A`B"I"I @@@ @@@@B,ap"I"J EN DB "J '4QUjjjPPPM]][[[ npp"jjdRdxGX./SSTT Exddk33eeeeeei366777*)88h99990..s;6}99?AAAB;;???lll<vvv%ZD%%%JKL-P=<IOEE*Caa www>\22bbTTTT55YY-VffqqFtttt Cerullo1992Gattiker1999 Jr.2000K Messmer1999s POWER1998 Straub1999 WsmUnited States. Congress. Senate. Committee on Governmental Affairs. Permanent Subcommittee on Investigations.1996,%C Wybo1993: Yang1998 Yang1998 Yang1998 Yang1998 Yang1998? Yasin1997@ Yasin1997 Yasin2000 Yasin2000_ Yesha1996 Yesha1996A Yin1994h York2000n York2000nB Young1993 Yu1990 Yu1990 Zajicek2003 Zajicek2003 Zheng1993 Zheng1993S Zolkos1996 Zolkos1996 Zolkos2000 Zolkos2000 Zucker19999 Zucker19999T Zwicky19955 Vice1997 Vice19979 Vilao1999b Vilao1999I Vnuk1997J Vnuk1997 Vnuk1997 Vnuk1997 von Solms1994 von Solms1994 von Solms1994 von Solms1994 Wack1991 Wack1991 Wack1994 Wack1994 Wagner1996 Wagner1996 Wagner1996 Wagner19961 Wagner19977K Wagner1997- Wagner19977 Wagner19979 Wagner2000 Wagner2000 Walker1977 Walker1977̤ Walker2000 Walker2000̟ Walters1995  Walters1995 Wang19944P Wang19944 Warren2000 Warren2000h Washington2000̦ Washington2000 Washington2000 Washington2000L Weber1997 Weber1997d Weber2000 Weber2000 Weber2000 Weber2000< Webster1998 Weiss1991M West1996N West1996OWestland1996̩ Weston1998P Wexler1996 Whetstone1996 Whetstone1996t Whetstone1996u Whetstone1996Whinston1994Whinston1994 White1996 Whitman2004u Wicker1994c Wicker1994 Widom1984 Widom1984 Widom1984 Widom1984 Widom1984 Widom1984Q Wilcox1996R Wilde1997Williams1990̒Williams1990̪ Wingfield2000 Wingfield2000 Wink1999̑ Witten1999t Witten1999t Wood1988 Wood1988 Wood1990̭Woodward2000 Woolley1998 Wybo1992: Yang1998  Yang1998 Yang1998 Yang1998 Yasin2000_ Yesha1996 Yesha1996h York2000n York2000n Yu1990 Zajicek2003  Zajicek2003 Zheng1993 Zheng1993S Zolkos1996 Zolkos2000̔ Zucker19999 Zucker19999X./(0rSu 2T EYxd(ck3ei#367*)8mh+9p0.os;6}9?|AB;y?l,@<v%ZD%JKLC5-P=R~<^IOE*\C$'aR w>\2:b_-fqDFt`H) JIMNz#O{!W$ P][n"j AuthorsJournals Keywords                                 ! (ABAAckerman, Robert KAdam, Nabil R. Adams, Anne Adams, Carl Adams, Eric J Agre, PhilipAICPAAkaphant, SiritornAlexander, Michael Allen, Brant Allen, JuliaAllen, Thomas J. Alster, Norm Amorim, PedroAnders, By GeorgeAnderson, Ross Ang, Soon$Angeles, Duncan Campbell in Los AnonymousAnsberry, ClareAnthes, Gary HAnthes, Gary H. Arnum, EricAslib. Informatics Group.($Association for Computing Machinery.`]Association for Computing Machinery. Special Interest Group on Security, Audit, and Control., Atkins, DerekAtkins, WilliamAubert, Benoit Austen, Ian Austin, Tom Bacard, AndrBadenhorst, K. P.Badenhorst, Karin P. Bagwill, R.Baldwin, Robert W. Ball, LeslieBanerjee, DebasishBanerjee, SnehamayBarefoot, Jo Ann S Barker, Ralph Barkley, JohnBarnett, Arnold I. Barrett, NeilBaskerville, R.Baskerville, RichardBaskerville, Richard L.Bassham, Lawrence E.Bauer, Friedrich Ludwig Baum, DavidBeath, CynthiaBECKER, ELIZABETH Benbasat, I.Bequai, August Berg, Allan Berger, AbiBergeron, FrancoisBernick, Jeanne Berson, T. A.Bertino, Elisa Beth, ThomasBhimani, AnishBialo, Ellen R. Bird, JaneBishop, KathleenBitter, Gary G. Blake, Ian F.Blanton, Thomas S. Bliss, Jeff Blumstein, ABlumstein, AlfredBonsall, BruceBoockholdt, J.L.Borenstein, Nathaniel S. Borg, KimBosselaers, AntoonBottom, Norman R., Jr. Bounds, W. G.Bowen, Ted SmalleyBozman, Jean S Bozoki, EvaBradbard, David A. Bramwell, TimBrancheau, JamesBrancheau, James C.Branin, Joseph($Brazil. Ministrio das Comunicaes. Brewer, DavidBrickell, Ernest F. Brown, Bob Brown, CarolBrown, GeoffreyBrown, Ronald O. Bruce, Glen Brummer, Alex Bruno, Lee Bryant, AdamBulkeley, By William M.Burger, KatherineBurns, Arthur F.Burr, William E. Bushaus, DawnBussgang, Jeffrey J.hdBy Wall Street Journal staff reporters Anna Wilde Mathews in Washington, James R. Hagerty in AtlantaByrd, Terry AnthonyCaelli, William J.Calderbank, AlisonCampbell, D. T.Campbell, Donald T.Campbell, LisaCamussone, Pierre FrancoCarey, By SusanCarley, William M.Carlson, Patricia J.Carnahan, Lisa J. Caroll, JohnCarr, Houston H.Carrns, By AnnCarter, David L. Cary, John M. Cassey, JohnCassing, James H.Castillo, CarolynCerullo, Michael J.Cerullo, VirginiaChaisson, Kernan Chambliss, R.Chang, C. VictorChapman, D. Brent Chellappa, R. Cheney, GlennChicago, Susan Carey inChin, Shiu-Kai Chin, WynneChiricos, Theodore G.Chmora, AndrewChowdhry, PankajChris Reidy, Globe StaffChristensen, DamarisChristianson, BruceChristie, AlanChristie, Alix Clark, By DonClark, Robert E.Clayton, MichelleClinton, William JClothier, MarkCloud, By David S.Cloud, David S. Cohen, Fred Cohen, JCohen, Jacqueline Cole, Barb Collier, P.Collins, Rosann WebbColton, Kent W.("Computer Systems Laboratory (U.S.) Conger, Sue Congress  ACM Computing SurveysAdvertising AgeAmerica's Network,(American Society for Industrial SecurityAS/400 Systems ManagementBank Systems & Technology Best's Review (Life/Health) Best's Review (Prop/Casualty)$Business Communications ReviewBusiness Credit CFMBusiness Insurance<6Business Review (Federal Reserve Bank of Philadelphia)Canadian InsuranceCanadian Underwriter$!Chief Information Officer JournalCIOCMA Magazine |College Student Journal Communications InternationalCommunications NewsCommunications of the ACMCommunicationsWeekComputer & SecurityComputer Law JournalComputer Reseller News<6Computer Reseller News | Distributor Census SupplementComputer Security Journal Computer Technology ReviewComputers & EducationComputers & Security Computerworld<6Computerworld | Electronic Commerce Journal SupplementComputing Canada CriminologyData Communications DatamationDecision Sciences DirectorEngineering EducationEur. J. Inf. Systs.,'European Journal of Information Systems Facilities Fortune("Free Inquiry in Creative SociologyHarvard Business Review Health Management TechnologyI/S Analyzer Case Studies IEEE SpectrumIEEE Spectrum [SPC],)IEEE Transactions on Software EngineeringInc. Info Canada InformInformation & ManagementInformation Age0*Information Management & Computer Security,(Information Resources Management Journal Information Society Inf. Soc.0-Information Strategy: The Executive's Journal$Information Systems Management0,Information Systems Research Inf. Syst. Res.Information TodayInformationweek Infosystems InfoWorldInsurance & Technology0-Insurance Brokers Monthly & Insurance Adviser Insurance Systems BulletinInternal Auditing0,International Journal of Electronic Commerce@;International Journal of Operations & Production Management InternetweekJournal of Accountancy0+Journal of Applied Developmental Psychology Journal of Business Strategy$ Journal of Crime and Criminology,'Journal of Criminal Law and Criminology$!Journal of Educational Psychology$Journal of Educational Research,(Journal of Global Information Management,)Journal of Global Informatrion Management0+Journal of Logistics Information Management,)Journal of Management Information Systems4/Journal of Management Information Systems: JMIS Journal of Management Systems Journal of Political Economy("Journal of Retail Banking Services($Journal of Small Business Management(#Journal of Systems & Software [JSS]@=Journal of the American Society for Information Science [ASI]<6Journal of the American Society of Information ScienceLife Association NewsLong Range Planning Management Accounting-LondonManagement ScienceManagement ServicesManagement TodayManagerial PlanningManufacturing SystemsMarketing News [MNW]($MC Technology Marketing IntelligenceMidrange Systems MIS QuarterlyMIS Quarterly,MIT's Technology Review<7National Underwriter (Life & Health/Financial Services)85National Underwriter (Life/Health/Financial Services)HENational Underwriter (Property & Casualty/Risk & Benefits Management) Network WorldNetworking Management, Online [ONL] Research in Higher Education Retail WorldRisk Management($Risk Management and Insurance Review Rough NotesSecurity Management(#Security, Audit, and Control ReviewSIGCSE BulletinSloan Management Review Strategic Management Journal$Systems Management 3X/400 [SSW]Telecommunications Telephony The Humanist The Journal of Accountancy The Lazerdisk Professional$ University of Chicago Law Review UNIX ReviewWall Street & Technology$Wall Street & Technology [WSC]Wisconsin Law Review  Vj(2400) Public relations (2410) Social responsibility0-(2600) Management science/operations research(3300) Risk management(4100) Accounting (4300) Law(4310) Regulation (5100) Facilities management(5120) Purchasing (5140) Security management4.