发布求助
文献互助 智能选刊 最新文献

Journal of Information Systems Security最新文献

筛选
英文 中文
Katrina's Gift: A Wake-Up Call for Improved Disaster Planning 卡特里娜飓风的礼物:提高灾害规划的警钟
Journal of Information Systems Security Pub Date : 2006-12-01 DOI: 10.1080/10658980601051839
R. Vedder
{"title":"Katrina's Gift: A Wake-Up Call for Improved Disaster Planning","authors":"R. Vedder","doi":"10.1080/10658980601051839","DOIUrl":"https://doi.org/10.1080/10658980601051839","url":null,"abstract":"Abstract The forced evacuation in 2005 of two major U.S. cities provide an excellent opportunity for IT executives to take stock of their plans for disaster management. Your first reaction to this statement might be, “But my company doesn't operate anyplace where a major hurricane could strike.” Think again. Aside from potential urban paralysis caused by other natural events, such as a massive earthquake or F5 tornado, cities are prime targets for terrorism. In addition to biological and chemical attacks, terrorists could explode a radiological bomb in a major urban center. (A radiological bomb is not a nuclear weapon. It is an ordinary explosive device encased with highly radioactive particulate materials. The objective is to disperse these materials into the air and thus render many square miles of a city uninhabitable for years or even decades.) Because of terrorism and other threats, you and your IT department do have to worry about a possible mass urban evacuation.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80160740","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Securing Against Insider Attacks 防止内部攻击
Journal of Information Systems Security Pub Date : 2006-11-01 DOI: 10.1201/1086.1065898X/46353.15.4.20060901/95430.6
D. M. Lynch
{"title":"Securing Against Insider Attacks","authors":"D. M. Lynch","doi":"10.1201/1086.1065898X/46353.15.4.20060901/95430.6","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46353.15.4.20060901/95430.6","url":null,"abstract":"Abstract We are all creatures of habit; the way we think and the views we take are conditioned by our education, society as a whole, and, at a much deeper level, our cultural memories or instinct.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81608406","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Information Security Tradeoffs: The User Perspective 信息安全权衡:用户视角
Journal of Information Systems Security Pub Date : 2006-11-01 DOI: 10.1201/1086.1065898X/46353.15.4.20060901/95428.4
Gerald V. Post, A. Kagan
{"title":"Information Security Tradeoffs: The User Perspective","authors":"Gerald V. Post, A. Kagan","doi":"10.1201/1086.1065898X/46353.15.4.20060901/95428.4","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46353.15.4.20060901/95428.4","url":null,"abstract":"Abstract When taking a typical approach to computer security, one could make the following relatively extreme statements: A piece of data can be rendered completely secure with 100 percent assurance. Simply write the data on a piece of paper, burn the paper, and scatter the ashes. No one will be able to read or alter that data ever again. Of course, this exercise and the underlying premise are a trick. Understanding the deception is the key to understanding information security: Data that is being “protected” has to remain available to legitimate users. There is a strong tendency for information security researchers and practitioners to focus on “securing” data by preventing attacks and loss of data. An IS practitioner's job might depend on preventing and recovering from security-related problems. However, increased monitoring and enhanced use of security controls can easily lead to interference and delays of information usage for legitimate users.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76613279","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Implementing Security Metrics Initiatives 实施安全度量措施
Journal of Information Systems Security Pub Date : 2006-11-01 DOI: 10.1201/1086.1065898X/46353.15.4.20060901/95429.5
Elizabeth A. Nichols, Andrew Sudbury
{"title":"Implementing Security Metrics Initiatives","authors":"Elizabeth A. Nichols, Andrew Sudbury","doi":"10.1201/1086.1065898X/46353.15.4.20060901/95429.5","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46353.15.4.20060901/95429.5","url":null,"abstract":"Abstract Although Global 2000 organizations today are becoming increasingly aware of the importance of a metrics program to maximize the effectiveness of an information security strategy, there's little guidance available around the practical “how to's” of putting such a program into practice. As a result, security metrics are shrouded in mystery and are considered “too hard” to do—with the end result being that this necessary and effective management tool has yet to be implemented at many organizations, and in the organizations where it has been launched, it has yet to be automated to ease management and reduce resource costs.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77196859","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Measuring Security 测量安全
Journal of Information Systems Security Pub Date : 2006-11-01 DOI: 10.1201/1086.1065898X/46353.15.4.20060901/95426.2
Abe Kleinfeld
{"title":"Measuring Security","authors":"Abe Kleinfeld","doi":"10.1201/1086.1065898X/46353.15.4.20060901/95426.2","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46353.15.4.20060901/95426.2","url":null,"abstract":"Abstract Ask a CEO a very broad question such as, “How is your company doing?” and he or she is likely lo rattle off concise metrics describing revenue, earnings per share, gross margin, and market share. These few metrics, measured over time, provide a surprisingly clear picture of the health and well-being of a company and whether its prospects are improving or deteriorating. However, ask that same CEO a far narrower question: “How secure is your network?” and you're likely to be met with a blank stare.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84159558","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Password Security: An Empirical Investigation into E-Commerce Passwords and Their Crack Times 密码安全:电子商务密码及其破解时间的实证研究
Journal of Information Systems Security Pub Date : 2006-11-01 DOI: 10.1080/10658980601051318
J. Cazier, B. Medlin
