November 01, 2006 — CSO —
Crime-Stopper Punch List
Electronic crime
CSO's annual e-crime poll, conducted in conjuncÂtion with Carnegie Mellon University's CERT Coordination Center and the U.S. Secret Service, with underwriting by Microsoft, shows some signs of progress this year in the battle against electronic crime. A whopping 69 percent of respondents said they feel their organization is better prepared this year to prevent cybercrime than it was last year, for example. But electronic crime is clearly widespread; 36 percent of this year's respondents say they're still seeing an increase, about the same response as last year.
Sixty-three percent of respondents said operational losses (system downtime, lost productivity) are the most common consequence of e-crime, while 40 percent cited financial losses. Respondents also indicated that while they identify outsiders as the main perpetrators of electronic crime (accounting for 58 percent of the incidents), insiders are a significant risk (27 percent).
The survey also asked respondents about the effectiveness of various security technologies and techniques. The top-scoring answers (see the chart) include some of the usual suspects, such as stateful firewalls, but CISOs will want to look at whichever high-ranked pieces are not part of their current set of basic defenses. For full results of the survey and a related audio interview with officials from CERT, go to www.csoonline.com.
Technologies most commonly rated as "very effective" or "somewhat effective" in detecting and/or countering security events:
Stateful firewalls 87%
Electronic access control systems* 86%
Password complexity 80%
Network-based antivirus 74%
Encryption 74%
Application layer firewalls 73%
Heuristics-based spam filtering 71%
Badging 68%
Network-based policy enforcement 67%
SOURCE: The e-Crime study was conducted by CSO in conjunction with the CERT Coordination Center at Carnegie Mellon University and the U.S. Secret Service, with underwriting by Microsoft. Total response base was 434. Full results and methodology can be found at www.csoonline.com.
Read more about data protection in CSOonline's Data Protection section.
The challenge of true data protection spans databases, internal and external networks, physical and offsite storage, business partners and more. These resources offer expert perspective from the basics through specific key elements of data protection strategies.
Network security basics
Protection, detection, and reaction—those are the three underlying principles your security program must embody
Computer incident detection, response, forensics
Richard Bejtlich shows how to measure and improve the maturity of your incident response
A few good IT security metrics
Stop counting blocked malware attachments and measure things that can contribute to meaningful change
5 key cloud security trends
Cloud security is evolving rapidly—stay on top of it
IT risk assessment frameworks
How to do end-to-end encryption
How to compare and use enterprise antivirus
Also find sample data protection policies in CSO's tools, templates and policies library
- Introduction to VMware vCenter Site Recovery Manager 5
- Introduction to Virtualization
- Preventing Unplanned Downtime with Server Virtualization
- Secure Cloud Infrastructure and Next-Generation Data Centers - An Interactive Panel for Decision Makers
- Gartner Next Generation Network IPS Webcast
- Understand Your Data: The Future of Backup and Archiving
- Overcome Top 7 Admin Challenges of Active Directory
- Insiders Can Ruin Your Company. Take Action.
- Top Solutions and Tools to Prevent Devastating Malware
- X-Ray of the PCI Process-4 Proactive Steps
- Streamline Compliance and Increase ROI
- Beyond SFTP: Five Ways Secure Managed File Transfer Can Improve Your Business
CSO Corporate Partners
- Patch Tuesday preview, February 2012
Microsoft published its Patch Tuesday Preview for February of 2012 a few minutes ago. IT admins can expect nine bulletins to address 21 security vulnerabilities.
It looks like four bulletins will be rated critical while the rest are designated as important.
Affected Microsoft products are:
- M86 report proves water is wet
- Actor, banker, soldier, spy: Suits and Spooks Anti-Conference aims to redefine security
More Salted Hash with Bill Brenner
