InfoSec Philippines

Information Security, Technology News and Opinions

Global InfoSec Surveys and Adobe Reader Vulnerabilities

Posted by Jaime Raphael Licauco, CISSP, GSEC on November 8, 2008

Ernst & Young’s 2008 Information Security Survey

EY released their Global Information Security Survey 2008 a few weeks ago. The survey was conducted from June 6 – August 1, 2008, in more than 50 countries and with nearly 1,400 participating organizations.

Some of the key findings were:

  • Protecting reputation and brand has become a significant driver for InfoSec
  • People remain the weakest link
  • International InfoSec standards are gaining greater acceptance
  • Growing third-party risk are not being addressed
  • Business continuity still bound to IT
  • Another notable finding is that despite of the current period of economic pressures and of slowed growth, only 5% of respondents indicated a planned reduction in InfoSec expenditures, while 50% were planning to increase their investment in InfoSec. This is supported by similar numbers from CIO Magazine, CSO Magazine and PWC’s Global state of information security survey 2008 (pdf, 2.79 MB). Key highlights are stated here, and another summary can be found in a NetworkWorld.com article.

    For more information about the survey, click here. If you want a pdf copy of Ernst & Young’s 2008 Global Information Security Survey (1.42 MB) click here. For other informative pdfs from Ernst & Young regarding InfoSec, check out their Technology and Security Risk Services page.


    Adobe Reader vulns remind us why updating ASAP matters

    What I mean by ASAP here is after the correct patch management or change management procedures have been done. Patching/updating with no concern for proper procedures can easily lead to downtime and possibly even more vulnerabilities.

    I’m saying this after the SANS Internet Storm Center came across pdf files that exploited the recently found Javascript buffer overflow vulnerability. They also took note that at the time of writing (Nov 7, 2008) NO ANTI VIRUS could detect the malicious pdf.

    However, had you updated your Adobe Reader to version 9 (Windows systems) a few weeks back, you wouldn’t even need to think of the problem.

    Advertisements

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s

     
    %d bloggers like this: