Pub Date : 2007-07-01DOI: 10.1080/10658980701585314
Ken Dunham, Gold Honors
ABSTRACT Mitigation of malicious code is increasingly complicated by multi-staged and mutli-variant attacks taking place daily on the Internet today. It is now common for computers to be infected for long periods of time, with malicious browser help objects, rootkits, and similar stealth codes. Identification and removal from a computer can be especially difficult. In some cases, the only reasonable effort may be to completely wipe and reinstall an image of the system, known to be free of malicious code. Manual mitigation of malicious code is a sophisticated process of threat identification, research, mitigation, and monitoring to properly remove all threat components related to an attack.
{"title":"Mitigating Malicious Code","authors":"Ken Dunham, Gold Honors","doi":"10.1080/10658980701585314","DOIUrl":"https://doi.org/10.1080/10658980701585314","url":null,"abstract":"ABSTRACT Mitigation of malicious code is increasingly complicated by multi-staged and mutli-variant attacks taking place daily on the Internet today. It is now common for computers to be infected for long periods of time, with malicious browser help objects, rootkits, and similar stealth codes. Identification and removal from a computer can be especially difficult. In some cases, the only reasonable effort may be to completely wipe and reinstall an image of the system, known to be free of malicious code. Manual mitigation of malicious code is a sophisticated process of threat identification, research, mitigation, and monitoring to properly remove all threat components related to an attack.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79989099","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-07-01DOI: 10.1080/10658980701576396
R. Goel
ABSTRACT Radio Frequency Identification (RFID) technologies have increasing visibility in the business processes: automating inventory management (supply chains), facilitating innovation, and increasing competitiveness. Since the potential applications of RFID systems are numerous, it is essential to address the industry and consumer perspective issues that have resulted in barriers to RFID implementation. This paper outlines critical barriers in implementing RFID technologies, specifically for authentication and privacy in an RFID tagged world, and provides organizational leaders with a set of initial responses, including a new scheme (Veri-RFID) for consumer privacy, that would assist in the process to overcome these challenges.
{"title":"Managing RFID Consumer Privacy and Implementation Barriers","authors":"R. Goel","doi":"10.1080/10658980701576396","DOIUrl":"https://doi.org/10.1080/10658980701576396","url":null,"abstract":"ABSTRACT Radio Frequency Identification (RFID) technologies have increasing visibility in the business processes: automating inventory management (supply chains), facilitating innovation, and increasing competitiveness. Since the potential applications of RFID systems are numerous, it is essential to address the industry and consumer perspective issues that have resulted in barriers to RFID implementation. This paper outlines critical barriers in implementing RFID technologies, specifically for authentication and privacy in an RFID tagged world, and provides organizational leaders with a set of initial responses, including a new scheme (Veri-RFID) for consumer privacy, that would assist in the process to overcome these challenges.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1080/10658980701576396","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72508131","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-07-01DOI: 10.1080/10658980701585306
Edward H. Freeman
An overvarnish unit for a can decorator machine mounted on an adjustable frame which supports an adjustable applicator roll for applying a coating material associated with a pre-spin wheel for rotatable mandrels and also supports an adjustable coating material meter roll associated with an adjustable fountain means.
{"title":"Computer Hackers and Search and Seizure: United States v. Jarrett","authors":"Edward H. Freeman","doi":"10.1080/10658980701585306","DOIUrl":"https://doi.org/10.1080/10658980701585306","url":null,"abstract":"An overvarnish unit for a can decorator machine mounted on an adjustable frame which supports an adjustable applicator roll for applying a coating material associated with a pre-spin wheel for rotatable mandrels and also supports an adjustable coating material meter roll associated with an adjustable fountain means.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84560042","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-07-01DOI: 10.1080/10658980701584606
Ryan Sherstobitoff, Pedro J. Bustamante
ABSTRACT Cyber-crime and malware has evolved so drastically over the last two years that it is a challenge for an IT professional to stay on top of recent malware trends and technological advances in cyber-security. This paper provides a look from inside the antivirus laboratory at current malware attacks and technology developments for effective defenses.