{"title":"Password Security: An Empirical Investigation into E-Commerce Passwords and Their Crack Times","authors":"J. Cazier, B. Medlin","doi":"10.1080/10658980601051318","DOIUrl":"https://doi.org/10.1080/10658980601051318","url":null,"abstract":"Abstract Strong passwords are essential to the security of any e-commerce site as well as to individual users. Without them, hackers can penetrate a network and stop critical processes that assist consumers and keep companies operating. For most e-commerce sites, consumers have the responsibility of creating their own passwords and often do so without guidance from the web site or system administrator. One fact is well known about password creation—consumers do not create long or complicated passwords because they cannot remember them. Through an empirical analysis, this paper examines whether the passwords created by individuals on an e-commerce site use either positive or negative password practices. This paper also addresses the issue of crack times in relationship to password choices. The results of this study will show the actual password practices of current consumers, which could enforce the need for systems administrators to recommend secure password practices on e-commerce sites and in general.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74918870","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 65
Social Engineering: Concepts and Solutions 社会工程:概念和解决方案
Journal of Information Systems Security Pub Date : 2006-11-01 DOI: 10.1201/1086.1065898X/46353.15.4.20060901/95427.3
Thomas R. Peltier
{"title":"Social Engineering: Concepts and Solutions","authors":"Thomas R. Peltier","doi":"10.1201/1086.1065898X/46353.15.4.20060901/95427.3","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46353.15.4.20060901/95427.3","url":null,"abstract":"Abstract Social engineering attacks are usually conducted by outsiders who use a variety of psychological tricks to get the computer user to give them the information they need to access a computer or network. Do not be confused about the concept of “outsiders.” Although the true outside hackers get the headlines, the far more prevalent form of social engineering is conducted by one employee on another employee.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81661313","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Protecting Your Internal Resources with Intranet Application Firewalls 使用Intranet应用防火墙保护内部资源
Journal of Information Systems Security Pub Date : 2006-11-01 DOI: 10.1201/1086.1065898X/46353.15.4.20060901/95431.7
Alan Murphy
{"title":"Protecting Your Internal Resources with Intranet Application Firewalls","authors":"Alan Murphy","doi":"10.1201/1086.1065898X/46353.15.4.20060901/95431.7","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46353.15.4.20060901/95431.7","url":null,"abstract":"Abstract Web application firewalls (WAFs) are rapidly becoming a key component of end-to-end network security. Although the market is still struggling to move beyond the early adopter stages, WAF placement in the network is now well known and generally accepted as a necessary requirement. When looking at total security architecture, securing public Web applications over ports 80 and 443 is the next logical step to perimeter security: the concept of restricting access from the outside to the resources on the inside. Coupled with network firewalls, HTTP application firewalls can close perimeter security holes opened by allowing unrestricted access to public Web servers. Bui focusing solely on external, public application security is only half of the solution. Internal Web-based applications, such as corporate intranets, HR systems, CRM systems, HTTP-based databases, and report management applications, can also be al risk for the same open-access reasons, but from trusted internal attackers.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82974628","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
MetaFisher: Next–Generation Bots and Phishing MetaFisher:下一代机器人和网络钓鱼
Journal of Information Systems Security Pub Date : 2006-10-01 DOI: 10.1201/1086.1065898X/46353.15.4.20060901/95425.1
Ken Dunham
{"title":"MetaFisher: Next–Generation Bots and Phishing","authors":"Ken Dunham","doi":"10.1201/1086.1065898X/46353.15.4.20060901/95425.1","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46353.15.4.20060901/95425.1","url":null,"abstract":"Abstract MetaFisher is a little-known code to most, yet it is one of the most important as we consider current-day and future threats. It's the most sophisticated bot ever developed. It utilizes a PHP command and control interface to monitor, update, and control bots. This is a pull technique instead of the traditional push technique utilized within IRC. Additionally, it contains sophisticated phishing attacks that dynamically inject HTML into targeted banking sites to steal information from the victim. MetaFisher is a cause for alarm, revealing the sophistication behind criminal fraud and hacker-for-hire situations that have matured over the past few years on the Internet.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79520648","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Securing RFID Applications: Issues, Methods, and Controls 保护RFID应用:问题,方法和控制
Journal of Information Systems Security Pub Date : 2006-09-01 DOI: 10.1201/1086.1065898X/46353.15.4.20060901/95123.5
Stuart C. K. So, John J. Liu
{"title":"Securing RFID Applications: Issues, Methods, and Controls","authors":"Stuart C. K. So, John J. Liu","doi":"10.1201/1086.1065898X/46353.15.4.20060901/95123.5","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46353.15.4.20060901/95123.5","url":null,"abstract":"Abstract Radio frequency identification (RFID) is an automatic identification (auto- ID) technology developed by the Auto-ID Center at the Massachusetts Institute of Technology, relying on storing and remotely retrieving data using devices called RFID tags and readers (Auto-ID Center, 2002; Doyle, 2004; EPC, 2004b; Finkenzeller, 2000; Shepard, 2005). With RFID technology, physical assets will have embedded intelligence that allows them to communicate with each other and with the tracking points (Auto-ID Center, 2002; IBM, 2003; VeriSign, 2004).","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72587608","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信