Archive for December 2009
New Version of SANS 20 Critical Security Controls is Available
Version 2.3 of the Consensus Audit Guidelines, the top 20 critical security controls agreed on by a consortium of private and government security experts, has been released and is available on the Web site of the SANS Institute. The consortium includes the National Security Agency, the U.S. Computer Emergency Readiness Team, and agencies from the departments of Defense, State and Energy, in addition to commercial forensics experts and white hat hackers. The controls are intended to help large enterprises prioritize and automate efforts to block known attacks and identify intrusions. They include 15 automated controls and five additional controls that cannot be automated to the same degree.
Read more: Click to access the related article.
Verizon Business Issues 2009 Supplemental Data Breach Report Profiling 15 Most Common Attacks
The latest in the Data Breach Investigations Report series by Verizon Business security experts provides enterprises with an unprecedented look at the 15 most common security attacks and how they typically unfold.
In the “2009 Supplemental Data Breach Investigations Report: An Anatomy of a Data Breach,” Verizon Business security experts tap the company’s detailed investigative records to identify, rank and profile the most common attacks. For each type of attack, the report provides real-world scenarios, the warning signs, how the attack is orchestrated, how attackers got in, what information they took, what assets the attackers targeted, what industries are commonly affected, and what countermeasures are effective. In total, the report details nearly 150 ways to detect and combat security threats.
Read more: Click to access the related article or to download the Verizon Business 2009 Supplemental Report. The 2009 Data Breach Investigations Report is also available.
Cisco 2009 Annual Security Report
The Cisco® Annual Security Report provides an overview of the combined security intelligence of the entire Cisco organization. The report encompasses threat information and trends collected between January and December 2009. It also provides a snapshot of the state of security for that period, with special attention paid to key security trends expected for 2010.
Read more: http://cisco.com/en/US/prod/collateral/vpndevc/cisco_2009_asr.pdf