{"title":"You Installed Internet Security on Your Network: Is Your Company Safe?","authors":"Ryan Sherstobitoff, Pedro J. Bustamante","doi":"10.1080/10658980701584606","DOIUrl":"https://doi.org/10.1080/10658980701584606","url":null,"abstract":"ABSTRACT Cyber-crime and malware has evolved so drastically over the last two years that it is a challenge for an IT professional to stay on top of recent malware trends and technological advances in cyber-security. This paper provides a look from inside the antivirus laboratory at current malware attacks and technology developments for effective defenses.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88098124","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-07-01DOI: 10.1080/10658980701576412
X. Luo, Qinyu Liao
In the paradigm of Information Systems (IS), information security research has received increased attention from both academic researchers and industry practitioners alike. This intriguing phenomena is related to the growing recognition that, notwithstanding the advances in information technology (IT) for data collection, storage, and processing at a remarkable rate, users’ concerns over security of what is surreptitiously collected and the privacy violations resulting from their misuse of IT have also skyrocketed. Such sophisticated threats as phishing, pharming, and spyware have further exacerbated users’ worries about information confidentiality, integrity, and availability. Therefore, understanding of pertinent issues in information security vis-a-vis technical, theoretical, managerial, and regulatory aspects of information systems is becoming increasingly important to the IT community. Today’s organizations confront not only keen peer competition in business society but also increasingly sophisticated information security threats in cyber world, as online presence and business transaction are considered as a possible profit-driven avenue and a necessary means for global competence. In computer virology, as technologies continue to evolve, advanced encryption algorithms, on the positive side, can be utilized to effectively protect valuable information assets of enterprises. On the negative side, however, they can also be employed by malicious attackers to conduct pernicious activities in search of profits or benefits. Past information security research has investigated such malware programs as Trojan horse, worms, and spyware from a plethora of scientific perspectives (Warkentin, Luo, and Templeton, 2005), and relevant strategies and tactics have been proposed to alleviate and eradicate the cyber threats (Luo, 2006). Recently, the emergence of a new form of malware in cyberspace known as ransomware or cryptovirus has drawn attention among information security practitioners and researchers. Imposing serious threats to information assets protection, ransomware victimizes Internet users by hijacking user files, encrypting them, and then demanding payment in exchange for the decryption key. Seeking system vulnerabilities, ransomeware invariably tries to seize control over the victim’s files or computer until the victim agrees to the attacker’s demands, usually by transferring funds to the designated online currency accounts such as eGold or Webmoney or by purchasing Address correspondence to Xin Luo, Department of Computer Information Systems, School of Business, Virginia State University, Petersburg, Virginia, 23806. E-mail: xluo@vsu.edu Awareness Education as the Key to Ransomware Prevention
在信息系统(IS)的范式中,信息安全研究越来越受到学术研究者和行业从业者的关注。这一有趣的现象与越来越多的人认识到,尽管信息技术(IT)在数据收集、存储和处理方面以惊人的速度取得了进步,但用户对秘密收集的内容的安全性以及因滥用IT而导致的隐私侵犯的担忧也在飙升。诸如网络钓鱼、诈骗和间谍软件等复杂的威胁进一步加剧了用户对信息机密性、完整性和可用性的担忧。因此,对信息系统的技术、理论、管理和监管方面的信息安全相关问题的理解对IT界变得越来越重要。当今的组织不仅要面对商业社会中激烈的同行竞争,还要面对网络世界中日益复杂的信息安全威胁,因为在线存在和商业交易被认为是一种可能的利润驱动途径和全球竞争力的必要手段。在计算机病毒学中,随着技术的不断发展,先进的加密算法可以有效地保护企业宝贵的信息资产,这是积极的一面。然而,从消极的一面来看,它们也可以被恶意攻击者利用来进行有害的活动,以寻求利润或利益。过去的信息安全研究已经从众多的科学角度调查了特洛伊木马、蠕虫和间谍软件等恶意软件程序(Warkentin, Luo, and Templeton, 2005),并提出了相关的策略和战术来缓解和消除网络威胁(Luo, 2006)。最近,网络空间中出现了一种名为勒索软件或加密病毒的新型恶意软件,引起了信息安全从业者和研究人员的注意。勒索软件对信息资产保护构成严重威胁,它通过劫持用户文件,对其进行加密,然后要求支付赎金以换取解密密钥,从而使互联网用户受害。为了寻找系统漏洞,勒索软件总是试图控制受害者的文件或计算机,直到受害者同意攻击者的要求,通常是通过将资金转移到指定的在线货币账户,如eGold或Webmoney,或通过购买地址通信到Xin Luo,计算机信息系统系,弗吉尼亚州立大学商学院,彼得堡,弗吉尼亚州,23806。电子邮件:xluo@vsu.edu意识教育是预防勒索软件的关键
