Computer Security Companies

Keeping up with the Jones' 20th century counterpart--computer security--is a full-time job for a full-time staff of, to extend the analogy into reality, numerous IT security vendors. A short list of the bugs that Microsoft has found recently makes the point of how important these specialized services are painfully clear. This particular set of vulnerabilities arose with its XP operating system SP2 release but apply as well to Windows 2003 servers.

Bulletins MS04-29 through 38, for example, address vulnerabilities in the Windows shell, SMTP, NetDDE, WebDAV XML message handler, compressed folders, and NNTP. Seven of these bulletins are marked critical. Three are noted as important. The risks, Microsoft explains, include denials of service, remote code execution, and information disclosure. This is, as it were, just one iceberg on the industry sea.

The SANS Institute, a well-established resource for information on computer and Internet security, recently released in its latest Top 20 Internet vulnerabilities list (first released four years ago). A living document, it is a compilation and consensus of various government agencies, software vendors, consulting firms, and other user organizations in the United States, the United Kingdom, and Singapore. It identifies weaknesses needing immediate attention and gives instructions on correcting them as well as links to more information about them.

The Third-Party Solution

Effective risk management is as much efficient and realistic budgeting as it is understanding a company's core processes and protecting them. When it comes to securing network infrastructures, protecting critical data, and guarding against the risks inherent in Internet connectivity, the costs mount. It's no surprise, then that the number of specialized IT and Internet security firms has risen in the last few years. Nor should it be a surprise that more and more organizations are outsourcing the challenge of meeting such risks.