(5200) Communications & information management$!(5220) Data processing management(5240) Software & systemshb(5240) Software & systems | (5310) Production planning & control | (9130) Experimental/theoretical$!(5250) Telecommunications systems (5400) Research & development (6200) Training & development(7000) marketing(7200) Advertising(%(7500) Product planning & development(8200) Insurance industry0,(8302) Software & computer services industry(8310) Consultants41(8330) Broadcasting & telecommunications industry$(83315140) Security managementhb(8390) Retail stores, includes groceries | (5140) Security management | US | Wal-Mart Stores Inc |(9000) Short articleXR(9000) Short article | (5240) Software & systems | (5140) Security management | US($(9110) Company specific/case studies,)(9130) Experimental/theoretical treatment(9150) Guidelines (9172) Canada(9179) Asia & the Pacific(9180) International(9190) United States$!(9510) Multinational corporations(9520) Small business("(9550) Public sector organizations5140: Security management,'5220: Information technology management9150: Guidelines9190: United States AccessAccess controlTOAccess control | (5140) Security management | (5220) Data processing managementd`access security, computer crime, information system controls, Internet security, law enforcementACCOUNTING firms AccreditationAcquisitions & mergers Activism AdaptationDAAdministrative agencies United States Data processing Management.LHAdministrative agencies United States Data processing Security measures.<6Administrative agencies United States Data processing.@;Administrative agencies United States Information services. Advantages Advertisers Advertisingage Aircraft accidents & safetyAirlines | Web sites | Computer security | Reservation systems | Computer privacy | Case studies | (9190) United States | (5140) Security management | (5250) Telecommunications systems | (8350) Transportation industry | (9110) Company specific/case stud Alaska Airlines Inc | Cabelas Algorithms Alteon 180e Analysis Application service providers ApplicationsArchives & records Armed forcesAssociations | Security management | Polls & surveys | (9190) United States | (5140) Security management | (9540) Non-profit institutions | US | American Society for Industrial Security$ ASSOCIATIONS, institutions, etc.Assurance services Attorneys AuditsAuthorizationsAutomatic identificationAutomobile industryBack up systemsBallot Data processing.Bank automationBank compliance Baseline BehaviorBills BiometricsBiometrics | Smart cards | Identification | Security systems | Physical | Access control | Computer security | (5140) Security management | (5220) Data processing management | (9190) United States | US Births broadband$ Broadband communication systems.Buchwald, David BudgetingBuilding automationBush, George, 1924-Business communityBusiness conditionsbusiness continuitybusiness crisis(%Business Data processing Periodicals.Business Data processing.BUSINESS enterprises85Business enterprises United States Computer networks.Business forecastsBusiness intelligence.Business networkingBUSINESS planning Business-government relationspCX..0S 2T c38s}}99?;,=I* wbqD``H) #OOO!$PPP][["C^$ V`XX//0rr 22TTEYxee#66778mhh99s??AA;,@@<<<%C55RI*Caww>>>:bT--DDFFttt``HHHH JJJJIIIIMMMMM   NNNaaazzzz^fh{{!9,all`[h$Wall Street & Technology [WSC]125 1994 42-44{Partnering; Systems development; Product design Computer programming; Connectivity; Investment companies; Software packagesB;Systems are no better than the quality of data received from users; reusing proven building blocks frees users to focus on the difference between what is already available and what they need. The smaller this crucial gap, the smaller the risk of 'design gigo' (garbage-in-garbage-out). Users can even take some of the development effort into their own hands by creating pre-release prototypes from existing high-quality parts. To achieve quality software, users and developers need each other. Key to a successful working relationship is mutual respect for the other's skills and perspectives. The volatile nature of software requirements demands cooperation throughout the entire process. Wall Street is searching for cross-platform application development tools that allow firms to write large-scale applications that can be ported and distributed across different system platforms. The choice of products ranges from portable graphical user interface builders to high-end products. According to Visix Software Inc., its 2-year-old Galaxy Application Environment goes a long way toward allowing developers to build mission-critical applications once, then compile applications that can run enterprise-wide on a range of desktop and server platforms, networks, and window systems without having to make code changes. Several leading Wall Street firms, including Sanwa Securities and J.P. Morgan, have built trading applications using the Galaxy development tools. A key feature of Galaxy is the incorporation of object-oriented technology for building distributed reusable objects on a network.c82Galaxy crosses platform lines Software: Stitch ups O Heney, Sheila Anonymous,O Leary, John G. 1995("Combining classic security and MISSecurity Management397143-145Security management | Computer security | Downsizing | Effects | (5140) Security management | (5220) Data processing management | (9190) United States | USt ABSTRACT: The trend of folding computer security departments into the classic security function began in the 1980s and has accelerated as organizations look for ways to reduce staff and save money. Before merging these 2 departments, management must understand the similarities and differences between computer and physical security and try to anticipate problems. The company should formulate a plan that fosters teamwork and uses the skills of both disciplines to complement each other, while working to close any pay gap that exists between the 2 forces. By recognizing potential stumbling blocks, management can guide the organization toward a consolidated function that leverages divergent security strengths and encourages group cooperation.O Leary, John G. 1995("Combining classic security and MISSecurity Management397143-145Security management | Computer security | Downsizing | Effects | (5140) Security management | (5220) Data processing management | (9190) United States | USt ABSTRACT: The trend of folding computer security departments into the classic security function began in the 1980s and has accelerated as organizations look for ways to reduce staff and save money. Before merging these 2 departments, management must understand the similarities and differences between computer and physical security and try to anticipate problems. The company should formulate a plan that fosters teamwork and uses the skills of both disciplines to complement each other, while working to close any pay gap that exists between the 2 forces. By recognizing potential stumbling blocks, management can guide the organization toward a consolidated function that leverages divergent security strengths and encourages group cooperation. 