Determining Business Computer and Internet Security Risk Priorities
Computer systems and networks are only one of the information security
related priorities. Personnel need to be properly trained, physical
security must be put in place for the entire business and suppliers'
systems must also be examined.
Computer System Risk Priorities
With new vulnerabilities uncovered on an almost weekly basis, most
businesses feel overwhelmed trying to keep their systems up-to-date.
The hundreds of sources of security-related information can help add
to the confusion and feelings of being overwhelmed.
Guidance is available from numerous security professionals who put
together consensus lists of vulnerabilities and defenses so that every
organization, regardless of its resources or expertise in information
security, can take basic steps to reduce its risks. These lists
identify the commonly exploited vulnerabilities that pose the greatest
risk of harm to your information systems. Use of these lists can help
prioritize your efforts so you can tackle the most serious threats
Computer Security Vulnerability Resources
- The 20 Most Critical Internet Security Vulnerabilities (www.sans.org) was produced by the
SANS Institute and the FBI. It describes the 20 most commonly
exploited vulnerabilities in Windows and UNIX. Although thousands of
security incidents affect these operating systems each year, the
majority of successful attacks target one or more of the
vulnerabilities on this list. SANS also has links to scanning tools
and services to help you monitor your own network vulnerabilities.
- The 10 Most Critical Web Application Security
Vulnerabilities (OWASP) was
produced by the Open Web Application Security Project (OWASP). It
describes common vulnerabilities for web applications and databases
and the most effective ways to address them. Attacks on web
applications often pass undetected through firewalls and other network
defense systems, putting at risk the sensitive information that these
applications access. Application vulnerabilities are often neglected,
but they are as important to deal with as network issues.
While you are designing and implementing your own safeguards program,
don't forget that you should oversee service providers and business
partners that have access to your computer network or consumers'
personal information. Check periodically whether they monitor and
defend against common vulnerabilities as part of their regular