Pub Date : 2006-03-01DOI: 10.1201/1086.1065898X/45926.15.1.20060301/92685.8
Russ Neal
Abstract It is not uncommon for IT executive management to require sufficient time to review and digest the findings of a security or disaster recovery risk assessment or the recommendations of a follow-on remediation plan. This is normal and is to be expected. Security remediation or the institution of a disaster recovery plan is costly and resource intensive. But soon a milestone is passed and the security consultant realizes that by the time any action is to be taken by executive management, the findings of the assessment have decayed and the information from several months ago can no longer serve as the information for decision making today. In some instances, consultants have observed management, prompted by audit findings and resulting hard implementation dates, attempting to suddenly act on assessment findings that are months to years old. Other forms of non-action are to belatedly proceed with the security remediation, only to have the project flounder due to non-support.
{"title":"Social Psychological Variables That Contribute to Resistance to Security Assessment Findings","authors":"Russ Neal","doi":"10.1201/1086.1065898X/45926.15.1.20060301/92685.8","DOIUrl":"https://doi.org/10.1201/1086.1065898X/45926.15.1.20060301/92685.8","url":null,"abstract":"Abstract It is not uncommon for IT executive management to require sufficient time to review and digest the findings of a security or disaster recovery risk assessment or the recommendations of a follow-on remediation plan. This is normal and is to be expected. Security remediation or the institution of a disaster recovery plan is costly and resource intensive. But soon a milestone is passed and the security consultant realizes that by the time any action is to be taken by executive management, the findings of the assessment have decayed and the information from several months ago can no longer serve as the information for decision making today. In some instances, consultants have observed management, prompted by audit findings and resulting hard implementation dates, attempting to suddenly act on assessment findings that are months to years old. Other forms of non-action are to belatedly proceed with the security remediation, only to have the project flounder due to non-support.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83948341","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-03-01DOI: 10.1201/1086.1065898X/45926.15.1.20060301/92681.4
Art Gilliland
Abstract Success in today's fast-paced global economy requires precision, agility, and speed. Organizations must quickly respond to changing market demands and make timely decisions that impact the success or failure of their business. Through the use of available and proven technologies to increase the velocity of collaborative decision making to match the speed of doing business, the demand for information is driving the need for real-time communications in today's organizations. Instant access to information across internal collaborative groups, important customers, and external trading partners creates business efficiencies and sets the real-time organization above the rest.
{"title":"Understanding the IM Security Threat","authors":"Art Gilliland","doi":"10.1201/1086.1065898X/45926.15.1.20060301/92681.4","DOIUrl":"https://doi.org/10.1201/1086.1065898X/45926.15.1.20060301/92681.4","url":null,"abstract":"Abstract Success in today's fast-paced global economy requires precision, agility, and speed. Organizations must quickly respond to changing market demands and make timely decisions that impact the success or failure of their business. Through the use of available and proven technologies to increase the velocity of collaborative decision making to match the speed of doing business, the demand for information is driving the need for real-time communications in today's organizations. Instant access to information across internal collaborative groups, important customers, and external trading partners creates business efficiencies and sets the real-time organization above the rest.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74434620","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-03-01DOI: 10.1201/1086.1065898X/45926.15.1.20060301/92679.2
Ken Dunham
Abstract Money mules are individuals unwittingly hired by organized criminals to perform international wire fraud and other illicit operations. It's their job to help move money around under the title of “account manager,” “client manager,” and other creative titles. Mules don't often realize they are part of an international fraud ring. It's bigger than you think, moving millions of dollars annually to overseas accounts in Russia and other global locations. This investigative report looks into the world of money mules and how they operate.
{"title":"Money Mules: An Investigative View","authors":"Ken Dunham","doi":"10.1201/1086.1065898X/45926.15.1.20060301/92679.2","DOIUrl":"https://doi.org/10.1201/1086.1065898X/45926.15.1.20060301/92679.2","url":null,"abstract":"Abstract Money mules are individuals unwittingly hired by organized criminals to perform international wire fraud and other illicit operations. It's their job to help move money around under the title of “account manager,” “client manager,” and other creative titles. Mules don't often realize they are part of an international fraud ring. It's bigger than you think, moving millions of dollars annually to overseas accounts in Russia and other global locations. This investigative report looks into the world of money mules and how they operate.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75050963","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-03-01DOI: 10.1201/1086.1065898X/45926.15.1.20060301/92684.7
B. Masuda
Abstract The information security industry has been around for quite a while, but only in the past decade has it matured and become a widespread practice throughout commerce. As the information security industry matures and grows, the application of certain economic principles becomes apparent, such as economies of scale.