20011580532683 (alk. paper)0*HG1710 .O45 2001 332/.0285 HG1710.M54 20010)Electronic payment systems for e-commerce 2nd Boston  Artech Housexiv, 345,%Artech House computer security series NHElectronic funds transfers. Data encryption (Computer science) Internet.2,O'Mahony, Donal Peirce, M. A. Tewari, Hitesh 20011580532683 (alk. paper)0*HG1710 .O45 2001 332/.0285 HG1710.M54 20010)Electronic payment systems for e-commerce 2nd Boston  Artech Housexiv, 345,%Artech House computer security series NHElectronic funds transfers. Data encryption (Computer science) Internet.2,O'Mahony, Donal Peirce, M. A. Tewari, Hitesh2+Luis Oliveira Amorim, Pedro Vilao, Cristina 1999Electronic Commerce("International Financial Law Review 37-42 Janimpediment security Industry profiles | Electronic commerce | Computer security | Electronic banking | (5250) Telecommunications systems | (5140) Security management | (9175) Western Europe | PortugalxgIn June 1998 the worldwide Internet population was estimated at 120 million users. According to International Data Corp., the total of purchases over the Web was $10 billion in 1997, and there will be more than $220 billion in 2001. One crucial aspect to ensure some degree of legal certainty as e-business pioneers settle the new frontiers of a digital Wild West, is that it makes good sense for all deals to be carefully enshrined in contract terms, expressly agreed by the parties. Encryption technology may be the solution to one of the major barriers to growth of electronic commerce: fear of lack of security.-  ! M  1d^0*Library science Technological innovations.@7The KGB and GRU in Europe, South America, and AustraliaX Fort George G. Meade, Md.t National Security Agency 1995(!VENONA historical monograph ; # 590306 (online) [computer file] / National Security Agency. Mode of access: Internet from the National Security Agency web site. Title from title screen.iEspionage, Soviet History Sources. Intelligence service United States History Sources. Soviet Union. Komitet gosudarstvenno*i bezopasnosti History Sources. Soviet Union. Glavnoe razvedyvatel*noe upravlenie History Sources.0)United States. National Security Agency.,rF?http://www.nsa.gov:8080/docs/venona/monographs/monograph-5.htmln(!Tiwana Endnote library-added 7/99eD 1.2:97008186VOThe KGB in San Francisco and Mexico City and the GRU in New York and Washingtonf Fort George G. Meade, Md.a National Security Agency 1995(!VENONA historical monograph ; # 410306 (online) [computer file] / National Security Agency. Mode of access: Internet from the National Security Agency web site. Title from title screen.2Espionage, Soviet United States History Sources. Intelligence service United States History Sources. Soviet Union. Komitet gosudarstvenno*i bezopasnosti History Sources. Soviet Union. Glavnoe razvedyvatel*noe upravlenie History Sources.0)United States. National Security Agency.,sF?http://www.nsa.gov:8080/docs/venona/monographs/monograph-4.html (!Tiwana Endnote library-added 7/99  He 3.2:n 38PXQProject NetWork : a new opportunity for people with disabilities who want to workt [Baltimore, Md.? HADept. of Health and Human Services Social Security Administration3 19901 folded sheet (6 )i>7516 Shipping list no.: 91-663-P. "December 1990"--P. 6.1TMHandicapped Employment United States Handicapped Rehabilitation United States.6/United States. Social Security Administration.,r(!Tiwana Endnote library-added 7/99 He 3.2:p 94/6d`ZProblem Statement Language/Problem Statement Analyzer (PSL/PSA) : introductory information [Washington, D.C.?]T piSocial Security Administration Office of Systems Requirements Office of System Modernization Requirements  1986 [10]`Y516 (mf) Cover title. Distributed to depository libraries in microfiche. "November 1986." pjInformation storage and retrieval systems. Programming languages (Electronic computers) Computer software.b\United States. Social Security Administration. Office of System Modernization Requirements.,(!Tiwana Endnote library-added 7/99 Vandaele, Walter 1978B;Participation in Illegitimate Activities: Ehrlich Revisited 81Blumstein, Alfred Cohen, Jacqueline Nagin, Daniel`YDeterrence and Incapacitation: Estimating the Effects of Criminal Sanctions on Crime Raten Washington, D. C.y "National Academy of Science 3540632328 (alk. paper)2 005.8 Qa76Information security and privacy : Second Australasian Conference, ACISP '97, Sydney, NSW, Australia, July 7-9, 1997 : proceedings Berlin ; New Yorke Springer 1997xi, 336b.'Lecture notes in computer science, 1270C^WComputer security Congresses. Data protection Congresses. Privacy, Right of Congresses.$0*Varadharajan, Vijay Pieprzyk, Josef Mu, Yi(!Tiwana Endnote library-added 7/9997PO@JDHackers develop new tool to invade computer systems; [Final Edition]Bruce MeyersonThe Atlanta JournalM Jul 12 1999 A; 3Computer security companies updated their virus detection software Sunday after the in-your-face launch at a hackers' convention of a new tool designed for stealthy invasion of networks operated by Microsoft Windows.; The hacking tool, called BO2K, can enable someone to gain control of a computer or network from a remote location. BO2K is an abbreviation for a slightly profane variation of Back Office, the name of a program in Microsoft's Office 2000 suite of business software.; CDC and other hackers attending the seventh annual DefCon convention in Las Vegas charged that Microsoft has stubbornly refused to address a multitude of gaping security holes in Windows.VOComputer security; Access control; Passwords; Systems development; RequirementsnAlternatives that considerably reduce the risks inherent in reusable passwords are considered. In addition, the overall system requirements for authentication, including the mechanisms and their embedding into systems and networks, are characterized. Various approaches and some commercially available devices exist for nonspoofable one-time passwords, including smart cards, randomized tokens, and challenge-response schemes. A basic set of idealized requirements relating to secure authentication include: 1. user authenticity and nonrepudiation, 2. ease of use, 3. device integrity and availability, and 4. system integrity and reliability. Even if these requirements are completely satisfied, some risks can still remain; weak links in the computer system or in personal behavior can undermine even the most elaborate authentication methods. What is needed is much better authentication than that provided by reusable passwords.^WPractitioner and SoftClass: A comparative study of two software reuse research projectsD>Mili, Hafedh Radai, Roy Wang, Weigang Strickland, Karl et al.,*#Journal of Systems & Software [JSS]252 1994147-170VOComputer security; Access control; Passwords; Systems development; RequirementsnAlternatives that considerably reduce the risks inherent in reusable passwords are considered. In addition, the overall system requirements for authentication, including the mechanisms and their embedding into systems and networks, are characterized. Various approaches and some commercially available devices exist for nonspoofable one-time passwords, including smart cards, randomized tokens, and challenge-response schemes. A basic set of idealized requirements relating to secure authentication include: 1. user authenticity and nonrepudiation, 2. ease of use, 3. device integrity and availability, and 4. system integrity and reliability. Even if these requirements are completely satisfied, some risks can still remain; weak links in the computer system or in personal behavior can undermine even the most elaborate authentication methods. What is needed is much better authentication than that provided by reusable passwords.