AN EMPIRICAL ANALYSIS OF VULNERABILITY DISCLOSURE POLICIES. Research in Progress Submission to WISE 2010 Total Word Count: 3409

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "AN EMPIRICAL ANALYSIS OF VULNERABILITY DISCLOSURE POLICIES. Research in Progress Submission to WISE 2010 Total Word Count: 3409"

Transcription

1 AN EMPIRICAL ANALYSIS OF VULNERABILITY DISCLOSURE POLICIES Research in Progress Submission to WISE 2010 Total Word Count: 3409 Sabyasachi Mitra College of Management Georgia Institute of Technology Atlanta, Georgia Sam Ransbotham Carroll School of Management Boston College Chestnut Hill, Massachusetts September 2010

2 INTRODUCTION The importance of information security in the current business environment can hardly be overstated. Recent research indicates that security concerns are major impediments to the widespread adoption of electronic commerce and that equity markets penalize the announcement of software vulnerabilities (Telang and Wattal 2007). Furthermore, recent legislation such as Sarbanes-Oxley mandate penalties for inadequate security. Clearly, information security is no longer a purely technical issue and effective economic frameworks and incentives are becoming as important as technical design in protecting systems (Anderson and Moore 2006, p. 610). Attackers often compromise computer systems by exploiting vulnerabilities present in the software running on these systems (Cavusoglu et al. 2007, Cavusoglu et al. 2008). The impact of a software vulnerability depends on whether the software vendor and security professionals have the opportunity to eliminate the vulnerability or otherwise protect systems before they are attacked. Consequently, the discovery and disclosure process for vulnerabilities plays a vital role in information security. There is considerable debate on the design of effective disclosure processes that advantage security professionals and disadvantage attackers, but there is no consensus on the optimal design. When a vulnerability is discovered by attackers, they either exploit the vulnerability or sell the vulnerability to other attackers on the black market. In both cases, the vulnerability is first exploited before it is observed in the wild by security professionals. On the other hand, there are two primary methods that security professionals use to disclose vulnerabilities. First, security professionals may choose Immediate Disclosure they publicly disclose the vulnerability immediately through security mailing lists such as Bugtraq. When disclosed through immediate disclosure, the vulnerability information is immediately disseminated to a wide audience of security professionals who can install countermeasures, to vendors who can develop patches, as well as to potential attackers who can exploit the information to their advantage. Second, security professionals may choose Non-public Disclosure they report the vulnerability to organizations like CERT (Computer Emergency Response Team). CERT, for example, immediately notifies the software vendor and discloses the vulnerability to the public when a patch is available from the vendor, or after a specific period (typically 45 days after notifying the vendor). In non-public disclosure, security service providers and potential attackers receive notification at the time of public disclosure, while vendors are notified in advance. A current and significant debate in the security industry revolves around the benefits and drawbacks of immediate disclosure. The dominant viewpoint, termed as Responsible Disclosure, encourages disclosure through CERT and other similar mechanisms that provide a reasonable time for the vendor to develop patches. The basic motivation behind responsible disclosure, which is supported by many software companies, security vendors and security organizations such as CERT, is that the alternative immediate disclosure creates an unsafe period when the vulnerability may be exploited before the patch is developed and deployed. Proponents of responsible disclosure therefore argue that responsible disclosure will lead to lower attack volume, more protected systems, and a safer security environment. On the other hand, immediate disclosure is often motivated by the need to force unresponsive vendors to address a vulnerability and to create incentives for developing secure software (Arora et al. 2006, Arora et al. 2008). Proponents argue that immediate disclosure will lead to more responsive software vendors and more alert security service providers, and consequently a safer information security environment. In this paper, we shed light on this overall debate through a large-scale empirical study that compares vulnerabilities disclosed through the immediate disclosure and non-public disclosure mechanisms. Specifically, we gauge the impact of immediate disclosure by analyzing over 2.4 billion information security alerts for 960 clients of an US based security service provider. We examine two measures of impact: (a) attack diffusion does immediate disclosure accelerate the diffusion of attacks corresponding to the vulnerability through the population of target systems and increase the number of affected systems, and (b) attack volume does immediate disclosure increase the volume of attacks that are based on the 1

