Vulnerabilities of low probability bring about devestating impact
(Continued from Consumerization of IT and state of the security industry and a reply to Low probability but a devestating impact.)
After lunch, we broke up into several groups and I headed to the discussion on "next generation threat analysis," which worked to identify vulnerabilities with a low probability of being exploited, but have a huge impact on business. Some of the vulnerabilities were very sensitive, so I'll be vague here -- sorry guys.
Corporate espionage and planting evidence was at the top of our lists, followed by sensitive unencrypted network traffic, SCADA, legacy applications and weak database security. Also included was sensitive information being stored in clear text, ssh port forwarding and encrypted outbound channels. These are definitely not unique to one company -- I'm sure many companies worry about these exact vulnerabilities as well.
I've seen data classification, knowing what you have and where it is come up in many discussions with folks at conferences and other meetings. Definitely tough with so much data, you have to ask where to start -- usually you have no choice but to start classifying new data. Classifying existing petabytes of information is close to impossible!blog comments powered by Disqus