A`B"I"I @@@ @@@@B,ap"I"J EN DB "J '4QUjjjPPPM]][[[ npp"jjdRdxGX./SSTT Exddk33eeeeeei366777*)88h99990..s;6}99?AAAB;;???lll<vvv%ZD%%%JKL-P=<IOEE*Caa www>\22bbTTTT55YY-VffqqFtttt Cerullo1992Gattiker1999 Jr.2000K Messmer1999s POWER1998 Straub1999 WsmUnited States. Congress. Senate. Committee on Governmental Affairs. Permanent Subcommittee on Investigations.1996,%C Wybo1993: Yang1998 Yang1998 Yang1998 Yang1998 Yang1998? Yasin1997@ Yasin1997 Yasin2000 Yasin2000_ Yesha1996 Yesha1996A Yin1994h York2000n York2000nB Young1993 Yu1990 Yu1990 Zajicek2003 Zajicek2003 Zheng1993 Zheng1993S Zolkos1996 Zolkos1996 Zolkos2000 Zolkos2000 Zucker19999 Zucker19999T Zwicky19955 Vice1997 Vice19979 Vilao1999b Vilao1999I Vnuk1997J Vnuk1997 Vnuk1997 Vnuk1997 von Solms1994 von Solms1994 von Solms1994 von Solms1994 Wack1991 Wack1991 Wack1994 Wack1994 Wagner1996 Wagner1996 Wagner1996 Wagner19961 Wagner19977K Wagner1997- Wagner19977 Wagner19979 Wagner2000 Wagner2000 Walker1977 Walker1977̤ Walker2000 Walker2000̟ Walters1995  Walters1995 Wang19944P Wang19944 Warren2000 Warren2000h Washington2000̦ Washington2000 Washington2000 Washington2000L Weber1997 Weber1997d Weber2000 Weber2000 Weber2000 Weber2000< Webster1998 Weiss1991M West1996N West1996OWestland1996̩ Weston1998P Wexler1996 Whetstone1996 Whetstone1996t Whetstone1996u Whetstone1996Whinston1994Whinston1994 White1996 Whitman2004u Wicker1994c Wicker1994 Widom1984 Widom1984 Widom1984 Widom1984 Widom1984 Widom1984Q Wilcox1996R Wilde1997Williams1990̒Williams1990̪ Wingfield2000 Wingfield2000 Wink1999̑ Witten1999t Witten1999t Wood1988 Wood1988 Wood1990̭Woodward2000 Woolley1998 Wybo1992: Yang1998  Yang1998 Yang1998 Yang1998 Yasin2000_ Yesha1996 Yesha1996h York2000n York2000n Yu1990 Zajicek2003  Zajicek2003 Zheng1993 Zheng1993S Zolkos1996 Zolkos2000̔ Zucker19999 Zucker19999X./(0rSu 2T EYxd(ck3ei#367*)8mh+9p0.os;6}9?|AB;y?l,@<v%ZD%JKLC5-P=R~<^IOE*\C$'aR w>\2:b_-fqDFt`H) JIMNz#O{!W$ P][n"j AuthorsJournals Keywords                                 ! (ABAAckerman, Robert KAdam, Nabil R. Adams, Anne Adams, Carl Adams, Eric J Agre, PhilipAICPAAkaphant, SiritornAlexander, Michael Allen, Brant Allen, JuliaAllen, Thomas J. Alster, Norm Amorim, PedroAnders, By GeorgeAnderson, Ross Ang, Soon$Angeles, Duncan Campbell in Los AnonymousAnsberry, ClareAnthes, Gary HAnthes, Gary H. Arnum, EricAslib. Informatics Group.($Association for Computing Machinery.`]Association for Computing Machinery. Special Interest Group on Security, Audit, and Control., Atkins, DerekAtkins, WilliamAubert, Benoit Austen, Ian Austin, Tom Bacard, AndrBadenhorst, K. P.Badenhorst, Karin P. Bagwill, R.Baldwin, Robert W. Ball, LeslieBanerjee, DebasishBanerjee, SnehamayBarefoot, Jo Ann S Barker, Ralph Barkley, JohnBarnett, Arnold I. Barrett, NeilBaskerville, R.Baskerville, RichardBaskerville, Richard L.Bassham, Lawrence E.Bauer, Friedrich Ludwig Baum, DavidBeath, CynthiaBECKER, ELIZABETH Benbasat, I.Bequai, August Berg, Allan Berger, AbiBergeron, FrancoisBernick, Jeanne Berson, T. A.Bertino, Elisa Beth, ThomasBhimani, AnishBialo, Ellen R. Bird, JaneBishop, KathleenBitter, Gary G. Blake, Ian F.Blanton, Thomas S. Bliss, Jeff Blumstein, ABlumstein, AlfredBonsall, BruceBoockholdt, J.L.Borenstein, Nathaniel S. Borg, KimBosselaers, AntoonBottom, Norman R., Jr. Bounds, W. G.Bowen, Ted SmalleyBozman, Jean S Bozoki, EvaBradbard, David A. Bramwell, TimBrancheau, JamesBrancheau, James C.Branin, Joseph($Brazil. Ministrio das Comunicaes. Brewer, DavidBrickell, Ernest F. Brown, Bob Brown, CarolBrown, GeoffreyBrown, Ronald O. Bruce, Glen Brummer, Alex Bruno, Lee Bryant, AdamBulkeley, By William M.Burger, KatherineBurns, Arthur F.Burr, William E. Bushaus, DawnBussgang, Jeffrey J.hdBy Wall Street Journal staff reporters Anna Wilde Mathews in Washington, James R. Hagerty in AtlantaByrd, Terry