FIVE CRITICAL ELEMENTS OF SECURITY REMAIN RELEVANT TODAY.
"Y 0ETER #OFFEE
If you ask most people to free-associate from the trigger term “September 2001,” likely responses
might be “World Trade Center” or “terrorists.” Only people at the epicenter of an enterprise IT operation are likely to recall that the week after 9/11 was marked by the worldwide attack of the Nimda worm
— which many now regard as an inflection point in the sophistication and, consequently, the speed and
severity of attacks against e-business.
The University of Calgary, in Alberta, Canada, has compiled estimates of Nimda’s impact that include
2. 2 million infected machines within 24 hours and a cleanup cost of $539 million.
The IT industry has had almost six years to recognize the significance of such numbers and to make
the best practices of enterprise security the norm rather than the exception. But that recognition has
remained largely nominal, and the response superficial.
Two years after Nimda, for example, the Slammer worm successfully inflicted a billion dollars’ worth
of nuisance and cleanup. And the Sober worm in 2005 may have accounted at times for as much as
70 percent of worldwide e-mail volume: succeeding by taking advantage of laxity in risk assessment and
prevention; underinvestment in detection and response; and a general lack of vigilance.
By no coincidence, those five elements of security — risk assessment, problem prevention, attack
detection, incident response and creation of a climate of vigilance — were the five sections of a major
e WEEK Labs series of articles, “Five steps to enterprise security,” that was launched in November 2001.
Labs staff revisit that report in the following pages — with the aim of reiterating what’s still critical and
also raising consciousness in areas of concern that have emerged or intensified since then.
"Y 0ETER #OFFEE j^[ IWhXWd[i#Enb[o 7Yj WdZ e\ ej^[h [dj[hfh_i[ ]el#
?d j^[ o[Wh j^Wj [hdWdY[ cWdZWj[i" Wbed] m_j^ fkXb_Y WmWh[d[ii e\
\ebbem[Z j^[ _d_# fh_l WYo j^h[Wji WdZ h_iai e\ _Z[dj_jo j^[\j$
j_Wb fkXb_YWj_ed e\ Dej WXbo" 9Wb_\ehd_WÀi i[Ykh_jo Xh[WY^
[M;;A B WXiÀ ½<_l[ ?d\ehc Wj_ed 7Yj" Wa W I8 ').," Wffb_[i je Wdo
ij[fi je [dj[h# YecfWdo m_j^ [l[d W i_d]b[ 9Wb_\ehd_W Ykijec[h$
fh_i[ i[Ykh_jo¾ _d ?j c WdZWj[i Xhe WZ dej_\_YWj_ed e\ Wdo Wff Wh[dj
Del[cX[h (&&'" b[WaW][ e\ kd[dYhofj[Z ½f[hiedWb _d\ehcWj_ed"¾
j^[h[ m Wi W \_h[# Z[\_d[Z Wi Wd _dZ_l_Zk WbÀi \_hij d Wc[ eh \_hij _d_j_Wb
ijehc e\ h[ W Yj_ed WdZ b Wij d Wc[ _d YecX_d Wj_ed m_j^ Wdo ed[ eh
je j^[ W YYekdj_d] ceh[ e\ j^[ \ebbem_d]0 W Ie Y_Wb I[Ykh_jo dkcX[h"
WXki[i h[l[Wb[Z _d j^[ W\j[hcWj^ e\ j^[ ;dhed Zh_l[hÀi b_Y[di[ dkcX[h eh ?: dkcX[h" eh \_dWdY_Wb
XWdahkfjYo _d :[Y[cX[h e\ j^Wj o[Wh$ WYYekdj dkcX[h _d YecX_dWj_ed m_j^ Wd WiieY_#
?d I[fj[cX[h (&&," ed j^[ \_\j^ Wdd_l[hiWho e\ Wj[Z i[Ykh_jo YeZ[ eh fWiimehZ$
j^[ /%'' WjjWYai" c[cX[hi e\ [M;;AÊi 9ehfehWj[ <ebbem_d] _ji [\\[Yj_l[ ZWj[ _d @kbo (&&)"
FWhjd[h 7Zl_ieho 8eWhZ jebZ [M;;A j^Wj j^[ _cfWYj I8 ')., d[Y[ii_jWj[Z Yeijbo WdZ [cXWhhWii_d]
e\ j^ei[ WjjWYai ^WZ X[[d \Wh ceh[ [l_Z[dj _d d[m fkXb_Y WYji e\ i[b\#^kc_b_Wj_ed Xo ijWj[ W][dY_[i"
f^oi_YWb i[Ykh_jo c[Wikh[i j^Wd _d Wdo [b[l Wj_ed e\ j^[ \_d Wd Y_ Wb _dij_jkj_edi" h[j W_b[hi" [Zk Y Wj_ed Wb
?J i[Ykh_jo feijkh[$ M^Wj ^WZ ceij Y^Wd][Z j^[_h _dij_jkj_edi WdZ ej^[h [cfbeo[hi$
?J [dl_hedc[dj" cWdo iW_Z" mWi j^[ feij#;dhed J^[ el[hWbb [\\[Yj e\ IWhXEn" I8 ')., WdZ i_c#
_cfWYj e\ im[[f_d] WdZ f[hlWi_l[ b_ibWj_ed ikY^ Wi _bWh c[Wikh[i _d ej^[h ijWj[i _i j^Wj _dWjj[dj_ed