| INDEX |
| >>
|
Up Front
Vulnerability Management
|
| >>
|
Faculty
Viewpoint
Eric Cole |
| >> |
Data
Point
Patching |
| >> |
Partner
Program News
Virtual Multimedia Briefings Launched |
 |
|
EVENTS
|
|
Midwest Forum
July 14-15, 2004
New England Forum September 8-9, 2004
New York Forum
November 16-17, 2004
Lone Star Forum
January 2005
Mid-Atlantic Forum
March 2005
|
| REGISTER
NOW |
|
|
The Institute is pleased to be the Governing Body for the Panel of Judges for the 2004 ISE National Award. For more information, please visit www.infosecaward.com.
|
|
|
|
| SUBSCRIPTION
CENTER |
|
The staff of Institute Insights seeks to keep Forum
friends and alumni informed about events, insights
and
other news.
Register a friend: Keep your colleaques in the
loop. Sign them up today.
Unsubscribe: If this newsletter has reached you in error
or you are no longer interested in network security,
you may unsubscribe at any time by directing an email
to
unsubscribe@ianetsec.com.
|
|
| UP
FRONT |
| The Growing Challenge of
Vulnerability Management |
|
From the animated discussions among members
at our recent Southeast Network Security
Forum in Atlanta, it’s clear
that vulnerability management continues to
be a “top-two” problem
among IT security professionals, particularly
in regulated industries like financial services,
healthcare, energy and government.
How to keep pace with the ever-escalating
number of vulnerabilities and patches? In Faculty
Viewpoint,
Eric Cole argues that
Automated Vulnerability Remediation (AVR)
is the way of the future. As with all technology,
testing before purchasing is key. Testing
patches is key, too -- and more than
half
of respondents to a survey at our Atlanta event
report testing
patches unilaterally before rolling them out
(see Data Point). The bad
news? Nearly one
in 10 doesn't test at all.
Also this month, thanks to Brandon
Dunlap, who delivered the Institute's inaugural
Multimedia User Briefing as part of the Institute
Partner Program.
Brandon has many years of experience managing
an IT Security
operation in the highly regulated energy sector.
Brandon will give this briefing at the upcoming
Midwest Network Security Forum in Chicago.
— The
Institute |
|
 |
| FACULTY
VIEWPOINT: Eric Cole |
| Automated Vulnerability Remediation:
The Wave of the Future |
|
At
the Forum in Atlanta, a participant
from a Fortune 100 corporation approached me.
He said, “Eric,
I know that staying up on patching is critical,
but I feel like I am in the water during
a
storm.
Every time I get past a big wave, before I
catch my breath, another wave
hits. I feel like I'm slowly going under.”
There is no perfect solution. But automated
vulnerability remediation (AVR) has the potential
to eliminate some of the pain of patching. Read more>>
|
| Eric
Cole (left) is
a member of the Institute faculty. A best-selling
author, he has more than a decade
of hands-on experience
in
the information
security field. He holds a PhD in network
steganography from Pace University. Write
to him at ecole@ianetsec.com. |
|
|
|
|
|
 |
Nearly
1 in 10 members at the Atlanta Forum reported
they do not test patches before deploying them, but
over half unilaterally test before deploying, according
to a survey conducted at the event. The survey
had a 41% response rate among attendees,
and 70% of respondents work for organizations
with 1,000+ employees.
Another finding: the number of
vulnerability assessment tools in use ranged
from one to 11 among survey respondents.
The tools most often mentioned: Nessus (by 33%
of respondents), Nmap
(22%), Retina (11%) and ISS (11%). |
|
|
| PARTNER
PROGRAM NEWS |
| Institute launches Virtual
Multimedia Briefing Series |
|
In June,
the Institute hosted the first of 10 multimedia
briefings to be offered during the next year.
This "virtual" Forum featured Brandon
Dunlap, IT Security Director at a Fortune 500
energy concern,
sharing
his insights on "Managing IT Security
in a Highly Regulated Business Environment." More
than two dozen Institute Partners attended
the briefing, which was conducted via telephone
and web and included interactive discussion. A
written summary of the event was also made available
to the program audience.
The multimedia
briefing series
joins live events
and publications
in
making the Institute Partner Program an ideal
way for
even the busiest executives to share in the
latest infosec insights. The
next briefing features Carlos Blazquez, a
Security Operations Manager, addressing "Organization,
Processes and Procedures in an Enterprise Environment"
on July 27. To
request
credentials or
learn more about the Partner Program, please
contact Phil Gardner at 617.399.8100 or direct
an email to partner@institutepartner.com.
|
|
|