{"title":"Awareness Education as the Key to Ransomware Prevention","authors":"X. Luo, Qinyu Liao","doi":"10.1080/10658980701576412","DOIUrl":"https://doi.org/10.1080/10658980701576412","url":null,"abstract":"In the paradigm of Information Systems (IS), information security research has received increased attention from both academic researchers and industry practitioners alike. This intriguing phenomena is related to the growing recognition that, notwithstanding the advances in information technology (IT) for data collection, storage, and processing at a remarkable rate, users’ concerns over security of what is surreptitiously collected and the privacy violations resulting from their misuse of IT have also skyrocketed. Such sophisticated threats as phishing, pharming, and spyware have further exacerbated users’ worries about information confidentiality, integrity, and availability. Therefore, understanding of pertinent issues in information security vis-a-vis technical, theoretical, managerial, and regulatory aspects of information systems is becoming increasingly important to the IT community. Today’s organizations confront not only keen peer competition in business society but also increasingly sophisticated information security threats in cyber world, as online presence and business transaction are considered as a possible profit-driven avenue and a necessary means for global competence. In computer virology, as technologies continue to evolve, advanced encryption algorithms, on the positive side, can be utilized to effectively protect valuable information assets of enterprises. On the negative side, however, they can also be employed by malicious attackers to conduct pernicious activities in search of profits or benefits. Past information security research has investigated such malware programs as Trojan horse, worms, and spyware from a plethora of scientific perspectives (Warkentin, Luo, and Templeton, 2005), and relevant strategies and tactics have been proposed to alleviate and eradicate the cyber threats (Luo, 2006). Recently, the emergence of a new form of malware in cyberspace known as ransomware or cryptovirus has drawn attention among information security practitioners and researchers. Imposing serious threats to information assets protection, ransomware victimizes Internet users by hijacking user files, encrypting them, and then demanding payment in exchange for the decryption key. Seeking system vulnerabilities, ransomeware invariably tries to seize control over the victim’s files or computer until the victim agrees to the attacker’s demands, usually by transferring funds to the designated online currency accounts such as eGold or Webmoney or by purchasing Address correspondence to Xin Luo, Department of Computer Information Systems, School of Business, Virginia State University, Petersburg, Virginia, 23806. E-mail: xluo@vsu.edu Awareness Education as the Key to Ransomware Prevention","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90621330","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-07-01DOI: 10.1080/10658980701576404
Richard E. Smith
ABSTRACT Government-endorsed security evaluations, like those performed under the Common Criteria (CC), use established techniques of software quality assurance to try to evaluate product security. Despite high costs and disputed benefits, the number of evaluated products has grown dramatically since 2001, doubling between 2003 and 2005 and leaping again in 2006. Using details from more than 860 security evaluations, this paper looks at the types of products evaluated, the “assurance levels” achieved, where the evaluations occur, and ongoing participation by product vendors. These observations are combined with other lessons learned to make recommendations on product evaluation strategies.
{"title":"Trends in Security Product Evaluations","authors":"Richard E. Smith","doi":"10.1080/10658980701576404","DOIUrl":"https://doi.org/10.1080/10658980701576404","url":null,"abstract":"ABSTRACT Government-endorsed security evaluations, like those performed under the Common Criteria (CC), use established techniques of software quality assurance to try to evaluate product security. Despite high costs and disputed benefits, the number of evaluated products has grown dramatically since 2001, doubling between 2003 and 2005 and leaping again in 2006. Using details from more than 860 security evaluations, this paper looks at the types of products evaluated, the “assurance levels” achieved, where the evaluations occur, and ongoing participation by product vendors. These observations are combined with other lessons learned to make recommendations on product evaluation strategies.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84543340","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-06-12DOI: 10.1080/10658980701471572
K. Namuduri
{"title":"From the Editor's Desk","authors":"K. Namuduri","doi":"10.1080/10658980701471572","DOIUrl":"https://doi.org/10.1080/10658980701471572","url":null,"abstract":"","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81466207","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-05-01DOI: 10.1080/10658980701225424
Edward H. Freeman
A tilting table includes a table top attached to an upper U-shaped bracket. A lower U-shaped bracket is rotatively attached by a bearing to a base. The lower U-shaped bracket includes a pair of opposed side, substantially horizontal slots and a pair of opposed side angle slots. The angle slots include a plurality of notches. Pins are slidably received in the slots, and are carried by the upper bracket for supporting the table top. The pins are selectively positioned in the notches of the angle slots, while the pins slidably move in the substantially horizontal slots for selectively inclining the table top.