^WPractitioner and SoftClass: A comparative study of two software reuse research projectsD>Mili, Hafedh Radai, Roy Wang, Weigang Strickland, Karl et al.,*#Journal of Systems & Software [JSS]252 1994147-170Object oriented programming; Systems development; Product development; Competition; Manycompanies; Manyproducts; StandardizationAfter a long learning and experimentation curve, technology managers will start employing object-oriented software for mission-critical systems in 1995. For users deciding to take the plunge into object tools, 1995 will see new players such as Taligent Inc. bring product to market. Object-oriented programming allows developers to use discrete parcels of code, called objects, to build applications. These can then be distributed and reused across an enterprise. Object tools are especially appealing to developers who use procedural programming languages, such as Cobol or C. Next Inc. was one of the first companies to market a mainstream object-oriented operating system, NextStep, with the Next computer in the 1980s. Since then, Next has discontinued its hardware line and licensed its object-oriented programming environment, OpenStep, to Digital Equipment, Hewlett-Packard, and Sun Microsystems. One factor that will increase the use of object technology is the development of standards.0*Concern raised over privacy on infohighwayMiller, CyndeeMarketing News [MNW]291 1995 1, 7+B;International experts see need for global encryption policy Elinor Mills InfoWorldi Jan 26 199873204/rkMost major countries are pushing global Internet commerce farther off as they grapple with policies on encryption and digital signatures. According to Adrian Lifely of Osborne Clarke, if electronic commerce is to fulfill its potential, there must be greater commitment toward standards for authentication. The Labor Party in England has indicated its opposition to controlling encryption but may be waiting to see what the European Union decides on the matter. The Department of Trade Industry expects that digital-signature legislation will be adopted by late 1998 and that a government policy statement on encryption and digital signatures will be released within the next 2 months. The European Commission, which has taken the stance that it cannot afford a divided regulatory landscape, plans to hold an international hearing in 1998 on encryption and digital signatures. Electronic commerce Digital transmission Data encryption Signatures Globalization Standardization Legislation Computer securitywhe most elaborate authentication methods. What is needed is much better authentication than that provided by reusable passwords.^WPractitioner and SoftClass: A comparative study of two software reuse research projectsD>Mili, Hafedh Radai, Roy Wang, Weigang Strickland, Karl et al.,*#Journal of Systems & Software [JSS]252 1994147-170B;International experts see need for global encryption policy Elinor Mills InfoWorldi Jan 26 199873204/rkMost major countries are pushing global Internet commerce farther off as they grapple with policies on encryption and digital signatures. According to Adrian Lifely of Osborne Clarke, if electronic commerce is to fulfill its potential, there must be greater commitment toward standards for authentication. The Labor Party in England has indicated its opposition to controlling encryption but may be waiting to see what the European Union decides on the matter. The Department of Trade Industry expects that digital-signature legislation will be adopted by late 1998 and that a government policy statement on encryption and digital signatures will be released within the next 2 months. The European Commission, which has taken the stance that it cannot afford a divided regulatory landscape, plans to hold an international hearing in 1998 on encryption and digital signatures. Electronic commerce Digital transmission Data encryption Signatures Globalization Standardization Legislation Computer securitywlSLQ@9Sony's Infobeat Leaked Data On User E-Mail To Advertisers By Michael MossWall Street JournalT Nov 8n 1999B1yInfoBeat, a popular Internet newsletter service owned by Sony Music Entertainment Corp., has been sending the e-mail addresses of its readers to advertisers despite a pledge to keep such data private, a computer-security expert has found.; Responding to questions by The Wall Street Journal, InfoBeat in a statement last week characterized the data leakage as a software flaw, which it was endeavoring to have fixed. "Infobeat respects the privacy of its customers and takes security issues very seriously, and we sincerely regret any concern this situation may have caused," the statement said.; Sony Music Entertainment, a unit of Sony Corp., acquired InfoBeat in January, but it delegates the newsletter's operation to Exactis.com, a major e-mail distribution firm based in Denver whose predecessor firm sold Infobeat to Sony. Infobeat says it inherited the software in the acquisition.<5Computer security Electronic mail systems NewslettersD>In the Age of Hackers, A Guide to Firewalls For Home ComputersBy Walter S. MossbergtWall Street Journal; Feb 24 2000B1IF HACKERS CAN bring down Yahoo!, with its huge banks of huge computers in huge buildings with huge staffs, can they bring down your lonely little PC in the spare bedroom? Can they invade its contents, peering right into your kid's term paper on Christopher Columbus? And, if so, what can you do to stop them?; There's no perfect answer to that question. Theoretically, any computer that connects to the Internet, even episodically, could be penetrated by malefactors. The invaders could then read or copy data on its hard disk, or plant "Trojan horse" programs you'd never find that could be activated later to do damage, either to your PC or to other computers on the Internet.; Before turning to the available defenses, let's talk about the problem. There are two main kinds of home computers connected to the Internet. Some are constantly connected and use a fixed Internet address, a sort of code that computers on the Net use to identify each other. Others aren't constantly connected and don't have a fixed address. Periodically, they dial up an Internet service provider (ISP) to link to the Net, and each time the ISP gives them a different, temporary Internet address.2,Personal computers Computer security Hackersj]nu-kp(>_XS (*s;;}<Z%5~^2:bTT`!