Miles Associates LLC

Great insightful article with several nuggets that  I found to be timely refreshers; via Leadership Insights from Executive Velocity: Leadership: Trick or Treat?.

…Given the compelling case for securing the enterprise, why do CEOs fail to invest more in security solutions? Does this simply represent a failure of IT and security staff to make a compelling business case? Or are the CEOs in fact being short-sighted?

…Risk management is the only rational way to frame the debate…The management decision is one of making rational trade-offs between the probability of an event, and the cost of reducing that possibility – but not eliminating it…
…
Security spending for compliance, then, is a given. And while compliance spending may not comprehensively protect the enterprise against a breach, it does provide one important bit of protection: liability. From the CEOs perspective, while the cost per record of responding to a breach may be high, its nowhere near the potential cost of lawsuits resulting from said breach. And achieving compliance appears to provide a liability shield.

via Is Compliance the New Security Standard?.

A new zero-day bug affecting Adobe Reader and Acrobat is being exploited in the wild. Though the vulnerability affects the products on Unix, Mac and Windows systems, the exploit observed in the wild is focused on Microsoft Windows for the moment.

Adobe is warning users about a critical vulnerability in versions of Adobe Reader and Acrobat that is being exploited in targeted attacks.

via eWeek.

Google’s Gmail and Yahoo’s Mail were also targeted by a large-scale phishing attack, perhaps the same one that harvested at least 10,000 passwords from Microsofts Windows Live Hotmail, according to a report by the BBC.

via networkworld.com.

Looks like 13 bulletins, 8 of them critical, and something for everyone…   Microsoft Security Bulletin Advance Notification for October 2009.

Here are two lists of malware detection tools from Jody Gilbert at TechRepublic:

10 ways to detect computer malware.

10 more ways to detect computer malware.

Microsoft confirms it is releasing Microsoft Security Essentials, its free anti-malware product, on Sept. 29.

A friend of mine participated through the beta and gave a positive review of Security Essentials.

via eWeek.