{"title":"Email Privacy and the Wiretap Act: U.S. v. Councilman","authors":"Edward H. Freeman","doi":"10.1080/10658980701225424","DOIUrl":"https://doi.org/10.1080/10658980701225424","url":null,"abstract":"A tilting table includes a table top attached to an upper U-shaped bracket. A lower U-shaped bracket is rotatively attached by a bearing to a base. The lower U-shaped bracket includes a pair of opposed side, substantially horizontal slots and a pair of opposed side angle slots. The angle slots include a plurality of notches. Pins are slidably received in the slots, and are carried by the upper bracket for supporting the table top. The pins are selectively positioned in the notches of the angle slots, while the pins slidably move in the substantially horizontal slots for selectively inclining the table top.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86831545","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-05-01DOI: 10.1080/10658980701402049
Lynn Erla Beegle
A rootkit is cloaked software that infiltrates an operating system or a database with the intention to escape detection, resist removal, and perform a specific operation. Many rootkits are designed to invade the “root,” or kernel, of the program, and therefore operate without announcing their presence to the owner of the computer. Although some rootkits are written with noble intentions (e.g., to strengthen an anti-virus package), true rootkits have a malicious purpose. A rootkit infection can render a compromised computer system vulnerable to attacks and corruption. Rootkits are named for their origin in Linux systems, but the number of rootkits that attack Microsoft operating systems has recently proliferated. Not only are rootkits difficult to detect and assess, but at times the only effective way to remove them is to do a clean installation of the entire operating system. Recent discoveries of rootkits in other venues prove that the problem is spreading and is a major concern for administrators in information security. This paper presents a brief history of the development of rootkits and their possible effects.Prominent cases involving rootkits are described.The paper concludes with an overview of methods to prevent rootkits and to (hopefully) eradicate one that has infected an operating system.
{"title":"Rootkits and Their Effects on Information Security","authors":"Lynn Erla Beegle","doi":"10.1080/10658980701402049","DOIUrl":"https://doi.org/10.1080/10658980701402049","url":null,"abstract":"A rootkit is cloaked software that infiltrates an operating system or a database with the intention to escape detection, resist removal, and perform a specific operation. Many rootkits are designed to invade the “root,” or kernel, of the program, and therefore operate without announcing their presence to the owner of the computer. Although some rootkits are written with noble intentions (e.g., to strengthen an anti-virus package), true rootkits have a malicious purpose. A rootkit infection can render a compromised computer system vulnerable to attacks and corruption. Rootkits are named for their origin in Linux systems, but the number of rootkits that attack Microsoft operating systems has recently proliferated. Not only are rootkits difficult to detect and assess, but at times the only effective way to remove them is to do a clean installation of the entire operating system. Recent discoveries of rootkits in other venues prove that the problem is spreading and is a major concern for administrators in information security. This paper presents a brief history of the development of rootkits and their possible effects.Prominent cases involving rootkits are described.The paper concludes with an overview of methods to prevent rootkits and to (hopefully) eradicate one that has infected an operating system.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76465307","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-05-01DOI: 10.1080/10658980701401959
Wei She, B. Thuraisingham
Enterprise Resource Planning (ERP) is the technology that provides the unified business function to the organization by integrating the core processes. ERP now is experiencing the transformation that will make it highly integrated, more intelligent, more collaborative, web-enabled, and even wireless. The ERP system is becoming the system with high vulnerability and high confidentiality in which the security is critical for it to operate. Many ERP vendors have already integrated their security solution, which may work well internally; while in an open environment, we need new technical approaches to secure an ERP system. This paper introduces ERP technology from its evolution through architecture to its products. The security solution in ERP as well as directions for secure ERP systems is presented.
{"title":"Security for Enterprise Resource Planning Systems","authors":"Wei She, B. Thuraisingham","doi":"10.1080/10658980701401959","DOIUrl":"https://doi.org/10.1080/10658980701401959","url":null,"abstract":"Enterprise Resource Planning (ERP) is the technology that provides the unified business function to the organization by integrating the core processes. ERP now is experiencing the transformation that will make it highly integrated, more intelligent, more collaborative, web-enabled, and even wireless. The ERP system is becoming the system with high vulnerability and high confidentiality in which the security is critical for it to operate. Many ERP vendors have already integrated their security solution, which may work well internally; while in an open environment, we need new technical approaches to secure an ERP system. This paper introduces ERP technology from its evolution through architecture to its products. The security solution in ERP as well as directions for secure ERP systems is presented.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81452256","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: