Definition of Case Studies
A case study is a particular method of qualitative research. Rather than using large samples and following a rigid protocol to examine a limited number of variables, case study methods involve an in-depth, longitudinal examination of a single instance or event: a case. They provide a systematic way of looking at events, collecting data, analyzing information, and reporting the results.
|
|
Case Studies
|
|
University Security
Our Universities are under attack, networks comprised of heterogeneous hosts with fast Internet connections make universities desirable targets to a wide variety of attackers. Members of university communities are often not concerned with security because they assume that hackers attack systems to obtain confidential information. These academics have not realized that many attacks are instead quests for disk space or processor time and that the information stored on a server is sometimes irrelevant to the attacker. The resulting lack of system security at universities has allowed attackers to quickly make universities the preferred staging areas for distributed denial of service attacks. Decentralized structure and large size make many university networks difficult, but not impossible, to secure. By using a combination of security tools and procedures universities can provide a more secure computing environment than has generally been available.
Read the Article
|
Securing a University Environment; An Evolutionary Case Study
Like many small private universities the one for which I work was for many years an open environment as far as network security was concerned. We quickly learned however, that the risks were too great. This case study outlines the steps that my university took to transition from an open network to one that balances the needs of faculty doing teaching and research, students needing to learn as well as be entertained and staff that require a secure and stable network environment to perform their business functions. Through focusing on the way one institution approached this problem I will provide some general methods that other similar institutions may use to aid in their transition. I will also discuss how our methodology drew on the principles that form the foundation of a good network security model. Lastly, I will look ahead and discuss some of the challenges that still face university network security.
Read the Article
|
Remote Access using Telstra Dial IP
This paper will demonstrate how the real-world security problem of remote access to an Enterprise network was addressed and validated (post-implementation) through the Internet Security Alliance's (ISA) Common Sense Guide for Senior Managers. The ten practices in the guide will be referred against, to illustrate the security environment that existed prior to the project, the criteria by which remote access solutions were assessed (and why the adopted system chosen) and the security improvements the solution has provided. In addition, the author will discuss how the actual implementation was conducted and key issues encountered during it. As a new member reporting to the Enterprise's CIO, the author was made responsible for implementing "a remote access solution that would satisfy the needs of the business". As the project manager I worked with system administrators and telecommunication technicians.
Read the Article
|
Securing a Small Community College-A Case Study
This practicum identifies critical computing resources used in a small community college, develops a method of defining risk, presents a network design, as well as, implements security policies to address risks, and formulates a long term strategy for securing vital campus resources. The challenges of securing a community college are formidable. Resources are often limited, the use of computers and software applications vary greatly from department to department, the atmosphere of academic freedom permeates all decisions, exploring and experimenting students can reek havoc on campus networks, and the inherent mission of disseminating information, and providing computer access to a wide variety of users are just a few of the challenges.
Read the Article
|
Steps to Secure a Law Enforcement Network
This paper attempts to answer that question by addressing several common issues such as training for system administrators, risk assessment, physical security, security policies, and proper system administration. I work for a statewide law enforcement network. This network provides on-line access to records concerning wanted persons, stolen vehicles, criminal histories, and other data of importance to law enforcement and criminal justice agencies. The state system also provides access to the National Crime Information Center (NCIC), which is maintained by the Federal Bureau of Investigation. Local law enforcement and criminal justice agencies connect to the statewide network to obtain this data and to communicate with other agencies throughout the United States. These user agencies must meet federal and state security requirements to insure confidentiality and integrity of the data.
Read the Article
|
Twists in Security for Law Enforcement
Although computer security, at its base, is similar for businesses, government, home users, etc., there is a bit more that is involved for supporting law enforcement agencies. This paper is an attempt to not only briefly cover the basics of computer security that should be in use by everyone, but also an attempt to introduce to those unfamiliar with the extra challenges of supporting law enforcement what additional computer security precautions need to be addressed. This is by no means an exhaustive list, but an overview that includes some points of concerns, some ways they are currently being addressed, and a few insights into other ways to provide the needed computer security. As a person who was just recently given the responsibility of computer security in an environment that supports public safety after having been a server administrator, I too, need to learn the many additional challenges that I now face.
Read the Article
|
Unique Security Challenges in Higher Education - Securely Integrating Student-owned Computers into Your Network
The balancing act between freedom and security is a delicate and difficult one. It's certainly not a new one, and is tested in the physical and political arenas as well as in the Information Security field every day. Higher Ed is not walking this wire alone, of course. Businesses also must balance the needs of the users to accomplish their work with the security and stability of the network. But Higher Education does face some unique challenges - if not in concept, at least in their scope. Most business organizations have complete control, or at least a large measure of control, over the computers that are connected to their network. They are usually purchased, configured, and maintained by the company, and strict rules and policies govern their use. This is not the case in the world of Higher Education today. The explosion of broadband access in the residence halls has resulted in a large part of the network being comprised of computers neither owned nor managed by the college.
Read the Article
|
Improving Defense in Depth for NASA's Mission Network
Defense in depth has been used by NASA's Mission Network in the past and will be used in the future to improve its security posture. These defense building blocks included increasing network capabilities, continued examination of network capabilities, assessment of new technologies and tools, increased security awareness for NASA nonsecurity professionals, and training of the Mission Network security team members. Improvements in policy, business continuity, firewalls, CM, encryption, network architecture, host and network based IDS, host and network based vulnerability assessment tools should be developed. Classes, training and research provide new insight into security measures as NASA works to increase network capabilities while protecting its Mission Network and NASA projects.
Read the Article
|
Security Issues of Integrating a Stand-alone System into Corporate Network
This paper describes some methods to improve security on systems that were originally designed as stand-alone or where security issues were ignored. It points out the weaknesses which have to be addressed before integration. It describes various channels into the system and explores ways on how to protect these pathways from being exploited. Some implementations of Supervisory Control And Data Acquisition (SCADA) are such systems.
Read the Article
|
Security from Scratch ... How to Achieve It
If you find yourself in a situation where you're working for a company that has put together an IT infrastructure and the only real concerns have been functionality and performance, then this document is aimed as a guideline for starting off an information security culture. This will be achieved through policies and the use of various tools to analyse your systems and network the end result should be a series of reports you can present on the current state of security in your company and a roadmap built on that to improve it based on a risk analysis.
Read the Article
|
|
|
Page: 1 2 3
Members currently browsing this category:
|
|
