Pub Date : 2007-05-01DOI: 10.1080/10658980701225440
Steven Schlarman
This article originally published in EDPACS 35(2), February 2007, pp 11–17.
本文最初发表于EDPACS 35(2), 2007年2月,第11-17页。
{"title":"Selecting an IT Control Framework","authors":"Steven Schlarman","doi":"10.1080/10658980701225440","DOIUrl":"https://doi.org/10.1080/10658980701225440","url":null,"abstract":"This article originally published in EDPACS 35(2), February 2007, pp 11–17.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74045400","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-05-01DOI: 10.1080/10658980601144907
Bill Reed
* This article originally published in EDPACS 35(2), February 2007, pp 18–24.
*本文最初发表于EDPACS 35(2), 2007年2月,第18-24页。
{"title":"Implementing Information Lifecycle Security (ILS)","authors":"Bill Reed","doi":"10.1080/10658980601144907","DOIUrl":"https://doi.org/10.1080/10658980601144907","url":null,"abstract":"* This article originally published in EDPACS 35(2), February 2007, pp 18–24.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73039137","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-05-01DOI: 10.1080/10658980701401686
K. Curran, P. Canning
ABSTRACT In the world of information technology, a security model is only as secure as its weakest link. There are several layers of security and different measures that can currently be implemented. However, they lack coordination, and therefore potential security breaches might compromise the network. With wireless access becoming the norm, and users requiring “on the move communication” even within a campus, networks are expanding past the traditional wired networks by adding wireless access points. This gives customers the flexibility they require but leaves a net threat vector to the network. There have been various encryption and security steps taken to validate the communication and authentication of the devices and end users connecting. This project addresses the critical problem of secure authentication using the 802.1x standard, which will be implemented using Microsoft's Radius server elements. It will involve the enrollment of secure certificates on Windows mobile devices, thus securing mobile devices from physical attacks. To ensure that all steps are adhered to, that all necessary applications have been installed, and to handle Web service communication, an application will be created that will provide an automated solution.
{"title":"Wireless Handheld Devices Become Trusted Network Devices","authors":"K. Curran, P. Canning","doi":"10.1080/10658980701401686","DOIUrl":"https://doi.org/10.1080/10658980701401686","url":null,"abstract":"ABSTRACT In the world of information technology, a security model is only as secure as its weakest link. There are several layers of security and different measures that can currently be implemented. However, they lack coordination, and therefore potential security breaches might compromise the network. With wireless access becoming the norm, and users requiring “on the move communication” even within a campus, networks are expanding past the traditional wired networks by adding wireless access points. This gives customers the flexibility they require but leaves a net threat vector to the network. There have been various encryption and security steps taken to validate the communication and authentication of the devices and end users connecting. This project addresses the critical problem of secure authentication using the 802.1x standard, which will be implemented using Microsoft's Radius server elements. It will involve the enrollment of secure certificates on Windows mobile devices, thus securing mobile devices from physical attacks. To ensure that all steps are adhered to, that all necessary applications have been installed, and to handle Web service communication, an application will be created that will provide an automated solution.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83691577","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-03-28DOI: 10.1080/10658980601051268
Luther Martin
ates is difficult to understand. It is a bewildering array of legislation that requires the protection of many types of data, or limits access to this data to only authorized personnel. Managing the identities and roles of personnel who can access sensitive data can be accomplished using existing Identity and Access Management (IAM) technologies and Identity-based Encryption (IBE). IBE, a new encryption technology that uses such identity information as an encryption key, promises to provide a way to use an IAM infrastructure to address the challenges of maintaining the privacy of sensitive corporate data.
{"title":"Identity-based Encryption: From Identity and Access Management to Enterprise Privacy Management","authors":"Luther Martin","doi":"10.1080/10658980601051268","DOIUrl":"https://doi.org/10.1080/10658980601051268","url":null,"abstract":"ates is difficult to understand. It is a bewildering array of legislation that requires the protection of many types of data, or limits access to this data to only authorized personnel. Managing the identities and roles of personnel who can access sensitive data can be accomplished using existing Identity and Access Management (IAM) technologies and Identity-based Encryption (IBE). IBE, a new encryption technology that uses such identity information as an encryption key, promises to provide a way to use an IAM infrastructure to address the challenges of maintaining the privacy of sensitive corporate data.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-03-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1080/10658980601051268","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72463719","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-03-28DOI: 10.1080/10658980701331594
K. Namuduri
{"title":"From the Editor's Desk","authors":"K. Namuduri","doi":"10.1080/10658980701331594","DOIUrl":"https://doi.org/10.1080/10658980701331594","url":null,"abstract":"","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-03-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82357792","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-03-28DOI: 10.1080/10658980601051375
John Campbell, Dale Kleeman, Wanli Ma
ABSTRACT Many systems rely on password composition rules to force users to choose more secure passwords. The findings discussed here are from a study on the enforcement of good password practice in the form of password composition rules. The results show that the enforcement of password composition rules does not discourage users from using meaningful information in passwords. While composition rules reduce password reuse, the overall incidence remains high. Passwords created under these conditions are also perceived to be more difficult to remember. Nevertheless, the enforcement of password composition rules does significantly improve protection against dictionary-based attack.