3 vulnerability? Diffusion speed is important because it allows vendors to release a patch and for security service providers to protect systems before they are attacked, while attack volume measures of the amount of malicious activity (Park et al. 2007). There are two primary contributions of our research to the literature on optimal policies and methods to ensure the security of information systems. First, while several analytical models in the literature examine optimal vulnerability disclosure and patching policies (Arora et al. 2006, Arora et al. 2008, August and Tunca 2006, August and Tunca 2008, Cavusoglu, et al. 2007), this research is one of a few that empirically evaluates a contemporary vulnerability disclosure phenomenon through the examination of intrusion detection system (IDS) data, providing needed diversity in research methods. Second, while economic models based on rational choice form the basis of the published research in this area (Arora et al. 2008, Cavusoglu et al. 2007, Kannan and Telang 2005), we develop our hypotheses through a review of the innovation diffusion literature (Rogers 2003), providing additional diversity in the theoretical lenses used to study the phenomenon. Finally, we empirically evaluate a research question that is of significant practical importance whether immediate disclosure has a detrimental effect on security. We believe that our findings are of significant practical interest to policy makers and vendors. MODELING THE DIFFUSION OF ATTACKS We model the diffusion of attacks through the population of target systems through the familiar s- curve that has been extensively used to model the diffusion of innovations in the literature (Rogers 2003). Let N(t) be the cumulative number of target systems affected at time t where t is measured from the time the vulnerability is disclosed. Let P be the height of the s-curve, or the maximum number of target systems in the population affected by the vulnerability (referred to as penetration of the diffusion process). D is the time when P/2 systems are affected by the vulnerability (the s-curve reaches half of its ultimate penetration level) and captures the delay associated with the diffusion process. R is the slope of the s-curve which is dependent on factors such as the type of vulnerability, complexity of developing exploits, and the impact of the vulnerability on systems. N(t) is modeled using the following familiar form of the s-curve. (1) IMMEDIATE DISCLOSURE: A CONTRARIAN VIEW The dominant view in the information security community is that immediate disclosure will lead to a less secure environment because public disclosure of the vulnerability can lead to systems being attacked before the vendor provides a patch. We provide a contrarian view of immediate disclosure that focuses on the role of security service providers and the race between attackers who exploit vulnerabilities and security service providers who install countermeasures. When a patch is not available or installed, specific countermeasures can provide partial protection against attacks. For example, Ransbotham and Mitra (2009) describe three types of countermeasures in systems that limit the impact of a vulnerability: (a) access control methods that limit access to the affected software to specific groups, (b) feature control methods that disable functionality and features in the affected software and devices, and (c) traffic control methods that filter suspicious traffic based on signature based attack detection. Countermeasures are easier to implement than patches, but they provide temporary and imperfect protection until the core vulnerability is removed through patching or a software upgrade. Our basic argument is that immediate disclosure induces a race between attackers who attack systems and security service providers who develop and install countermeasures to protect systems. This race, which is similar in concept to a patent race in the economics literature (Denicolo 2000), accelerates the diffusion process of attacks because attackers are aware of the vulnerability at the time of disclosure. However, like in a patent race, this race also raises urgency among security service providers and 2

4 accelerates the development and deployment of countermeasures. Consequently, the time window for successful exploitation by attackers is small until countermeasures are installed, and the vulnerability has a short life span. This leads to a lower penetration level of attacks among the population of target systems since many target systems have countermeasures installed and the population of vulnerable systems rapidly decreases. The short life span of the vulnerability and its lower penetration levels among target systems reduce the overall volume of attacks as attackers divert their attention to more profitable opportunities. This forms the basis of the following three primary hypotheses: H1: The diffusion of attacks through the population of target systems will have less delay for vulnerabilities reported through immediate disclosure than through non-public disclosure. H2: The diffusion of attacks through the population of target systems will have reduced penetration for vulnerabilities reported through immediate disclosure than through non-public disclosure. H3: The volume of attacks will be lower for vulnerabilities reported through immediate disclosure than through non-public disclosure. DATA Our primary data source is a proprietary database of alerts generated from intrusion detection systems (IDS) installed in client firms of a security service provider. Each time the IDS detects a signature in an incoming data stream, it generates an alert for further analysis. The dataset provides a unique research opportunity because it contains real alert data (as opposed to data from a research setting) from a large number of clients with varied infrastructure across many industries. The alert database contained over four hundred million alerts generated during 2006 and Our analysis is based on a panel dataset of the number of alerts generated every day during the two-year period of our analysis, summarized by target firm and specific vulnerability. Our second main data source is the National Vulnerabilities Database (NVD 2008) that combines several other public vulnerability data sources such as CERT, Bugtraq, XForce and Secunia. We believe that ours is the first study that combines the NVD data with actual intrusion detection data from a large number of firms to empirically evaluate a contemporary information security issue. We match the signatures for each unique vulnerability in our intrusion alert database with detailed information available through the NVD. The matching is done through a CERT assigned unique ID that links our two databases together. It is important for our analysis that we insure that the effects we see are due to immediate disclosure and not due to characteristics of the vulnerability itself. Thus, we use the following variables from the NVD data as controls in our empirical analysis. Once the attacker has access, vulnerabilities require varying degrees of complexity to exploit and are categorized by experts as Low or High Complexity. We also include an indicator variable (Sig) that is set to 1 if a signature was available at the time that the vulnerability was disclosed, 0 otherwise. Because disclosure through Bugtraq is immediate, we include an additional variable (Immediate) to capture the effects of immediate disclosure. The impact of a vulnerability is categorized by experts into one or more categories, and we use an indicator variable for each impact category that is set to 1 if the potential for the specific impact is present, 0 otherwise. The NVD classifies vulnerabilities into seven different types based on the specific software flaw that the vulnerability represents, and we used indicator variables to control for vulnerability type. We also include an indicator variable (Patch) that is set to 1 if a patch was available on the focal day of analysis, 0 otherwise. We also include the Age of the vulnerability (log transformed) at the time of our analysis, measured as the number of days since the vulnerability was reported. RESULTS To evaluate H1 and H2, we estimate equation (1) through non-linear least squares estimation of parameters. In (1), the variables P, R and D are allowed to vary as a function of focal (Immediate) and other control variables. The results are reported in Table 1. Based on the estimated parameters, we find 3