|jXTEYddd(c3eii*.oosyllvvZ5=~<E\w2:Y-fDDt) #!WWM[.k%f uSc678};@v%CEb8Fnp"jehD~Rs3p;5 -/p.1 Lohr, Steve 199782Go Ahead, Be Paranoid : Hackers Are Out to Get YouNew York Times Online New York`Yhttp://search.nytimes.com/search/daily/bin/fastweb?getdoc+site+site+16517+23+wAAA+hackers March 17, 199700n a chilly, windowless room in a New York suburb, four men are tapping furiously at their laptop computers. Their mission: to crack into the computer system of a major U.S. corporation. Things seem to be going well, for them. "All right, we're through the firewall," announced one bearded hacker. A few moments later, a second practitioner of high-tech mischief pronounced himself pleased by what he saw inside -- a digital picture of vulnerability rendered by the lines of computer code dancing across his screen. "Looks like we can toast it," he said. Charles Palmer, a slender, bearded 40-year-old computer scientist, looked on with pride at the members of his team. Skilled hackers, Palmer noted, are scarce these days, at least ones that he will hire. "It's hard to find good people in this field who do not have criminal records," he explained. Palmer and his team work for IBM, and their brand of computer hacking is legal. Companies pay the IBM squad to attack their computer systems to test how well they can stand up to the increasing assaults by real hackers. The growing ranks of cyber intruders are engaged in everything from snooping around to "parking" pornography and pirated software on unsuspecting corporate machines to computer-assisted fraud and theft. White-hat hackers, like those at IBM, are only one kind of computer-security professional whose skills are much in demand today. Once an arcane specialty, computer security has moved into the mainstream. As companies rush onto the Internet, they benefit from improved communication with customers, suppliers and far-flung employees, but they also take on far greater risk that their corporate computer systems will be breached by outsiders with malicious intent. The dangers of a networked world have created boom times for computer-security consultants, auditors, cryptographers and others. Now they must contend with pushy headhunters as well as hackers. Five years ago, six-figure salaries were rare in the security field. Today it is not uncommon for skilled computer-security veterans to be making $200,000 a year or more. Recognizing a seller's market for computer-security expertise, Wietse Venema has come to the United States, and he's selling. A computer scientist from the University of Eindhoven in the Netherlands, Venema is the co-author of Satan, a sophisticated software program intended to find security flaws in any computer system linked to the Internet. The 45-year-old Dutch researcher is considering offers from IBM and other leading American computer companies. "Many people are interested in my capabilities now," he observed cheerfully. Experts like Venema are suddenly stars because corporations are spending more on computer security. This year, companies worldwide are expected to spend $6.3 billion on security for their computer networks, estimates Dataquest, a market-research firm. Within three years the security price tag is projected to more than double to nearly $12.9 billion -- a figure that is only for services supplied by outside contractors, so it excludes spending on in-house staff, security software or hardware products. The industry in the United States, the world leader in computer security, is composed of hundreds of companies. They run the gamut from large companies with worldwide computer consulting practices, like IBM, Science Applications International Corp. and Perot Systems, and Big Six accounting firms, like Coopers & Lybrand, Ernst & Young and Deloitte & Touche, down to one-man independent consultants, like Seiden. Fueling the surge in computer-security spending is fear. The corporate concerns are heightened with every report of hackers defacing well-known World Wide Web sites, like the recent attacks on the sites of the CIA and the Department of Justice. The FBI says few intrusions into corporate computer systems -- 15 percent at most -- are reported to law-enforcement agencies. But the handful that are reported, like the 1994 case of Russian hackers who tapped into Citibank and made $10 million in illegal fund transfers (all but $400,000 was recovered), tend to cause alarm. "The business is not so much network security as it is network insecurity," noted Alice Murphy, an analyst at Dataquest. "There's so much anxiety out there now." Just how great the threat is to corporate computer systems is a matter of debate. The Internet, observes Peter Neumann, a computer scientist at SRI International, a research group in Menlo Park, Calif., was never really designed to be secure. Once the bailiwick of a small community of researchers, it is starting to be used as a freeway of commerce. "The infrastructure is vulnerable," Neumann said. "From that larger perspective the risks are enormous." Dan Farmer, the co-author of Satan with the Dutch researcher Venema, did a survey of 1,700 corporate and government Web sites late last year and found that more than 60 percent of them had "serious potential security vulnerabilities." Farmer, a programmer at Sun Microsystems Inc., did not break into the computer systems, but he said they were open to attack and often could be severely damaged. (His survey results are posted on the Web.) Yet there is a significant difference, some analysts say, between potential vulnerability and the actual business risk to corporate computer systems. "There is risk, but the threat tends to be vastly overstated," said George Colony, president of Forrester Research Inc., a consulting firm in Cambridge, Mass. Forrester estimates that losses from fraud in Internet commerce are likely to be roughly $1 for every $1,000 of business. To put the matter into perspective, the fraud losses in cellular phone service are $20 for every $1,000, according to Forrester, while the losses on credit-card transactions are nearly $2 for every $1,000 of goods charged. Still, even skeptics, like Forrester's Colony, agree that computer security requires continuous attention. "It is a manageable risk, and it should not deter companies from jumping into Internet commerce," Colony said. "But I also tell our clients that they should think of computer security as a guerrilla war that will last forever." The FBI is treating the battle against computer crime as a long-running campaign. All new agents are now trained in cyberspace investigations as part of the curriculum at the FBI Academy in Quantico, Va. And last year the bureau established three computer-crime squads in San Francisco, New York and Washington, to pursue cybercrime more aggressively. "We're really on the cusp of this becoming a major problem," said James Kallstrom, head of the FBI office in New York. "As more and more of the economy goes digital, there are huge incentives for criminal attacks on American corporations." Computer crime, of course, comes in many forms. An employee with a grudge and access to a company's computer network may well be far more dangerous, and costly, than even the most artful hacker. A survey released two weeks ago by the Computer Security Institute, and conducted on behalf of the FBI's computer-crime unit, estimated computer security losses last year at $100 million -- a total only among some 250 companies and organizations that would place dollar figures on their losses from fraud, theft of trade secrets and other breaches. The criminal hackers have long been engaged in a kind of cat-and-mouse game with law-enforcement agencies and private computer-security experts. And that game is increasingly being played at a higher level, with greater skill and new tools. The cell-phone hackers of the past, who electronically jimmied phones for the thrill and free phone service, have graduated to Web-site hacking. Today there are an estimated 440 hacker bulletin boards, 1,900 Web sites purveying hacking tips and tools, and 30 hacker publications like "Phrack" and "2600: The Hacker Quarterly." There are readily available software programs for hacking tactics like "war dialing," "sniffing" and "fingering" -- all used to exploit security weaknesses in computer systems. "As the stakes become higher, the technical sophistication of the people doing this kind of illegal activity is increasing," said Edward Hart, a senior vice