Security survey and checklist

Posted by   Virus Bulletin on   May 1, 2006

Attempt to gain better understanding of the costs of computer security incidents.

Businesses in the US have been urged to complete a survey issued jointly by the US Departments of Justice and Homeland Security. The aim of the survey is to gain a better understanding of the costs of computer security incidents.

The survey, which has been distributed to a wide range of industry sectors, covers a variety of security-related topics. For example, businesses are asked to describe the types of security incidents they have experienced, their current defence strategies and their concerns about information security. Encouraging businesses to reveal such sensitive information is notoriously difficult, but companies have been assured that the responses to this survey will be held strictly confidential, by law.

It is hoped that the results of the survey will provide enough information to establish some accurate data on the costs of computer security incidents and that they will help the federal government decide where to concentrate its resources in fighting cybercrime.

Meanwhile, the Department of Homeland Security's Cyber Consequences Unit has released the first draft of a checklist designed to help businesses focus on security best practices and on the consequences of security breaches.

The Cybersecurity Checklist identifies potential avenues for attacks and recommends ways to protect against them. The list concentrates on six areas of vulnerability: hardware, software access, software supply, network, automation and human operators. According to the Unit's director Scott Borg, the list provides specific guidance for businesses while also recognizing economic realities - including items that are desirable, but which may be difficult and expensive to implement. No date has been given for the final approval of the draft.

Posted on 01 May 2006 by Virus Bulletin

 Tags

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.