Penetration Testing mailing list archives

Re: Internal Servers (noob post) misconceptions persist;

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 25 Jun 2009 11:26:13 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

June 24, MXLogic - (International) CISOs see insiders as greatest `humanthreat' to data security. The vast majority of chief information securityofficers surveyed at a CISO summit in June said that insiders are thegreatest human threat to data security, while only 18 said they areconcerned about threats from external sources such as cybercriminals andcorporate spies. The survey by NetWitness Corporation and MIS Training Instituterevealed that 80 percent of CISOs and CSOs feel insiders are the greatesthuman threat. A conference director at MIS Training Institute said the surveyfindings are "alarming," in that there is a "misperception thattraditional security approaches alone can protect against information leaks and thatsome CISOs were not sure what they need for data protection or were notplanning to focus any money in that area this year." Although CISOs are at leastthinking about insider threats, another recent survey of business managersfound that executives seemingly do not think about insider threats to datasecurity from ex-employees. A Courion Corporation survey revealed that 93percent of business managers are confident that terminated employees pose no riskto their network security, even though many have limited knowledge of thesystems to which their employees have access. Source:http://www.mxlogic.com/securitynews/network-security/cisos-see-insiders-asgreatest-human-threat-to-data-security132.cfm



Thanks,


Ron DuFresne

- --~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

These things happened. They were glorious and they changed the world...,
and then we fucked up the endgame.    --Charlie Wilson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFKQ5cXst+vzJSwZikRAjcoAJ965gzBjvudQEux8BWuB6bLQ0U0jQCgsAWl
+KTEFn7KuN0VAYE2CwjWBok=
=oUed
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Internal Servers (noob post) pma111 (Jun 02)
- Re: Internal Servers (noob post) ticktock123 (Jun 03)
  - Re: Internal Servers (noob post) Micheal Cottingham (Jun 04)
    - Re: Internal Servers (noob post) misconceptions persist; R. DuFresne (Jun 26)
- Re: Internal Servers (noob post) Terry M (Jun 03)
- Re: Internal Servers (noob post) Muhammad Farooq-i-Azam (Jun 03)
- RE: Internal Servers (noob post) Gorgon Beast (Jun 03)
  - RE: Internal Servers (noob post) R. DuFresne (Jun 04)
    - Re: Internal Servers (noob post) Don Miesle (Jun 04)
    - Re: Internal Servers (noob post) R. DuFresne (Jun 12)
    - Re: Internal Servers (noob post) Jeffrey Walton (Jun 04)
    - Re: Internal Servers (noob post) Wim Remes (Jun 04)
    - Re: Internal Servers (noob post) R. DuFresne (Jun 12)
    - Re: Internal Servers (noob post) Remo Cornali (Jun 08)

(Thread continues...)