president of Science Applications International. Today there is a brisk illicit market in hacking, according to security experts, with the street price for breaking into a corporate Web site typically in the $8,000-to-$10,000 range. Bonus payments are usually demanded for trade secrets pilfered or damage inflicted on a competitor's computer system. Limiting the risk, and damage, to corporate computer systems is the goal of Palmer and the other security specialists at IBM. The test hacking done by his team is mainly a fact-finding tool, and only one of many. The authorized break-ins by these groups, called "tiger teams," are often more valuable as a marketing tactic than as a research tool. Thick and exhaustive studies of a company's computer security can be met with yawning indifference by top executives, but a break-in gets their attention. Mundane rules, not high-tech wizardry, are crucial to reducing security risks. A robust firewall to filter what electronic traffic gets into a company's computer system is helpful, but it can be a Maginot Line approach to security -- the real weaknesses are elsewhere. To work from home, employees may have dial-up modems at their desks, unprotected by firewalls or even passwords. Employees, security experts warn, must be told to give their passwords to no one; one scam is for hackers to call new employees, pretending to be members of the corporate technology staff doing a check of passwords. Another frequent weakness is simple physical security, watching who goes in or out of the building. These are hectic times for security consultants like IBM's Nick Simicich, a 44-year-old self-taught programmer. He works from his home in Boca Raton, Fla., equipped with powerful computers running Linux, a shareware program that is the operating system of choice for hackers. Mostly, though, Simicich is on the road -- 85 percent of the time, he estimates -- logging perhaps 150,000 air miles a year. Continental, the airline he flies most regularly, invited Simicich to a company parade last year. He proudly calls himself a "paid professional paranoid." His goal, he says, is not to make corporate computer systems immune to hackers. "That's impossible," he explained. "Our real goal is to raise the bar. First, we do want to make it harder for them to break in, so the average hacker moves to an easier target. Second, when they do get in, we want to ensure that the damage is limited."XW$Denial of service: An example Needham, RF?QC100 .U57 no. 800-2 QA76.9.A25 602/.18 s 005.8/2 C 13.10:800-2ePublic-key cryptography5 Gaithersburg, MD LEU.S. Dept. of Commerce National Institute of Standards and Technology  1991ix, 162 :3NIST special publication ; 800-2. Computer security & Computer security. Cryptography.NGNechvatal, James National Institute of Standards and Technology (U.S.),b(!Tiwana Endnote library-added 7/99C$Denial of service: An example Needham, Roger M.0 Communications of the ACM5 1994 42-46i3711A particular instance of a denial of service problem is considered and engineering considerations relevant to an appropriate defense are examined. A major aspect is the complexity and danger that result from unthinking use of what seem to be simple cost-saving measures. In the context of an alarm system, there are 3 mechanical components to deal with, namely a client, a network and a server. There are also 2 nonmechanical parts to the system - the customer and the contractor. The attack against the customer may consist of disabling or destroying the client, just as it may consist of interfering with the network or with the server. There are ready defenses against some attacks, and it is necessary to consider their scope, their limits, and most particularly, their objectives. In all security matters there are 2 objectives - to make violations difficult and to make them known to authority when they happen. In the case of denial of service, the balance between the 2 objectives swings quite far toward the latter.leComputer security Services Problems Prevention (5140) Security management; (5240) Software & systems;$Denial of service: An example Needham, Roger M.0 Communications of the ACM5 1994 42-46i3711A particular instance of a denial of service problem is considered and engineering considerations relevant to an appropriate defense are examined. A major aspect is the complexity and danger that result from unthinking use of what seem to be simple cost-saving measures. In the context of an alarm system, there are 3 mechanical components to deal with, namely a client, a network and a server. There are also 2 nonmechanical parts to the system - the customer and the contractor. The attack against the customer may consist of disabling or destroying the client, just as it may consist of interfering with the network or with the server. There are ready defenses against some attacks, and it is necessary to consider their scope, their limits, and most particularly, their objectives. In all security matters there are 2 objectives - to make violations difficult and to make them known to authority when they happen. In the case of denial of service, the balance between the 2 objectives swings quite far toward the latter.leComputer security Services Problems Prevention (5140) Security management; (5240) Software & systems;"New denial of service attackNeeley, DeQuendretSecurity Managementu 200028443.Distributed denial of service (DDOS) attacks allow a single attacker to use several computers to attack a target. As with all denial of service attacks, the objective of a DDOS is to overload a server with so many requests that it goes down. When a group of attackers band together to launch a DDOS attack, the results can be devastating. The software products used to execute these types of attacks are Tribe FloodNet 2K and Trinoo. Both spoof IP addresses to make it difficult to detect the origin of the attack.|uComputer security Hackers Trends (9190) United States; (5220) Data processing management; (5140) Security management;(YLXLA brick through a window John C Dvorak PC Magazine Apr 4 200099197XQDvorak discusses "white hat" hackers who devise and supply hacking tools free to anyone. These hackers believe they are doing every one a favor by demonstrating how weak some computer systems are. Dvorak considers this as analogous to a brick through a window: it is simple vandalism. It is these people who are actually ruining the Web.B;Hackers Computer crime Computer security Vandalism Internet60The newest technology tools: (Un)Limited access?6/Julia E Earp Laura R Ingraham J Gregory JenkinseThe CPA Journal JanO 2000 58-59i701hTNWhile the benefits of engaging in e-commerce may be significant, the risks are also substantial. Technological innovations will pose additional security concerns and, ultimately, decide the future of e-commerce. A discussion is presented of some technological innovations, potential security problems, and suggested security measures.D=Electronic commerce Computer security Semiconductors Software60The newest technology tools: (Un)Limited access?6/Julia E Earp Laura R Ingraham J Gregory JenkinseThe CPA Journal JanO 2000 58-59i701hTNWhile the benefits of engaging in e-commerce may be significant, the risks are also substantial. Technological innovations will pose additional security concerns and, ultimately, decide the future of e-commerce. A discussion is presented of some technological innovations, potential security problems, and suggested security measures.D=Electronic commerce Computer security Semiconductors Software60Protecting data is a demanding but secure careerEileen Ecklund InfoWorld Sep 7 1998922036The reality of information security work is much more mundane than the media hype. As companies have become more aware of the dangers of computer-related crime, the demand for information security staff has grown rapidly. Despite the field's rapid growth, most people who do information security work do it only part-time. To be very good, information security professionals need to know both the theory and practice of operating systems, databases, and networking.