{"title":"As I See It","authors":"R. Poore","doi":"10.1201/1086/43300.7.3.19980901/31000.1","DOIUrl":"https://doi.org/10.1201/1086/43300.7.3.19980901/31000.1","url":null,"abstract":"","PeriodicalId":207082,"journal":{"name":"Inf. Secur. J. A Glob. Perspect.","volume":"163 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1998-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132709695","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Thinking Right About Network Security","authors":"B. Stackpole","doi":"10.1201/1086/43300.7.3.19980901/31004.5","DOIUrl":"https://doi.org/10.1201/1086/43300.7.3.19980901/31004.5","url":null,"abstract":"Abstract Computer network security is one of those negatives that few spend time thinking about. Even so, few ever would secure a home the way networks are secured. One would not build a new home and wait until it is completed to think about adding a security system. The security system would be an integral part of the design. One would not buy windows without latches or doors without locks. Yet often this is exactly what is done with networks. Applications, operating systems, and servers are bought with inadequate security. Then after reading a few Internet horror stories, one decides he or she is living in a really bad neighborhood and tries to fit security into the system. A firewall (or some other security device) is purchased with the idea that it resolves the problem - but it does not! In reality all that has been created is a false sense of security. Sure, the doors are locked, dead bolted and barred, but the windows are still wide open!","PeriodicalId":207082,"journal":{"name":"Inf. Secur. J. A Glob. Perspect.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1998-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126408877","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A Half-Dozen Rules for Securing Your Web Application","authors":"Charles Forsythe","doi":"10.1201/1086/43300.7.3.19980901/31002.3","DOIUrl":"https://doi.org/10.1201/1086/43300.7.3.19980901/31002.3","url":null,"abstract":"Abstract As more and more Web pages are created for fun and profit, more and more Web pages are being hacked for fun and profit. CIA officials were red-faced when their new-sprung Web page was found doctored with pornographic images and Nazi propaganda. The Social Security Administration put up a Web site that trivially could be coaxed to provide private information on any United States taxpayer. What about corporate America? Many corporate sites have been hacked, but companies try to keep these things quiet. As a computer security consultant for a Big Five Accounting firm, the author has seen plenty of corporate Web site missteps.","PeriodicalId":207082,"journal":{"name":"Inf. Secur. J. A Glob. Perspect.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1998-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129362787","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Understanding Security and Audit Issues in Electronic Document Interchange","authors":"B. Menkus","doi":"10.1201/1086/43300.7.3.19980901/31010.11","DOIUrl":"https://doi.org/10.1201/1086/43300.7.3.19980901/31010.11","url":null,"abstract":"Abstract Development of what eventually became EDI began in 1968 with an interindustry attempt to create a standard arrangement for describing goods as they moved through the various modes of transportation. This effort to develop a so-called common commodity classification structure evolved eventually into the structure that has come to be known as EDI.","PeriodicalId":207082,"journal":{"name":"Inf. Secur. J. A Glob. Perspect.","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1998-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129238191","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Continuity Planning and the Year 2000","authors":"C. Jackson, Donald Bromley, S. L. Rubenstein","doi":"10.1201/1086/43303.7.2.19980601/31038.4","DOIUrl":"https://doi.org/10.1201/1086/43303.7.2.19980601/31038.4","url":null,"abstract":"Abstract By now, everyone has heard of the Year 2000 problem or, as those in technology-land more commonly refer to it, Y2K or the Millennium Bug. Simply put, these are general terms for a set of events that may or may not occur as a result of calendars changing to January 1, 2000. The problems originate from computer software and firmware written to recognize only a two-digit year in the date field. These programs could have been written as far back as 20 or 30 years ago or as recently as the 1990s. In and of itself, correcting the problem does not, on the surface, appear to be a daunting task, but the problem runs much deeper than it appears. Even though the problem sounds simple, it is extremely time-consuming and labor-intensive to fix. There are no “silver bullets” or magical technological solutions to the problem. Despite their best efforts, experts agree at varying levels that a significant number of companies will fail to address the problem in time. The potential costs of failure are very high (e...","PeriodicalId":207082,"journal":{"name":"Inf. Secur. J. A