[ISN] VA has new security program

From: InfoSec News (isn@private)
Date: Tue Nov 25 2003 - 00:05:27 PST

  • Next message: InfoSec News: "[ISN] RE: Bluejacking ain't hijacking"

    http://www.fcw.com/fcw/articles/2003/1124/web-va-11-24-03.asp
    
    By Randall Edwards 
    Nov. 24, 2003
    
    The Department of Veterans Affairs started a proactive vulnerability
    management program to provide improved cybersecurity at more than 250
    facilities nationwide.
    
    Hercules, an automated vulnerability remediation solution offered by
    Citadel Security Software Inc., is a critical component in a strategy
    that includes Harris Corp.'s Security Threat Avoidance Technology
    (STAT) Scanner program as well as a hardware platform provided by
    Hewlett-Packard Co.
    
    The STAT Scanner probes the network and identifies possible
    vulnerabilities. Hercules has vulnerability assessment tools for a
    wide variety of platforms and allows VA personnel to review data from
    multiple sources before deploying a vulnerability fix.
    
    The arrangement covers 235,000 workstations and servers in the
    department's network.
    
    VA system administrators can deploy customized solutions for software
    defects, misconfigurations, unsecured user accounts, unnecessary
    services and backdoors.
    
    The new strategy will provide more frequent security assessments,
    reducing risks and ensuring compliance with privacy regulations and
    internal security standards, officials said. Potential vulnerabilities
    can more easily be identified and reported to the VA's central
    incident response center for centralized management.
    
    In addition, the new service will allow individual facilities to
    quickly respond to security bulletins released by the response center.
    
    Steve Solomon, president and chief executive officer of Citadel,
    labeled the VA as a government agency "on the cutting edge of
    technology and security." He said the VA "is demonstrating its
    commitment to protecting its critical infrastructure by consistently
    maintaining the best security protection available and setting forth a
    road map for other agencies to adopt the most comprehensive, effective
    identification and resolution of vulnerabilities."
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Nov 25 2003 - 03:15:09 PST