The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik – BSI) is responsible for IT security within the German Federal government. In addition they work on IT security standards for Germany and are moving into a national incident tracking function as well. In December 2014 they published their yearly report summarizing the IT security state in Germany as "critical", with attacks rising, German companies leaking data and exposing their infrastructure to even physical damage. Much of it is due to a 'Digitale Sorglosigkeit', a digital carelessness where the IT industry does not pay attention to avoidable threats.

Continue reading …

Last week we finished our analysis for the Top 10 most prevalent vulnerabilities for the trailing three months: November and December 2014 and January 2015. We perform this analysis periodically to provide the market an overview of one of the items in our Laws of Vulnerabilities Research: the Prevalence of Vulnerabilities.

You can use the data to enrich your own Vulnerability Management practice. We think it makes sense to take a look at the listed vulnerabilities and see how you compare.

Continue reading …

In collaboration with the SANS Institute and the Council on CyberSecurity, Qualys today announced a new free service to help organizations implement the Top 4 Critical Security Controls to fend off attacks. The new service, available at https://qualys.com/top4, helps organizations quickly determine if the PCs in their environments have properly implemented the Top 4 Critical Security Controls, which the Council on CyberSecurity estimates can help companies prevent 85% of cyber-attacks.

Continue reading …