@9Computer security Professionals Careers Trends Employment60Protecting data is a demanding but secure careerEileen Ecklund InfoWorld Sep 7 1998922036The reality of information security work is much more mundane than the media hype. As companies have become more aware of the dangers of computer-related crime, the demand for information security staff has grown rapidly. Despite the field's rapid growth, most people who do information security work do it only part-time. To be very good, information security professionals need to know both the theory and practice of operating systems, databases, and networking.@9Computer security Professionals Careers Trends EmploymentEnabling Ebusiness Ted Ritter$Business Communications Review Decn 1999 26-30t2912A potential evolution path for enterprise network infrastructure is examined. The transition from hard application and services boundaries to one continuous architecture called an ebusiness infrastructure (EBI) is outlined. A new concept for the core of the EBI is introduced, where organizations can handle business to business and intra-business functions in an open, yet fully secure environment: a Free Trade Zone. The EBI supports a blurring of the traditional boundaries between the functions of business to business and intra-business. This change itself requires a shift in mind-set and operations that adds yet another layer of complexity to the migration process. Enterprises that make the transition can leverage the core of the EBI: the free trade zone.JCElectronic commerce World Wide Web Infrastructure Computer security +F U CORPORATIONSCORPORATIONS -- GrowthCost reductionCostsCPAsCPAs | Technological change | Information technology | Effects | (9190) United States | (4110) Accountants | (5250) Telecommunications systems | US | American Institute of Certified Public Accountants CredibilityCredit card fraud Credit cards Credit unionsCrimeCrime preventionCriminal investigations Criminal lawCriminal liabilityCRISIS management Criteria CryptographyCryptography Congresses.(%Cryptography Handbooks, manuals, etc.Cryptography | Computer security | Electronic commerce | Studies | Accountability | Protocol | Internet | (9130) Experimental/theoretical treatment | (5250) Telecommunications systems | (5140) Security management Cryptography. Curricula Custom design Customer information filesCustomer relationsCustomer servicesData Data basesData collectionData encryption("Data encryption (Computer science)4.Data encryption (Computer science) Congresses.HEData encryption (Computer science) Law and legislation United States.40Data encryption (Computer science) United States41Data encryption (Computer science) United States.d^Data encryption | Computer security | Computer programming | Problems | (9190) United States |Data encryption | Exports | Federal regulation | Regulatory reform | Market entry | Product introduction | (5240) Software & systems | (5140) Security management | (1300) International trade & foreign investment | (4310) Regulation | (9190) United StateData encryption | Smart cards | Computer security | Product introduction | Manycompanies | (9190) United States | (5140) Security management | (5240) Software & systems | USData integrityData integrity | Computer security | Work stations | Computer networks | (5240) Software & systems | (5140) Security management Data processing managementLGData processing management | ( 9130) Experimental/theoretical treatmentDATA protection Data protection Congresses.Data protection.$ Data recovery (Computer science)("Data structures (Computer science)83Data transmission systems Government policy Brazil.<7Data transmission systems Security measures Congresses.0,Data transmission systems Security measures.Data warehouses$!Database management United States($Databases Moral and ethical aspects. DebuggingDecision making Defense$Defense contracts United StatesDenial of service attacksDesign engineeringDetection alarmsHCdevelopment | Manycompanies | Electronic data interchange | ( 5250) Diffusion, ITDigital certificatesDigital electronicsDigital subscriber lineDigital transmissiondisaster preparednessDisaster recovery DisclosureDisk operating systemsDistance learningDistributed processingDistributed processing | Auctions | Bidders | Cryptography | Computer security | Electronic commerce | (5240) Software & systems | (5140) Security managementDittrich, Dave("domain theory of moral development Donations DowntimeEconomic conditions Editorial cartoons -- Hackers Editorials Education EffectsElectronic bankingElectronic banking | Computer security | Internet | Bank services | Trends | Home banking | Systems design | Federal regulation | Electronic commerce | (8100) Financial services industry | (5240) Software & systems | (9190) United States | (4310) Regulan4P4Westland, Chris 1996<5A Rational Choice Model of Computer and Network Crimet2,International Journal of Electronic Commerce1s 2, Winterf109-126.f`access security, computer crime, information system controls, Internet security, law enforcement|Computer and network security are too often couched in terms of passwords and encryption, the computer equivalent of "lock and key" safekeeping for physical assets. Even though the sophistication of password-encryption schemes has improved dramatically, with new standards for secure Internet transfer of digital cash and card numbers, passwords still provide incomplete and flawed protection. Following the lead of law enforcement in traditional crimes, which has moved beyond "locks" to address the entire life cycle of crime, this research assesses how computer security can take what has been learned about effective crime prevention to move beyond passwords. It proposes a "rational choice" model of computer and network crime that identifies new points to be targeted for control. This broader perspective is used to define an expanded control agenda to fight computer and network crimeSecurity across bordersy Rusty WestonInformationweek) Aug 31 1998 117According to results of the InformationWeek/PricewaterhouseCoopers 1998 Global Information Security Survey, although security is no longer strictly an afterthought in IT shops, there is little evidence that it is developing into a highly significant business concern. Despite an apparent worldwide concern, about 1/3 of the respondents said they actually measure the effectiveness of their information security policy. Analysts who have compared the security practices of European and US organizations say that, in general, European companies are more likely to solve information security problems by creating a new policy rather than by deploying packaged solutions. Americans prefer to leverage technology investments.LEInformation technology Polls & surveys Network security Policy makingSecurity across bordersy Rusty WestonInformationweek) Aug 31 1998 117According to results of the InformationWeek/PricewaterhouseCoopers 1998 Global Information Security Survey, although security is no longer strictly an afterthought in IT shops, there is little evidence that it is developing into a highly significant business concern. Despite an apparent worldwide