AnthonyCaelli, William J.Calderbank, AlisonCampbell, D. T.Campbell, Donald T.Campbell, LisaCamussone, Pierre FrancoCarey, By SusanCarley, William M.Carlson, Patricia J.Carnahan, Lisa J. Caroll, JohnCarr, Houston H.Carrns, By AnnCarter, David L. Cary, John M. Cassey, JohnCassing, James H.Castillo, CarolynCerullo, Michael J.Cerullo, VirginiaChaisson, Kernan Chambliss, R.Chang, C. VictorChapman, D. Brent Chellappa, R. Cheney, GlennChicago, Susan Carey inChin, Shiu-Kai Chin, WynneChiricos, Theodore G.Chmora, AndrewChowdhry, PankajChris Reidy, Globe StaffChristensen, DamarisChristianson, BruceChristie, AlanChristie, Alix Clark, By DonClark, Robert E.Clayton, MichelleClinton, William JClothier, MarkCloud, By David S.Cloud, David S. Cohen, Fred Cohen, JCohen, Jacqueline Cole, Barb Collier, P.Collins, Rosann WebbColton, Kent W.("Computer Systems Laboratory (U.S.) Conger, Sue Congress  ACM Computing SurveysAdvertising AgeAmerica's Network,(American Society for Industrial SecurityAS/400 Systems ManagementBank Systems & Technology Best's Review (Life/Health) Best's Review (Prop/Casualty)$Business Communications ReviewBusiness Credit CFMBusiness Insurance<6Business Review (Federal Reserve Bank of Philadelphia)Canadian InsuranceCanadian Underwriter$!Chief Information Officer JournalCIOCMA Magazine |College Student Journal Communications InternationalCommunications NewsCommunications of the ACMCommunicationsWeekComputer & SecurityComputer Law JournalComputer Reseller News<6Computer Reseller News | Distributor Census SupplementComputer Security Journal Computer Technology ReviewComputers & EducationComputers & Security Computerworld<6Computerworld | Electronic Commerce Journal SupplementComputing Canada CriminologyData Communications DatamationDecision Sciences DirectorEngineering EducationEur. J. Inf. Systs.,'European Journal of Information Systems Facilities Fortune("Free Inquiry in Creative SociologyHarvard Business Review Health Management TechnologyI/S Analyzer Case Studies IEEE SpectrumIEEE Spectrum [SPC],)IEEE Transactions on Software EngineeringInc. Info Canada InformInformation & ManagementInformation Age0*Information Management & Computer Security,(Information Resources Management Journal Information Society Inf. Soc.0-Information Strategy: The Executive's Journal$Information Systems Management0,Information Systems Research Inf. Syst. Res.Information TodayInformationweek Infosystems InfoWorldInsurance & Technology0-Insurance Brokers Monthly & Insurance Adviser Insurance Systems BulletinInternal Auditing0,International Journal of Electronic Commerce@;International Journal of Operations & Production Management InternetweekJournal of Accountancy0+Journal of Applied Developmental Psychology Journal of Business Strategy$ Journal of Crime and Criminology,'Journal of Criminal Law and Criminology$!Journal of Educational Psychology$Journal of Educational Research,(Journal of Global Information Management,)Journal of Global Informatrion Management0+Journal of Logistics Information Management,)Journal of Management Information Systems4/Journal of Management Information Systems: JMIS Journal of Management Systems Journal of Political Economy("Journal of Retail Banking Services($Journal of Small Business Management(#Journal of Systems & Software [JSS]@=Journal of the American Society for Information Science [ASI]<6Journal of the American Society of Information ScienceLife Association NewsLong Range Planning Management Accounting-LondonManagement ScienceManagement ServicesManagement TodayManagerial PlanningManufacturing SystemsMarketing News [MNW]($MC Technology Marketing IntelligenceMidrange Systems MIS QuarterlyMIS Quarterly,MIT's Technology Review<7National Underwriter (Life & Health/Financial Services)85National Underwriter (Life/Health/Financial Services)HENational Underwriter (Property & Casualty/Risk & Benefits Management) Network WorldNetworking Management, Online [ONL] Research in Higher Education Retail WorldRisk Management($Risk Management and Insurance Review Rough NotesSecurity Management(#Security, Audit, and Control ReviewSIGCSE BulletinSloan Management Review Strategic Management Journal$Systems Management 3X/400 [SSW]Telecommunications Telephony The Humanist The Journal of Accountancy The Lazerdisk Professional$ University of Chicago Law Review UNIX ReviewWall Street & Technology$Wall Street & Technology [WSC]Wisconsin Law Review  Vj(2400) Public relations (2410) Social responsibility0-(2600) Management science/operations research(3300) Risk management(4100) Accounting (4300) Law(4310) Regulation (5100) Facilities management(5120) Purchasing (5140) Security management4.(5200) Communications & information management$!(5220) Data processing management(5240) Software & systemshb(5240) Software & systems | (5310) Production planning & control | (9130) Experimental/theoretical$!(5250) Telecommunications systems (5400) Research & development (6200) Training & development(7000) marketing(7200) Advertising(%(7500) Product planning & development(8200) Insurance industry0,(8302) Software & computer services industry(8310) Consultants41(8330) Broadcasting & telecommunications industry$(83315140) Security managementhb(8390) Retail stores, includes groceries | (5140) Security management | US | Wal-Mart Stores Inc |(9000) Short articleXR(9000) Short article | (5240) Software & systems | (5140) Security management | US($(9110) Company specific/case studies,)(9130) Experimental/theoretical treatment(9150) Guidelines (9172) Canada(9179) Asia & the Pacific(9180) International(9190) United States$!(9510) Multinational corporations(9520) Small business("(9550) Public sector organizations5140: Security management,'5220: Information technology management9150: Guidelines9190: United States AccessAccess controlTOAccess control | (5140) Security management | (5220) Data processing managementd`access security, computer crime, information system controls, Internet security, law enforcementACCOUNTING firms AccreditationAcquisitions & mergers Activism AdaptationDAAdministrative agencies United States Data processing Management.LHAdministrative agencies United States Data processing Security measures.<6Administrative agencies United States Data processing.@;Administrative agencies United States Information services. Advantages Advertisers Advertisingage Aircraft accidents & safetyAirlines | Web sites | Computer security | Reservation systems | Computer privacy | Case studies | (9190) United States | (5140) Security management | (5250) Telecommunications systems | (8350) Transportation industry | (9110) Company specific/case stud Alaska Airlines Inc | Cabelas Algorithms Alteon 180e Analysis Application service providers ApplicationsArchives & records Armed forcesAssociations | Security management | Polls & surveys | (9190) United States | (5140) Security management | (9540) Non-profit institutions | US | American Society for Industrial Security$ ASSOCIATIONS, institutions, etc.Assurance services Attorneys AuditsAuthorizationsAutomatic identificationAutomobile industryBack up systemsBallot Data processing.Bank automationBank compliance Baseline BehaviorBills BiometricsBiometrics | Smart cards | Identification | Security systems | Physical | Access control | Computer security | (5140) Security management | (5220) Data processing management | (9190) United States | US Births broadband$ Broadband communication systems.Buchwald, David BudgetingBuilding automationBush, George, 1924-Business communityBusiness conditionsbusiness continuitybusiness crisis(%Business Data processing Periodicals.Business Data processing.BUSINESS enterprises85Business enterprises United States Computer networks.Business forecastsBusiness intelligence.Business networkingBUSINESS planning Business-government relationspCX..0S 2T c38s}}99?;,=I* wbqD``H) #OOO!