Pub Date : 2006-09-01DOI: 10.1201/1086.1065898X/46353.15.4.20060901/95121.3
K. Curran, Elaine Smyth
Abstract On the surface, wireless networks act the same as their wired counterparts, transporting data between network devices. However, there is one fundamental, and quite significant, difference: WLANs are based on radio communications technology, as an alternative to structured wiring and cables. Data is transmitted between devices through the air via the radio waves. Devices that participate in a WLAN must have a network interface card (NIC) with wireless capabilities. This essentially means that the card contains a small radio device that allows it to communicate with other wireless devices within the defined range for that card; for example, the 2.4—2.4853 GHz range. For a device to participate in a wireless network it must, first, be permitted to communicate with the devices in that network and, second, be within the transmission range of the devices in that network.
{"title":"Demonstrating the Wired Equivalent Privacy (WEP) Weaknesses Inherent in Wi-Fi Networks","authors":"K. Curran, Elaine Smyth","doi":"10.1201/1086.1065898X/46353.15.4.20060901/95121.3","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46353.15.4.20060901/95121.3","url":null,"abstract":"Abstract On the surface, wireless networks act the same as their wired counterparts, transporting data between network devices. However, there is one fundamental, and quite significant, difference: WLANs are based on radio communications technology, as an alternative to structured wiring and cables. Data is transmitted between devices through the air via the radio waves. Devices that participate in a WLAN must have a network interface card (NIC) with wireless capabilities. This essentially means that the card contains a small radio device that allows it to communicate with other wireless devices within the defined range for that card; for example, the 2.4—2.4853 GHz range. For a device to participate in a wireless network it must, first, be permitted to communicate with the devices in that network and, second, be within the transmission range of the devices in that network.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75661534","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-09-01DOI: 10.1201/1086.1065898X/46353.15.4.20060901/95122.4
B. Hernacki
Abstract Bluetooth wireless technology is becoming ubiquitous. According to the Bluetooth Special Interest Group (SIG), Bluetooth weekly shipments passed the 5 million unit mark in the second quarter of 2005, up from 3 million in the third quarter of 2004. Most of this growth has been in the mobile phone and PDA markets; in fact, 20 percent of mobile phones now ship with Bluetooth. In high-end business phones, the penetration rate is even higher, and many business-class phones include Bluetooth.
蓝牙无线技术正变得无处不在。根据蓝牙特别兴趣小组(Bluetooth Special Interest Group, SIG)的数据,蓝牙的周出货量在2005年第二季度突破了500万台大关,高于2004年第三季度的300万台。这种增长主要发生在手机和PDA市场;事实上,现在20%的手机都带有蓝牙。在高端商务手机中,渗透率更高,很多商务级手机都有蓝牙功能。
{"title":"Improving Bluetooth Security: What IT Managers and Mobile Device Users Can Do","authors":"B. Hernacki","doi":"10.1201/1086.1065898X/46353.15.4.20060901/95122.4","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46353.15.4.20060901/95122.4","url":null,"abstract":"Abstract Bluetooth wireless technology is becoming ubiquitous. According to the Bluetooth Special Interest Group (SIG), Bluetooth weekly shipments passed the 5 million unit mark in the second quarter of 2005, up from 3 million in the third quarter of 2004. Most of this growth has been in the mobile phone and PDA markets; in fact, 20 percent of mobile phones now ship with Bluetooth. In high-end business phones, the penetration rate is even higher, and many business-class phones include Bluetooth.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74660727","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-09-01DOI: 10.1201/1086.1065898X/46353.15.4.20060901/95120.2
John Kindervag
Abstract Those who have ever watched the television show MythBusters know that many of the popular beliefs most people hold to be true crumble under investigation. The same holds true in the information technology world. Most myths investigated by the mythbusters are harmless and fun, but in information security, the unexamined myth can be both dangerous and costly. It is imperative that the InfoSec professional not take security trends and myths at face value, but instead thoroughly investigate every statement to make an informed decision about the veracity of individual security ideas. This is especially true in the area of wireless networking, which is the newest, most immature, and potentially insecure of all of the currently existing networking methods.
