Slashdot Mirror
Survey On Security Investment Trends
whoisjoe writes "Information Security Magazine has an interesting article (although it's in PDF) on the trends and effects of security spending by organizations.
Basically, organizations tend to spend less per machine as they grow, and the effectiveness of their investment tends to depend more on the share of the IT budget than the absolute amount."
fuck you
Fuck You Jason86z28
Typical of major corporations to try and drive the bottom line by cost cutting in areas that in todays tech environment are probably the most dangerous over the long term. Of course when something happens its simple to blame human error and crucify the IT department for not doing thier job.
"Hollowpoints: When you care enough to send the very best."
I just heard the sad news on talk radio. Troubled OS linux was found dead in its garage office. There were no further details. Truly a sad loss for OS dilletante-dabler troll hobbyists the world over.
bah too long. cant... concentrate
...but the liquor store closes in five minutes.
DAMN
Holy Spirit, I ask thee to search my heart on this day, and reveal to me by your power the truth Amen!
When was the last time you said the Lord's name (GD) in vain?
Have you ever stole anything in your entire life?
Do you desire something that does not belong to you {covet}?
What about Cussing, Lying, Hating, Cheating or just plain simple Lust?
If I break any part of the law, I am guilty of breaking it all!!!!!
As it is written,
For whosoever shall keep the whole law,
and yet offend in any one point, he is guilty of all.
So why do I still say, "I'm basically a good person" ?
As it is written,
there is none righteous, no, not one
For we all have sinned,
and come short of the glory of God
Why do you want to be a SLAVE to sin?
As it is written,
If the Son Jesus therefore shall make you free,
ye shall be free indeed.
For as many as are led by the Spirit of God,
they are the sons of God.
The Holy Spirit itself beareth witness with our spirit,
that we are the children of God:
A Slave when he failed to please his master, there were fearful consequences that had to be faced. Born out of his slavish fear, however, was one security. When the master specified in detail all of his duties and the slave fulfilled them, he could feel some security and acceptance. It was a security through accomplishment and perfectionism, but the sense of security was always overshadowed by his fears of inadequacy. The slave could perform his service with no love, admiration, or oneness of purpose with his master. That is a spirit of bondage.
A Son serves his father out of a sense of belonging, acceptance, love, and unity of purpose with the father. This son knew that his security and acceptance were dependent upon his relationship rather than his ability and diligence to achieve. His confidence was in the unconditional love of his father. His service was in gratitude for the father's love and sustenance rather than to meet demands of specifics and quotas set by the father. This young man was free from the fears of inadequacy in performance and he was free to exercise himself creatively in a loving relationship expressive of love and joy. This is the spirit of freedom that sons may enjoy.
So What is the Cost of SIN?
As it is written,
Who knowing the judgment of God,
that they which commit such things
are worthy of death,
not only do the same,
but have pleasure in them that do them
how can ye escape the damnation of hell?
The Way Out of the Darkness!
As it is written,
For by grace are ye saved through faith,
and that not of yourselves:
it is the gift of God:
Not by works of righteousness which we have done,
but according to his mercy he saved us,
by the washing of regeneration,
and renewing of the Holy Ghost
How Does Jesus free us?
As it is written,
For whosoever shall call
upon the name of the Lord shall be saved.
Neither is there salvation in any other:
for there is none other name under heaven
given among men, whereby we must be saved.
Believe on the Lord Jesus Christ, and thou shalt be saved...
Quick study on Eph 2:8,9
Grace* is the "unmerited" favor of God. That means we do not deserve it and can do nothing to ever deserve it. Grace is receiving goodness from God because God is good, not because I'm good.
Faith* is more than just believing in God, But trusting God. Knowing that Christ's payment for my sin was sufficient. Believing that he died for me, and on the third day, He rose again. Just as he promised he would.
Not of yourselves: it is the GIFT of God.* Gifts cannot be earned or they become wages. The moment you try to deserve the free gift of God, it becomes something you are trying to earn. Gifts are to be accepted with thanksgiving and gratitude.
