Trusecure’s Essential Practices Proactively Defend Against The Sans/fbi Top 20 Internet Security Vulnerabilities

Top 20 Vulnerabilities No Match for TruSecure Methodology; TruSecure Expert Available for Discussion

HERNDON, Va.–October 7, 2002 — The Internet security vulnerabilities in the recently released SANS/FBI Top 20 are solvable by consistent operational practice, reasonable administrative diligence and tactical planning offered by TruSecure’s Essential Practices, a standard part of TruSecure’s Security Assurance Services (SAS). Jon McCown, senior technical director for TruSecure(R), is available to discuss the SANS/FBI Top 20 list and TruSecure’s proactive, systematic approach to managing information security.

“Two of the remaining four are addressed by reasonable administrative diligence and two are “new’ and require some tactical patching. In fact, some of the vulnerabilities on the list are about to have their third birthday — and still people haven’t fixed them. Running with scissors is still a bad idea.”

“While the SANS Institute and the FBI have clearly outlined the vulnerabilities that companies need to be concerned about, the more important issue is that businesses need to have a proactive security methodology in place to handle these concerns and any future concerns before they become a problem,” continued McCown. “The SANS/FBI Top 20 list has put its fingers on the problem, but TruSecure Essential Practices, which are dynamic and continuously updated to reflect newly discovered relevant threats and vulnerabilities, provide the long-term solution.”

IT staff can easily miss the latest security patch for an operating system or virtually any program running on the system. In many cases, a “back door” left for programmers to come in and fine tune compliance or conduct scheduled maintenance can also create an opportunity for unauthorized access. With the flood of patches available, it can be impossible for organizations to keep up. TruSecure’s Essential Practices enable enterprises to have an efficient, cost-effective security posture without scrambling for the latest patch or upgrade.

TruSecure Corporation, a leading security services provider, has a methodology unique in the security world. TruSecure’s Essential Practices, a standard part of its Security Assurance Services, take a systematic, critical, holistic approach to strengthening the current security stance of a network. The Essential Practices identify the risks that have the greatest potential impact on the client’s specific business — rather than forcing them to chase the thousands of reported issues that don’t present a substantive risk. Unlike most government or industry standards, TruSecure’s Essential Practices are dynamic and continuously updated to reflect newly discovered relevant threats and vulnerabilities. For more information on TruSecure’s Essential Practices, please visit
http://www.trusecure.com/methodology/essential/.

For the SANS/FBI Top 20, the most commonly exploited vulnerable services in Windows Systems range from Internet Information Services (IIS) to Window Scripting Host. The most commonly exploited vulnerable services in Unix Systems range from Remote Procedure Calls (RPC) to File Transfer Protocol (FTP). The full list of vulnerabilities can be viewed at http://www.sans.org/top20/#index.

For media interested in speaking with Jon McCown, please contact Cynthia S. Smith of TruSecure Corp. at (703) 480-8509 or csmith@trusecure.com, or David McKee or Brian Greehan of Schwartz Communications at (781) 684-0770 or TruSecure@schwartz-pr.com.

About the Expert

Jon McCown, senior technical director at TruSecure Corporation, has supported the technology research and methodology development at TruSecure since 1996. As part of TruSecure Research and Intelligence operations, McCown is engaged in threat analysis and the development of risk management strategies for TruSecure customers.

About TruSecure Corporation

TruSecure is a leading security services provider, offering the only fully integrated, enterprise risk management services on the market. TruSecure’s unique blend of proactive risk reduction with real-time security management, monitoring and response assures continuous security of critical business information assets. TruSecure certification has become a globally recognized symbol of commitment to effective information security in an interconnected economy. Additionally, TruSecure owns the independently operated ICSA Labs® and Information Security® magazine. Headquartered in Herndon, VA, TruSecure protects more than 700 sites worldwide, with operations in North America, Central America, Europe and Asia Pacific. For more information about TruSecure Corporation, visit www.TruSecure.com.

###

TruSecure, ICSA, ICSA Labs, and Information Security are registered trademarks of TruSecure Corporation. All other trademarks and service marks mentioned herein are property of their respective owners.