Pub Date : 2007-11-01DOI: 10.1080/10658980701747245
Manpreet Singh, M. Patterh
ABSTRACT It is difficult to define reliable security policy components that should be applied to validate a secure computing environment. The job gets further complicated when one has to deal with multiple policies in single computing environment. This paper demonstrates how we can overcome the difficulties of defining reliable security components by using evaluation criteria. In this paper we use common criteria to derive the security functional components for a multipolicy-based network computing environment. In the verification process, the derived policy components are related to the specific security objectives of the network communication environment. The evidence listed in the case study supports the claims that the proposed network security policy interpretation framework is a complete and cohesive set of requirements.
{"title":"Security Functional Components for Building a Secure Network Computing Environment","authors":"Manpreet Singh, M. Patterh","doi":"10.1080/10658980701747245","DOIUrl":"https://doi.org/10.1080/10658980701747245","url":null,"abstract":"ABSTRACT It is difficult to define reliable security policy components that should be applied to validate a secure computing environment. The job gets further complicated when one has to deal with multiple policies in single computing environment. This paper demonstrates how we can overcome the difficulties of defining reliable security components by using evaluation criteria. In this paper we use common criteria to derive the security functional components for a multipolicy-based network computing environment. In the verification process, the derived policy components are related to the specific security objectives of the network communication environment. The evidence listed in the case study supports the claims that the proposed network security policy interpretation framework is a complete and cohesive set of requirements.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82414884","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-09-04DOI: 10.1080/10658980701225374
Steven Schlarman
*This article originally published in EDPACS 35(1), January 2007, pp 12–23.
*本文最初发表于EDPACS 35(1), 2007年1月,第12-23页。
{"title":"The IT Compliance Equation: Understanding the Elements","authors":"Steven Schlarman","doi":"10.1080/10658980701225374","DOIUrl":"https://doi.org/10.1080/10658980701225374","url":null,"abstract":"*This article originally published in EDPACS 35(1), January 2007, pp 12–23.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-09-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73440270","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-09-04DOI: 10.1080/10658980701612761
K. Namuduri
{"title":"From the Editor's Desk","authors":"K. Namuduri","doi":"10.1080/10658980701612761","DOIUrl":"https://doi.org/10.1080/10658980701612761","url":null,"abstract":"","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-09-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75785541","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-09-01DOI: 10.1080/10658980701746577
T. Fitzgerald
The invention relates to a horizontal tank-type container, particularly for use in winemaking, the beverage industry and the preparation of alcohol. The upper portion of the container is of a substantially circular cylindrical shape. The invention resides in the container being pear-shaped or escutcheon-shaped in cross section normal to the longitudinal container axis, with the narrow portion pointing downward. This enables the container to be conveniently emptied and easily cleaned.
{"title":"Clarifying the Roles of Information Security: 13 Questions the CEO, CIO, and CISO Must Ask Each Other","authors":"T. Fitzgerald","doi":"10.1080/10658980701746577","DOIUrl":"https://doi.org/10.1080/10658980701746577","url":null,"abstract":"The invention relates to a horizontal tank-type container, particularly for use in winemaking, the beverage industry and the preparation of alcohol. The upper portion of the container is of a substantially circular cylindrical shape. The invention resides in the container being pear-shaped or escutcheon-shaped in cross section normal to the longitudinal container axis, with the narrow portion pointing downward. This enables the container to be conveniently emptied and easily cleaned.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88404297","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-09-01DOI: 10.1080/10658980701747260
Chris Nowell
A control system for a printing machine having a main shaft with a constant ratio of its rotary speed to a drive speed of the printing machine, has a plurality of translationally, continuously rotatably and discontinuously rotatably movable regulating members controllable by a main shaft of the machine, and a single supply system operating by hydraulic energy and associated with the regulating members, wherein the supply system includes a fixed-displacement pump, an oil supply conduit connecting the fixed-displacement pump with the regulating members, an electrically actuated flow regulating valve acting upon an oil stream, and a signal transmitter with a signal processor arranged so that the flow regulating valve connected with the main shaft via the signal processor.
