Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Poll Results - PollSANS Internet Storm Center InfoSec Poll Results

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Poll Results

0 % =>I didn't read it
67.2 % =>I used it as a chance to increase the awareness of our users regarding our policies
0 % =>I saw it as an opportunity to find out where we are failing the needs of the business and the users
0 % =>I used it as an inspiration to make our policies and/or technologically enforced measures more strict
0 % =>Storm in a cup of tea, no action is needed
Total Answers: 3285

Selected Comments

  • You can have all the security in the world deployed but it doesn\'t matter if you don\'t have written policy AND enforcement frm management to back it up. TSS
  • Also to raise awareness with management!
  • Just as with all things external, you have little control of the event. It is the preparation and response which makes for a good security program.
  • Used it to alert Tech management about the potential for mis-use by employees.
  • Legal Dept. had a field day and made all 10 items grounds for dismissal
  • This was just a publicity stunt!
  • Sent to IS Security for their eyes only
  • Thank you WSJ for giving instructions to people to attempt to end-run IT policy. Thanks a lot. You\'re a great friend, and very knowedgeable about the subject at hand.
  • The advice is so blatently juvenile that it will not affect a real IT department. Those following the advice given will be terminated so they will cause no future harm. It was iresponsible journalism with no social merit.
  • It was given to me by management and I had to respond to each item specifically that morning. Least Privilege covered most of it for us.
  • We\'re locked down enough as it is ... to paraphrase Princess Leia, the tighter your (unreasonable) grip, the more people will slip through your fingers.
  • Business as usual, here.
  • 2 words, \"Job Security\", Thanks WSJ, More billable hours for me!
  • We already had these holes plugged. They shouldnt be advertised though.
  • found a lot of useful information
  • Poll Archives

    1. How bad do you think Badlock will be?
    2. The end of XP is looming where are you at?
    3. What is going to trouble you the most in 2014?
    4. What are your plans when XP is no longer supported?
    5. What is your main concern about Java?
    6. Which of the following issues impacted the most your business in 2012?
    7. What are the top 5 unresolved (or underresolved) security issues of 2012?
    8. Cyber Security Awareness Month Activities 2012
    9. Are you currently using a Security Information and Event Management (SIEM) solution to collect security logs?
    10. Which security patch delivery schedule do you prefer? Choose according to your role-- if you install the patches yourslef, choose the system administration option.
    11. Which security patch delivery schedule do you prefer?
    12. Phishing and client side attacks, the future?
    13. What security issue concerns you the most this year?
    14. Do you monitor or otherwise secure your printers in your environment?
    15. In the coming 12 months, what is your deployment plan or status with IPv6?
    16. How are you dealing with Malicious Domains?
    17. How is your organization dealing with Windows executables?
    18. Which of the following issues affected your business in 2010?
    19. What is your biggest fear with Mobile Devices in your enterprise?
    20. The most annoying web application attacks are ...
    21. What is your opinion of the actions of the "Microsoft-Spurned Researcher Collective"? (Full disclosure with no vendor notification)
    22. How do you protect your internet connected mobile devices such as smart phones and PDAs from malware and how do you know it works?
    23. How is your organization handling PDF documents?
    24. What DNS server do you use as a resolver?
    25. I back up data on my home PCs...
    26. Do you have port 445 blocked at your firewall?
    27. How many insider threat cases have you dealt with so far this year?
    28. Trial software and Bloat pre-installed on new PCs...
    29. Has your organization dealt with any of the following during the past 12 months?
    30. Do you use virtualization in the DMZ?
    31. Defective harddisks under warranty, containing sensitive data...
    32. Microsoft's 'responsible' behavior in releasing MS09-017 was:
    33. Does your organization have a pandemic plan?
    34. Our web application security is controlled by:
    35. How was your organization affected by Conficker C?
    36. How is your organization handling Conficker C?
    37. If you plan to deploy, or have deployed Wireless, in what frequency do you plan to deploy 802.11n?
    38. Have you received notification that you are the victim of a security breach? If so, did you receive an offer for credit monitoring?
    39. How is the economic downturn affecting your IT Security Program?
    40. My security budget for 2009 is:
    41. Has your organization suffered a DDoS (Distributed Denial of Service) attack in the last year?
    42. How are you securing your Wireless Networks?
    43. How are you handling the “out-of-band” MS08-067 patch?
    44. What activities are you having for Cyber Security Awareness Month?
    45. When was your last Incident Response Test Exercise?
    46. How are you handling the DNS vulnerability issue?
    47. How do you handle data leakage protection?
    48. How do you secure remote presentation software (Webex, Netmeeting, etc)?
    49. What have you done to secure your home networking equipment?