What are the Biggest risks for Windows - Worms, Viruses or Social Engineering?. What should be the recommended approach for Vulnerability management?.
Information collated in this post comes from Gartner, Forrester, Internet Searches for "Enterprise threats" and personal observation. Here is a Short answer to the question: If vulnerability/patch management is Operationalized (automated anti-virus and patching), Worms and Viruses will be contained to a great extent, which leaves Social engineering and threats from Within as the biggest risk.
Gartner identified 3 Key Issues on Infrastructure protection in a publication by Mark Nicolete in March 2008 [1
Nearly Every day, new vulnerabilities are reported, but Microsoft and partner vendors patch most security holes before an actual attack occurs (A few years ago, a worm would propagate faster than the information about the worm, Not so today). The biggest risk to enterprises comes from targeted attacks, many of which are from insiders. In addition, phishing and identity theft attacks have caused the rise of "credentialed" attacks. Loss of sensitive data owing to lack of encryption on laptop computers and from Tape backup vendors is another source as we have seen recently. As attackers increasingly move "up the stack" to applications and users, signature-based solutions become increasingly ineffective. [2
Security purchases were once driven by fear, especially antivirus and intrusion detection systems. Individual solutions were bought to solve individual problems. Now, purchases are more focused on the fulfillment of policy (SOX, HIPPA, PCI) and have a more-holistic view of the organization's security issues [3
From a Forrester survey of 252 Enterprises on what was driving Network upgrades, Security and Business continuity profiled as Number 1 and Number 3 drivers. Sarbanes-Oxley, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Personal Information Protection and Electronic Documents Act (PIPEDA), and various European Union (EU) directives are just a handful of regulatory pressures that have network managers scrambling to deploy better access control and data protection. Moreover, companies also need to make sure the network is able to resist common threats from viruses, worms, and other malicious code. [5
Are there any Windows Specific threats and mitigations to watch for?
What are the "biggest Software risks that a windows platform faces and what are the recommendations to mitigate these threats": Outlook (mail), IE (Browser) and IIS (Webserver) - are the worst offenders from a historical perspective. [6 <http://windowsitpro.com/articles/print.cfm?articleid=9084> ] . Mitigation of these threats can be accomplished by robust monitoring tools, monitoring logs for suspicious activity, services for availability, file systems and Registry for integrity and unauthorized changes, and network packets for suspicious traffic. Threats to the enterprise are evolving and changing over time. Our security policies should be reviewed often to make sure we are keeping pace with the new drivers. Configuration management which encompasses automated Vulnerabiltiy and patch management should be operationalized as far as possible, to free up valuable resources to combat the ever changing threats to the enterprise. If vulnerability/patch management is Operationalized (automated anti-virus and patching), Worms and Viruses will be contained, which leaves Social engineering and threats from Within as the biggest risk to focus on.