ESecurityGuy
USER: Visitor
PRINT PAGE
Home > Free Security Articles > Resource Articles > determining_risk_priorities August 1, 2010


Free Newsletter
Free Security Articles
Free Security Software
Free Security Tools

Security News

Feedback Form

Site Map


Username

Password

Click here to register.

Determining Business Computer and Internet Security Risk Priorities

Computer systems and networks are only one of the information security related priorities. Personnel need to be properly trained, physical security must be put in place for the entire business and suppliers' systems must also be examined.

Computer System Risk Priorities

With new vulnerabilities uncovered on an almost weekly basis, most businesses feel overwhelmed trying to keep their systems up-to-date. The hundreds of sources of security-related information can help add to the confusion and feelings of being overwhelmed.

Guidance is available from numerous security professionals who put together consensus lists of vulnerabilities and defenses so that every organization, regardless of its resources or expertise in information security, can take basic steps to reduce its risks. These lists identify the commonly exploited vulnerabilities that pose the greatest risk of harm to your information systems. Use of these lists can help prioritize your efforts so you can tackle the most serious threats first.

Computer Security Vulnerability Resources

  • The 20 Most Critical Internet Security Vulnerabilities (www.sans.org) was produced by the SANS Institute and the FBI. It describes the 20 most commonly exploited vulnerabilities in Windows and UNIX. Although thousands of security incidents affect these operating systems each year, the majority of successful attacks target one or more of the vulnerabilities on this list. SANS also has links to scanning tools and services to help you monitor your own network vulnerabilities.
  • The 10 Most Critical Web Application Security Vulnerabilities (OWASP) was produced by the Open Web Application Security Project (OWASP). It describes common vulnerabilities for web applications and databases and the most effective ways to address them. Attacks on web applications often pass undetected through firewalls and other network defense systems, putting at risk the sensitive information that these applications access. Application vulnerabilities are often neglected, but they are as important to deal with as network issues.

While you are designing and implementing your own safeguards program, don't forget that you should oversee service providers and business partners that have access to your computer network or consumers' personal information. Check periodically whether they monitor and defend against common vulnerabilities as part of their regular safeguards program.

See Also

View Responses (2) Post Response


Free Computer Security Newsletter
Your email address:

Your name:

Listen to Craig on ClearChannel radio every Saturday from 6 to 9am on WGIR, WGIP and WGIN. Visit WGIR

© Copyright 2003- 2007 DGKL, Inc. PRINT PAGE