5 that immediate disclosure reduces delay (D) of diffusion (accelerates the diffusion process) and decreases penetration (P) of attacks based on the vulnerability. Thus, we find support for H1 and H2. The results from our evaluation of H3 are reported in Table 2. The dependent variable is the number of attacks (log transformed) on a specific date for a specific client and for a specific vulnerability. Table 2 reports results from a two-stage Heckman selection model that incorporates selection bias in the data since many vulnerabilities in the NVD data are never exploited in our sample. The coefficient of the Immediate variable is negative and significant, indicating that immediate disclosure reduces the volume of attacks. Thus, we find support for H3. Interestingly, we also find that public availability of an attack signature increases penetration of attacks and increases the number of attacks, indicating that the signature contains information that the attacker can utilize to build tools and exploit the vulnerability. Contrary to expectations, the public availability of a signature also increases the delay associated with the attack diffusion process and more research is needed to understand the reasons behind this coefficient estimate. Some of the other variables in the models also provide interesting insights. For example, vulnerabilities that require complex execution methods (e.g. social engineering) have delayed diffusion processes and lower attack volumes. SUMMARY AND IMPLICATIONS Contrary to the dominant view in the security industry and the practitioner literature, we find that immediate disclosure of vulnerabilities reduces delay in the attack diffusion process (as expected), but also reduces penetration of attacks in the population of target systems and reduces the volume of attacks. Our results can be explained by viewing the attack process as a race between attackers who attack systems and security service providers who develop countermeasures, similar to a patent race that has been examined in the economics literature (Denicolo 2000). This race accelerates the attack diffusion process, but also increases awareness, forces security service providers to be more vigilant, accelerates the deployment of countermeasures, and reduces the window of opportunity for attackers before countermeasures are installed. Our results have two important implications for policy makers, security organizations such as CERT, and software vendors. First, limited public disclosure of vulnerability information can combine the benefits of non-public and immediate disclosure to skew the race towards securing systems. For example, organizations such as CERT can immediately disclose the vulnerability to security service providers (as well as the software vendor) so that they can develop countermeasures to protect systems until a patch is made available by the software vendor. This will provide an advantage to security service providers in the attack and countermeasures race without publicly disclosing the signature and other attack details. This limited disclosure to security service providers is particularly important since our results indicate that public disclosure of signatures increases attack penetration and attack volume. Second, while immediate disclosure causes security service providers to be more vigilant and limits the penetration level and volume of attacks based on the vulnerability, it is possible (and perhaps even likely) that the effect on those who are not protected through such services is in the opposite direction as attackers focus their attention on such targets in the absence of others. Also, a similar diversion-based argument applies to vulnerabilities not disclosed through immediate disclosure. In general, the attack and countermeasures race for immediate disclosure vulnerabilities may cause security service providers to focus less on other (perhaps more critical) vulnerabilities. Overall, our analysis and results indicate that the effects of different disclosure methods are complex and nuanced, and represent a fruitful area of further research with important practical implications. FUTURE RESEARCH We intend to provide a more complete analysis of the effect of immediate disclosure through additional empirical evaluation. We envision two immediate directions for further analysis: (a) is 4

6 immediate disclosure and the consequent race more effective for certain types of vulnerabilities, and (b) is there a diversionary and negative effect of immediate disclosure and the consequent race on other vulnerabilities? Both of the above analyses can be performed through the intrusion detection data available to us such as by interacting the Immediate variable with other focal and control variables, and evaluating changes in attack volume of other vulnerabilities subsequent to the date of immediate disclosure of the focal vulnerabilities examined here. In addition to the above, the intrusion detection data can be used to empirically evaluate the findings of various analytical models in this area. For example, Ransbotham et al. (2008) evaluates the impact of disclosure through market based mechanisms such as idefense and Tipping Point (Kannan and Telang 2005). The data set can be used to evaluate the antecedents of attacks for a firm (Ransbotham and Mitra 2009), or whether different patching policies affect the number of attacks (August and Tunca 2008). Additionally, the data set can be used to evaluate the impact of social, political and other events on attack activity. Space limitations do not allow us to describe many of our findings here. In summary, linking the intrusion detection data with the NVD database provides a rich data source to evaluate various information security related debates of significant practical importance. Anderson, R., T. Moore The Economics of Information Security. Science. 314(5799) Arora, A., J.P. Caulkins, R. Telang Sell First, Fix Later: Impact of Patching on Software Quality. Management Science. 52(3) Arora, A., R. Telang, X. Hao Optimal Policy for Software Vulnerability Disclosure. Management Science. 54(4) August, T., T.I. Tunca Network Software Security and User Incentives. Management Science. 52(11) August, T., T.I. Tunca Let the Pirates Patch? An Economic Analysis of Software Security Patch Restrictions. Information Systems Research. 19(1) Cavusoglu, H., H. Cavusoglu, S. Raghunathan Efficiency of Vulnerability Disclosure Mechanisms to Disseminate Vulnerability Knowledge. IEEE Transactions on Software Engineering. 33(3) Cavusoglu, H., H. Cavusoglu, J. Zhang Security Patch Management: Share the Burden or Share the Damage? Management Science. 54(4) Denicolo, V Two-Stage Patent Races and Patent Policy. RAND Journal of Economics. 31(3) Kannan, K., R. Telang Market for Software Vulnerabilities? Think Again. Management Science. 51(5) Nvd National Vulnerability Database. Park, I., R. Sharman, H.R. Rao, S. Upadhyaya Short Term and Total Life Impact Analysis of Worms in Computer Systems Decision Support Systems Ransbotham, S., S. Mitra Choice and Chance: A Conceptual Model of Paths to Information Security Compromise. Information Systems Research. 20(1) Ransbotham, S., S. Mitra, J. Ramsey Are Markets for Vulnerabilities Effective? Proceedings of the Twenty-ninth International Conference on Information Systems Rogers, E.M Diffusion of Innovations. The Free Press, New York, NY. Telang, R., S. Wattal An Empirical Analysis of the Impact of Software Vulnerability Announcements on Firm Stock Price. IEEE Transactions on Software Engineering. 33(8)

