This week, Big Blue released its semiannual risk assessment report identifying where the greatest external risks are coming from, as well as offering upgraded help for the problem; we took a look at SharePoint records management again; SAS offered help in the health sector while HP offered compliance through information management.

IBM Identifies Where External Risk Lies

Over the past week, IBM (news, site) released results from its semiannual X-Force 2010 Trend and Risk Report that show that public and private organizations around the world faced increasingly sophisticated, customized IT security threats in 2010.

Based on the intelligence gathered through research of public vulnerability disclosures, and the monitoring and analysis of more than 150,000 security events per second during every day of 2010, key observations from the IBM X-Force Research team showed that:

  • More than 8,000 new vulnerabilities were documented, a 27% rise from 2009. Public exploit releases were also up 21% from 2009 to 2010. The data, IBM says, points to an expanding threat landscape in which sophisticated attacks are being launched against increasingly complex computing environments.
  • The historically high growth in spam volume leveled off by the end of 2010, suggesting that spammers may be seeing less value from increasing the volume of spam, and instead are focused on making sure it is bypassing filters.
  • While overall there were significantly fewer phishing attacks relative to previous years, "spear phishing," a more targeted attack technique, grew in importance in 2010, indicating that cyber criminals have become more focused on quality of attacks, rather than quantity.

The report, which comes out twice every year, offers a good insight as to where companies are in relation to the growing threats facing them. If you want to know more, check out the video, or get the full report here

IBM Upgrades Rational AppScan

We generally don’ t offer two news items from the same vendor in the same week, but IBM has been busy, so just this once. IBM also this week -- and possibly in reaction to their threat report -- has unveiled capabilities designed to address the security and compliance concerns of businesses creating dynamic and interactive Web sites.

As more companies are using more Web 2.0 content in their websites, they are seeing an increased risk of security vulnerabilities. However, with IBM Rational AppScan, companies can now test Web 2.0-based applications to identify security vulnerabilities on a more frequent basis.

The IBM X-Force Trend Report shows that Web applications remain the weak point for the security industry. In fact, more than half of all vulnerabilities disclosed were Web application-based.

Big Blue also announced risk assessment capabilities in this version of IBM Rational AppScan. The features help users better understand where security vulnerabilities are located and suggest an action plan to minimize further risk.

Users can also implement security testing throughout the software delivery lifecycle, from development through the post-production phase.

HP Offers Compliance, Information Management

If you missed it during the week, HP (news, site) has updated its Information Management portfolio to enable organizations to reduce risk, increase efficiency and simplify the way they manage their business information.

It is doing this with a strategy that includes a new approach -- for HP -- to information management that includes upgrades to its existing portfolio of products, a new approach to managing information across the enterprise and is backed up by research that underlines what AIIM (news, site) identified as one of the key issues for companies: Information integration.

The objective of the strategy is to improve efficiency and reduce risks and costs associated with information management, which, again, were identified by AIIM as the main drivers in ECM adoption in the enterprise for this year. Interested in more?

SharePoint, Records Management

Also this week, we took a look at SharePoint 2010 and its records management abilities. In addition to offering the traditional records flow from document to records repository, SharePoint 2010 may create a record from a document that continues to reside in its home page.

Contributor Mimi Donne talks about the records mise en place because the metadata wrapper is applied to each object without the cold end user-driven experience of transferring it to the Records Center. At last, the record may stay in place.

A functional improvement, Microsoft has provided a capability that should be appreciated by us Record and Information Managers as much as the end users to whom we consult. For anyone interested in this aspect of SharePoint, this is well worth a look.

GRC for Health, Finance

Finally this week, SAS (news, site) is the latest company to release a GRC tool for specific sectors. The Health and Condition Management (HCM) tool and the 4.3 update to the GRC product enables medical workers to use data in a more complete way to offer better-informed healthcare.

It does this by enabling staff to create configurable workflows and gives them one view of policy systems, ensuring that they are basing decisions on all relevant information.

The system updates itself to provide information on changes to laws and regulations, to reduce the time staff have to spend looking for this information.