{"title":"The Good and Not So Good of Enforcing Password Composition Rules","authors":"John Campbell, Dale Kleeman, Wanli Ma","doi":"10.1080/10658980601051375","DOIUrl":"https://doi.org/10.1080/10658980601051375","url":null,"abstract":"ABSTRACT Many systems rely on password composition rules to force users to choose more secure passwords. The findings discussed here are from a study on the enforcement of good password practice in the form of password composition rules. The results show that the enforcement of password composition rules does not discourage users from using meaningful information in passwords. While composition rules reduce password reuse, the overall incidence remains high. Passwords created under these conditions are also perceived to be more difficult to remember. Nevertheless, the enforcement of password composition rules does significantly improve protection against dictionary-based attack.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-03-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84661703","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-03-28DOI: 10.1080/10658980601051284
J. Callas
We’ve seen where cryptography came from, but where is it going? In this article, I pose a number of unsolved problems: challenges that face us with which we have to deal. Some of them are elephants in the room that we’re all ignoring, or if not ignoring we’re noting that they’re in the room, take up a lot of space, and do make it hard to dust, but then we go back to the previous subject. Others are genuinely hard problems without a good solution. Still others are tradeoffs. Consider this a tour of stopoffs at interesting problems and surprising things.
{"title":"The Future of Cryptography","authors":"J. Callas","doi":"10.1080/10658980601051284","DOIUrl":"https://doi.org/10.1080/10658980601051284","url":null,"abstract":"We’ve seen where cryptography came from, but where is it going? In this article, I pose a number of unsolved problems: challenges that face us with which we have to deal. Some of them are elephants in the room that we’re all ignoring, or if not ignoring we’re noting that they’re in the room, take up a lot of space, and do make it hard to dust, but then we go back to the previous subject. Others are genuinely hard problems without a good solution. Still others are tradeoffs. Consider this a tour of stopoffs at interesting problems and surprising things.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-03-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76487452","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-03-28DOI: 10.1080/10658980601051490
Al Malin
{"title":"Designing Networks that Enforce Information Security Policies","authors":"Al Malin","doi":"10.1080/10658980601051490","DOIUrl":"https://doi.org/10.1080/10658980601051490","url":null,"abstract":"","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-03-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86617182","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-03-28DOI: 10.1080/10658980601051755
Ken Dunham
A MASSIVE MARKETING CAMPAIGN HAS BEGUN FOR THE FIRST WEEK OF 2006. AND WE FEEL IT'S GOING TO HIT OVER 200% GAIN THIS WEEK WITH NEW INVESTORS AND BIG NEWS. THIS IS A HUGE PLAYER STARTING MONDAY, JAN. 2ND, AND WE 100% SAY PUT THIS ONE ON YOUR RADAR.
{"title":"Pump and Dump Scams","authors":"Ken Dunham","doi":"10.1080/10658980601051755","DOIUrl":"https://doi.org/10.1080/10658980601051755","url":null,"abstract":"A MASSIVE MARKETING CAMPAIGN HAS BEGUN FOR THE FIRST WEEK OF 2006. AND WE FEEL IT'S GOING TO HIT OVER 200% GAIN THIS WEEK WITH NEW INVESTORS AND BIG NEWS. THIS IS A HUGE PLAYER STARTING MONDAY, JAN. 2ND, AND WE 100% SAY PUT THIS ONE ON YOUR RADAR.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-03-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78776052","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2007-03-28DOI: 10.1080/10658980601051458
S. Vidalis, Z. Kazmi
ABSTRACT For each layer of information security there is a number of techniques and tools that can be used to ensure information superiority. Indeed some experts would argue that you cannot have the former without the latter. In today's technological & interconnected world, however, information superiority is very hard to achieve and almost impossible to maintain. This paper will argue that the art of deception is a reliable and cost effective technique that can assure the security of an infrastructure. The paper will conclude by presenting a technical solution of the above statement.
{"title":"Security Through Deception","authors":"S. Vidalis, Z. Kazmi","doi":"10.1080/10658980601051458","DOIUrl":"https://doi.org/10.1080/10658980601051458","url":null,"abstract":"ABSTRACT For each layer of information security there is a number of techniques and tools that can be used to ensure information superiority. Indeed some experts would argue that you cannot have the former without the latter. In today's technological & interconnected world, however, information superiority is very hard to achieve and almost impossible to maintain. This paper will argue that the art of deception is a reliable and cost effective technique that can assure the security of an infrastructure. The paper will conclude by presenting a technical solution of the above statement.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-03-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76244349","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: