Security
News and Alerts - Gideon T. Rasmussen
It can be difficult to keep up with new security threats and vulnerabilities.
Newsletters, advisories and groups are an effective way to cover
a wide variety of developments with limited effort.
Recently
Prosecuted Computer Cases - U.S. Department of Justice
This page provides a summary of recently prosecuted computer cases.
Many cases have been prosecuted under the computer crime statute,
18 U.S.C. §1030. This listing is a representative sample;
it is not exhaustive.
Information Security Surveys
2007 CSI Computer
Crime and Security Survey (30 pages)
The Computer Security Institute (CSI) today released its 2007 report with news that the average annual
loss reported by U.S. companies in the 2007 CSI Computer Crime and Security Survey more than doubled,
from $168,000 in last year's report to $350,424 in this year's survey. This ends a five-year run of
lower reported losses.
Deloitte 2007
Security Survey (48 pages)
The fifth annual Global Security Survey benchmarks IT security in the financial services industry. It
reveals the “Security Paradox” – a situation in which Business Executives are becoming more aware of IT
Security issues, but where support for a solution still lies with the IT department. This is highlighted
by the fact that only 63% of respondents have an information security strategy, and only 10% have
information security led by a business line leader.
The
Global State of Information Security 2007 - CSO, CIO & PWC (11 pages)
This worldwide study represents a broad range of industries in private- and public-sector organizations. The
results are based on the responses of 7,791 CEOs, CFOs, CIOs, CSOs, and vice presidents and directors of IT
and information security from 50 countries.
2007 E-Crime Watch
Survey
The CERT Insider Threat Team has teamed with the U.S. Secret Service and CSO magazine to conduct, analyze,
and publish findings from an annual E-Crime Watch survey from research that was conducted to attempt to identify
electronic crime fighting trends and techniques, including best practices and emerging trends.
2008
Data Breach Investigations Report - Verizon
The "2008 Data Breach Investigations Report" spans four years and more than 500 forensic investigations
involving 230 million records, and analyzes hundreds of corporate breaches including three of the five largest
ones ever reported. This first-of-its-kind study, conducted by Verizon Business Security Solutions investigative
experts, also found that 73 percent of breaches resulted from external sources versus 18 percent from insider
threats, and most breaches resulted from a combination of events rather than a single hack or intrusion.
Benchmarking
Tools - The Center For Internet Security
The CIS vulnerability assessment tools provide a quick way to
evaluate systems and networks, comparing their security configurations
against the CIS benchmark hardening standards. They automatically
create reports that guide users and system administrators to secure
both new installations and production systems. CIS tools are also
effective for monitoring systems to assure that security settings
continuously conform with CIS Benchmark configurations. CIS offers
tools and benchmark standards for Win2K, NT, Solaris, Linux, HP-UX,
Cisco IOS and Oracle databases.
Solaris
Hardening Document - Gideon T. Rasmussen
"This document details the configuration, hardening, monitoring
and vulnerability assessment of the Solaris operating system.
It can also be used as a configuration standard, providing a baseline
to audit against. It is important to understand the configurations
at a granular level to troubleshoot outages. Installs and hardening
can be automated with Jumpstart and the Solaris Security Toolkit
(respectively)."
