Exaprotect BlogManager

s we saw in part 2 of this series, some of the traditional arguments used for distinguishing between quantitative and qualitative risk analysis (RA) are based upon dubious assumptions. Many writers assume that “quantitative” equals objective and numerical, while “qualitative” equals subjective and non-numerical. This is incorrect, however. Both quantitative and qualitative RA are compatible with objective and subjective approaches. Additionally, both types of RA must be numerical in order to be meaningful. So if the quantitative-qualitative distinction isn’t significant because one is objective and numerical while the other is subjective and non-numerical, then why does the distinction matter?

Read more: http://www.bloginfosec.com/2008/11/05/the-difference-between-quantitative-and-qualitative-risk-analysis-and-why-it-matters-part-3/

First came Microsoft’s emergency patch.  Then the public release of reliable exploit code.  Now, virus hunters are reporting two new in-the-wild worms exploiting the critical MS08-067 vulnerability.

The worms, intercepted on Chinese-language versions of Windows, are being used to install a Trojan downloader, a denial-of-service bot and a rootkit to maintain stealthy presence on infected machines.

Read more: http://blogs.zdnet.com/security/?p=2117 and see how you can easily detect a worm in your system: http://www.exaprotect.com/products/eventmanager/

Interestingly, 50% of the respondents said organizational awareness was the most significant challenge to information security initiatives, edging out availability of resources, budget and addressing new threats and vulnerabilities. While the survey didn’t specifically address training or awareness programs, only 19% of the respondents said they ran social engineering tests, while Internet and infrastructure testing is also common practice at 85% and 73% respectively. While E&Y says regulatory compliance has been the leading driver for information security since 2005, it reports that protecting reputation and brand has become a significant driver as well… Read teh whole story: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1337260,00.html

The latest embarrassing security breach for the UK Government has seen the shut down of one of its key websites after a memory stick containing confidential passwords was found in a car park.

  Read the rest of this entry »

As we know ‘security is a process’ - but what sort of process? In the good times it should be a process of continual improvement, punctuated by incidents and technology changes perhaps, but nevertheless with an underlying trend towards better corporate-wide security. Can this focus be effectively maintained during the bad times of a credit crunch and deepening global recession?

  Read the rest of this entry »

A new survey has shown that data leakage is the biggest headache for information security professionals.

  Read the rest of this entry »

It has emerged that French President Nicolas Sarkozy is the latest high profile victim of internet fraud.

  Read the rest of this entry »

One in seven online shoppers (14%) in the UK, and one in nine (11%) in the US, has fallen victim to identity theft. This contrasts sharply with the number in Germany (3%), Spain (5%) and France (6%).

  Read the rest of this entry »

Cyber-crime is now the fastest growing type of crime and, according to the US Treasury, has exceeded the profits of illicit drug sales.  As a major element of this, we are seeing a shift from random individual hacker attacks to organized group cyber-crime that poses increasing threats to businesses and governments.

  Read the rest of this entry »