Human Factors in Information Security
Managing the human side of information security just as carefully as the technical side; says Gary Hinson, technological controls alone simply cannot deliver sufficient information security in practice.
Read the Article
|
Cyber 101: Why is Cyber Security Important Now?
The wide spread use and dependency on the constantly changing technology also come with corporate complacency and increased sophisticated tools and attacks (which not necessarily require technical expertise). There are major risks companies face when their security have been breached, but there are preventive measures that can be implemented through risk management. Kenneth Newman presented these and more at the IMN's 2003 Cyber Security Summit in NY.
Read the Article
|
Reducing 'Human Factor' Mistakes
On the topic of the human element of network security, this paper will try to summarize various mistakes of the system administrator, company executive and of course the end user. It will also attempt to provide useful strategies to help reduce such human errors.
Read the Article
|
Internet Content Filtering
Ease of access and removal of the physical limitations of paper have led to an expanded focus on the Internet as a content source. The challenge to all organizations establishing access to this source is the inability to limit use of these capabilities to the specific content areas appropriate for the organization. In addition to entertainment opportunities for news, music, movies, and shopping which can consume bandwidth along with employee time, there is potential access to controversial content (i.e. gambling and pornography) that carries legal restrictions in many geographic areas, as well as illegal content (i.e. obscene material and child pornography).
Read the Article
|
Information System Security Evaluation Team Security Insurance?
Information systems are becoming more complex and ubiquitous. Consequently, the opportunities for compromise increase. Networks once found only in relatively large offices are now found in the smallest of offices. These networks are typically connected to the Internet through Wide Area Networks (WAN). This poses a problem for maintaining a high degree of security in these systems especially where an organization is split into many smaller entities whether dispersed geographically or located in one building. This document proposes an idea that can help these organizations establish and maintain a relatively high degree of security and reduce the risk of disruption of business operations. I will call it the Information Systems Security Evaluation Team or ISSET in keeping with today's need for acronyms.
Read the Article
|
Preventing the fraudulent use of Internet DSL accesses by dial-up accounts: a network authentication issue.
This document will first describe such a scenario to put the following descriptions into context. Then we will look at the details of a typical deployment between DSL providers and ISPs in order to highlight the areas of vulnerability of the model. Finally we will suggest an approach to prevent this type of fraud with some other elements that could lead to tailored solutions for the ISPs: as the next sections will demonstrate, a unique overall solution is most unlikely given the number of ways each ISP could deploy its services.
Read the Article
|
Over Your Shoulder: Why Your Employer is Entitled to Watch You
One of the reasons the Internet continually been a subject of lively debate is the crackdown of employers on the use of web-surfing and e-mail applications in the workplace. This has caused no little travail for civil libertarians and privacy mavens who strongly believe that too much intrusion on the freedoms of a democratic society necessarily detracts from the benefits of living in such a culture. Their rationale is rather simple and straightforward: American taxpayers paid for the development and construction of the information superhighway, supports the market environment where such it (along with the many companies that profit from it) can flourish, and continues to pay for the privilege of utilizing it, they should therefore be entitled to flit about on it whenever and however they please, without pesky state troopers and private rent-a-cops abrogating that right.
Read the Article
|
Never Worry About Security
There are wide differences between perceptions, reality and just getting the job done. To most, security is either an obstacle to job performance or nothing to worry about at all. The reality is usually somewhere in the middle, and certainly not nothing to worry about at all. That is, unless you want Alfred E. Newman from Mad Magazine fame as your security director, with his famous quote "What me, worry?" Getting the job done is at the heart of the effort. A small group of people assigned to security work cannot do everything in any organization. Within small organizations, relying on one person for various tasks becomes a problem when that person takes a vacation or is out sick. Depending on the duration, their tasks are not done or completed by someone else on a temporary basis.
Read the Article
|
Personal Interface: The Relationship Between Users and Security Personnel in the Modern Environment
There are almost no companies in the country that can continue to dispute the need for information security; the recent spate of DDOS attacks proved that size, sophistication, and skill can only attenuate risks- not eliminate them. As information security professionals and departments begin to take their places among senior management and trusted executive ranks of companies, a new dynamic has evolved, an "Us Vs. Them" motif unlikely to change any time soon.
Read the Article
|
Over Your Shoulder: The Debate Over Internet and E-mail Surveillance in the Workplace
One aspect of the Internet that has been a continual source of lively debate is the crackdown of employers on the use of web-surfing and e-mail applications in the workplace. This has caused much concern for civil libertarians and privacy mavens who strongly believe that surveillance of workplace Internet activities constitutes an intrusion on the democratic freedoms of employees and, as such, necessarily detracts from the benefits of living in such a democratic society.
Read the Article
|
