Corporate threat assessment matrix
Chuck SpringerIBM
Corporate stream: Thursday 25 Sept 2003, 10.30-11.10.
Corporate threat assessment matrix
In this new world of blended threats, how can we adequately assess our levels of response?
Many times, if we take the word of only one or even two anti-virus vendor's evaluation on a new and
potential threat, we may over-react so often that we fall into the trap of 'the boy that cried wolf'.
Once that happens, your credibility is diminished
and if a real threat does come along, people will be hesitant to listen.
As providers of service to our organizations, many rely on our knowledge and experience.
Yet, we may have become so desensitized by the everyday alerts from one vendor
or another of declaring a 'Red Alert' or a 'Category 1' incident, that it is hard to take them seriously. Thus,
we need a method whereby this information can be
reviewed and put it into a realistic format to determine its overall validity.
The result is a matrix, which the IBM Corporation uses, to assess new threats in a clear concise manner. The Threat Assessment Matrix is laid out in such a way that any Virus Incident Response Team can react sufficiently, without over-reacting, to new malware events. The end result is a clear defined procedure to evaluate new threats and address them as necessary.
With a new set of samples to measure detection against, a new platform on new hardware and a selection of new products in the mix, John Hawes had his work cut out in this comparative review on Windows XP SP3.