ignorant of the technical aspects that underpin online privacy issues. This combination means that you're going to make someone mad no matter what privacy policy you come up with. This article will help you avoid at least some of the flack.

American Express's Merchant Services programs offers this guide to creating - and, just as importantly, maintaining - an online privacy policy. It includes details on how to make sure your employees are adhering to the policy you've established, and how to handle any necessary changes. There's also a policy template you can download.

Many businesses have taken steps that seemed like good ideas at the time, only to meet with customer outcry. This article overviews several public and embarassing missteps taken by online companies in regards to their privacy policies. Take a look and learn from the mistakes of others.

Looking to craft a privacy policy for your site? This site covers all the high points that your users will have come to expect. You can use it to walk through the process step by step.

Bookmark this site for quick info on latest virus and worm information. This site provides in-depth and detailed analyses of how specific viruses work, how they infect and what payloads they carry.

A real-time worm watcher - this tool listens on most of the common wormy ports, and checksums whatever tries to open it. Events are reported, synchronized to UTC, as they occur, and graphs are updated every fifteen minutes. The WormCatcher is designed to figure out what port-probing worms are circulating, with what frequency, and what new variants have emerged.

Internet Security Systems Inc. (ISS) reports an increase of 36.6 percent in the amount of security incidents and confirmed attacks in the first quarter of 2003, compared to the last quarter of 2002. New worms and hybrid threats are considered to be the leading driver behind this tremendous jump.

Three keys have emerged that organizations should study to be ready for the next major worm outbreak. These three key undertakings are preparation, planning and early warning. Just as Code Red, Nimda and Slammer surprised us all with their speed and tenacity, the next worm promises to be a bigger, faster and meaner cousin. Since we just never know when the next bad boy is coming to town we might as well get ready for the visit.