Not of works;* If you have been trying to become worthy of Gods grace through works, STOP. Only through Faith in the blood of Jesus will you be saved. As a new creation in Christ, (born again of the spirit), God will give you the opportunity to join him in HIS work. And HE will receive all the glory and praise. "so no man can boast in himself."
Sons; *We all can be Free as sons!
Dear Friend,
If you want a personal relationship with Jesus Christ,
and you want to be sure that you are saved,
and that you will go to heaven when you die,
Pray this prayer to God, in your own words
and really BELIEVE it with all of your heart,
Dear Lord Jesus,
I admit honestly that
I am a sinner,
Please forgive me
Of all my sins
and come into my heart
and change me forever.
Thank you Jesus
for taking my sins
upon yourself and
dying on that cross
just for me.
Be forever,
My Personal
Lord and Savior.
Fill me with your
Holy Spirit
and your endless
Love.
Thank you for saving me
I Love you
Amen
Friend,
if you just prayed this prayer, I welcome you into the kingdom of God.
You need to tell someone that you are now a Child of God!.
Rom 10:9 That if thou shalt confess with thy mouth the Lord Jesus, and shalt believe in thine heart that God hath raised him from the dead, thou shalt be saved.
Rom 10:10 For with the heart man believeth unto righteousness; and with the mouth confession is made unto salvation.
The problem from the clients I've interacted with over the years has rarely been that they spend too much due to wanted X dollars per machine, but in their failure to realize that they too may be vuilnerable to threats that they think can't happen. As in many cases in this industry, the bulk of the problem lies about 20 inches in front of the screen. I've often found that some money spent on education is what is needed the most.
jX [ Make everything as simple as possible, but no simpler. - Einstein ]
Press release with summary of the article can be found...
Here
It's trendii.
Some of the major findings of the Information Security Magazine survey include:
it's just kinda weird becauz "off" has THREE letters. And, you know, it just seems unfair.
You can overanalyse data and get anything out of it. Stats are useful, but only in perspective. I wouldn't make any big decisions based on this survey.
For a start, 200+ does not an authoritative respondent base make. That's a relatively tiny survey, especially when you bear in mind that "2,196 practitioners completed some portion of the survey. The statistics in this report reflect responses from 215 qualified respondents"
So, 90% of respondents were invalidated. Why? Didn't fit the curve? Sure, you clean survey data, but when you're left with so few discrete results, any anomaly will look like a trend.
One other thought (or this'll turn into an essay): of _course_ security spending per user decreases with the size of the organisation. That's what "economy of scale" means!
The point that organisations tend to underspend IS true, but the predetermined conclusions of surveys like these aren't doing much to dispell FUD.
I'm not impressed. ISM should be doing a lot better than this. It's not all bad, but it's far from realistic.
Without reading the article in detail (will do it after posting, how clever ;)) that conclusion seems utterly logic. Higher share probably reflects the fact that the company management has understood the importance of IT security. And this probably shows everywhere else in the organisation.
...that Towelhead Habib reads this post and targets your house with a 737 next. You zealots are the reason we got attacked in the first place.
--
Religion - 1. (n.) The leading cause of war, death, and complete idiocy since the dawn of recorded history. 2. (n.) A sham and a crutch for weak-minded people. 3. (n.) Easy answers to questions that do not, nor ever will, have any. See also Brainwashing, Mind Control, Get-Rich-Quick Scheme, Megalomania.
He also equals imperialism, hegemony, and racism. Liberals might want to shift the focus back to the economy, but I think Bush is partly right, let's talk about foreign policy, however let's examine its disastrous effects on our country. Like how Israeli government-funded organizations such as AIPAC own our Congress or how the dangerous disregard of the UN is shaming us in front of the world. Al Gore and all the other spineless, cowardly Democrats are doing a disservice to the U.S. when they sidestep the blatant imperialism that is guiding our country.
All too often organizations will also trust the firewall to keep the company secure with WAY too little attention to keeping internal machines patched and up to date. Of course, this leads to a single point of failure, and if anyone makes it past the firewall it's a total free-for-all.
