- +
Your World. . . Hacked 02 October, 2007 10:51:23
As your business becomes more collaborative and global, the risks to your company’s trade secrets rise proportionally. Fortunately, there are new strategies to protect the data that allows you to competeThe call to Bob Bailey, an IT executive with a major US government contractor, came on an otherwise ordinary day in October 2003. "Why are you attacking us?" demanded the caller, an IT leader with a Silicon Valley manufacturer. He wanted to know why Bailey's company had launched a denial-of-service attack against his network - +
Ticked Off at Tick the Box Mentality 04 February, 2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Choices in Storage Architecture for Oracle Environments
The IP Storage payoff: Turning your investment into efficient, affordable results
How to Beef Up Your Sales Pipeline
Understanding Email Marketing: A Guide for SMBs
Enterprise Wireless WLAN Security
A Guide to Next-Generation Backup, Recovery and Archive
The CIO Executive Council Guide to Success
Radicati Market Quadrant 2008 on Corporate Web Security
Newsletter Subscription
Microsoft's impending announcement at Black Hat on the 7th of this month, titled "Secure the Planet! New Strategic Initiatives from Microsoft to Rock Your World", being delivered by some of the best security names inside Microsoft, has already gained the attention of many in the wider community.
On the surface, Microsoft's described goal, to share vulnerability data with trusted third parties ahead of the expected patch release, is an admirable one. To have the top Information Security companies working to have comparable patches or software updates available for their protective tool suites at the same time as Microsoft releases their core updates means that end users will have a better chance at being protected than if they just ignored the nagging Windows Update and didn't install the patch upon release. That is, assuming that they have one of the participating vendors' tools in use.
Where this will be useful is in the major corporate environment, where system patches, including critical updates, may be delayed by days, weeks, or even months, in order for IT staff to properly carry out regression testing against software, systems and networks in use within the corporate environment. Because more than one patch in the past has been known to break key functionality, most recently the DNS patch broke network access for Zone Alarm users, it would be negligent for administrators not to carry out a thorough period of testing. In these environments, an updated antivirus definitions file is more likely to be rolled out before a system update that arrived at the same time (although they, too, can lead to major system outages).
The goal is to risk manage the window between patch release and widespread exploit attempts and this plan should go a long way to achieving this particular aim, especially with companies such as IBM, Juniper Networks, and 3Com's TippingPoint as part of the program (though TippingPoint has its own early vulnerability sale service, so it will be interesting to see how they incorporate the privileged knowledge being given by Microsoft).
As with everything security, there is another side to consider.
Firstly, companies that develop their own exploits to allow their clients to test against them, such as Core Security and Immunity Inc, are not going to be able to join this program. Even though the rationale for not allowing them access is clearly laid out, it is still going to lead to some unhappy people in the industry.
Probably the biggest hole in the concept is that it only addresses vulnerabilities which have not already been shared openly, or even privately, before being reported to Microsoft. It is not going to do anything for the vulnerabilities that have been discovered in the wild, such as Word vulnerabilities used to penetrate government organisations and companies.
Since responsible disclosure has become a widely accepted method for releasing vulnerability information, the general security picture is going to improve as a result of this approach. However, it would be remiss to ignore the fact that the most risky release environment (exploit well before Microsoft is able to patch) will not be influenced by this program.
What else Microsoft is planning to release we won't know until the presentation takes place later this week.
2008 CIO Summit
19th August, 2008 Four Seasons Hotel, Sydney Developed in partnership with CIO Magazine, IDC, INTEP and the CIO Executive Council.
The world of the CIO is extremely complex and diverse. Multiple priorities demand attention and decisions are needed instantly. Individual teams need to be driven towards common goals, and businesses strive to become more mobile, agile and responsive. For CIOs, the challenge never ends.
Every year the CIO Summit identifies what is top of mind for CIOs across Australia and New Zealand, and offers insight for CIO benchmarking and vendor strategic planning alike.
Recent IDC research shows that over 59% of CIO's believe that 'to achieve their business strategies, technology should be used more aggressively than today.'
Join us on August 19th to discover how this is possible with the latest technologies including Virtualisation, Web 2.0, IP Surveillance and Software as a Service (Saas).
Click here for more information.
Please email Denyse_Robertson@idg.com.au for further information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
US Terror threat system crippled by technical flaws 28 August, 2008 09:53:00
US Congress charges that US$500m project to prevent another 9/11 is a complete failure.A US House subcommittee is charging that a US$500 million IT project intended to "connect the dots" on terrorists and help prevent another 9/11 is a failure; it can't even handle basic Boolean search terms, such as "and, or and not." - +
Malware infects space station laptops 28 August, 2008 08:15:00
Not the first time, says NASA; astronauts load up Norton AntiVirusMalware has managed to get off the planet and onto the International Space Station, NASA confirmed yesterday. And it's not the first time that a worm or virus has stowed away on a trip into orbit. - +
Separation of duties and IT security 28 August, 2008 09:40:00
Muddied responsibilities create unwanted risk. Kevin Coleman says auditors may start labeling poorly defined IT duties as a material deficiency.Separation of duties is a key concept of internal controls and is the most difficult and sometimes the most costly one to achieve. This objective is achieved by disseminating the tasks and associated privileges for a specific security process among multiple people. - +
How to recruit and retain the best young security employees 27 August, 2008 08:32:00
Today's youngest generation of workers, known as Generation Y, have different career goals than their parents did. What do you need to know to get them to work for you?The final installment in a series of articles about generational differences and security. Part one looked at managing workers in different age groups. Part two examined the types of security concerns that are most commonly associated with different generations in the general workforce. This article provides recruiting and retention advice for security employees. - +
Best Western downplays data breach 27 August, 2008 08:06:00
Breach compromised a dozen records, not 8 million, hotel insistsBest Western International Monday acknowledged it suffered a data breach that exposed sensitive customer information at a European hotel, but strongly disputes claims that an attacker gained access to 8 million customer records with credit-card numbers. Best Western insists no more than a dozen customer records were compromised.
Mimosa Launching Cutting Edge Networking Products at TechEd 28 August, 2008 11:16:00
StorageCraft builds team to handle run of success 28 August, 2008 11:01:00
Global SAP Consultancy invests in Canberra 28 August, 2008 07:45:00
Jim2® empowers Australian manufacturers to expand in domestic and international markets 27 August, 2008 11:43:00
Availability and Energy Efficiency Top Data Centre Issues In Asia – Survey 27 August, 2008 11:00:00
|
||
|
||
|
|
||
|
The CIO Executive Council Guide to Success
The CIO Executive Council discusses how to be the best CIO you can be. Download this 16-page strategy guide to discover how to sharpen your commercial instincts, engage business executives and much more.
Subscribe to CIO
