Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
Build a Case for Security
Establishing a business case is perhaps the first phase in any project initiation. Organizations that are successful maintain full justification for all business expenditure. An information security project is no different. An effective information security program requires visible support from executive management. To gain support, a persuasive business case is often necessary. An information security program will have numerous tangible and intangible benefits to any organization. It is the role of a business case to document these.
To build a persuasive case for information security, it is important for practitioners to "to become more managerial in outlook, speech, and perspectives." (Information Security Management Handbook 4th Edition, Volume 2.) Stressing the technical benefits of information security is no longer sufficient because of the size and expenditure of information security programs. When making a case for information security, an emphasis should be placed on how proactive security mechanisms ensure that senior management will not be held liable for negligence. As IT has become more prominent in organizations, so have compliance and regulatory requirements. Today, senior management personnel are expected to demonstrate due care and due diligence in relation to information security. With this, information security must become an essential aspect of management.
Addressing the overall benefits of information security is important as well. A business case should stress how information security can become a business enabler. It can be a company differentiator by offering increased levels of customer satisfaction and contributing overall to total quality management. Information security also provides a means to ensure against unauthorized behavior. Often trusting that internal employees will "do the right thing" is not enough. Information security related business cases should be written in a way that emphasizes all benefits of information security.
The Community edition of EnGarde Secure Linux is completely free and open source. Updates are also freely available when you register with the Guardian Digital Secure Network.
Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
LinuxSecurity.com Feature Extras:
- Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.8 (Version 3.0, Release 8). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool, several updated packages, and several new packages available for installation.
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
Debian | ||
Debian: New ncompress packages fix potential code execution | ||
10th, August, 2006
Tavis Ormandy from the Google Security Team discovered a missing boundary check in ncompress, the original Lempel-Ziv compress and uncompress programs, which allows a specially crafted datastream to underflow a buffer with attacker controlled data. advisories/debian/debian-new-ncompress-packages-fix-potential-code-execution |
||
Debian: New shadow packages fix privilege escalation | ||
12th, August, 2006
Updated package. advisories/debian/debian-new-shadow-packages-fix-privilege-escalation |
||
Debian: New heartbeat packages fix denial of service | ||
15th, August, 2006
Updated package. advisories/debian/debian-new-heartbeat-packages-fix-denial-of-service |
||
Gentoo | ||
Gentoo: MIT Kerberos 5 Multiple local privilege escalation (test Falco for security@) | ||
10th, August, 2006
Some applications shipped with MIT Kerberos 5 are vulnerable to local privilege escalation. |
||
Gentoo: Warzone 2100 Resurrection Multiple buffer overflows | ||
10th, August, 2006
Warzone 2100 Resurrection server and client are vulnerable to separate buffer overflows, potentially allowing remote code execution. |
||
Gentoo: libwmf Buffer overflow vulnerability | ||
10th, August, 2006
libwmf is vulnerable to an integer overflow potentially resulting in the execution of arbitrary code. |
||
Gentoo: Net:Server: Format string vulnerability | ||
10th, August, 2006
A format string vulnerability has been reported in Net::Server which can be exploited to cause a Denial of Service. |
||
Gentoo: WordPress Privilege escalation | ||
10th, August, 2006
A flaw in WordPress allows registered WordPress users to elevate privileges. |
||
Mandriva | ||
Mandriva: Updated gnupg packages fix vulnerability | ||
14th, August, 2006
An integer overflow vulnerability was discovered in gnupg where an attacker could create a carefully-crafted message packet with a large length that could cause gnupg to crash or possibly overwrite memory when opened. Updated packages have been patched to correct this issue. |
||
Mandriva: Updated heartbeat packages fix vulnerability | ||
14th, August, 2006
Two vulnerabilities in heartbeat prior to 2.0.6 was discovered by Yan Rong Ge. The first is that heartbeat would set insecure permissions in an shmget call for shared memory, allowing a local attacker to cause an unspecified denial of service via unknown vectors (CVE-2006-3815). The second is a remote vulnerability that could allow allow the master control process to read invalid memory due to a specially crafted heartbeat message and die of a SEGV, all prior to any authentication. |
||
Mandriva: Updated Firefox packages fix multiple vulnerabilities | ||
16th, August, 2006
A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program. |
||
Red Hat | ||
RedHat: Low: elfutils security update | ||
10th, August, 2006
Updated elfutils packages that address a minor security issue and various other issues are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-low-elfutils-security-update-15436 |
||
RedHat: Low: ntp security update | ||
10th, August, 2006
Updated ntp packages that fix several bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-low-ntp-security-update-RHSA-2006-0393-01 |
||
RedHat: Updated kernel packages available for Red Hat | ||
10th, August, 2006
Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 4. advisories/red-hat/redhat-updated-kernel-packages-available-for-red-hat-44538 |
||
RedHat: Low: kdebase security fix | ||
10th, August, 2006
Updated kdebase packages that resolve several bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-low-kdebase-security-fix-RHSA-2006-0582-01 |
||
RedHat: Important: perl security update | ||
10th, August, 2006
Updated Perl packages that fix security a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-perl-security-update-76832 |
||
RedHat: Moderate: httpd security update | ||
10th, August, 2006
Updated Apache httpd packages that correct security issues and resolve bugs are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-httpd-security-update-87284 |
||
RedHat: Moderate: wireshark security update (was | ||
16th, August, 2006
New Wireshark packages that fix various security vulnerabilities in Ethereal are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-wireshark-security-update-was-RHSA-2006-0602-01 |
||
SuSE | ||
SuSE: kernel security problems | ||
11th, August, 2006
Multiple security vulnerabilities in the kernel are addressed. |
||
SuSE: MozillaFirefox, MozillaThunderbird, | ||
16th, August, 2006
To fix various security problems we released update packages that bring Mozilla Firefox to version 1.5.0.6, MozillaThunderdbird to version 1.5.0.5 and the Seamonkey Suite to version 1.0.3. |
||