- Not Anymore, Continued
- Known Vulnerabilities and Known Exploits
- Targeted Threats
- Critical Systems and Threats
- Regulatory Issues
- A Word About the Long Term: IPv6
- The Organizational Security Posture
- What Parts of Constant Vigilance Should I Outsource?
- What to Keep
- Who to Seek
- You Have Just Charted a Course: Let's Set Sail
Critical Systems and Threats
Solid, big-picture data from your local CERT will assist in combating known exploits and targeted threats. At a granular level, you can enlist customized products to forewarn you. One such service is Symantec's Deep Site, which gives clients raw data and customized security alerts about all threats. Before deploying either mechanism, you must prioritize your technology, mapping it to critical systems at critical times. Note that labeling a system as critical takes discernment. If you use Linux to print the company newsletter, it would not be categorized as a critical system. If Linux processes payroll every month, that's a different matter (especially at month's endif payroll goes down for a day on the last week of the month, it is a crisis).
Make sure to give your global security team ample time to stay current. Threats have changed since you last worked on your security plans, and they will continue to change. You cannot stop it, but you can track it and adapt accordingly, and honestly; to do less would be shirking your fiduciary responsibilities.