News and Alerts - Gideon T. Rasmussen
It can be difficult to keep up with new security threats and vulnerabilities.
Newsletters, advisories and groups are an effective way to cover
a wide variety of developments with limited effort.
2007 CSI Computer
Crime and Security Survey (30 pages)
The Computer Security Institute (CSI) today released its 2007 report with news that the average annual
loss reported by U.S. companies in the 2007 CSI Computer Crime and Security Survey more than doubled,
from $168,000 in last year's report to $350,424 in this year's survey. This ends a five-year run of
lower reported losses.
Security Survey (48 pages)
The fifth annual Global Security Survey benchmarks IT security in the financial services industry. It
reveals the “Security Paradox” – a situation in which Business Executives are becoming more aware of IT
Security issues, but where support for a solution still lies with the IT department. This is highlighted
by the fact that only 63% of respondents have an information security strategy, and only 10% have
information security led by a business line leader.
2007 E-Crime Watch
The CERT Insider Threat Team has teamed with the U.S. Secret Service and CSO magazine to conduct, analyze,
and publish findings from an annual E-Crime Watch survey from research that was conducted to attempt to identify
electronic crime fighting trends and techniques, including best practices and emerging trends.
Data Breach Investigations Report - Verizon
The "2008 Data Breach Investigations Report" spans four years and more than 500 forensic investigations
involving 230 million records, and analyzes hundreds of corporate breaches including three of the five largest
ones ever reported. This first-of-its-kind study, conducted by Verizon Business Security Solutions investigative
experts, also found that 73 percent of breaches resulted from external sources versus 18 percent from insider
threats, and most breaches resulted from a combination of events rather than a single hack or intrusion.
Tools - The Center For Internet Security
The CIS vulnerability assessment tools provide a quick way to
evaluate systems and networks, comparing their security configurations
against the CIS benchmark hardening standards. They automatically
create reports that guide users and system administrators to secure
both new installations and production systems. CIS tools are also
effective for monitoring systems to assure that security settings
continuously conform with CIS Benchmark configurations. CIS offers
tools and benchmark standards for Win2K, NT, Solaris, Linux, HP-UX,
Cisco IOS and Oracle databases.
Hardening Document - Gideon T. Rasmussen
"This document details the configuration, hardening, monitoring
and vulnerability assessment of the Solaris operating system.
It can also be used as a configuration standard, providing a baseline
to audit against. It is important to understand the configurations
at a granular level to troubleshoot outages. Installs and hardening
can be automated with Jumpstart and the Solaris Security Toolkit