Transaction Search Form: please type in any of the fields below.
Date: November 22, 2024 Fri
Time: 12:04 pm
Time: 12:04 pm
Results for information security
5 results foundAuthor: Saadawi, Tarek Title: Cyber Infrastructure Protection Summary: The Internet, as well as other telecommunication networks and information systems, have become an integrated part of our daily lives, and our dependency upon their underlying infrastructure is ever-increasing. Unfortunately, as our dependency has grown, so have hostile attacks on the cyber infrastructure by network predators. The lack of security as a core element in the initial design of these information systems has made common desktop software, infrastructure services, and information networks increasingly vulnerable to continuous and innovative breakers of security. Worms, viruses, and spam are examples of attacks that cost the global economy billions of dollars in lost productivity. Sophisticated distributed denial of service (DDoS) attacks that use thousands of web robots (bots) on the Internet and telecommunications networks are on the rise. The ramifications of these attacks are clear: the potential for a devastating largescale network failure, service interruption, or the total unavailability of service. Yet many security programs are based solely on reactive measures, such as the patching of software or the detection of attacks that have already occurred, instead of proactive measures that prevent attacks in the first place. Most of the network security configurations are performed manually and require experts to monitor, tune security devices, and recover from attacks. On the other hand, attacks are getting more sophisticated and highly automated, which gives the attackers an advantage in this technology race. A key contribution of this book is that it provides an integrated view and a comprehensive framework of the various issues relating to cyber infrastructure protection. It covers not only strategy and policy issues, but it also covers social, legal, and technical aspects of cyber security as well. Details: Carlisle, PA: U.S. Army War College, Strategic Studies Institute, 2011. 324p. Source: Internet Resource: Accessed May 18, 2011 at: www.strategicstudiesinstitute.army.mil/pubs/download.cfm?q=1067 Year: 2011 Country: United States URL: Shelf Number: 121739 Keywords: Communications SecurityComputer CrimesCyber SecurityCybercrimeInformation SecurityInternet Crimes |
Author: Victoria (Australia). Office of Police Integrity Title: Information Security and the Victoria Police State Surveillance Unit Summary: This report deals with the outcome of a review that was commissioned under section 44 (1)(c) of the Police Integrity Act 2008 regarding the information security practices, procedures and policies in place at the Victoria Police State Surveillance Unit. The review was commissioned following the discovery in 2008 that the State Surveillance Unit was the probable source of the unauthorised release of a 68-page document, containing highly sensitive law enforcement data. The purpose of the review was to identify what, if any, measures need to be taken to prevent future unauthorised disclosure of law enforcement data from the Victoria Police State Surveillance Unit. Details: Melbourne: Government Printer, 2010. 77p. Source: Internet Resource: Accessed April 2, 2012 at: http://www.opi.vic.gov.au/index.php?i=16&m=8&t=1 Year: 2010 Country: Australia URL: http://www.opi.vic.gov.au/index.php?i=16&m=8&t=1 Shelf Number: 117582 Keywords: Information SecurityInformation SystemsPolice EthicsPolice Integrity (Australia)Police Misconduct |
Author: U.S. Government Accountability Office Title: IT Supply Chain: National Security-Related Agencies Need to Better Address Risks Summary: Federal agencies rely extensively on computerized information systems and electronic data to carry out their operations. The exploitation of information technology (IT) products and services through the global supply chain is an emerging threat that could degrade the confidentiality, integrity, and availability of critical and sensitive agency networks and data. GAO was asked to identify (1) the key risks associated with the IT supply chains used by federal agencies; (2) the extent to which selected national security-related departments have addressed such risks; and (3) the extent to which those departments have determined that their telecommunication networks contain foreign-developed equipment, software, or services. To do this, GAO analyzed federal acquisition and information security laws, regulations, standards, and guidelines; examined departmental policies and procedures; and interviewed officials from four national security-related departments, the intelligence community, and nonfederal entities. GAO is recommending that the Departments of Energy, Homeland Security, and Justice take steps, as needed, to develop and document policies, procedures, and monitoring capabilities that address IT supply chain risk. These departments generally concurred with GAO’s recommendations. Details: Washington, DC: GAO, 2012. 