When it's an ugly chick, I can't control my stick !!
Hmmm. Only 215 "qualified respondents" that provided "reliable information". Then they divide them into small, medium, large, and very large sites. Assuming small networks outnumber large ones by a long shot, just how many "very large" networks (10,000+ machines) could they be getting results from?
Between the questionable statistics and the bizarre correlation between security and sex mentioned in the first paragraph, this article is nothing but a large serving of Buzzword Soup topped with noise and a sprinkling of anecdotal evidence, with yummy USA-Today-style pie charts for dessert.
It's Slashdot's evil twin... SlashNOT
The biggest weakness of any security system is always the human part. Overreliance of 'security software' only amplifies the vulnerabilitiy of firms to a resourceful attacker.
On a semi-related tangent: Some of you might be interested in the account of how a UC San Diego student with a crummy GPA managed to fast-talked his way into a Silicon Valley investment-banking firm internship.
The Pjammer Chronicles --
...that you enjoy the fires of hell, SINNER!
...the effectiveness of their investment tends to depend more on the share of the IT budget than the absolute amount.
Perhaps businesses that spend a larger share of their IT budget on security give it a larger priority in general.
If there is hope, it lies in the trolls.
milfhunter.com
Yet again Slashdot manages to gather a number of really stupid replies by people who have no clue, just think they do because they read other people's stupid posts on Slashdot....
I wonder if anyone has ever hacked into google? I'm not talking about creating false high listings but actually cracking google's database itself. Getting their full internal Zeitgeist would be a target I assume, based on how usefull the extremely limited version they post each month is.
They do have an incredible number of machines all connected directly to the internet.
If voting were effective, it would be illegal by now.
You can overanalyse data and get anything out of it. Stats are useful, but only in perspective. I wouldn't make any big decisions based on this survey.
For a start, 200+ does not an authoritative respondent base make. That's a relatively tiny survey, especially when you bear in mind that "2,196 practitioners completed some portion of the survey. The statistics in this report reflect responses from 215 qualified respondents"
So, 90% of respondents were invalidated. Why? Didn't fit the curve? Sure, you clean survey data, but when you're left with so few discrete results, any anomaly will look like a trend.
One other thought (or this'll turn into an essay): of _course_ security spending per user decreases with the size of the organisation. That's what "economy of scale" means!
The point that organisations tend to underspend IS true, but the predetermined conclusions of surveys like these aren't doing much to dispell FUD.
I'm not impressed. ISM should be doing a lot better than this. It's not all bad, but it's far from realistic.
There I am mumbling how stupid firewalls and virus scanners are, wondering if people really care about security..... and realize that learning what the problems are might solve more then trowing money at the likes of mcafee, I fire up /. "Does size matter???".... No The internet is doomed, microsoft allowed the dotdot bug to pop up three times in iis (oh so hexencoded dots are wrong to? what hex-encoded hexencoded dots.... do we really really have to release a patch, we already did that last week?), to bad only script kidies abuse this, once people actually lose money or their jobs, perhaps things change :-(
It's been 3 days since I've been back on my feet after my anal correction surgery. The doctors told me they have corrected as much of the damage as they could. I think I will get used to having to wear diapers the rest of my life, things could be worse. At least I am still alive, and I can still breathe the fresh air, smell the blossoming flowers, and hear the chirps of courting birds on a spring day. Although my life is much different now, I have the willpower and confidence to move on.
My name is Rob Malda. I got anally feltched too hard.