7 TABLE 1: Diffusion Analysis of Attacks Based on Immediate and Non-Public Disclosure P (Penetration) R (Rate) D (Delay) Constant (3.5941)*** (0.0008)*** (0.2565)*** Patch Available (0.9488) (0.0003)* (0.0915)*** High Complexity (1.2958)*** (0.0004)*** (0.0928)*** Signature Available (3.4006)*** (0.0014)*** (0.1442)*** Immediate (0.9367)*** (0.0003)*** (0.0942)*** Impact Indicators Included Included Included Type Indicators Included Included Included No. of Observations 132,768 Adjusted R % 132,768 daily observations of 333 vulnerabilities from Robust standard errors in parentheses; 2 tailed significance: * p<.05; ** p<.01; *** p<.001 Nonlinear regression on number of firms affected, where the cumulative penetration (P), the rate of diffusion (R) and delay (D) are linear functions of the variables shown in the table. TABLE 2: Volume of Alerts per Client Firm per Vulnerability Number of Alerts (log) Model 0 (Controls) Model 1 (Full Model) Constant (0.101)*** (0.101)*** Age of Vulnerability (ln) (0.002)*** (0.002)*** Patch Available (0.002)*** (0.003)*** High Complexity (0.003)*** Signature Available (0.003)*** Immediate (0.002)*** Vulnerability Impact Indicators Indicators Vulnerability Type Indicators Indicators Alert Month Indicators Indicators Selection Stage Constant (0.008)** (0.008)*** Patch Available (0.003)*** (0.003)*** High Complexity (0.004)*** Signature Available (0.004)*** Immediate (0.003)*** Vulnerability Impact Indicators Indicators Vulnerability Type Indicators Indicators Publication Month Indicators Indicators Wald X 2 (x10 6 ) 1.20*** 1.18*** Heckman two stage regression; n = 1,302,931; 709,090 uncensored; 333 vulnerabilities; standard errors in parenthesis. Two-tailed significance: * (p<0.05); ** (p<0.01); *** (p<0.001) 6

An Empirical Analysis of Exploitation Attempts based on Vulnerabilities in Open Source Software

An Empirical Analysis of Exploitation Attempts based on Vulnerabilities in Open Source Software WORKSHOP ON THE ECONOMICS OF INFORMATION SECURITY June 2010 An Empirical Analysis of Exploitation Attempts based on Vulnerabilities in Open Source Software Sam Ransbotham Carroll School of Management,

More information

Data Driven Assessment of Cyber Risk:

Data Driven Assessment of Cyber Risk: Data Driven Assessment of Cyber Risk: Challenges in Assessing and Mitigating Cyber Risk Mustaque Ahamad, Saby Mitra and Paul Royal Georgia Tech InformationSecurity Center Georgia Tech Research Institute

More information

Virtual Patching: a Compelling Cost Savings Strategy

Virtual Patching: a Compelling Cost Savings Strategy Virtual Patching: a Compelling Cost Savings Strategy An Ogren Group Special Report November 2010 Executive Summary IT patch processes are at a critical crossroads. Exploits appear in the wild only a day

More information

Security Vulnerabilities and Patches Explained IT Security Bulletin for the Government of Canada

Security Vulnerabilities and Patches Explained IT Security Bulletin for the Government of Canada Security Vulnerabilities and Patches Explained IT Security Bulletin for the Government of Canada ITSB-96 Last Updated: March 2015 1 Introduction Patching operating systems and applications is one of the

More information

An Empirical Analysis of Software Vendors Patching Behavior: Impact of Vulnerability Disclosure 1

An Empirical Analysis of Software Vendors Patching Behavior: Impact of Vulnerability Disclosure 1 An Empirical Analysis of Software Vendors Patching Behavior: Impact of Vulnerability Disclosure 1 Ashish Arora, Ramayya Krishnan, Rahul Telang, Yubao Yang {ashish, rk2x, rtelang, yubaoy}@andrew.cmu.edu

More information

6. Exercise: Writing Security Advisories

6. Exercise: Writing Security Advisories CERT Exercises Toolset 49 49 6. Exercise: Writing Security Advisories Main Objective Targeted Audience Total Duration Time Schedule Frequency The objective of the exercise is to provide a practical overview

More information

Banking Security using Honeypot

Banking Security using Honeypot Banking Security using Honeypot Sandeep Chaware D.J.Sanghvi College of Engineering, Mumbai smchaware@gmail.com Abstract New threats are constantly emerging to the security of organization s information

More information

Virtual Patching: a Proven Cost Savings Strategy

Virtual Patching: a Proven Cost Savings Strategy Virtual Patching: a Proven Cost Savings Strategy An Ogren Group Special Report December 2011 Executive Summary Security executives, pushing the limits of traditional labor-intensive IT patch processes