concern, about 1/3 of the respondents said they actually measure the effectiveness of their information security policy. Analysts who have compared the security practices of European and US organizations say that, in general, European companies are more likely to solve information security problems by creating a new policy rather than by deploying packaged solutions. Americans prefer to leverage technology investments.LEInformation technology Polls & surveys Network security Policy making&AT&T rounds out E-commerce linedWexler, Joanie Network World1134223 1996~xTo boost the use of electronic commerce, AT&T is now offering insurance against Web server downtime, lost orders and credit card fraud over the Internet, as well as promotional incentives to Web surfers and back-end transaction processing services. AT&T's new SecureBay offering adds transaction processing capabilities to the company's Easy World-Wide Web hosting services. In addition, AT&T has integrated Open Market Inc.'s OMTransact software into its server farm. The software forges links to financial networks, which will authorize a credit card and approve a user's credit line based on encrypted information sent from AT&T.D>Electronic commerce | Product lines | Service introduction | Computer security | Guarantees | Internet service providers | (9190) United States | (8302) Software & computer services industry | (5250) Telecommunications systems | (5140) Security management | (9120) Product specific treatment | US | AT&T Corp TICKER: T&AT&T rounds out E-commerce linedWexler, Joanie Network World1134223 1996~xTo boost the use of electronic commerce, AT&T is now offering insurance against Web server downtime, lost orders and credit card fraud over the Internet, as well as promotional incentives to Web surfers and back-end transaction processing services. AT&T's new SecureBay offering adds transaction processing capabilities to the company's Easy World-Wide Web hosting services. In addition, AT&T has integrated Open Market Inc.'s OMTransact software into its server farm. The software forges links to financial networks, which will authorize a credit card and approve a user's credit line based on encrypted information sent from AT&T.D>Electronic commerce | Product lines | Service introduction | Computer security | Guarantees | Internet service providers | (9190) United States | (8302) Software & computer services industry | (5250) Telecommunications systems | (5140) Security management | (9120) Product specific treatment | US | AT&T Corp TICKER: T(!0849371791 (hardcover alk. paper) Qa76.9.a25 w45 1996 005.8t*$Computer system and network security  Boca Raton  CRC Pressc 1996 296r,%CRC Press computer engineering seriesI>7Computer security. Computer networks Security measures.c4.White, Gregory B. Fisch, Eric A. Pooch, Udo W.(!Tiwana Endnote library-added 7/99pBVVp(p(Z.   Z66   Straub, D.W. 1986tmDeterring Computer Abuse: The Effectiveness of Deterrent Countermeasures in the Computer Security Environment"Graduate School of Business Indiana UniversityDoctoral Dissertation,Detmar W. Straub  1986 N1Instrument Validation in the MIS Research Process1  .Francois Bergeronr nRProceedings of the Administrative Sciences Association of Canada (ASAC) Conference  *Whistler, B.C. & 7, Part 4o $103-118B fJThis paper won the "Best Doctoral Student Paper" Award for the Conference. ,Detmar W. Straub  1987 pTControlling Computer Abuse: An Empirical Study of Effective Security Countermeasures jMProceedings of the 8th International Conference on Information Systems (ICIS)4  *Pittsburgh, PA $277-289; $December ,Detmar W. Straub  1988 X"Detmar W. Straub William D. Nance  1988 hLUncovering and Disciplining Computer Abuse: Managerial Responses and Options ,Information Age 10 $3 (July) $151-156 ,Detmar W. Straub  1989 B&Validating Instruments in MIS Research * MIS Quarterlyn 13 $2 (June) $146-169 .Straub, Detmar W.f  1990 F)Effective IS Security: An Empirical Studya 8Information Systems Research 1 3 $255-276 @#Straub, Detmar W. William D. Nance  1990 hKDiscovering and Disciplining Computer Abuse in Organizations: A Field Study * MIS Quarterly 14 & 1 (March) "45-62 ,&Straub, Detmar W. Collins, Rosann Webb 1990|uKey Information Liabilities Facing Managers: Software Piracy, Proprietary Databases, And Individual Rights to Privacy MIS QuarterlyJ142(June) 143-158nQDetmar W. Straub George DElia Joseph Branin Carl Adams Cynthia Beath Nancy Rohdel  1991 J.A Model Academic Integrated Information Center R6Journal of the American Society of Information Science 42 & 2 (March)  $143-146l lOin section entitled "Perspectives on an Academic Integrated Information Center"p >8Straub, Detmar W. Patricia J. Carlson Elizabeth H. Jones 1992ZTDeterring Highly Motivated Computer Abusers: A Field Experiment in Computer Security $Guy G. Gable William J. Caelli818th International Information Security Conference  Singapore335-350 Mayr>8Straub, Detmar W. Patricia J. Carlson Elizabeth H. Jones 1992ZTDeterring Highly Motivated Computer Abusers: A Field Experiment in Computer Security $Guy G. Gable William J. Caelli:4 IT Security: The Need for International Cooperation  Amsterdam  North-Holland309-324 <6SBCROriginator: Detmar Straub Date Added: 12/9/98>8Straub, Detmar W. Patricia J. Carlson Elizabeth H. Jones 1992ZTDeterring Highly Motivated Computer Abusers: A Field Experiment in Computer Security $Guy G. Gable William J. Caelli818th International Information Security Conference  Singapore335-350 Mayr>8Straub, Detmar W. Patricia J. Carlson Elizabeth H. Jones 1992ZTDeterring Highly Motivated Computer Abusers: A Field Experiment in Computer Security $Guy G. Gable William J. Caelli:4 IT Security: The Need for International Cooperation  Amsterdam  North-Holland309-324 <6SBCROriginator: Detmar Straub Date Added: 12/9/98>7Detmar W. Straub Patricia J. Carlson Elizabeth H. Joness 1993XRDeterring Cheating by Student Programmers: A Field Experiment in Computer Security$Journal of Management Systems 5y1 33-48>7Detmar W. Straub Patricia J. Carlson Elizabeth H. Joness 1993XRDeterring Cheating by Student Programmers: A Field Experiment in Computer Security$Journal of Management Systems 5y1 33-48,Detmar W. Straub  1994 hKThe Effect of Culture on IT Diffusion: E-Mail and FAX in Japan and the U.S.s : Information Systems Research 5 & 1 (March) "23-47 J-Detmar W. Straub Moez Limayem Elena Karahannao  1995 V:Measuring System Usage: Implications for IS Theory Testing .Management Science ("Straub, Detmar W. Richard J. Welke 1996@9Coping with Systems Risk: An Agenda for Managerial Action Benoit Aubert Wynne ChinF?ASAC (Administrative Sciences Association of Canada) Conference Montreal 17, No. 4138-146May 25-28, 1996<5SCROriginator: Detmar Straub Date Added: 12/9/98m("Straub, Detmar W. Richard J. Welke 1998XQCoping with Systems Risk: Security Planning Models for Management Decision-Making MIS Quarterly22 4 (December)441-469r:4SROriginator: Detmar Straub Date Added: 12/9/98.(Could e-cash threaten payment integrity?William Streeter81American Bankers Association. ABA Banking Journal Nov 1997 58-688911In an interview, John LaWare, Shawmut Bank CEO, and Thomas Hoenig, president of the Federal Reserve Bank of Kansas City, discussed the potential risks involved with electronic payments. Concerns center around 3 issues: consumer protection and privacy, the integrity of the payment system, and the potential for crime (money laundering in particular). According to John LaWare, if cybermoney is going to be a major part of the payment system, then it may be necessary to examine what standards need to be imposed. Thomas Hoeing feels that if you ha