November 29, 2004

Global IT Security Market Forecast to Near $13 Billion

Revenues for the world's IT security market is expected to near $13 billion in 2004, with Cisco Systems Inc., Symantec Corp. and VeriSign Inc. leading the market, a research firm said Monday.

The projected $12.9 billion market consists of three components, threat mitigation, command and control and managed security services, The Yankee Group said.


Source: Yahoo! News

Related Links
Cisco Systems
Symantec Corporation
VeriSign Inc.
The Yankee Group

Clean bandwidth

The rise in distributed denial of service (DDoS) attacks is creating a market for ISPs that offer that offer a 'clean feed' to clients. Hosting companies and ISPs might be able to charge a premium of between 20 and 50 per cent for bandwidth filtered to remove hostile traffic, according to security appliance firm Top Layer.

Source : The Register

Related Links
Top Layer
Tipping Point

November 25, 2004

SSL VPN (& Hybrid VPN) Gateways - Product Matrix

The SSL VPN competitive landscape has all the typical markings of a young and vibrant hi-tech marketplace. By the start of 2004 the vendor ranks had expanded to 20+ companies, and until recently, most were small ventures that had shipped their initial SSL VPN Gateways only in the past two years. Since July 2003, several well-established public companies have acquired SSL VPN Technology- F5 Networks (uroam), Juniper (NetSceen ((Neoteris)), Symantec (Safeweb) and SafeNet (Rainbow). No vendor yet enjoys a large, defensible position - although Juniper is currently leading the pack based on 2003 product sales. While Cisco has announced SSL support on firewall/IPsec VPN products, this is not yet a feature-rich, remote access solution. Check Point announced its first SSL VPN appliance in May 2004.

Source: SSL VPN Central

Citrix buys Net6

Server-based computing firm Citrix yesterday announced a deal to acquire SSL VPN vendor Net6 for approximately $50m cash. The deal is expected to close by the end of the year.

Source: The Register

November 24, 2004

Popular Risk Metrics for IT Security

Information Systems Security Association - GAISP
The International Information Security Foundation (IISF) - GASSP (GAISP Predecessor)
The International Standards Organization (ISO) - ISO 17799
The Organization for Economic Cooperation and Development (OECD) - Information Security Principles
The European Information Security Forum (ISF) - Standard of Good Practice
The Institute of Internal Auditors (IIA) - Systems Assurance and Control (SAC)
The Information Security Audit and Control Association (ISACA) - Control Objectives for Information and Related Technology (CobiT)

USPS gets SSO

To move the mail across the network of 37,000 locations, Postal Service workers must access mail processing systems, tracking and distribution software, scheduling and financial recordkeeping databases and the usual array of office applications. The average user has 10 unique identities, higher than the six-to-eight average of most enterprises. Stretch that across 300,000 regular computer users and the dizzying array of applications they touch every day, and you've got a lot of pain, says Bob Otto, the Postal Service's CTO.

"If users can't remember their passwords, they'll write them on sticky notes and post them on their monitors, or call our help desk, which costs us money and lost productivity," says Otto. "We wanted to simplify."

Quantifying Infosecurity

For a long time (at least in Internet terms), businesses didn't take security into consideration when launching e-commerce ventures and online services. Security was usually injected as a secondary consideration, and sometimes not until there was a security breach--the proverbial closing of the barn door after the horses got loose.

November 23, 2004

The real cost of open source

"With open source, who's going to support the hundreds of thousands of users?" asked Quazi Zaman, platform technology specialist manager for Microsoft's federal division, based in Washington, D.C. "With commercial software, end users have direct vendor support, third-party systems integrators and help desks. Then there's the training piece. How am I going to reduce enterprise costs if I have to get thousands of people up-to-date in using open source?"

Source: Federal Computer Week

Whats that supposed to mean? By that logic we shouldnt invent new things, no new cars, no new phones etc. because who is going to train the users? From the way I see it IT is just a tool, and of course there will be some pain when learing new ways to harness its power that doesnt mean we shouldnt do it.

A good risk to take

At the request of Sen. Sam Brownback (R-Kan.), GAO analysts studied the idea of creating a system that could crunch reams of economic and social indicators to create something of a national barometer — a Web-based system for evaluating the state of the state. It is within the realm of possibility, they determined, although it would not be easy.

Indeed, the risk of failure is real. There's no shortage of data to analyze, nor is there a dearth of technology to analyze it. But how do you develop a system that turns all that data into a reliable gauge of the nation's health?

Source: Federal Computer Week

November 20, 2004

Handbook of Information Security Management

(Imprint: Auerbach Publications)
(Publisher: CRC Press LLC)
Authors: Micki Krause, Harold F. Tipton
ISBN: 0849399475