{"title":"The Five Myths of Wireless Security","authors":"John Kindervag","doi":"10.1201/1086.1065898X/46353.15.4.20060901/95120.2","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46353.15.4.20060901/95120.2","url":null,"abstract":"Abstract Those who have ever watched the television show MythBusters know that many of the popular beliefs most people hold to be true crumble under investigation. The same holds true in the information technology world. Most myths investigated by the mythbusters are harmless and fun, but in information security, the unexamined myth can be both dangerous and costly. It is imperative that the InfoSec professional not take security trends and myths at face value, but instead thoroughly investigate every statement to make an informed decision about the veracity of individual security ideas. This is especially true in the area of wireless networking, which is the newest, most immature, and potentially insecure of all of the currently existing networking methods.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90105637","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-09-01DOI: 10.1201/1086.1065898X/46353.15.4.20060901/95124.6
Kenneth J. Knapp, T. Marshall, R. K. Rainer, Dorsey W. Morrow
Abstract Considering that many organizations today are fully dependent on information technology for survival,1 information security is one of the most important concerns facing the modern organization. The increasing variety of threats and ferociousness of attacks has made protecting information a complex challenge.2 Improved knowledge of the critical issues underlying information security can help practitioners, researchers, and government employees alike to understand and solve the biggest problems. To this end, the International Information Systems Security Certification Consortium [(ISC)2]® teamed up with Auburn University researchers to identify and rank the top information security issues in two sequential, but related surveys. The first survey involved a worldwide sample of 874 certified information system security professionals (CISSPs)®, who ranked a list of 25 information security issues based on which ones were the most critical facing organizations today. In a follow-on survey, 623 U.S.-based CISSPs then re-ranked the same 25 issues based on which ones they felt the U.S. federal government could help the most in solving.
{"title":"The Top Information Security Issues Facing Organizations: What Can Government Do to Help?","authors":"Kenneth J. Knapp, T. Marshall, R. K. Rainer, Dorsey W. Morrow","doi":"10.1201/1086.1065898X/46353.15.4.20060901/95124.6","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46353.15.4.20060901/95124.6","url":null,"abstract":"Abstract Considering that many organizations today are fully dependent on information technology for survival,1 information security is one of the most important concerns facing the modern organization. The increasing variety of threats and ferociousness of attacks has made protecting information a complex challenge.2 Improved knowledge of the critical issues underlying information security can help practitioners, researchers, and government employees alike to understand and solve the biggest problems. To this end, the International Information Systems Security Certification Consortium [(ISC)2]® teamed up with Auburn University researchers to identify and rank the top information security issues in two sequential, but related surveys. The first survey involved a worldwide sample of 874 certified information system security professionals (CISSPs)®, who ranked a list of 25 information security issues based on which ones were the most critical facing organizations today. In a follow-on survey, 623 U.S.-based CISSPs then re-ranked the same 25 issues based on which ones they felt the U.S. federal government could help the most in solving.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77274377","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-09-01DOI: 10.1201/1086.1065898X/46353.15.4.20060901/95119.1
Edward H. Freeman
Abstract The Google search engine is a major presence in the online world. It has become a household word and has changed the way people do research and conduct business. The American Dialect Society, a scholarly association dedicated to the study of the English language in North America, chose “google” as the “most useful” word of 2002.1 The Oxford American Dictionary included “google” as a verb in its latest edition. Google accounted for almost half of the 5.1 billion search engine inquiries performed in the United States in December 2005.2
{"title":"Gmail and Privacy Issues","authors":"Edward H. Freeman","doi":"10.1201/1086.1065898X/46353.15.4.20060901/95119.1","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46353.15.4.20060901/95119.1","url":null,"abstract":"Abstract The Google search engine is a major presence in the online world. It has become a household word and has changed the way people do research and conduct business. The American Dialect Society, a scholarly association dedicated to the study of the English language in North America, chose “google” as the “most useful” word of 2002.1 The Oxford American Dictionary included “google” as a verb in its latest edition. Google accounted for almost half of the 5.1 billion search engine inquiries performed in the United States in December 2005.2","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85849637","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-07-01DOI: 10.1201/1086.1065898X/46183.15.3.20060701/94186.6
Z. Shalhoub
Abstract Privacy has long been defined as the right of a person to be left alone and to be able to have control over the flow and disclosure of information about him- or herself (Warren and Brandeis, 1890). Worries about privacy are not new, although businesses have gathered information about their customers for years. However, privacy issues often come about because of new information technologies that have improved the collection, storage, use, and sharing of personal information.
