Ciscohas released itsfirst annual reporton the global
state of security, which makes several recommendations to enable
organisations to protect their networks.
Cisco says that although many end-of-year industry reports focus
on content security threats such as
viruses, worms,
Trojans, spam and
phishing, its 2007 Annual Security Report broadens the areas
covered with a set of seven risk-management categories.
These include vulnerability, physical, legal, trust, identity,
human and geopolitical factors. Together, they encompass security
requirements that involve anti-malware protection, data-leakage
protection, enterprise risk management, disaster planning and other
requirements.
The report makes several recommendations to
organisations to enable them to protect their systems:
Conduct regular audits within organisations of attractive
targets and evaluate the avenues that can be used to attack
them
Understand the notion that threats follow app usage patterns
Change the mindset of employees, consumers and citizens who
consider themselves innocent bystanders, and empower them to become
active against security threats
Make security education a priority
Institutionalise IT security education by incorporating it into
school curricula
Consider more than just performance when building a secure
network
Security suppliers need to provide comprehensive security
systems that extend throughout the network infrastructure