New INFOSEC workbook now online

* Security resource now available

Regular readers of this column know that I give a graduate seminar to my MSIA students every year in June called “INFOSEC Year in Review” or “IYIR” for short. This year the 135 graduating students and about 50 more students who will graduate in December received a 453-page book with 1,240 abstracts.

Regular readers of this column know that I give a graduate seminar to my MSIA students every year in June called “INFOSEC Year in Review” or “IYIR” for short. This year the 135 graduating students and about 50 more students who will graduate in December received a 453-page book with 1,240 abstracts (including introductory material such as the list of categories) dating from Jan. 1, 2006, through May 30, 2007, classified using 280 possible categories.

The workbook is a selection I made from a total of 3,532 abstracts in that period. The full database and a complete PDF listing of the contents will be posted on my Web site later after some volunteers and I finish adding keywords to the abstracts.

I added up my time sheets on this project and it personally took me 163.5 hours from mid-May to mid-June to enter, format, and classify those abstracts; I tell you, I sure missed my research assistants this year!

For now, readers may download the 3MB PDF file freely for non-commercial uses such as teaching, research or just plain reading. Please do not post copies of the file on the Web - multiple copies are impossible to keep updated, and I do issue corrected versions of these files as I catch typos and other errors.

The IYIR course always sparks interesting discussions among the participants, and I hope that readers will be able to use the workbook fruitfully for brown-bag lunches and other stimulating meetings to discuss trends in information assurance. I doubt you will want to print this fairly hefty workbook, but you are welcome to do so if you want to as long as you don’t sell it (growl).

The workshop is broken into four sections (morning and afternoon of the two days) and the codes correspond to the parts: those beginning with 1 correspond to topics for the morning of Day 1 and so on. Some of the sections (and their codes) that I found particularly interesting this year in discussions with the graduate students were the following:

14.4 Trojans

14.5 Rootkits & back doors

14.6 Bots & botnets

16.3 Infrastructure vulnerabilities

16.5 Military perspectives on cyberwar & battlespace

18.1 Stolen equipment or media

18.2 Lost or missing equipment or media

1A7 Contests

23.7 VoIP

23.A Open-source software

24.6 Wireless

25.1 Remote control, RATs, reprogramming, auto-updates

25.2 Jamming

26.3 Keystroke loggers

26.4 Cell/mobile phones tracking, eavesdropping & cameras

29.4 Online & electronic voting

29.7 Social networks

31.1 Surveys, studies

31.2 Audits, GAO reports

31.4 New technology with potential security vulnerabilities or implications

33.2 Spam, spim, spit, splogs, phish, vish & pharms

33.5 Data-encryption policies

33.6 Outsourcing & offshoring

43.2 Biometrics

43.7 IPv6 & Internet2

49.1 U.S.-government surveillance

49.2 Non-U.S.-government surveillance

49.3 Anti-terrorist measures

49.4 Airport & Air Transport security

49.7 National ID cards/documents; REAL ID

I hope you will find the document useful and perhaps even stimulating.

Related:

Copyright © 2007 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022