长期以来,隐私一直被定义为一个人独处的权利,以及能够控制有关他或她自己的信息的流动和披露的权利(Warren and Brandeis, 1890)。尽管企业多年来一直在收集客户信息,但对隐私的担忧并不新鲜。然而,由于新的信息技术改进了个人信息的收集、存储、使用和共享,隐私问题经常出现。
{"title":"Content Analysis of Web Privacy Policies in the GCC Countries","authors":"Z. Shalhoub","doi":"10.1201/1086.1065898X/46183.15.3.20060701/94186.6","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46183.15.3.20060701/94186.6","url":null,"abstract":"Abstract Privacy has long been defined as the right of a person to be left alone and to be able to have control over the flow and disclosure of information about him- or herself (Warren and Brandeis, 1890). Worries about privacy are not new, although businesses have gathered information about their customers for years. However, privacy issues often come about because of new information technologies that have improved the collection, storage, use, and sharing of personal information.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79706980","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-07-01DOI: 10.1201/1086.1065898X/46183.15.3.20060701/94181.1
J. Tiller
n 1996, I found a tiny package floating around the Internet called VMware. I booted up my Linux laptop and proceeded to install this little animal. Within minutes I started the application and booted my first virtual PC. Compelled to investigate further, I decided to load Windows 95, completely convinced that it would fail miserably — Win95 on Linux, are you kidding me? To my surprise, I was browsing the Web using IE, in Windows 95 from a virtual PC running on Linux in just a few hours. Little did I know at the time that virtualization would make the huge rebirth that it has today. Rebirth seems like the appropriate word. Anyone familiar with IBM and Tandem, to name a couple, are familiar with virtualized computing. But these solutions fell victim to the distributed computer resource model emerging in the late 1980s and in full bloom in the mid-1990s. By the time I was introduced to VMware it seemed almost out of place and time, an oxymoron with seemingly little value when piles of servers were the answer and technology was the key business enabler. But today it's not about the technology — it's about services — IT and security services mapped to business drivers, making technology transparent to the mission. It is within this framework and IT business management evolution that vir-tualization was reincarnated. My first Internet page hadn't finished loading in my Win95/Linux system when the thought of security chilled my spine. At that time I was enamored by trusted operating systems (TOS). The thought of compart-m e n t a l i z a t i o n f r o m t h e N I C t o t h e applications, and everything in between, was, for me, security nirvana. I was an Argus PitBull, Solaris TOS, and HP Virtual Vault bigot; I was convinced TOS was the future. Now with virtualization, compart-mentalization was holistic, fully encompassing my environment, an environment I could manipulate, adjust, specialize, and distribute seamlessly. My TOS convictions began to waver. Today, virtualization has many solutions. VMware, now part of EMC, is locking horns with Microsoft. With virtualization part of Longhorn, it is clear that giants are making big bets, and so are some of their customers. Virtualization appears to many executives as the ultimate money press, squeezing every last cycle from the pools of vast underutilized resources. All …
{"title":"Virtual Security: The New Security Tool?","authors":"J. Tiller","doi":"10.1201/1086.1065898X/46183.15.3.20060701/94181.1","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46183.15.3.20060701/94181.1","url":null,"abstract":"n 1996, I found a tiny package floating around the Internet called VMware. I booted up my Linux laptop and proceeded to install this little animal. Within minutes I started the application and booted my first virtual PC. Compelled to investigate further, I decided to load Windows 95, completely convinced that it would fail miserably — Win95 on Linux, are you kidding me? To my surprise, I was browsing the Web using IE, in Windows 95 from a virtual PC running on Linux in just a few hours. Little did I know at the time that virtualization would make the huge rebirth that it has today. Rebirth seems like the appropriate word. Anyone familiar with IBM and Tandem, to name a couple, are familiar with virtualized computing. But these solutions fell victim to the distributed computer resource model emerging in the late 1980s and in full bloom in the mid-1990s. By the time I was introduced to VMware it seemed almost out of place and time, an oxymoron with seemingly little value when piles of servers were the answer and technology was the key business enabler. But today it's not about the technology — it's about services — IT and security services mapped to business drivers, making technology transparent to the mission. It is within this framework and IT business management evolution that vir-tualization was reincarnated. My first Internet page hadn't finished loading in my Win95/Linux system when the thought of security chilled my spine. At that time I was enamored by trusted operating systems (TOS). The thought of compart-m e n t a l i z a t i o n f r o m t h e N I C t o t h e applications, and everything in between, was, for me, security nirvana. I was an Argus PitBull, Solaris TOS, and HP Virtual Vault bigot; I was convinced TOS was the future. Now with virtualization, compart-mentalization was holistic, fully encompassing my environment, an environment I could manipulate, adjust, specialize, and distribute seamlessly. My TOS convictions began to waver. Today, virtualization has many solutions. VMware, now part of EMC, is locking horns with Microsoft. With virtualization part of Longhorn, it is clear that giants are making big bets, and so are some of their customers. Virtualization appears to many executives as the ultimate money press, squeezing every last cycle from the pools of vast underutilized resources. All …","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75503122","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-07-01DOI: 10.1201/1086.1065898X/46183.15.3.20060701/94183.3
J. Ravenel
Abstract Security professionals are constantly being asked to justify every security project. Security risks and projects can often be difficult to measure and even more difficult to understand by people outside the department. The key to demonstrating improvement and value is to translate security information into business terms. This being the case, the ability to identify the type, quantity, frequency, audience, and presentation of appropriate security metrics can increase the value of a CISO or security professional from the perspective of the management team.
{"title":"Effective Operational Security Metrics","authors":"J. Ravenel","doi":"10.1201/1086.1065898X/46183.15.3.20060701/94183.3","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46183.15.3.20060701/94183.3","url":null,"abstract":"Abstract Security professionals are constantly being asked to justify every security project. Security risks and projects can often be difficult to measure and even more difficult to understand by people outside the department. The key to demonstrating improvement and value is to translate security information into business terms. This being the case, the ability to identify the type, quantity, frequency, audience, and presentation of appropriate security metrics can increase the value of a CISO or security professional from the perspective of the management team.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83081734","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-07-01DOI: 10.1201/1086.1065898X/46183.15.3.20060701/94185.5
R. Herold
Abstract Privacy and trust are essential to maintaining good relationships with customers, employees, and business partners. It is also necessary to address privacy issues to comply with a growing number of privacy regulations worldwide. Privacy encompasses how business must be conducted, the communications made with customers and consumers, and the technology that enables business processes. Addressing privacy touches all facets of an organization, including business operations, Web sites and services, back-end systems and databases, communications with third parties, customers, and service providers, and legacy systems. An effective privacy governance program will not only make your customers happier, but it will also mitigate your exposure to regulatory noncompliance, lawsuits, bad publicity, and government investigations. This article discusses the issues to address when building a privacy governance program.
{"title":"Building an Effective Privacy Program","authors":"R. Herold","doi":"10.1201/1086.1065898X/46183.15.3.20060701/94185.5","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46183.15.3.20060701/94185.5","url":null,"abstract":"Abstract Privacy and trust are essential to maintaining good relationships with customers, employees, and business partners. It is also necessary to address privacy issues to comply with a growing number of privacy regulations worldwide. Privacy encompasses how business must be conducted, the communications made with customers and consumers, and the technology that enables business processes. Addressing privacy touches all facets of an organization, including business operations, Web sites and services, back-end systems and databases, communications with third parties, customers, and service providers, and legacy systems. An effective privacy governance program will not only make your customers happier, but it will also mitigate your exposure to regulatory noncompliance, lawsuits, bad publicity, and government investigations. This article discusses the issues to address when building a privacy governance program.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90279272","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-07-01DOI: 10.1201/1086.1065898X/46183.15.3.20060701/94182.2
Edward H. Freeman
Abstract In 1980, Congress amended the federal copyright statutes to cover computer programs. The courts interpreted these statutes to protect the creator of software from copying, as well as translating into another programming language. Translations into foreign languages (i.e., French or Spanish) are also prohibited. Commercial software developers use licenses and the threat of legal action to protect their investment against unauthorized copying.
{"title":"Open Source Software and the SCO Litigation","authors":"Edward H. Freeman","doi":"10.1201/1086.1065898X/46183.15.3.20060701/94182.2","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46183.15.3.20060701/94182.2","url":null,"abstract":"Abstract In 1980, Congress amended the federal copyright statutes to cover computer programs. The courts interpreted these statutes to protect the creator of software from copying, as well as translating into another programming language. Translations into foreign languages (i.e., French or Spanish) are also prohibited. Commercial software developers use licenses and the threat of legal action to protect their investment against unauthorized copying.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84903848","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: