Page 2

 
 
By David Coursey  |  Posted 2004-06-24 Print this article Print
 
 
 
 
 
 
 


Patches, according to Freund, have problems all their own. "Often they are the least-tested software because they have to ship so quickly. Or they can be reverse-engineered to uncover the vulnerability that sparked the patch" allowing the bad guys to quickly target unpatched machines. Guidance Softwares Patzakis said that while traditional defenses are doing a decent job against standard attacks, such as garden-variety viruses and script kiddies, "sophisticated hackers are causing extensive damage and are routinely compromising high-profile targets."
To address this, greater executive awareness and urgency are needed at the highest levels of businesses and government, Patzakis said. This, he warned, may come about through increased regulation as companies are required to show they meet a standard of protection required by future legislation or contract terms.
"From the CIO/CISO standpoint, organizations must be committed to the complete security process," Patzakis said. "On the technology side, this means addressing measures spanning proactive preventative to reactive mitigation/containment. On the human side, people, policies, training and executive awareness are all essential." For more insights from David Coursey, check out his Weblog.

Tooting his own horn a bit, Patzakis said a critical component of the information security equation that has been traditionally neglected is the response and investigation process. "Important developments in computer forensics and incident response technology have made the implementation of an incident response and investigation process far more effective and cost-feasible than they have been until very recently." It was on that note that our conversation ended. I am not sure what I learned, but what I gained was an appreciation for how hard the opposition is working and how much more damage they could actually do. I was also frightened enough to rethink my whole security infrastructure. I dont think Ive dealt with all my vulnerabilities yet, but security is always an ongoing process. One that I hope this column will help you commit (or recommit) to. Check out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, reviews and analysis.

Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page



 
 
 
 
One of technology's most recognized bylines, David Coursey is Special Correspondent for eWeek.com, where he writes a daily Blog (blog.ziffdavis.com/coursey) and twice-weekly column. He is also Editor/Publisher of the Technology Insights newsletter and President of DCC, Inc., a professional services and consulting firm.

Former Executive Editor of ZDNet AnchorDesk, Coursey has also been Executive Producer of a number of industry conferences, including DEMO, Showcase, and Digital Living Room. Coursey's columns have been quoted by both Bill Gates and Steve Jobs and he has appeared on ABC News Nightline, CNN, CBS News, and other broadcasts as an expert on computing and the Internet. He has also written for InfoWorld, USA Today, PC World, Computerworld, and a number of other publications. His Web site is www.coursey.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel