Broad Range of Issues on Current List of IT Security Concerns

STAMFORD, Conn. – Deciding what IT security products and services are necessary are a big part of the equation for credit union executives and others whose jobs are to decide what to spend and where to protect the enterprise. This is a list of the 11 top security issues of 2003, according to analysts from Gartner Inc.: Web services security – Web services will lead to discontinuities in how new applications will be secured. Enterprises should take a cautious approach to Web services deployment across the enterprise perimeter. Wireless LAN security – Insecure wireless LANs represent a serious point of potential failure for enterprise networks. Identity management and provisioning – Identity theft is a rampant cybercrime mostly accomplished via pedestrian means, but Directory Network Service, social engineering and denial-of-service attacks remain threats that enterprises must address. Role of security platforms and intrusion prevention systems – Intrusion detection systems (IDS) continue to evolve, particularly in correlation technologies to improve alerts, but also in an evolution toward prevention and forensics. Correlation of events for reporting/monitoring/managing consoles – It’s important to know what’s going on and determine if an attack or a problem occurring on one portion of the network is related to a problem on another network segment. The next Code Red/Nimda – Code Red and Nimda cost enterprises as much as $3 billion. There are fears of something more damaging in the future. Then came the Slammer worm. Instant messaging security – Seeking any open port, instant messaging and other peer-to-peer programs can put networks and information at risk. Homeland Security – The impact of homeland security in the United States has not yet been felt in many industry sectors. Tactical security to infrastructure security – The short-term attention to tactical security solutions will change to renewed attention to infrastructure security as part of the homeland dynamic. Protecting intellectual property – Protecting intellectual property remains an issue because of competitive intelligence and corporate espionage activities. Transaction trustworthiness/ auditability – Recent corporate financial-reporting scandals will influence the application of information security techniques to improve the trustworthiness of enterprise transactions and the audit trail.