{"title":"Mitigating Malicious Code","authors":"Ken Dunham, Gold Honors","doi":"10.1080/10658980701585314","DOIUrl":"https://doi.org/10.1080/10658980701585314","url":null,"abstract":"ABSTRACT Mitigation of malicious code is increasingly complicated by multi-staged and mutli-variant attacks taking place daily on the Internet today. It is now common for computers to be infected for long periods of time, with malicious browser help objects, rootkits, and similar stealth codes. Identification and removal from a computer can be especially difficult. In some cases, the only reasonable effort may be to completely wipe and reinstall an image of the system, known to be free of malicious code. Manual mitigation of malicious code is a sophisticated process of threat identification, research, mitigation, and monitoring to properly remove all threat components related to an attack.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79989099","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Managing RFID Consumer Privacy and Implementation Barriers","authors":"R. Goel","doi":"10.1080/10658980701576396","DOIUrl":"https://doi.org/10.1080/10658980701576396","url":null,"abstract":"ABSTRACT Radio Frequency Identification (RFID) technologies have increasing visibility in the business processes: automating inventory management (supply chains), facilitating innovation, and increasing competitiveness. Since the potential applications of RFID systems are numerous, it is essential to address the industry and consumer perspective issues that have resulted in barriers to RFID implementation. This paper outlines critical barriers in implementing RFID technologies, specifically for authentication and privacy in an RFID tagged world, and provides organizational leaders with a set of initial responses, including a new scheme (Veri-RFID) for consumer privacy, that would assist in the process to overcome these challenges.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1080/10658980701576396","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72508131","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Computer Hackers and Search and Seizure: United States v. Jarrett","authors":"Edward H. Freeman","doi":"10.1080/10658980701585306","DOIUrl":"https://doi.org/10.1080/10658980701585306","url":null,"abstract":"An overvarnish unit for a can decorator machine mounted on an adjustable frame which supports an adjustable applicator roll for applying a coating material associated with a pre-spin wheel for rotatable mandrels and also supports an adjustable coating material meter roll associated with an adjustable fountain means.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84560042","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"You Installed Internet Security on Your Network: Is Your Company Safe?","authors":"Ryan Sherstobitoff, Pedro J. Bustamante","doi":"10.1080/10658980701584606","DOIUrl":"https://doi.org/10.1080/10658980701584606","url":null,"abstract":"ABSTRACT Cyber-crime and malware has evolved so drastically over the last two years that it is a challenge for an IT professional to stay on top of recent malware trends and technological advances in cyber-security. This paper provides a look from inside the antivirus laboratory at current malware attacks and technology developments for effective defenses.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88098124","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Awareness Education as the Key to Ransomware Prevention","authors":"X. Luo, Qinyu Liao","doi":"10.1080/10658980701576412","DOIUrl":"https://doi.org/10.1080/10658980701576412","url":null,"abstract":"In the paradigm of Information Systems (IS), information security research has received increased attention from both academic researchers and industry practitioners alike. This intriguing phenomena is related to the growing recognition that, notwithstanding the advances in information technology (IT) for data collection, storage, and processing at a remarkable rate, users’ concerns over security of what is surreptitiously collected and the privacy violations resulting from their misuse of IT have also skyrocketed. Such sophisticated threats as phishing, pharming, and spyware have further exacerbated users’ worries about information confidentiality, integrity, and availability. Therefore, understanding of pertinent issues in information security vis-a-vis technical, theoretical, managerial, and regulatory aspects of information systems is becoming increasingly important to the IT community. Today’s organizations confront not only keen peer competition in business society but also increasingly sophisticated information security threats in cyber world, as online presence and business transaction are considered as a possible profit-driven avenue and a necessary means for global competence. In computer virology, as technologies continue to evolve, advanced encryption algorithms, on the positive side, can be utilized to effectively protect valuable information assets of enterprises. On the negative side, however, they can also be employed by malicious attackers to conduct pernicious activities in search of profits or benefits. Past information security research has investigated such malware programs as Trojan horse, worms, and spyware from a plethora of scientific perspectives (Warkentin, Luo, and Templeton, 2005), and relevant strategies and tactics have been proposed to alleviate and eradicate the cyber threats (Luo, 2006). Recently, the emergence of a new form of malware in cyberspace known as ransomware or cryptovirus has drawn attention among information security practitioners and researchers. Imposing serious threats to information