SANS Top-20 2007 Security Risks (2007 Annual Update)---------------------------------------------
Seven years ago, the SANS Institute and the National Infrastructure Protection Center (NIPC) at the FBI released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. Thousands of organizations relied on that list, and on the expanded Top-20 lists that followed in succeeding years, to prioritize their efforts so they could close the most dangerous holes first.
The Executive Summary can be read here
SANS Top 20 Internet Security Risks of 2007 Point to Two Major Transformations in Attacker Targets
[dinesh] The 2007 list mentions Client-side Vulnerabilities, Server-side Vulnerabilities, Security Policy and Personnel, Application Abuse, Network Devices, Zero Day Attacks with a listing in each area along with best practices for prevention.
The worst IT security incidents of 2007------------------
Tom Espiner ZDNet.co.uk
Published: 14 Nov 2007 17:19 GMT
Despite the message being driven home by governments, consumer groups and industry bodies that IT security is paramount, this year has thrown up a worrying number of serious breaches.
[My two cents ] I like the fact that HMG just made it to the list ! And they got top billing for putting millions of children and their families at risk for identity theft. The one about the DHS mail snafu is hilarious because the least one can expect is that people employed in such a Security organization will know about secure email exchanges and how NOT to send email address lists in the open world. Of course they would not make it to the list if they did have some training :)
Ten threat predictions for 2008----------------------
ZD Net : December 4th, 2007
Posted by Richard Stiennon @ 3:29 pm
[dinesh] this lists threats in the social networking area, DDOs, crime, gaming ... and as I write this one of the predictions has come true. Richard is watching and I am sure he hopes he is proven wrong because no one wants bad stuff to happen. However ...... que sera sera !
Labels: top security incidents, top security list