TechTarget

Collaboration is way to fix a hole

IT directors have come back after the Christmas break to the first big security scare of the year - a flaw affecting all versions of Windows - raising concerns about how IT departments can cope with so-called "zero day attacks".

This Article Covers

Jobs

IT directors have come back after the Christmas break to the first big security scare of the year - a flaw affecting all versions of Windows - raising concerns about how IT departments can cope with so-called "zero day attacks".

The first exploit code was acknowledged by Microsoft on 29 December, yet the official patch has only been made available today. And there have been reports of rogue websites and virus-infected e-mail exploiting the flaw, which can infect a PC when a user opens a .wmf image.

What makes this exploit interesting is that a third-party developer, Ilfak Guilfanov, produced a workaround which was independently verified by security body the Sans Institute. This workaround proved so popular on its release that Guilfanov's website, Hexblog.com, was temporarily suspended after being inundated with download requests.

The dilemma users face is whether they should apply a third-party workaround or wait for the official patch. Installing a third-party fix works well in the open source community, but how can you be sure it will work, and what indemnities do you have if something goes wrong?

The risk may be too great for many, outweighing the protection the workaround could provide. But waiting for the official patch leaves firms vulnerable.

When an exploit is in the wild, what is needed is some way for software companies such as Microsoft to work more closely with third-party developers to fast-track the approval of workarounds, giving users protection while the full patch is being developed.

The skills you need

The reality or size of the skills gap seems to vary according to who you talk to. Many IT professionals, especially older ones, could be excused for asking, "Skills gap? What skills gap?" when they find it hard to find a job despite excellent skills and experience.

On the other side of fence, some employers who find it hard to attract or retain the IT staff they need may be tempted by the siren call of outsourcing. Others, however, see developing the skills of in-house staff as the only route to long-term efficiency.

On page 18 we examine how skills management frameworks can help to make future needs and the path to meeting those needs visible and manageable.

And, of course, building effective teams is not simply about training. Motivating and retaining skilled staff is as much about corporate culture as about training and pay, as Computer Weekly's Best Places to Work Awards, whose shortlist we will announce next week, make clear.

This was first published in January 2006

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close