Journal of Information Systems Security最新文献

{"title":"Demonstrating the Wired Equivalent Privacy (WEP) Weaknesses Inherent in Wi-Fi Networks","authors":"K. Curran, Elaine Smyth","doi":"10.1201/1086.1065898X/46353.15.4.20060901/95121.3","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46353.15.4.20060901/95121.3","url":null,"abstract":"Abstract On the surface, wireless networks act the same as their wired counterparts, transporting data between network devices. However, there is one fundamental, and quite significant, difference: WLANs are based on radio communications technology, as an alternative to structured wiring and cables. Data is transmitted between devices through the air via the radio waves. Devices that participate in a WLAN must have a network interface card (NIC) with wireless capabilities. This essentially means that the card contains a small radio device that allows it to communicate with other wireless devices within the defined range for that card; for example, the 2.4—2.4853 GHz range. For a device to participate in a wireless network it must, first, be permitted to communicate with the devices in that network and, second, be within the transmission range of the devices in that network.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75661534","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Improving Bluetooth Security: What IT Managers and Mobile Device Users Can Do","authors":"B. Hernacki","doi":"10.1201/1086.1065898X/46353.15.4.20060901/95122.4","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46353.15.4.20060901/95122.4","url":null,"abstract":"Abstract Bluetooth wireless technology is becoming ubiquitous. According to the Bluetooth Special Interest Group (SIG), Bluetooth weekly shipments passed the 5 million unit mark in the second quarter of 2005, up from 3 million in the third quarter of 2004. Most of this growth has been in the mobile phone and PDA markets; in fact, 20 percent of mobile phones now ship with Bluetooth. In high-end business phones, the penetration rate is even higher, and many business-class phones include Bluetooth.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74660727","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The Five Myths of Wireless Security","authors":"John Kindervag","doi":"10.1201/1086.1065898X/46353.15.4.20060901/95120.2","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46353.15.4.20060901/95120.2","url":null,"abstract":"Abstract Those who have ever watched the television show MythBusters know that many of the popular beliefs most people hold to be true crumble under investigation. The same holds true in the information technology world. Most myths investigated by the mythbusters are harmless and fun, but in information security, the unexamined myth can be both dangerous and costly. It is imperative that the InfoSec professional not take security trends and myths at face value, but instead thoroughly investigate every statement to make an informed decision about the veracity of individual security ideas. This is especially true in the area of wireless networking, which is the newest, most immature, and potentially insecure of all of the currently existing networking methods.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90105637","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The Top Information Security Issues Facing Organizations: What Can Government Do to Help?","authors":"Kenneth J. Knapp, T. Marshall, R. K. Rainer, Dorsey W. Morrow","doi":"10.1201/1086.1065898X/46353.15.4.20060901/95124.6","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46353.15.4.20060901/95124.6","url":null,"abstract":"Abstract Considering that many organizations today are fully dependent on information technology for survival,1 information security is one of the most important concerns facing the modern organization. The increasing variety of threats and ferociousness of attacks has made protecting information a complex challenge.2 Improved knowledge of the critical issues underlying information security can help practitioners, researchers, and government employees alike to understand and solve the biggest problems. To this end, the International Information Systems Security Certification Consortium [(ISC)2]® teamed up with Auburn University researchers to identify and rank the top information security issues in two sequential, but related surveys. The first survey involved a worldwide sample of 874 certified information system security professionals (CISSPs)®, who ranked a list of 25 information security issues based on which ones were the most critical facing organizations today. In a follow-on survey, 623 U.S.-based CISSPs then re-ranked the same 25 issues based on which ones they felt the U.S. federal government could help the most in solving.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77274377","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Gmail and Privacy Issues","authors":"Edward H. Freeman","doi":"10.1201/1086.1065898X/46353.15.4.20060901/95119.1","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46353.15.4.20060901/95119.1","url":null,"abstract":"Abstract The Google search engine is a major presence in the online world. It has become a household word and has changed the way people do research and conduct business. The American Dialect Society, a scholarly association dedicated to the study of the English language in North America, chose “google” as the “most useful” word of 2002.1 The Oxford American Dictionary included “google” as a verb in its latest edition. Google accounted for almost half of the 5.1 billion search engine inquiries performed in the United States in December 2005.2","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85849637","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Content Analysis of Web Privacy Policies in the GCC Countries","authors":"Z. Shalhoub","doi":"10.1201/1086.1065898X/46183.15.3.20060701/94186.6","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46183.15.3.20060701/94186.6","url":null,"abstract":"Abstract Privacy has long been defined as the right of a person to be left alone and to be able to have control over the flow and disclosure of information about him- or herself (Warren and Brandeis, 1890). Worries about privacy are not new, although businesses have gathered information about their customers for years. However, privacy issues often come about because of new information technologies that have improved the collection, storage, use, and sharing of personal information.