Glob. Perspect.","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1998-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117055353","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Secured Connections to External Networks","authors":"Steven F. Blanding","doi":"10.1201/1086/43303.7.2.19980601/31042.8","DOIUrl":"https://doi.org/10.1201/1086/43303.7.2.19980601/31042.8","url":null,"abstract":"Abstract A private network that carries sensitive data between local computers requires proper security measures to protect the privacy and integrity of the traffic. When such a network is connected to other networks or when telephone access is allowed into that network, the remote terminals, phone lines, and other connections become extensions to that private network and must be secured accordingly. In addition, the private network must be secured from outside attacks that could cause loss of information, breakdowns in network integrity, or breaches in security.","PeriodicalId":207082,"journal":{"name":"Inf. Secur. J. A Glob. Perspect.","volume":"133 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1998-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127717916","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Management Use of Internal Audit to Assure Year 2000 Preparedness","authors":"Wynne S. Carvill","doi":"10.1201/1086/43303.7.2.19980601/31039.5","DOIUrl":"https://doi.org/10.1201/1086/43303.7.2.19980601/31039.5","url":null,"abstract":"Abstract Just a few years ago, the “Year 2000 problem” was a challenge known to few outside the world of IS professionals. The “Millennium Bug” is now a creature of the popular culture, and has captured the attention of managers, regulators, Congress, and, of course, the plaintiffs' bar. With the recently revised SEC Bulletin 5, scrutiny of the Year 2000 problem will only intensify and, with it, corporate managers and directors will increasingly ask “Are we ready?” and wonder “How can we be sure?” For those inclined to look the other way, moreover, their outside auditors will most likely force them to examine those questions, especially if the company is publicly traded.","PeriodicalId":207082,"journal":{"name":"Inf. Secur. J. A Glob. Perspect.","volume":"64 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1998-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114647498","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"An Open Letter to the Profession","authors":"W. Ozier","doi":"10.1201/1086/43303.7.2.19980601/31036.2","DOIUrl":"https://doi.org/10.1201/1086/43303.7.2.19980601/31036.2","url":null,"abstract":"","PeriodicalId":207082,"journal":{"name":"Inf. Secur. J. A Glob. Perspect.","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1998-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132648199","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Internet Electronic Mail Security","authors":"Christopher M. King","doi":"10.1201/1086/43303.7.2.19980601/31043.9","DOIUrl":"https://doi.org/10.1201/1086/43303.7.2.19980601/31043.9","url":null,"abstract":"Abstract Electronic mail is the oldest of all the Internet applications and the most insecure. The need for corporate users to correspond securely with external business partners using Internet E-mail is growing at an alarming rate. Currently, corporate users are sending sensitive data over the Internet using E-mail. This data is being sent to business partners and potential clients over an insecure medium. The most robust solution requires a change to both the E-mail server and client. The underlying security mechanisms consist of confidentiality, integrity, message authentication, and availability. The two proposed secure client E-mail standards are PGP/MIME and S/MIME. These standards also require a public key infrastructure (PKI), which is necessary to support certificate management and validation. The major technical hurdles to date are certificate cross certification, where one organization that has its own certificate authority (CA) agrees to accept certificates signed by the CA of another organiza...","PeriodicalId":207082,"journal":{"name":"Inf. Secur. J. A Glob. Perspect.","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1998-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130304015","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A Comparison of Windows NT 4 and NetWare 4 Security Models","authors":"H. V. Tran, Cindy Cook, C. Dykman","doi":"10.1201/1086/43303.7.2.19980601/31040.6","DOIUrl":"https://doi.org/10.1201/1086/43303.7.2.19980601/31040.6","url":null,"abstract":"Abstract The new networking environment of today's corporations includes hundreds or thousands of users, many of whom use network-based mission-critical applications located on numerous servers. Network security administration necessarily becomes a complex task in this multiserver or multisite environment. Currently, the two network software companies, Microsoft and Novell, provide two different security solutions to this complex scenario.","PeriodicalId":207082,"journal":{"name":"Inf. Secur. J. A Glob. Perspect.","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1998-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126614534","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