More information

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security

More information

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target

More information

Hardware and Software Security

Hardware and Software Security Today, with the big advancement of technology and the need to share data globally at all time. Security has become one of the most important topics when we talk about data sharing. This means that the

More information

Impact of Software Vulnerability Announcements on the Market Value of Software Vendors an Empirical Investigation 1

Impact of Software Vulnerability Announcements on the Market Value of Software Vendors an Empirical Investigation 1 Impact of Software Vulnerability Announcements on the Market Value of Software Vendors an Empirical Investigation 1 Rahul Telang, Sunil Wattal {rtelang, swattal}@andrew.cmu.edu Abstract Researchers in

More information

Let the Pirates Patch? An Economic Analysis of Network Software Security Patch Restrictions

Let the Pirates Patch? An Economic Analysis of Network Software Security Patch Restrictions Let the Pirates Patch? An Economic Analysis of Network Software Security Patch Restrictions Terrence August and Tunay I. Tunca Graduate School of Business, Stanford University Stanford, CA, 94305 Extended

More information

The Bass Model: Marketing Engineering Technical Note 1

The Bass Model: Marketing Engineering Technical Note 1 The Bass Model: Marketing Engineering Technical Note 1 Table of Contents Introduction Description of the Bass model Generalized Bass model Estimating the Bass model parameters Using Bass Model Estimates

More information

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services Managing Vulnerabilities for PCI Compliance White Paper Christopher S. Harper Managing Director, Agio Security Services PCI STRATEGY Settling on a PCI vulnerability management strategy is sometimes a difficult

More information

May 11, 2011. (Revision 4) Ron Gula Chief Technology Officer

May 11, 2011. (Revision 4) Ron Gula Chief Technology Officer Correlating IDS Alerts with Vulnerability Information May 11, 2011 (Revision 4) Ron Gula Chief Technology Officer Copyright 2011. Tenable Network Security, Inc. All rights reserved. Tenable Network Security

More information

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue. Seamless Mobile Security for Network Operators Build a secure foundation for winning new wireless services revenue. New wireless services drive revenues. Faced with the dual challenges of increasing revenues

More information

AHS Flaw Remediation Standard

AHS Flaw Remediation Standard AGENCY OF HUMAN SERVICES AHS Flaw Remediation Standard Jack Green 10/14/2013 The purpose of this procedure is to facilitate the implementation of the Vermont Health Connect s security control requirements

More information

Security Patch Management

Security Patch Management The knowledge behind the network. Security Patch Management By Felicia M. Nicastro Senior Network Systems Consultant International Network Services Security Patch Management March 2003 INS Whitepaper 1

More information

Incident Response and the Role of External Services

Incident Response and the Role of External Services Incident Response and the Role of External Services Andrea Rigoni Business Development Manager - Government Sector Symantec Corp. Andrea_Rigoni@symantec.com Abstract: Managing security is a complex task

More information

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center Intrusion Prevention and Detection No: Effective: OSC-12 5/21/09 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

IBM Security QRadar Vulnerability Manager

IBM Security QRadar Vulnerability Manager IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk

More information

Network Security, Vulnerabilities and Disclosure Policy

Network Security, Vulnerabilities and Disclosure Policy Network Security, Vulnerabilities and Disclosure Policy Jay Pil Choi, (MSU) Chaim Fershtman (Tel Aviv University, CEPR) Neil Gandal (Tel Aviv University, CEPR) May, 2008 Background The Slammer, Blaster,

More information

State of Vermont. Intrusion Detection and Prevention Policy. Date: 11-02-10 Approved by: Tom Pelham Policy Number:

State of Vermont. Intrusion Detection and Prevention Policy. Date: 11-02-10 Approved by: Tom Pelham Policy Number: State of Vermont Intrusion Detection and Prevention Policy Date: 11-02-10 Approved by: Tom Pelham Policy Number: 1 Table of Contents 1.0 Introduction... 3 1.1 Authority... 3 1.2 Purpose... 3 1.3 Scope...

More information

CNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:

CNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background: 1. Do you implement virus controls and filtering on all systems? Anti-Virus anti-virus software packages look for patterns in files or memory that indicate the possible presence of a known virus. Anti-virus

More information

Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures

Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures DAVID COLE, DIRECTOR IS AUDITS, U.S. HOUSE OF REPRESENTATIVES Assessment Planning Assessment Execution Assessment

More information

Network Instruments white paper

Network Instruments white paper Network Instruments white paper USING A NETWORK ANALYZER AS A SECURITY TOOL Network Analyzers are designed to watch the network, identify issues and alert administrators of problem scenarios. These features

More information

THE SECURITY EXPOSURE

THE SECURITY EXPOSURE Secunia Whitepaper - February 2010 THE SECURITY EXPOSURE OF SOFTWARE PORTFOLIOS An empirical analysis of the patching challenge faced by the average private user In this paper, we examine the software

More information

INSIDE. Management Process. Symantec Corporation TM. Best Practices Roles & Responsibilities. Vulnerabilities versus Exposures.

