Antivirus Reviews and Price Comparisons
Get All The Support And Guidance You Need To Be A Success At Protecting Your PC. This Book Is One Of The Most Valuable Resources In The World When It Comes To The Damaging Facts About Computer Viruses.
On May 24, 2006, a research company, eEye Digital Security, announced it had discovered a high severity security vulnerability in the Symantec antivirus program used by 200 million computers worldwide. The vulnerability was characterized as severe because it didn't require any user interaction to be exploited, making it highly susceptible to worm attacks. The irony is, of course, that this vulnerability was discovered not a week after the CEO of Symantec slammed Microsoft's security monoculture as a source of vulnerability. Since no one single product or defense will provide adequate security in today's threat environment, this finding underscores the need for depth in defense. And, as Symantec's CEO discovered, it also underscores the danger of tossing rocks at security glass houses.
Plumtree Corporate Portal .102 Thin Client Implementation .093 Oracle 9i Upgrade .071 Customer Service Call Center .070 ProServe System Upgrade .067 Cisco Routers .066 Relo App Interface to PeopleSoft .064 Iron Mountain Backup Service .062 Sales Force Laptops .060 Firewall and Antivirus Licenses .059 EMC Symmetrix .056 Desktop Replacements .053 PeopleSoft Upgrade .052 SRDF Site Service .049 Mobile Workforce Pocket PCs .040 Laptop Replacements .035 5.9 Firewall and Antivirus Licenses
When a company maintains personal or confidential customer information, or has agreed to maintain as confidential the trade secret information of another business, its minimum duty is to use reasonable care in securing its computer systems to avoid theft or inadvertent disclosure of the information entrusted to it. Reasonable care may be an extremely high standard when trust and confidence are placed in a company to secure sensitive information. A reasonable standard of care is what the law defines as the minimum efforts a company must take not to have acted negligently (or, put another way, to have acted reasonably). A good starting point for all IT security is to implement security measures to the known standard of care required to avoid liability. While that sounds a bit like a circular statement, let's look at a very simple example. We all know that viruses make their way through e-mail systems all the time. Any company that does not have an enterprise-wide anti-virus software...
We talked about malicious data insertion, but we didn't specifically discuss the legal liabilities that can come from it (as opposed to malware, rootkits, and so on).There are two ways illegal data ends up on your network. First, stolen content could be placed on your network from an attacker who gains unauthorized access to the network. They may place stolen data there in order to blackmail the company, to embarrass the company, or to get the company in legal hot water. Suppose a hacker (or disgruntled employee) places unlicensed, stolen software on your network and then reports your company to the authorities Suppose a competitor's blueprints or technical drawings end up on your network and it is somehow discovered These kinds of activities may not steal your data, but they can certainly disrupt business operations, cost a lot of money, and create significant legal liabilities.
The project manager' s role will likely change depending on the size of the project. Small projects (such as the installation of an antivirus product on an e-mail server, for example) probably don ' t require the full bore of project management planning, staffing, and techniques. On the other hand, implementing a systems management software package throughout an enterprise will very definitely require a more formal approach.
Infrastructure systems clearly include the backbone services, including DHCP servers, DNS servers, Directory Services servers, e-mail servers, database servers, firewalls, DMZs, routers switches, operating systems, Web servers, and security applications (antivirus, antispyware, IDS IPS, etc.). If it's helpful, you can also look at your systems from the OSI model perspective from the physical layer all the way up through the application layer, whatever makes the most sense to you and your team.
There's been a lot of news in the recent past about the problems presented by rootkit attacks. As you're well aware, those little pieces of malware reside so deep in the system that you can't possibly remove them without completely starting from scratch. After a system is compromised, all the affected software must be reinstalled from known clean sources. Since it can be difficult to determine precisely which pieces of software have been affected, the best way to guarantee security is to reinstall the entire operating system (OS) and all applications. OS kernels can also be compromised (see www.rootkit.com), and when they are, nothing on the system (even the most basic file system, memory, and network status information) can be trusted. An after-the-fact forensic analysis of the file system may turn up useful information if the disk is mounted underneath an uncompromised OS, but this is a time-consuming operation.
Training runs the gamut from training IT staff on new security software and hardware tools, to learning how to use new tools and techniques for monitoring and responding to attacks, training users how to avoid installing malicious software (malware) on their systems, and so forth. Training also includes training IT staff on new security procedures for ongoing operations. Users often need to be trained, which is another area that your key stakeholder's can help by identifying training needs so that security is maintained throughout the security project plan.