You are in: Articles / Studies & Benchmarks / Get smart about patching security vulnerabilities
 
 
 

Get smart about patching security vulnerabilities

(Linda Tucci, Senior News Writer, SearchCIO-Midmarket) How can companies be free of security vulnerabilities? They could ferret out all the flaws in their computer products and patch them. They could prevent flaws from being exploited by shutting down systems. Of course, neither is good for business or the budget.

That's the view of Peyton Engel, a technical architect who heads the security assessment team at CDW Corp., at the recent Fusion 2009 CEO-CIO Symposium in Madison, Wis."Instead, companies need to spend less time reacting willy-nilly to security vulnerabilities and more time asking whether threats are likely to affect them," Engel said. He recommends companies identify the point of diminishing returns of patch management by weighing the probability and severity of the security vulnerability, rather than the severity alone.[...]

Calculated hype from security vendors
But calculating risk is itself a risky business. One formula, for example, calls for thinking about risk in terms of annualized loss expectancy. To determine this, you multiply the single loss expectancy, or the cost of a single incident, by the annual rate of occurrence (ARO), or how many incidents per year, to get a dollar figure per year. If the solution the security guy is trying to sell you is less than dollars per year, then it is a no-brainer and you should buy it.

 
 
|
|
Rating: 12345
 
Leave a comment



Note: all fields marked with (*) are required
Comments (0)
 
Close send to email window
 



Verification code

Already a member?
Blacklist monitoring alerts
sign up Signup for our real-time monitoring service and receive email notifications each time one of your IPs gets blacklisted.
Free Signup
Mail Server Operating System Poll
.01

What OS do you use for your email server?
Linux
Windows
Other
disabled next
.02

How many mailboxes do you currently manage?
1-50
51-300
300+
previous next
.03

Would you like to comment upon the choosing of this particular OS?

previous
 
DNS Tools
Get IP status, owner and location, obtain its corresponding hostname or check specific ports.
Ping Statistics
Reverse DNS Lookup
Whois Info (IP owner)
GeoIP Information
Check Port
Open Relay Test
Test if your mail server is an open relay for spammers.
Blacklist Checker
Check if your IP is listed in DNS based email blacklists (DNSBL)