I remember the night like it was yesterday. Another fun and energetic Saturday at the discotech in the gay corner of town. I was being my normal flamboyant social butterfly self and talking to all the local cuties. There were a lot of muscly guys there and I must tell you the scent of raw, homosexual energy at the discotec always made the hair on my neck (and other places) stand erect. But there was this one guy who really stood out in the crowd. I would later discover his name was Jamal. The first time I saw his glistening ebony skin at the discotec I knew I wanted him inside me. I've always been good at picking up guys so I walked in my sharp female way, swinging my ass at each step, until I was right in front of that sexy piece of chocolate cake. He had short, frizzy hair, teeth whiter than milk, and a friendly smile that was out of this world. Man, I wanted his dick in my ass so bad. But I had to keep my groove. I said to him in my well crafted lisping tone, "Hey sweetie, I've never your sweet ass in these parts before, want to join me for a drink?" He smiled and replied in a deep yet touching voice, "Heh heh, I sure would you little sex muffin"
This really hit it off from there, We talked and danced and flirted like schoolgirls. I found out he was from a town a few hundred miles away, visiting the big city for a little fun. He had muscles like you wouldn't believe, obviously worked out a lot, I felt like a little strawman compared to him (I'm fashionably slim). I was on top of the world, the envy of every boy at the place, a star. When we were resting from the thumping disco-house music, I asked Jamal if he wanted a bump of crystal meth. He gladly accepted, telling me that in the town where he came from it was hard to find good crystal. I took a bump myself. My nose is no stranger to this wonderful stuff! The energy from the crystal really made us move. His dancing skills were on par with mine (which are excellent, I have danced in a couple of small Broadway-style plays before). I was really getting hot and horny at this point though, I knew we had to find a quiet spot of our own.
We walked very quickly to the bathroom; I couldn't keep my hands off his lucious abs. We found an empty stall and stormed into it, it was a whirling hurricane of passion. The speed made us very energetic. We didn't make out for long before things became hot and heavy. I slipped my hand into his tight leather pants and grabbed his sweet man package. I was thinking at this point 'how did a firehose end up in here?'. Then I realized this was his cock. It was the longest, thickest anaconda of a cock I ever witnessed. I pulled down his pants, which was difficult because he was getting real hard, real fast. I don't even want to guess how long his penis was, at least 12 inches, maybe more. And it was so think I couldn't even grab around it all with one hand. His cock was sweaty and glistened. I wanted this black staff real bad. I pulled off my own pants and bent down. I stuck the head of his cock in my mouth but it was just too big. I licked the rim a bit but I knew what I REALLY wanted. I turned around and assumed the position I have assumed so many times before. Face down, ass up. That's the way we like to fuck. My anus was not prepared for this brutal thrashing however. I've always described the sensation of anal intercourse as taking a long, incredibly enjoyable shit. But this didn't feel right at all. The walls of my anus were ripping, "PLEASE! Be gentle! I'm just a little white boy" I screamed. Jamal, fueled by crystal meth, wouldn't stop though. He began pushing his black cock into me harder and harder. The pain and pleasure was out of this world. I could feel his huge testicles smacking the back of my ass. He was grunting and groaning like a real man. I could hear the sensuous sound of blood and shit being packed by his violent fucking. I was in immense pain but I didn't want it to stop. He must have fucked me for 45 minutes before it was over but finally he began to cum. He was screaming so loud, "OH OH OH OH OH MY GOD, YES YES YES, TAKE IT LIKE A MAN, TAKE IT LIEK A MAN, AAAAAAAAAAAAAAAAAAAAAAH! OH YEAH!" At that moment I felt a gallon of cum spray into my ass, and I could hear shit, blood, and semen squishing inside me. It was paradise.
After Jamal removed his penis from my ass the problems started. I realized I was bleeding a lot more than usual. It took a whole roll of toilet paper to clean it up. I got dressed and returned to the discotech to unwind before going home. As I was walking across the dancefloor I felt a sharp pain in my ass and lower stomach. I fell to the floor and started screaming, I was shaking and sweaty and pale. At that moment, a huge surge of watery shit spewed from my anus. It was mixed with blood and semen. I was crying and screaming and in pain. Everything started to go black and I vomited all over myself. I briefly remember someone pulling me out of my pile of feces, semen, blood, and vomit and on to a stretcher.
I awoke in a hospital bed. A doctor was there when I opened my eyes. He explained to me how I almost died and how my ass and lower intestine were permanently damaged not only from Jamal but also from years of vigorous fucking by multitudes of men. It was a shock but I knew it was my own fault, you cannot lead this sort of lifestyle and not face the consequences one day.