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79706980","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Virtual Security: The New Security Tool?","authors":"J. Tiller","doi":"10.1201/1086.1065898X/46183.15.3.20060701/94181.1","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46183.15.3.20060701/94181.1","url":null,"abstract":"n 1996, I found a tiny package floating around the Internet called VMware. I booted up my Linux laptop and proceeded to install this little animal. Within minutes I started the application and booted my first virtual PC. Compelled to investigate further, I decided to load Windows 95, completely convinced that it would fail miserably — Win95 on Linux, are you kidding me? To my surprise, I was browsing the Web using IE, in Windows 95 from a virtual PC running on Linux in just a few hours. Little did I know at the time that virtualization would make the huge rebirth that it has today. Rebirth seems like the appropriate word. Anyone familiar with IBM and Tandem, to name a couple, are familiar with virtualized computing. But these solutions fell victim to the distributed computer resource model emerging in the late 1980s and in full bloom in the mid-1990s. By the time I was introduced to VMware it seemed almost out of place and time, an oxymoron with seemingly little value when piles of servers were the answer and technology was the key business enabler. But today it's not about the technology — it's about services — IT and security services mapped to business drivers, making technology transparent to the mission. It is within this framework and IT business management evolution that vir-tualization was reincarnated. My first Internet page hadn't finished loading in my Win95/Linux system when the thought of security chilled my spine. At that time I was enamored by trusted operating systems (TOS). The thought of compart-m e n t a l i z a t i o n f r o m t h e N I C t o t h e applications, and everything in between, was, for me, security nirvana. I was an Argus PitBull, Solaris TOS, and HP Virtual Vault bigot; I was convinced TOS was the future. Now with virtualization, compart-mentalization was holistic, fully encompassing my environment, an environment I could manipulate, adjust, specialize, and distribute seamlessly. My TOS convictions began to waver. Today, virtualization has many solutions. VMware, now part of EMC, is locking horns with Microsoft. With virtualization part of Longhorn, it is clear that giants are making big bets, and so are some of their customers. Virtualization appears to many executives as the ultimate money press, squeezing every last cycle from the pools of vast underutilized resources. All …","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75503122","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Effective Operational Security Metrics","authors":"J. Ravenel","doi":"10.1201/1086.1065898X/46183.15.3.20060701/94183.3","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46183.15.3.20060701/94183.3","url":null,"abstract":"Abstract Security professionals are constantly being asked to justify every security project. Security risks and projects can often be difficult to measure and even more difficult to understand by people outside the department. The key to demonstrating improvement and value is to translate security information into business terms. This being the case, the ability to identify the type, quantity, frequency, audience, and presentation of appropriate security metrics can increase the value of a CISO or security professional from the perspective of the management team.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83081734","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Building an Effective Privacy Program","authors":"R. Herold","doi":"10.1201/1086.1065898X/46183.15.3.20060701/94185.5","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46183.15.3.20060701/94185.5","url":null,"abstract":"Abstract Privacy and trust are essential to maintaining good relationships with customers, employees, and business partners. It is also necessary to address privacy issues to comply with a growing number of privacy regulations worldwide. Privacy encompasses how business must be conducted, the communications made with customers and consumers, and the technology that enables business processes. Addressing privacy touches all facets of an organization, including business operations, Web sites and services, back-end systems and databases, communications with third parties, customers, and service providers, and legacy systems. An effective privacy governance program will not only make your customers happier, but it will also mitigate your exposure to regulatory noncompliance, lawsuits, bad publicity, and government investigations. This article discusses the issues to address when building a privacy governance program.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90279272","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Open Source Software and the SCO Litigation","authors":"Edward H. Freeman","doi":"10.1201/1086.1065898X/46183.15.3.20060701/94182.2","DOIUrl":"https://doi.org/10.1201/1086.1065898X/46183.15.3.20060701/94182.2","url":null,"abstract":"Abstract In 1980, Congress amended the federal copyright statutes to cover computer programs. The courts interpreted these statutes to protect the creator of software from copying, as well as translating into another programming language. Translations into foreign languages (i.e., French or Spanish) are also prohibited. Commercial software developers use licenses and the threat of legal action to protect their investment against unauthorized copying.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2006-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84903848","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}