RiskWatch Inc. announced RiskWatch for Banks and Financial Institutions, decision-support software for conducting the IT security risk assessments required by myriad bank regulations. Incorporating the rules in regulations such as the Gramm-Leach-Bliley Act, the Framework for IT Risk Analysis and the new Bank Secrecy Act, RiskWatch creates Web-based surveys, analyzes the risk elements and creates fully automated reports. Those reports include recommendations for return on investment of mitigating safeguards, a full analysis of cumulative loss expectancy and evaluation of solutions based on their cumulative loss-reduction potential.

Security bookshelf

Extrusion Detection: Security Monitoring for Internal Intrusions, by Richard Bejtlich (Addison-Wesley Professional, 2005).

After reading this book, I'm still not sure what to make of the word extrusion, even though the author does explain himself. Nevertheless, this is a must-have for information security professionals responsible for protecting infrastructure. Many security books focus on protecting the network from the outside in. This one focuses on monitoring traffic leaving the network to identify malicious activity. The sections on network forensics and tracking down internal victims were especially interesting, since that's something my team does on a regular basis.