So life goes on, I no longer frequent the discotec where I met Jamal and then collapsed spewing watery shit. I lead a much more relaxed, normal life now. I still talk to Jamal, even though he damaged me I will never forget that night. He is in love now with a boy in his hometown, and I wish him the best.
Way to go man!
"This man said just about EVERYTHING we hoped to hear from an American leader... pity he can't have his old job back, isn't it?"
What the fuck are ya hanging around in queer bars for, anyways? If queers are putting the moves on you, you either look like one, or are one, purty boy.
When did Slashdot turn into a gay site? Goddamn liberals taking over the place.
MJ's true face - reconstructed digitally here.
another post by a worldly wise 12 year old i see.
thank Jesus that turds like you will never amount to anything important or hold positions
of authority, unless, of course, you are considering a job in metropolitan law enforcement.
Thanks for the warning, because:
... They seem to think security is upgrading to Windows XP.
Help!
And how, exactly, does this connect to "News for nerds, stuff that matters" (emphasis mine)?
When anybody starts a report with "sex", you know their desperate for something. In this case to make a name for themselves.
The number one concern cited in this article is viruses and malicious code, yet all the corporations want to run Windows, which seems vulnerable down to its root core.
Now, if my company went cold turkey on Windows and MS office it probably couldn't continue do business. That's right, our business would dry up, real fast. We could use Macs, of course (at huge transition expense, but doable), but we'd still need MS office. I'm an avid home user of OpenOffice (on Linux) - I love the program and have found it entirely serviceable as a general office tool, and it's a tool that could certainly be used by office workers. However, if a pool of secretaries and clerks had to deal with MS office attachments coming in all day, and had to convert all their outgoing work product to MS office-compatible files, that would be a real problem, operationally. For service companies and others doing a lot of business with the outside world (probably most of the corporate world), weaning off of MS office is not a real option at the present time.
So, MS has all these companies by the shorthairs. Microsoft doesn't really HAVE to give a damn, actually, about the security vulnerabilities, because they do not make IT vulnerable in any material sense. The customers have no real choice. Microsoft just has to make it easier to deploy their own products and incorporate more "features", and all the macro, scripting, component and plugin capability built into their products plays into that objective just fine.
Not that it's so terrible to be a MS customer. Their latest enterprise agreements were quite reasonable. You just have to keep paying, and most management accepts that. And you get pretty decent service from them, really. The customer takes all of this (security flaws included), with a big smile on its face! The result is a nice annuity from virtually every business organization in the world. Better than being a tax collector.
Security won't go anywhere, IMO, until either the government or the corporate users en masse get up and demand something better.
One thing I never understood is why Microsoft isn't vulnerable to class action lawsuits, like the pharmaceutical companies get hit with all the time. That would straighten them out real fast. The answer may be that the people who would do this suing would be corporate america, and it's against their ethic to bring these kinds of suits (they're stuck defending them most of the time).
Maybe if times get tougher, or business more competitive, companies will have to think about how much these problems are really costing them, and whether it makes economic sense to start doing something effective about it. I don't think we're there yet.
I always feel painfully left out of these sorts of discussions. I go to SANS and everyone's talking about the newest corporate security firewalls, gizmos, and policies (in the form of precepts that users must obey). These people have it easy, comparatively. Try practicing security on an open, unregulated network that, by design, can't have a firewall protecting the mail/web/blah server(s). Talk to a vendor and they say "Well, you DO have our product behind a firewall, right?"
My environment is much different, and my job is much more difficult. My "very large" network has >60,000 devices, but the ISM seems to assume that any "very large" network must belong to a corporation having centralized structure. 25.9 incidents per year? HA! I wish...
Software suppliers are trying to make their software packages more ... Their best approach, so far, has been to take all
"user-friendly".
the old brochures, and stamp the words, "user-friendly" on the cover.
-- Bill Gates, Microsoft, Inc.
[Pot. Kettle. Black.]
- this post brought to you by the Automated Last Post Generator...