Author: admini

The survey found that 725 new software flaws in the third quarter of this year, down slightly from 727 found in the second quarter.

However, the 823 new worms and viruses that appeared between July 1 and September represented a 26 percent increase from the previous three months.

“The window of time between vulnerability disclosure and the release of a working exploit continues to shrink, leaving enterprises with even less time to learn about and prevent attacks,” Chris Rouland, vice president of Internet Security Systems’ vulnerability research team, said in a prepared statement.

Security software maker Symantec also pointed to anecdotal evidence that the time was shrinking between the first public mention of details of a software flaw and the release of code exploiting the flaw.

Three serious Internet attacks–MSBlast, MSBlast.D and SoBig.F–struck in August.

The Computer Emergency Response Team (CERT) Coordination Center’s latest report indicates that the number of flaws that will appear in 2003 is likely to be smaller than in 2002.

That’s a first: Between 1999 and 2002, the number of vulnerabilities recorded by CERT roughly doubled every year.

More info: [url=http://news.com.com/2100-7349_3-5108921.html?tag=nefd_top]http://news.com.com/2100-7349_3-5108921.html?tag=nefd_top[/url] and
[url=http://bvlive01.iss.net/issEn/delivery/prdetail.jsp?oid=23118]http://bvlive01.iss.net/issEn/delivery/prdetail.jsp?oid=23118[/url]

The CEO’s primary responsibility is the strategy and direction of the business.
Security should be a concern but CEOs usually have a dozen other things in line ahead of it.

The paramount issue for the CFO is controlling costs. CFOs are not supporters of visions of robust, feature-rich and flexible architectures. Their reason is simple—they cost too much. The CSO must make the CFO understand that centralization of the security vision and spending will ultimately save money. The CSO must also initiate a Net Security Risk (NSR) exercise to calculate the financial risk of avoiding security spending.

The CIO keeps the business systems up and running. CIOs are already battling with the CFO for system budgets. In the wake of that battle, security is squeezed as a “nice to have.” For the CSO to succeed, the CIO must make it clear to the IT professionals that security is a part of all technology and a critical part of their jobs; failing to take this into consideration will lead to immediate termination.

The CTO establishes the technology direction of the company. The CTO, however, should not be in charge of the daily operational responsibilities of the business and should not be tasked with security operations among other technology decisions.

The COO is the battlefield commander responsible for the day-to-day operations of the company. Security adds an additional step to all other business and operational life cycles and thus requires more time, more people and more money, all of which are not central to the COO’s charter. Now there are personal privacy regulations in financial services and health care that make it a legal obligation to secure online information as well.

The CSO is responsible for physical and technology security. The CSO must then communicate this vision across all departments and business units.

More info: [url=http://techupdate.zdnet.com/techupdate/stories/main/global_1000_companies_should_hire_a_chief_security_officer_by_the_end_of_2005.html?tag=tu.fd.sc.link]http://techupdate.zdnet.com/techupdate/stories/main/global_1000_companies_should_hire_a_chief_security_officer_by_the_end_of_2005.html?tag=tu.fd.sc.link[/url]