INSIDE. Management Process. Symantec Corporation TM. Best Practices Roles & Responsibilities. Vulnerabilities versus Exposures. Symantec Corporation TM Symantec Product Vulnerability Management Process Best Practices Roles & Responsibilities INSIDE Vulnerabilities versus Exposures Roles Contact and Process Information Threat Evaluation

More information

Understanding ZDI: Separating Fact from Fiction WHITE PAPER

Understanding ZDI: Separating Fact from Fiction WHITE PAPER Understanding ZDI: Separating Fact from Fiction WHITE PAPER Contents Introduction... 1 Background... 1 Rise in Zero Day Vulnerabilities... 2 Enter the Zero Day Initiative (ZDI)... 2 The ZDI Process...

More information

We study the question of whether a software vendor should allow users of unlicensed (pirated) copies of

We study the question of whether a software vendor should allow users of unlicensed (pirated) copies of Information Systems Research Vol. 19, No. 1, March 2008, pp. 48 70 issn 1047-7047 eissn 1526-5536 08 1901 0048 informs doi 10.1287/isre.1070.0142 2008 INFORMS Let the Pirates Patch? An Economic Analysis

More information

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division

More information

A Decision Maker s Guide to Securing an IT Infrastructure

A Decision Maker s Guide to Securing an IT Infrastructure A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose

More information

Data Breach Notifications. Submission by the Australian Communications Consumer Action Network to the Attorney General s Department

Data Breach Notifications. Submission by the Australian Communications Consumer Action Network to the Attorney General s Department Data Breach Notifications Submission by the Australian Communications Consumer Action Network to the Attorney General s Department November 2012 About ACCAN The Australian Communications Consumer Action

More information

Responsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users

Responsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users Research Publication Date: 17 October 2006 ID Number: G00144061 Responsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users Amrit T. Williams, John Pescatore, Paul E. Proctor

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

Pretend or Prevent? Intranet. Internet Router IDS Hub Firewall. Overview. Recognizing attacks. Intercepting attacks. White Paper

Pretend or Prevent? Intranet. Internet Router IDS Hub Firewall. Overview. Recognizing attacks. Intercepting attacks. White Paper Overview Pretend or Prevent? No matter what it s called, if a network security system doesn t shoot first and ask questions later, it doesn t qualify as intrusion prevention by Jon Ramsey Intrusion detection

More information

Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia

Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia Helmi Rais CERT-TCC Team Manager National Agency for Computer Security, Tunisia helmi.rais@ansi.tn helmi.rais@gmail.com Framework

More information

Extreme Networks Security Analytics G2 Vulnerability Manager

Extreme Networks Security Analytics G2 Vulnerability Manager DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering

More information

Analysis of update delays in Signature-based Network Intrusion Detection Systems

Analysis of update delays in Signature-based Network Intrusion Detection Systems Analysis of update delays in Signature-based Network Intrusion Detection Systems Hugo Gascon, Agustin Orfila, Jorge Blasco Carlos III University of Madrid Madrid, Spain Abstract Network Intrusion Detection

More information

California State University, Chico. Information Security Incident Management Plan

California State University, Chico. Information Security Incident Management Plan Information Security Incident Management Plan Version 0.8 January 5, 2009 Table of Contents Introduction... 3 Scope... 3 Objectives... 3 Incident Management Procedures... 4 Roles and Responsibilities...

More information

A National Model for Cyber Protection Through Disrupting Attacker Command and Control Channels

A National Model for Cyber Protection Through Disrupting Attacker Command and Control Channels A National Model for Cyber Protection Through Disrupting Attacker Command and Control Channels Jeff Brown, CISO, Raytheon Company In today s cyber security environment there is one inescapable truth. There

More information

Intrusion Detections Systems

Intrusion Detections Systems Intrusion Detections Systems 2009-03-04 Secure Computer Systems Poia Samoudi Asli Davor Sutic Contents Intrusion Detections Systems... 1 Contents... 2 Abstract... 2 Introduction... 3 IDS importance...

More information

PATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region

PATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region PATCH MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Performance Evaluation of Intrusion Detection Systems

Performance Evaluation of Intrusion Detection Systems Performance Evaluation of Intrusion Detection Systems Waleed Farag & Sanwar Ali Department of Computer Science at Indiana University of Pennsylvania ABIT 2006 Outline Introduction: Intrusion Detection

More information

PROACTIVE PROTECTION MADE EASY

PROACTIVE PROTECTION MADE EASY PROACTIVE PROTECTION AUTHOR: ANDREW NIKISHIN KASPERSKY LAB Heuristic Analyzer Policy-Based Security Intrusion Prevention System (IPS) Protection against Buffer Overruns Behaviour Blockers Different Approaches

More information

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations

More information

Applying LT Auditor+ to Address Regulatory Compliance Issues

Applying LT Auditor+ to Address Regulatory Compliance Issues Applying LT Auditor+ to Address Regulatory Compliance Issues An Executive White Paper By BLUE LANCE, Inc. BLUE LANCE INC. www.bluelance.com 713.255.4800 info@bluelance.com In today s business environments,

More information

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding

More information

National Institute of Standards and Technology

National Institute of Standards and Technology 1 Title: Author: Affiliation: Postal Address: Network Security Testing Using Mobile Agents T. Karygiannis National Institute of Standards and Technology NIST Information Technology Laboratory Building

More information

Principles of Information Security, Fourth Edition. Chapter 12 Information Security Maintenance

Principles of Information Security, Fourth Edition. Chapter 12 Information Security Maintenance Principles of Information Security, Fourth Edition Chapter 12 Information Security Maintenance Learning Objectives Upon completion of this material, you should be able to: Discuss the need for ongoing

More information

Integrating Security into Your Corporate Infrastructure

Integrating Security into Your Corporate Infrastructure Integrating Security into Your Corporate Infrastructure December 13, 2001 Matthew K. Miller, CISSP, GIAC Manager, Security Services RedSiren Technologies 1 Who is RedSiren? We are a MSSP Managed Security

More information

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...

