Abstract
Security continues to be the most significant risk (in terms of costs) associated with businesses, their information systems (IS), and information assets — especially those on the Internet. A new vulnerability or exposure seems to appear every week. A strong argument can be made that vendors ought to be held more responsible for their faulty systems. Although absolute security is impossible, and although a secure system today will have new risks next week, there are some developing tools of interest to assist auditors and security professionals in the management of the most critical Internet security vulnerabilities. Some expert assistance is being provided, not only in the publishing of alerts as new vulnerabilities occur, but also in assembling various broad analyses of Internet attacks and providing the results to the public. For example, a list from the SANS Institute and the FBI, called “Twenty Most Critical Internet Security Vulnerabilities,” serves as an excellent check-sheet for those responsible for security. This article attempts to provide tools and techniques that can mitigate these types of security risks.