{"title":"Regulatory Compliance — the Wonderful World of FISMA","authors":"Chris Nowell","doi":"10.1080/10658980701747260","DOIUrl":"https://doi.org/10.1080/10658980701747260","url":null,"abstract":"A control system for a printing machine having a main shaft with a constant ratio of its rotary speed to a drive speed of the printing machine, has a plurality of translationally, continuously rotatably and discontinuously rotatably movable regulating members controllable by a main shaft of the machine, and a single supply system operating by hydraulic energy and associated with the regulating members, wherein the supply system includes a fixed-displacement pump, an oil supply conduit connecting the fixed-displacement pump with the regulating members, an electrically actuated flow regulating valve acting upon an oil stream, and a signal transmitter with a signal processor arranged so that the flow regulating valve connected with the main shaft via the signal processor.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87029575","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-09-01DOI: 10.1080/10658980701746494
Ken Dunham
Remote exploitation and attack against enterprise networks is a continual threat against enterprise networks in 2007. Increasingly sophisticated networks and business requirements within a fast changing world of technology have complicated risk reduction today. Sadly, malicious code often becomes the auditing tool for many networks, instead of due diligence. Vulnerable computers, noncompliant computers, executives ignorant to security and targeted attacks, and malicious code infestations run rampant today. By adopting best practices against common vectors of attack, organizations may significantly lower the likelihood of a remote exploitation incident against the network.
{"title":"Reducing Remote Risks within the Enterprise","authors":"Ken Dunham","doi":"10.1080/10658980701746494","DOIUrl":"https://doi.org/10.1080/10658980701746494","url":null,"abstract":"Remote exploitation and attack against enterprise networks is a continual threat against enterprise networks in 2007. Increasingly sophisticated networks and business requirements within a fast changing world of technology have complicated risk reduction today. Sadly, malicious code often becomes the auditing tool for many networks, instead of due diligence. Vulnerable computers, noncompliant computers, executives ignorant to security and targeted attacks, and malicious code infestations run rampant today. By adopting best practices against common vectors of attack, organizations may significantly lower the likelihood of a remote exploitation incident against the network.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88553791","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-09-01DOI: 10.1080/10658980701747252
S. Zeadally, N. Sklavos, Moganakrishnan Rathakrishnan, S. Fowler
ABSTRACT Recent advances in mobile computing and wireless communication technologies are enabling high mobility and flexibility of anytime, anywhere service access for mobile users. As a result, network connections of such users often span over heterogeneous networking environments consisting of wired and wireless networking technologies. Both network heterogeneity and user mobility make the securing of data transmission over heterogeneous networks challenging and complex. In this paper, we focus on the challenge of providing secure end-to-end network transmissions to wireless mobile users. To minimize service interruption during ongoing secure sessions of mobile users, we present the design and implementation of an approach based on the well-known Internet Protocol Security (IPSec) standard. We conducted a performance evaluation of our implementation using a Voice over IP (VoIP) application over an actual network testbed. Our empirical performance results demonstrate a packet loss improvement of 17% to 34% (for various VoIP packet sizes) and a handoff delay improvement of almost 24% validating the high efficiency of our proposed approach.