40p. Source: Internet Resource: GAO-12-361: Accessed April 9, 2012 at: http://www.gao.gov/products/GAO-12-361 Year: 2012 Country: United States URL: http://www.gao.gov/products/GAO-12-361 Shelf Number: 124895 Keywords: Homeland SecurityInformation SecuritySupply Chains |
Author: Robinson, Neil Title: Feasibility Study for a European Cybercrime Centre Summary: To advise the EC on the development of a European Cybercrime Centre, RAND Europe reviewed scholarly literature on the nature, extent, and impacts of cybercrime and collected empirical evidence on the capabilities of 15 EU member states' computer crime units in face to face visits. Findings from the literature and document review suggested a great deal of uncertainty between industry reported figures on the state of cybercrime and official recorded crimes. Nonetheless, the online criminal underground is evolving toward a service based economy. Aspects of forensic capability, investigations, intelligence sharing, training and information exchange were discussed. In addition, RAND Europe consulted Europol, Eurojust, Cepol, Interpol, and the European Network and Information Security Agency on their contribution to tackling cybercrime at the European level. A scenario based workshop was held in Brussels in November 2011 where a range of possible futures were described and considered by participants. The research team's report considers a number of options for the establishment of the ECC and evaluates their strengths and weaknesses according to a range of factors. These include its scope, activities, resources, risks, impacts and interoperability. The study considered a range of options including an ECC hosted by Europol, Eurojust, ENISA and a virtual ECC. The study considered that an ECC hosted by Europol would constitute the most appropriate way forward. The study laid out an implementation plan including expected activities for the first year of the ECC between January–December 2013. Details: Cambridge, UK: RAND Europe, 2012. 253p. Source: Internet Resource: Accessed June 26, 2012 at: http://ec.europa.eu/home-affairs/doc_centre/crime/docs/20120311_final_report_feasibility_study_for_a_european_cybercrime_centre.pdf Year: 2012 Country: Europe URL: http://ec.europa.eu/home-affairs/doc_centre/crime/docs/20120311_final_report_feasibility_study_for_a_european_cybercrime_centre.pdf Shelf Number: 125399 Keywords: Computer Crimes (Europe)Cybercrime (Europe)Information SecurityInternet Crimes |
Author: Collins, Matthew L. Title: Spotlight On: Insider Theft of Intellectual Property Inside the United States Involving Foreign Governments or Organizations Summary: This is the sixth entry in the Spotlight On series published by the CERT®Insider Threat Center. Each entry focuses on a specific area of threat to organizations from their current or former employees, contractors, or business partners and presents analysis based on hundreds of actual insider threat cases cataloged in the CERT insider threat database. This entry in the series focuses on insiders who stole intellectual property (IP), such as source code, scientific formulas, engineering drawings, strategic plans, or proposals, from their organizations to benefit a foreign entity. This technical note defines IP and insider theft of IP, explains the criteria used to select cases for this examination, gives a snapshot of the insiders involved in these cases, and summarizes some of the cases themselves. Finally, it provides recommendations for mitigating the risk of similar incidents of insider threat. Details: Pittsburgh, PA: Carnegie Mellon University, Software Engineering Institute, 2013. 18p. Source: Internet Resource: TECHNICAL NOTE CMU/SEI-2013-TN-009; Accessed May 28, 2013 at: http://www.sei.cmu.edu/reports/13tn009.pdf Year: 2013 Country: United States URL: http://www.sei.cmu.edu/reports/13tn009.pdf Shelf Number: 128834 Keywords: CybercrimeCybersecurityEspionageInformation SecurityInsider ThreatIntellectual PropertyInternet Crimes |