The Lists of 2007

At the start of the year everyone has one (or many) resolutions and at the end of the year thought leaders in the InfoSec space provide their List .... ! So we have announcements of the best and worst of the past year and whats going to be hot and whats not-not-going-to-be-hot.

I do not profess to have more than a few items on my list so I shall refrain from publishing a "Rambler's List" but yes I am going to try to get all the lists here together into a mother lode of all Lists. Maybe at the end of the exercise, I shall publish my own list and it will become the most awaited event in the industry :)

Before I move ahead, I cannot help but say that Wireless will pervade our lives, (the iPod has to go (nay, will go) wireless too) so it is the threat bed of criminal thought. Oh I thought I shall refrain from pushing my opinion, and this will be a neutral presentation of Lists. If I miss any list, it will not be intentional but can be due to oversight, and the reader is encouraged to send me the link and I shall gladly update this post. The Listing is no particular order !

SANS Top-20 2007 Security Risks (2007 Annual Update)
Seven years ago, the SANS Institute and the National Infrastructure Protection Center (NIPC) at the FBI released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. Thousands of organizations relied on that list, and on the expanded Top-20 lists that followed in succeeding years, to prioritize their efforts so they could close the most dangerous holes first.

The Executive Summary can be read here
SANS Top 20 Internet Security Risks of 2007 Point to Two Major Transformations in Attacker Targets

[dinesh] The 2007 list mentions Client-side Vulnerabilities, Server-side Vulnerabilities, Security Policy and Personnel, Application Abuse, Network Devices, Zero Day Attacks with a listing in each area along with best practices for prevention.

---------------------------------------------

The worst IT security incidents of 2007
Tom Espiner ZDNet.co.uk
Published: 14 Nov 2007 17:19 GMT
Despite the message being driven home by governments, consumer groups and industry bodies that IT security is paramount, this year has thrown up a worrying number of serious breaches.

[My two cents ] I like the fact that HMG just made it to the list ! And they got top billing for putting millions of children and their families at risk for identity theft. The one about the DHS mail snafu is hilarious because the least one can expect is that people employed in such a Security organization will know about secure email exchanges and how NOT to send email address lists in the open world. Of course they would not make it to the list if they did have some training :)

------------------

Ten threat predictions for 2008
ZD Net : December 4th, 2007
Posted by Richard Stiennon @ 3:29 pm

[dinesh] this lists threats in the social networking area, DDOs, crime, gaming ... and as I write this one of the predictions has come true. Richard is watching and I am sure he hopes he is proven wrong because no one wants bad stuff to happen. However ...... que sera sera !

----------------------

Check back frequently and I shall keep updating. If this mother of lists grows too big I shall split into a new list !!

Dinesh O Bareja

Labels: top security incidents, top security list