Sunday, November 27, 2011

Information Security Governance - Threats, Targets, and Trends

Many types of attacks have been discussed in the previous chapters, and while new ones might be appearing on a regular basis, older ones are not necessarily dying offthey are being reused and reinvented in ever-destructive ways. Table below lists some of the attacks that have been addressed in earlier chapters and states whether their frequency is on the rise, declining, or holding steady.

Threats, Targets, and Trends According to CSI/FBI

Well-Known ThreatPrimary TargetTrend
Unauthorized accessServersDeclining
System penetration (usually preceded by a network reconnaissance attack, which can include password attacks)NetworkSteady
VirusServers and workstationsDeclining

[*] "CSI/FBI Computer Crime and Security Survey 2004." Computer Security Institute and Federal Bureau of Investigation (CSI/FBI).

It is relevant to note that certain statistical data regarding attack activity can be somewhat contradictorydifferent sources reveal differing attack trends. For example, the 2004 E-Crime Watch Survey, conducted by CSO Magazine in cooperation with the United States Secret Service and the CERT Coordination Center, reports that attacks are up 46%, whereas other organizations report downward trending.

At first glance, the data appears to be conflicting. But delving further, the data reveals a landscape that is being better protected by tools and equipment such as antivirus (AV) software, IDS, IPS, and so on. If organizations were to scour their logs for all attacks that were attempted against their networks, most would likely discover that while the numbers of attacks were on the rise, the damage that had been inflicted had been substantively decreased because of the equipment that had been put in place.

Organizations that have invested in IT security prevention equipment over the last number of years will have experienced the positive trending that has recently been reported. Sustaining an environment that is focused on preventive measures continues to pose a challenge, as attacks, and attackers, will forever attempt to find vulnerable points that can be penetrated.

There might not always be agreement on attack trends, but following them ensures that an organization is always aware of existing threats. An appropriate infrastructure, aligned with an organization's tolerance for risk, can be effectively developed to address the bevy of ever-present threats.

No comments:

Hasleo Data Recovery FreeV3.2 - Free as in Freeware - Permanently from Hasleo Software "Hasleo Data Recovery FreeV3.2 100% Free Data Recovery Software...