- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Mich Kabay takes a high-level view of security issues and provides resources to help safeguard your corporate and personal security.
Recently I had to write a chapter for a textbook when the original author forgot to write it. <smile> While I was researching the topic, I used some resources in infrastructure protection and information warfare that might interest some readers. This column will be a bit of a collage of neat stuff that you may have overlooked but that bears attention and even rereading.
The famous Marsh Report (“Critical Foundations: Protecting America’s Infrastructures”) is the Report of the President’s Commission on Critical Infrastructure Protection which met through part of 1996 and 1997 and led to Presidential Decision Directive 63 (PDD-63) on Critical Infrastructure Protection.
The 1999 RAND Corp. report entitled “Countering the New Terrorism” by Ian O. Lesser, Bruce Hoffman, John Arquilla, David Ronfeldt and Michele Zanini is a fascinating short (174-page) review of asymmetric warfare (the application of inexpensive, relatively easy tools and methods against sophisticated targets). Chapter Three on “Networks, Netwar, and Information-Age Terrorism” will be particularly interesting to readers of this column.
That same year, the General Accounting Office (now called the Government Accountability Office) issued its report GAO/T-AIMD-00-7, “Critical Infrastructure Protection: Fundamental Improvements Needed to Assure Security of Federal Operations”. This was the statement of Jack L. Brock, Jr., the Director of Governmentwide and Defense Information Systems Accounting and Information Management Division. He was testifying before the Subcommittee on Technology, Terrorism and Government Information of the Committee on the Judiciary of the U.S. Senate. His testimony began:
“GAO and IG reports issued over the last 5 years describe persistent computer security weaknesses that place federal operations such as national defense, law enforcement, air traffic control, and benefit payments at risk of disruption as well as fraud and inappropriate disclosures. Our most recent analysis, of reports issued during fiscal year 1999, identified significant computer security weaknesses in 22 of the largest federal agencies. These included weaknesses in (1) controls over access to sensitive systems and data, (2) controls over software development and changes, and (3) continuity of service plans. These types of weaknesses increase the risk that intruders or authorized users with malicious intentions could read, modify, delete, or otherwise damage information or disrupt operations for purposes, such as fraud, sabotage, or espionage. This body of audit evidence led us, in February 1997 and again in January 1999, to designate information security as a governmentwide high-risk area in reports to the Congress.”
M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (3)
That's it for page 3?By Anonymous on June 21, 2008, 5:06 pmSeriously? The content of page 3 is only, "I hope you enjoy the reading." WTF? *sigh*
Reply | Read entire comment
An interesting blog on this subjectBy gsmckee on June 17, 2008, 12:27 pmThis topic is of particular interest to me and I just ran across a blog that sheds more light on this topic. http://www.thedarkvisitor.com/
Reply | Read entire comment
A few more resourcesBy Anonymous on June 17, 2008, 11:05 amWhile it hasn't been updated for about a year, add C4I.org to that short list of information warfare resources - http://www.c4i.org/
Reply | Read entire comment
View all comments