More information

Public Relations Society of America Member Code of Ethics 2000

Public Relations Society of America Member Code of Ethics 2000 Preamble Public Relations Society of America Member Code of Ethics 2000 Professional Values Principles of Conduct Commitment and Compliance This Code applies to PRSA members. The Code is designed to be

More information

Copyright (2004) Purdue Research Foundation. All rights reserved.

Copyright (2004) Purdue Research Foundation. All rights reserved. CS390S, Week 1: Introduction to Secure Programming Pascal Meunier, Ph.D., M.Sc., CISSP January 10, 2007 Developed thanks to support and contributions from Symantec Corporation, support from the NSF SFS

More information

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Effective Threat Management. Building a complete lifecycle to manage enterprise threats. Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive

More information

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst. 2010. Page 1 of 7 www.ecfirst.com

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst. 2010. Page 1 of 7 www.ecfirst.com Policy/Procedure Description PCI DSS Policies Install and Maintain a Firewall Configuration to Protect Cardholder Data Establish Firewall and Router Configuration Standards Build a Firewall Configuration

More information

Security Information Management (SIM)

Security Information Management (SIM) 1. A few general security slides 2. What is a SIM and why is it needed 3. What are the features and functions of a SIM 4. SIM evaluation criteria 5. First Q&A 6. SIM Case Studies 7. Final Q&A Brian T.

More information

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities Learning Objectives Name the common categories of vulnerabilities Discuss common system

More information

SECURITY PATCH MANAGEMENT INSTALLATION POLICY AND PROCEDURES

SECURITY PATCH MANAGEMENT INSTALLATION POLICY AND PROCEDURES REQUIREMENT 6.1 TO 6.2 SECURITY PATCH MANAGEMENT INSTALLATION POLICY AND PROCEDURES 6.1 TO 6.2 OVERVIEW In accordance with Payment Card Industry Data Security Standards (PCI DSS) requirements, [company

More information

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT ADDING NETWORK INTELLIGENCE INTRODUCTION Vulnerability management is crucial to network security. Not only are known vulnerabilities propagating dramatically, but so is their severity and complexity. Organizations

More information

Managing Vulnerabilities For PCI Compliance

Managing Vulnerabilities For PCI Compliance Managing Vulnerabilities For PCI Compliance Christopher S. Harper Vice President of Technical Services, Secure Enterprise Computing, Inc. June 2012 NOTE CONCERNING INTELLECTUAL PROPERTY AND SOLUTIONS OF

More information

IBM Managed Security Services (Cloud Computing) hosted e-mail and Web security - express managed Web security

IBM Managed Security Services (Cloud Computing) hosted e-mail and Web security - express managed Web security IBM Managed Security Services (Cloud Computing) hosted e-mail and Web security - express managed Web security INTC-8608-01 CE 12-2010 Page 1 of 8 Table of Contents 1. Scope of Services...3 2. Definitions...3

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Impact of Knowledge Repository Use on the Performance of Technical Support Tasks (In Progress)

Impact of Knowledge Repository Use on the Performance of Technical Support Tasks (In Progress) Impact of Knowledge Repository Use on the Performance of Technical Support Tasks (In Progress) Introduction Mani Subramani*, Mihir Wagle*, Gautam Ray*, Vallabh Sambamurthy+ *University of Minnesota +Michigan

More information

CYBER SECURITY INFORMATION SHARING & COLLABORATION

CYBER SECURITY INFORMATION SHARING & COLLABORATION Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers

More information

Buyer s Guide to Big Data Integration

Buyer s Guide to Big Data Integration SEPTEMBER 2013 Buyer s Guide to Big Data Integration Sponsored by Contents Introduction 1 Challenges of Big Data Integration: New and Old 1 What You Need for Big Data Integration 3 Preferred Technology

More information

The 2014 Next Generation Firewall Challenge

The 2014 Next Generation Firewall Challenge Network World and Robin Layland present The 2014 Next Generation Firewall Challenge Guide to Understanding and Choosing a Next Generation Firewall to Combat Today's Threats 2014 The 2014 Next Generation

More information

VULNERABILITY MANAGEMENT

VULNERABILITY MANAGEMENT Vulnerability Management (VM) software differ in the richness of reporting, and the capabilities for application and security configuration assessment. Companies must consider how a VM technology will

More information

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT How advancements in automated security testing software empower organizations to continuously measure information

More information

INDUSTRY OVERVIEW: HEALTHCARE

INDUSTRY OVERVIEW: HEALTHCARE ii IBM MSS INDUSTRY OVERVIEW: HEALTHCARE RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: OCTOBER 7, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW/KEY FINDINGS...

More information

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s

More information

Software Anti-piracy and Pricing in a Competitive Environment: a Game Theoretic Analysis

Software Anti-piracy and Pricing in a Competitive Environment: a Game Theoretic Analysis Software Anti-piracy and Pricing in a Competitive Environment: a Game Theoretic Analysis We study a problem of two software firms competing on price in a market where consumers can choose between purchasing

More information

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those

More information

Is there Information Content in Insider Trades in the Singapore Exchange?

Is there Information Content in Insider Trades in the Singapore Exchange? Is there Information Content in Insider Trades in the Singapore Exchange? Wong Kie Ann a, John M. Sequeira a and Michael McAleer b a Department of Finance and Accounting, National University of Singapore

More information

Exploring the Drivers of E-Commerce through the Application of Structural Equation Modeling

Exploring the Drivers of E-Commerce through the Application of Structural Equation Modeling Exploring the Drivers of E-Commerce through the Application of Structural Equation Modeling Andre F.G. Castro, Raquel F.Ch. Meneses and Maria R.A. Moreira Faculty of Economics, Universidade do Porto R.Dr.

More information

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004 A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:

More information

HONEYPOT SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region

HONEYPOT SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region HONEYPOT SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult

More information

OFFICE OF CORPORATE CREDIT UNIONS Risk Reporting for Corporate IT Networks.. Risk Assessment Reporting in Corporate Credit Unions

OFFICE OF CORPORATE CREDIT UNIONS Risk Reporting for Corporate IT Networks.. Risk Assessment Reporting in Corporate Credit Unions . Risk Assessment Reporting in Corporate Credit Unions Purpose: To establish minimum reporting standards for corporate IT security reviews. Background: The Office of Corporate Credit Unions (OCCU) issued

More information

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know I n t r o d u c t i o n Until the late 1990s, network security threats were predominantly written by programmers seeking notoriety,

More information

Introduction. Special thanks to the following individuals who were instrumental in the development of the toolkits:

Introduction. Special thanks to the following individuals who were instrumental in the development of the toolkits: Introduction In this digital age, we rely on our computers and devices for so many aspects of our lives that the need to be proactive and vigilant to protect against cyber threats has never been greater.

More information

KEY STEPS FOLLOWING A DATA BREACH

KEY STEPS FOLLOWING A DATA BREACH KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,

More information

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD Protecting your infrastructure requires you to detect threats, identify suspicious

More information

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities

More information

0-Day Patch Exposing Vendors (In)security Performance

0-Day Patch Exposing Vendors (In)security Performance 0-Day Patch Exposing Vendors (In)security Performance Stefan Frei, Bernhard Tellenbach, and Bernhard Plattner Computer Engineering and Networks Laboratory (TIK) Swiss Federal Institute of Technology, {stefan.frei,

More information

UNDERSTANDING THE COST ASSOCIATED WITH DATA SECURITY BREACHES

UNDERSTANDING THE COST ASSOCIATED WITH DATA SECURITY BREACHES UNDERSTANDING THE COST ASSOCIATED WITH DATA SECURITY BREACHES Kholekile L. Gwebu, Associate Professor of Decision Sciences, Peter T. Paul College of Business and Economics, University of New Hampshire,

More information

Taking a Proactive Approach to Linux Server Patch Management Linux server patching

Taking a Proactive Approach to Linux Server Patch Management Linux server patching Taking a Proactive Approach to Linux Server Patch Management Linux server patching In years past, Linux server patch management was often thought of in terms of we don t patch our servers unless there

More information

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com

More information

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved. Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

More information

Understanding SCADA System Security Vulnerabilities

Understanding SCADA System Security Vulnerabilities Understanding SCADA System Security Vulnerabilities Talking Points Executive Summary Common Misconceptions about SCADA System Security Common Vulnerabilities Affecting SCADA Networks Tactics to Strengthen

More information

White Paper. Automating Your Code Review: Moving to a SaaS Model for Application Security

White Paper. Automating Your Code Review: Moving to a SaaS Model for Application Security White Paper Automating Your Code Review: Moving to a SaaS Model for Application Security Contents Overview... 3 Executive Summary... 3 Code Review and Security Analysis Methods... 5 Source Code Review

More information

Deep Security Vulnerability Protection Summary

Deep Security Vulnerability Protection Summary Deep Security Vulnerability Protection Summary Trend Micro, Incorporated This documents outlines the process behind rules creation and answers common questions about vulnerability coverage for Deep Security

More information

IDS / IPS. James E. Thiel S.W.A.T.

IDS / IPS. James E. Thiel S.W.A.T. IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods

More information

NETWORK PENETRATION TESTING

NETWORK PENETRATION TESTING Tim West Consulting 6807 Wicklow St. Arlington, TX 76002 817-228-3420 Twest@timwestconsulting.com OVERVIEW Tim West Consulting Tim West Consulting is a full service IT security and support firm that specializes

More information

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Audit Report Management of Western Area Power Administration's Cyber Security Program DOE/IG-0873 October 2012 Department

More information

Passing PCI Compliance How to Address the Application Security Mandates

Passing PCI Compliance How to Address the Application Security Mandates Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These

More information

Office of Inspector General

Office of Inspector General Audit Report OIG-05-040 INFORMATION TECHNOLOGY: Mint s Computer Security Incident Response Capability Needs Improvement July 13, 2005 Office of Inspector General Department of the Treasury Contents Audit

More information

PCI DSS Requirements - Security Controls and Processes

PCI DSS Requirements - Security Controls and Processes 1. Build and maintain a secure network 1.1 Establish firewall and router configuration standards that formalize testing whenever configurations change; that identify all connections to cardholder data

More information