{"title":"Managing the Risks of Managed Security Services","authors":"B. Masuda","doi":"10.1201/1086.1065898X/45926.15.1.20060301/92684.7","DOIUrl":"https://doi.org/10.1201/1086.1065898X/45926.15.1.20060301/92684.7","url":null,"abstract":"Abstract The information security industry has been around for quite a while, but only in the past decade has it matured and become a widespread practice throughout commerce. As the information security industry matures and grows, the application of certain economic principles becomes apparent, such as economies of scale.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87614404","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-03-01DOI: 10.1201/1086.1065898X/45926.15.1.20060301/92680.3
Edward H. Freeman
Abstract Wireless local area network, or Wi-Fi (“wireless fidelity”), is a short-range networking technology. Wi-Fi allows suitably equipped computers to connect to computer networks and the Internet using a radio connection rather than wires. Most new laptop computers can access Wi-Fi routers. T-Mobile HotSpot provides high-speed Wi-Fi in public locations such as Starbucks, Borders, FedEx, Kinko's, Hyatt's, and the airline clubs for most major airlines. Unlimited subscription plans start at $29.99 per month or $6.00 per hour for nonmembers.
无线局域网(Wireless local area network,简称Wi-Fi)是一种短距离网络技术。Wi-Fi允许配备适当设备的计算机使用无线电连接而不是电线连接到计算机网络和互联网。大多数新的笔记本电脑都可以访问Wi-Fi路由器。T-Mobile HotSpot在星巴克、Borders、FedEx、Kinko’s、Hyatt’s以及大多数主要航空公司的航空俱乐部等公共场所提供高速Wi-Fi。无限订阅计划起价为每月29.99美元,非会员每小时6.00美元。
{"title":"Wardriving: Unauthorized Access to Wi-Fi Networks","authors":"Edward H. Freeman","doi":"10.1201/1086.1065898X/45926.15.1.20060301/92680.3","DOIUrl":"https://doi.org/10.1201/1086.1065898X/45926.15.1.20060301/92680.3","url":null,"abstract":"Abstract Wireless local area network, or Wi-Fi (“wireless fidelity”), is a short-range networking technology. Wi-Fi allows suitably equipped computers to connect to computer networks and the Internet using a radio connection rather than wires. Most new laptop computers can access Wi-Fi routers. T-Mobile HotSpot provides high-speed Wi-Fi in public locations such as Starbucks, Borders, FedEx, Kinko's, Hyatt's, and the airline clubs for most major airlines. Unlimited subscription plans start at $29.99 per month or $6.00 per hour for nonmembers.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75698378","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-03-01DOI: 10.1201/1086.1065898X/45926.15.1.20060301/92682.5
Sumit Dhar
Abstract An operating system is only as secure as the way it is configured and set up by the systems administrator. An improperly configured system, no matter how secure the underlying OS, is a disaster waiting to happen. Security thus depends a lot on the foresight and strategies of the administrator.
{"title":"Securing and Hardening Red†Hat Linux","authors":"Sumit Dhar","doi":"10.1201/1086.1065898X/45926.15.1.20060301/92682.5","DOIUrl":"https://doi.org/10.1201/1086.1065898X/45926.15.1.20060301/92682.5","url":null,"abstract":"Abstract An operating system is only as secure as the way it is configured and set up by the systems administrator. An improperly configured system, no matter how secure the underlying OS, is a disaster waiting to happen. Security thus depends a lot on the foresight and strategies of the administrator.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84480249","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-03-01DOI: 10.1201/1086.1065898X/45926.15.1.20060301/92678.1
J. Tiller
Abstract There are many discussions concerning infosec's value to the business and its role in the value chain. Every company produces, ultimately, goods or services that are the culmination of a series of events or actions encompassing people, process, and technology. The ability to introduce efficiencies — resulting in greater savings without derogation to the product or service — within the value chain presents a significant benefit for the producer. This tenet will impact security professionals like no other in the next few years.
{"title":"The Lion and the Gazelle","authors":"J. Tiller","doi":"10.1201/1086.1065898X/45926.15.1.20060301/92678.1","DOIUrl":"https://doi.org/10.1201/1086.1065898X/45926.15.1.20060301/92678.1","url":null,"abstract":"Abstract There are many discussions concerning infosec's value to the business and its role in the value chain. Every company produces, ultimately, goods or services that are the culmination of a series of events or actions encompassing people, process, and technology. The ability to introduce efficiencies — resulting in greater savings without derogation to the product or service — within the value chain presents a significant benefit for the producer. This tenet will impact security professionals like no other in the next few years.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83297320","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-01-01DOI: 10.1201/1086.1065898X/45782.14.6.20060101/91858.8
Andrew Storms
Abstract Weeks prior to a scheduled maintenance window, a network administrator at Cable and Wireless navigated to Cisco's Web site and downloaded new IOS code for their 12000 series gig routers. Days of rigorous testing resulted in an expected smooth installation of the new software. Unknown to the network administrator or anyone at Cable and Wireless, the IOS code had been Trojaned. Via Lawful Intercept, weeks went by where packets were sent to previously hijacked SOHO systems, which in turn forwarded said information to various sources, eventually making their way to a global terrorist group.
{"title":"Don't Trust Your Vendor's Software Distribution Methodology","authors":"Andrew Storms","doi":"10.1201/1086.1065898X/45782.14.6.20060101/91858.8","DOIUrl":"https://doi.org/10.1201/1086.1065898X/45782.14.6.20060101/91858.8","url":null,"abstract":"Abstract Weeks prior to a scheduled maintenance window, a network administrator at Cable and Wireless navigated to Cisco's Web site and downloaded new IOS code for their 12000 series gig routers. Days of rigorous testing resulted in an expected smooth installation of the new software. Unknown to the network administrator or anyone at Cable and Wireless, the IOS code had been Trojaned. Via Lawful Intercept, weeks went by where packets were sent to previously hijacked SOHO systems, which in turn forwarded said information to various sources, eventually making their way to a global terrorist group.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81780946","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-01-01DOI: 10.1201/1086.1065898X/45782.14.6.20060101/91856.6
Diana Kelley, Ron Moritz
Abstract If one cannot effectively manage the growing volume of security events flooding the enterprise, one cannot secure one's business. Yet IT security teams are now being overwhelmed by literally millions of security-related messages every day. This daily deluge of security data is being generated by the numerous “point” security solutions deployed across the enterprise: firewalls, intrusion prevention and detection, access control, identity management, anti-virus, etc. These solutions all generate information in different formats, store it in different places, and forward to different locations. And it is more than anyone can handle.
{"title":"Best Practices for Building a Security Operations Center","authors":"Diana Kelley, Ron Moritz","doi":"10.1201/1086.1065898X/45782.14.6.20060101/91856.6","DOIUrl":"https://doi.org/10.1201/1086.1065898X/45782.14.6.20060101/91856.6","url":null,"abstract":"Abstract If one cannot effectively manage the growing volume of security events flooding the enterprise, one cannot secure one's business. Yet IT security teams are now being overwhelmed by literally millions of security-related messages every day. This daily deluge of security data is being generated by the numerous “point” security solutions deployed across the enterprise: firewalls, intrusion prevention and detection, access control, identity management, anti-virus, etc. These solutions all generate information in different formats, store it in different places, and forward to different locations. And it is more than anyone can handle.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82407960","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-01-01DOI: 10.1201/1086.1065898X/45782.14.6.20060101/91853.3
Edward H. Freeman
Abstract In recent months, the media have reported several major security breaches. Hackers have stolen the personal information of thousands of individuals from leading banks, credit bureaus, and insurance companies. In other cases, computers and disks with highly confidential data have simply vanished at the airport security counter or from vehicles parked in the company lot. Stolen data may include such sensitive information as Social Security and driver's license numbers, financial history, and bank account numbers and balances.
{"title":"Disclosure of Information Theft: The ChoicePoint Security Breach","authors":"Edward H. Freeman","doi":"10.1201/1086.1065898X/45782.14.6.20060101/91853.3","DOIUrl":"https://doi.org/10.1201/1086.1065898X/45782.14.6.20060101/91853.3","url":null,"abstract":"Abstract In recent months, the media have reported several major security breaches. Hackers have stolen the personal information of thousands of individuals from leading banks, credit bureaus, and insurance companies. In other cases, computers and disks with highly confidential data have simply vanished at the airport security counter or from vehicles parked in the company lot. Stolen data may include such sensitive information as Social Security and driver's license numbers, financial history, and bank account numbers and balances.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81825851","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: