Information Risk Group LLC
The Internet
is the greatest communication
enabler the world has ever known. Its power has been harnessed
for
research, education, commerce and unfortunately illicit
activities. With
the
rise of the sun a software security flaw discovered in Beijing may
become proof
of concept exploit code in Boston. Before the software vendor and
its customers can
react a “security
group” in Berlin has published to the world executable code, which your
average
11 year old can manipulate to gain full access to a system.
Last
year a study of the Slammer worm led by CAIDA
(The Cooperative Association for Internet Data Analysis) examined this
new
reality. They determined that the
majority of systems vulnerable to the worm were infected within the
first 10
minutes of its launch. This worm, which
caused an estimate U.S. $2.5 billion dollars in damage, was written a
little
more then
three weeks after the vulnerability was found in Microsoft’s SQL server
code. Even though Microsoft promptly published a security fix for
this flaw its customers were clearly ill prepared when the worm
burrowed its way through the Internet. This is just one example
of many that demonstrate just how dangerous the Internet has become in
recent years. Be it a flaw in Microsoft's DCOM service implementation
or in the Apache Web Servers SSL implementation, once found one can be
assured that eventually it will be exploited. A strong proactive
defense in depth approach to IT security could have prevented these
vulnerabilities from being exploited at multiple levels.
Information Risk Group
approaches protecting systems and networks holistically. Our
enterprise-wide information security framework focuses on: asset
classification, asset protection, asset management, vulnerability
assessment, security awareness, threat assessment,
monitoring and incident response. Our consultants have the
industry experience and knowledge to answer your questions. Let
the experts at IRG help you assess and mitigate your risk.
Information Risk Group, offering information security and risk
management services to companies throughout the Americas.
|
|
|
|
What's New?
IRG is
pleased to release our "Top 10" Information Security ideas for
2006. Each of them have been chosen by our security analyst
based on the following three factors:
- ability to lower corporate risk
- ability to lower overall IT cost
- ability to increase employee
productivity
Download our presentation on "Cost
Justifiying Information Security" now.
GLBA Compliance
Assistance
IRG continues to assist financial institution
in furthering their compliance efforts such that they adequately
address GLBA
section 501(b) guidelines on information security. IRG has
developed industry leading methodologies and procedures concerning:
Contact Information Risk
Group today or download our GLBA brochure
for more information |