{"title":"End-to-End Security Across Wired-Wireless Networks for Mobile Users","authors":"S. Zeadally, N. Sklavos, Moganakrishnan Rathakrishnan, S. Fowler","doi":"10.1080/10658980701747252","DOIUrl":"https://doi.org/10.1080/10658980701747252","url":null,"abstract":"ABSTRACT Recent advances in mobile computing and wireless communication technologies are enabling high mobility and flexibility of anytime, anywhere service access for mobile users. As a result, network connections of such users often span over heterogeneous networking environments consisting of wired and wireless networking technologies. Both network heterogeneity and user mobility make the securing of data transmission over heterogeneous networks challenging and complex. In this paper, we focus on the challenge of providing secure end-to-end network transmissions to wireless mobile users. To minimize service interruption during ongoing secure sessions of mobile users, we present the design and implementation of an approach based on the well-known Internet Protocol Security (IPSec) standard. We conducted a performance evaluation of our implementation using a Voice over IP (VoIP) application over an actual network testbed. Our empirical performance results demonstrate a packet loss improvement of 17% to 34% (for various VoIP packet sizes) and a handoff delay improvement of almost 24% validating the high efficiency of our proposed approach.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83595312","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-09-01DOI: 10.1080/10658980701744853
S. Maskey, Brittany Jansen, D. Guster, Charles Hall
ABSTRACT As more and more development-related networks, both instructional and industry related, are being attached to the Internet, the need for protection from hackers becomes evident. This is largely due to the fact that security breaches have reached epidemic proportions. The article therein examines these issues as well as presents a case study for a basic firewall configuration. The logic behind the case study is based on four different modules containing one or more sections: environmental, forward rules, allow ping, and post-routing rules. A figure and source code is provided to indicate how the logic would appear once the plan had been implemented. The example was designed as such in hopes that a more sophisticated and usable product could emerge. In addition, this template could be considered a useful learning and/or teaching resource when teaching basic firewall configurations.
{"title":"A Basic Firewall Configuration Strategy for the Protection of Development-related Computer Networks and Subnetworks","authors":"S. Maskey, Brittany Jansen, D. Guster, Charles Hall","doi":"10.1080/10658980701744853","DOIUrl":"https://doi.org/10.1080/10658980701744853","url":null,"abstract":"ABSTRACT As more and more development-related networks, both instructional and industry related, are being attached to the Internet, the need for protection from hackers becomes evident. This is largely due to the fact that security breaches have reached epidemic proportions. The article therein examines these issues as well as presents a case study for a basic firewall configuration. The logic behind the case study is based on four different modules containing one or more sections: environmental, forward rules, allow ping, and post-routing rules. A figure and source code is provided to indicate how the logic would appear once the plan had been implemented. The example was designed as such in hopes that a more sophisticated and usable product could emerge. In addition, this template could be considered a useful learning and/or teaching resource when teaching basic firewall configurations.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76916634","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-09-01DOI: 10.1080/10658980701746478
Edward H. Freeman
“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards—and even then I have my doubts.” —Gene Spafford, Professor of Computer Science, Purdue University
{"title":"Holistic Information Security: ISO 27001 and Due Care","authors":"Edward H. Freeman","doi":"10.1080/10658980701746478","DOIUrl":"https://doi.org/10.1080/10658980701746478","url":null,"abstract":"“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards—and even then I have my doubts.” —Gene Spafford, Professor of Computer Science, Purdue University","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76117257","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-09-01DOI: 10.1080/10658980701744861
Avinash W. Kadam
ABSTRACT Development of the information security policy is a critical activity. Credibility of the entire information security program of an organization depends upon a well-drafted information security policy. Most of the stakeholders do not have time or inclination to wade through a lengthy policy document. This article tries to formulate an approach to the information security policy development that will make the policy document capture the essentials of information security as applicable to a business. The document will also convey the urgency and importance of implementing the policy, not only in letter but also in spirit.
{"title":"Information Security Policy Development and Implementation","authors":"Avinash W. Kadam","doi":"10.1080/10658980701744861","DOIUrl":"https://doi.org/10.1080/10658980701744861","url":null,"abstract":"ABSTRACT Development of the information security policy is a critical activity. Credibility of the entire information security program of an organization depends upon a well-drafted information security policy. Most of the stakeholders do not have time or inclination to wade through a lengthy policy document. This article tries to formulate an approach to the information security policy development that will make the policy document capture the essentials of information security as applicable to a business. The document will also convey the urgency and importance of implementing the policy, not only in letter but also in spirit.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83936729","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: