Posted by Virus Bulletin on May 1, 2006
Attempt to gain better understanding of the costs of computer security incidents.
Businesses in the US have been urged to complete a survey issued jointly by the US Departments of Justice and Homeland Security. The aim of the survey is to gain a better understanding of the costs of computer security incidents.
The survey, which has been distributed to a wide range of industry sectors, covers a variety of security-related topics. For example, businesses are asked to describe the types of security incidents they have experienced, their current defence strategies and their concerns about information security. Encouraging businesses to reveal such sensitive information is notoriously difficult, but companies have been assured that the responses to this survey will be held strictly confidential, by law.
It is hoped that the results of the survey will provide enough information to establish some accurate data on the costs of computer security incidents and that they will help the federal government decide where to concentrate its resources in fighting cybercrime.
Meanwhile, the Department of Homeland Security's Cyber Consequences Unit has released the first draft of a checklist designed to help businesses focus on security best practices and on the consequences of security breaches.
The Cybersecurity Checklist identifies potential avenues for attacks and recommends ways to protect against them. The list concentrates on six areas of vulnerability: hardware, software access, software supply, network, automation and human operators. According to the Unit's director Scott Borg, the list provides specific guidance for businesses while also recognizing economic realities - including items that are desirable, but which may be difficult and expensive to implement. No date has been given for the final approval of the draft.
Posted on 01 May 2006 by Virus Bulletin
