-
Mitigating Security Threats by Minimizing Software Attack Surfaces
An important method for improving the security of software is to assess and minimize the system's "attack surface." In this report, we provide a conceptual understanding of attack surfaces and explore how to use this concept to improve security of both internally-developed software as well as systems purchased as off-the-shelf software. We conclude by recommending best practices for limiting attack opportunities on IT systems. (4 pp., 2 figs.) [Executive Summary]
May, 2008
-
Nearly One-Third of Polled Firms Have No Written IT Security Policy
A survey conducted in June 2002 by Computer Economics revealed that 30% of the organizations polled do not have written IT security policies in place, despite the fact that written policies are key to a successful security effort.
October, 2002