Incident Preparedness 101

In this day and age, who should be worried about security incidents?   Anyone who uses a computer.  Reports based on investigation after investigation have now been published by vendor after vendor.

Poaching from Keydet89’s blog, remember the first Mission: Impossible movie, where Ethan gets to the top of the safe-house stairs, removes a light bulb, crushes it in his jacket, and then backs into his room as he doles out the broken bits of glass onto the darkened hallway floor?  WHAMM-O.  He has just installed a basic Intrusion Detection System.  Anyone who steps into the now darkened hallway will step on and break the shards of glass, making enough nosie to alert Ethan to their presence, because he is listening specifically for that noise.

Brian Krebs makes it pretty clear in his blog that EVERYONE is susceptible to the latest attacks.  Read this.   I wonder how those dentists feel now about spending $10K or less to setup some kind of basic security protection and monitoring.  As an attacker, why take a little at a time from a large enterprise target and risk being caught, when you can nibble away at smaller targets all over the world, and when they run out of money and fold up shop or get wise and implement some controls, move on to the next easy target?   If you don’t think that this is an issue, keep an eye on Brian’s and Keydet89’s blogs.

CEOs Resigned To Looming Data Breach

New research indicates that a large majority of CEOs are resigned to the fact that their organisations will suffer a data breach of some type in the coming year.  Depressing, but quite likely, considering the changes in malware, exploit developments and the general threat landscape.  The IBM sponsored study carried out by the Ponemon Institute suggests the need for a radical rethink in the way businesses prioritise and plan their IT security strategies.

All of the respondents to the survey said that their companies had seen an attack at least once in the past year, with 77% saying they had endured a data breach at some point.   As a result, 76% of the CEOs said that they now view reducing potential security flaws in their business-critical applications as the single most important aspect of their IT security plan.

InfoSec Magazine

ISACA CobIT 5 Design Exposure Draft

ISACA has released the COBIT 5 Design Exposure (draft) in order to garner comments.  COBIT 5 will be a major strategic improvement providing the next generation of ISACA’s guidance on the enterprise governance of IT.  Building on more than 15 years of practical usage and application of COBIT by many enterprises and users from the business, IT, security and assurance communities, COBIT 5 will be designed to meet the current needs of stakeholders and align with the most up-to-date thinking in enterprise governance and IT management techniques.  It will consolidate and integrate the COBIT 4.1, Val IT 2.0 and Risk IT frameworks and also draw significantly from the Business Model for Information Security (BMIS) and ITAF.  The primary objective of this initial exposure is to obtain input and comment regarding assumption of requirements, the proposed strategic approach and the high-level design.  An online questionnaire is provided to capture specific feedback on certain aspects of the paper, as well as any other comments you may want to provide on the document.

ISACA Download Page

Please provide feedback using the online questionnaire. The comment period will close 12 April 2010.

MS10-018 Released Out Of Cycle

Microsoft has released the patch against the iepeers.dll zero-day vulnerability.  This vulnerability is being exploited in the wild, and offers remote code execution by simply viewing a specially crafted webpage.  The patch for this unfortunately, is bundled in with 9 other responsibly disclosed vulnerability fixes.  This delays testing and deployment of the one item that needs to be patched NOW, and I really wish Microsoft would stop doing that.

Anyway, get patching.  You should not wait around to get this one onto your systems.  Desktops are the focus, however the bundling makes ALL versions of IE and Windows vulnerable.  A reboot will be required.