Broad Range of Issues on Current List of IT Security Concerns
STAMFORD, Conn. - Deciding what IT security products and services are necessary are a big part of the equation for credit union executives and others whose jobs are to decide what to spend and where to protect the enterprise. This is a list of the 11 top security issues of 2003, according to analysts from Gartner Inc.: Web services security - Web services will lead to discontinuities in how new applications will be secured. Enterprises should take a cautious approach to Web services deployment across the enterprise perimeter. Wireless LAN security - Insecure wireless LANs represent a serious point of potential failure for enterprise networks. Identity management and provisioning - Identity theft is a rampant cybercrime mostly accomplished via pedestrian means, but Directory Network Service, social engineering and denial-of-service attacks remain threats that enterprises must address. Role of security platforms and intrusion prevention systems - Intrusion detection systems (IDS) continue to evolve, particularly in correlation technologies to improve alerts, but also in an evolution toward prevention and forensics. Correlation of events for reporting/monitoring/managing consoles - It's important to know what's going on and determine if an attack or a problem occurring on one portion of the network is related to a problem on another network segment. The next Code Red/Nimda - Code Red and Nimda cost enterprises as much as $3 billion. There are fears of something more damaging in the future. Then came the Slammer worm. Instant messaging security - Seeking any open port, instant messaging and other peer-to-peer programs can put networks and information at risk. Homeland Security - The impact of homeland security in the United States has not yet been felt in many industry sectors. Tactical security to infrastructure security - The short-term attention to tactical security solutions will change to renewed attention to infrastructure security as part of the homeland dynamic. Protecting intellectual property - Protecting intellectual property remains an issue because of competitive intelligence and corporate espionage activities. Transaction trustworthiness/ auditability - Recent corporate financial-reporting scandals will influence the application of information security techniques to improve the trustworthiness of enterprise transactions and the audit trail.