assets protection, ransomware victimizes Internet users by hijacking user files, encrypting them, and then demanding payment in exchange for the decryption key. Seeking system vulnerabilities, ransomeware invariably tries to seize control over the victim’s files or computer until the victim agrees to the attacker’s demands, usually by transferring funds to the designated online currency accounts such as eGold or Webmoney or by purchasing Address correspondence to Xin Luo, Department of Computer Information Systems, School of Business, Virginia State University, Petersburg, Virginia, 23806. E-mail: xluo@vsu.edu Awareness Education as the Key to Ransomware Prevention","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90621330","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Trends in Security Product Evaluations","authors":"Richard E. Smith","doi":"10.1080/10658980701576404","DOIUrl":"https://doi.org/10.1080/10658980701576404","url":null,"abstract":"ABSTRACT Government-endorsed security evaluations, like those performed under the Common Criteria (CC), use established techniques of software quality assurance to try to evaluate product security. Despite high costs and disputed benefits, the number of evaluated products has grown dramatically since 2001, doubling between 2003 and 2005 and leaping again in 2006. Using details from more than 860 security evaluations, this paper looks at the types of products evaluated, the “assurance levels” achieved, where the evaluations occur, and ongoing participation by product vendors. These observations are combined with other lessons learned to make recommendations on product evaluation strategies.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84543340","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"From the Editor's Desk","authors":"K. Namuduri","doi":"10.1080/10658980701471572","DOIUrl":"https://doi.org/10.1080/10658980701471572","url":null,"abstract":"","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81466207","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Email Privacy and the Wiretap Act: U.S. v. Councilman","authors":"Edward H. Freeman","doi":"10.1080/10658980701225424","DOIUrl":"https://doi.org/10.1080/10658980701225424","url":null,"abstract":"A tilting table includes a table top attached to an upper U-shaped bracket. A lower U-shaped bracket is rotatively attached by a bearing to a base. The lower U-shaped bracket includes a pair of opposed side, substantially horizontal slots and a pair of opposed side angle slots. The angle slots include a plurality of notches. Pins are slidably received in the slots, and are carried by the upper bracket for supporting the table top. The pins are selectively positioned in the notches of the angle slots, while the pins slidably move in the substantially horizontal slots for selectively inclining the table top.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86831545","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Rootkits and Their Effects on Information Security","authors":"Lynn Erla Beegle","doi":"10.1080/10658980701402049","DOIUrl":"https://doi.org/10.1080/10658980701402049","url":null,"abstract":"A rootkit is cloaked software that infiltrates an operating system or a database with the intention to escape detection, resist removal, and perform a specific operation. Many rootkits are designed to invade the “root,” or kernel, of the program, and therefore operate without announcing their presence to the owner of the computer. Although some rootkits are written with noble intentions (e.g., to strengthen an anti-virus package), true rootkits have a malicious purpose. A rootkit infection can render a compromised computer system vulnerable to attacks and corruption. Rootkits are named for their origin in Linux systems, but the number of rootkits that attack Microsoft operating systems has recently proliferated. Not only are rootkits difficult to detect and assess, but at times the only effective way to remove them is to do a clean installation of the entire operating system. Recent discoveries of rootkits in other venues prove that the problem is spreading and is a major concern for administrators in information security. This paper presents a brief history of the development of rootkits and their possible effects.Prominent cases involving rootkits are described.The paper concludes with an overview of methods to prevent rootkits and to (hopefully) eradicate one that has infected an operating system.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76465307","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Security for Enterprise Resource Planning Systems","authors":"Wei She, B. Thuraisingham","doi":"10.1080/10658980701401959","DOIUrl":"https://doi.org/10.1080/10658980701401959","url":null,"abstract":"Enterprise Resource Planning (ERP) is the technology that provides the unified business function to the organization by integrating the core processes. ERP now is experiencing the transformation that will make it highly integrated, more intelligent, more collaborative, web-enabled, and even wireless. The ERP system is becoming the system with high vulnerability and high confidentiality in which the security is critical for it to operate. Many ERP vendors have already integrated their security solution, which may work well internally; while in an open environment, we need new technical approaches to secure an ERP system. This paper introduces ERP technology from its evolution through architecture to its products. The security solution in ERP as well as directions for secure ERP systems is presented.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81452256","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
