Regular readers of this column know that I give a graduate seminar to my MSIA students every year in June called “INFOSEC Year in Review” or “IYIR” for short. This year the 135 graduating students and about 50 more students who will graduate in December received a 453-page book with 1,240 abstracts (including introductory material such as the list of categories) dating from Jan. 1, 2006, through May 30, 2007, classified using 280 possible categories.

The workbook is a selection I made from a total of 3,532 abstracts in that period. The full database and a complete PDF listing of the contents will be posted on my Web site later after some volunteers and I finish adding keywords to the abstracts.

I added up my time sheets on this project and it personally took me 163.5 hours from mid-May to mid-June to enter, format, and classify those abstracts; I tell you, I sure missed my research assistants this year!

For now, readers may download the 3MB PDF file freely for non-commercial uses such as teaching, research or just plain reading. Please do not post copies of the file on the Web - multiple copies are impossible to keep updated, and I do issue corrected versions of these files as I catch typos and other errors.

The IYIR course always sparks interesting discussions among the participants, and I hope that readers will be able to use the workbook fruitfully for brown-bag lunches and other stimulating meetings to discuss trends in information assurance. I doubt you will want to print this fairly hefty workbook, but you are welcome to do so if you want to as long as you don’t sell it (growl).

The workshop is broken into four sections (morning and afternoon of the two days) and the codes correspond to the parts: those beginning with 1 correspond to topics for the morning of Day 1 and so on. Some of the sections (and their codes) that I found particularly interesting this year in discussions with the graduate students were the following:

14.4 Trojans
14.5 Rootkits & back doors
14.6 Bots & botnets
16.3 Infrastructure vulnerabilities
16.5 Military perspectives on cyberwar & battlespace
18.1 Stolen equipment or media
18.2 Lost or missing equipment or media
1A7 Contests
23.7 VoIP
23.A Open-source software
24.6 Wireless
25.1 Remote control, RATs, reprogramming, auto-updates
25.2 Jamming
26.3 Keystroke loggers
26.4 Cell/mobile phones tracking, eavesdropping & cameras
29.4 Online & electronic voting
29.7 Social networks
31.1 Surveys, studies
31.2 Audits, GAO reports
31.4 New technology with potential security vulnerabilities or implications
33.2 Spam, spim, spit, splogs, phish, vish & pharms
33.5 Data-encryption policies
33.6 Outsourcing & offshoring
43.2 Biometrics
43.7 IPv6 & Internet2
49.1 U.S.-government surveillance
49.2 Non-U.S.-government surveillance
49.3 Anti-terrorist measures
49.4 Airport & Air Transport security
49.7 National ID cards/documents; REAL ID

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.