$PPP][["C^$ V`XX//0rr 22TTEYxee#66778mhh99s??AA;,@@<<<%C55RI*Caww>>>:bT--DDFFttt``HHHH JJJJIIIIMMMMM   NNNaaazzzz^fh{{!9,all`[h$Wall Street & Technology [WSC]125 1994 42-44{Partnering; Systems development; Product design Computer programming; Connectivity; Investment companies; Software packagesB;Systems are no better than the quality of data received from users; reusing proven building blocks frees users to focus on the difference between what is already available and what they need. The smaller this crucial gap, the smaller the risk of 'design gigo' (garbage-in-garbage-out). Users can even take some of the development effort into their own hands by creating pre-release prototypes from existing high-quality parts. To achieve quality software, users and developers need each other. Key to a successful working relationship is mutual respect for the other's skills and perspectives. The volatile nature of software requirements demands cooperation throughout the entire process. Wall Street is searching for cross-platform application development tools that allow firms to write large-scale applications that can be ported and distributed across different system platforms. The choice of products ranges from portable graphical user interface builders to high-end products. According to Visix Software Inc., its 2-year-old Galaxy Application Environment goes a long way toward allowing developers to build mission-critical applications once, then compile applications that can run enterprise-wide on a range of desktop and server platforms, networks, and window systems without having to make code changes. Several leading Wall Street firms, including Sanwa Securities and J.P. Morgan, have built trading applications using the Galaxy development tools. A key feature of Galaxy is the incorporation of object-oriented technology for building distributed reusable objects on a network.c82Galaxy crosses platform lines Software: Stitch ups O Heney, Sheila Anonymous,O Leary, John G. 1995("Combining classic security and MISSecurity Management397143-145Security management | Computer security | Downsizing | Effects | (5140) Security management | (5220) Data processing management | (9190) United States | USt ABSTRACT: The trend of folding computer security departments into the classic security function began in the 1980s and has accelerated as organizations look for ways to reduce staff and save money. Before merging these 2 departments, management must understand the similarities and differences between computer and physical security and try to anticipate problems. The company should formulate a plan that fosters teamwork and uses the skills of both disciplines to complement each other, while working to close any pay gap that exists between the 2 forces. By recognizing potential stumbling blocks, management can guide the organization toward a consolidated function that leverages divergent security strengths and encourages group cooperation.O Leary, John G. 1995("Combining classic security and MISSecurity Management397143-145Security management | Computer security | Downsizing | Effects | (5140) Security management | (5220) Data processing management | (9190) United States | USt ABSTRACT: The trend of folding computer security departments into the classic security function began in the 1980s and has accelerated as organizations look for ways to reduce staff and save money. Before merging these 2 departments, management must understand the similarities and differences between computer and physical security and try to anticipate problems. The company should formulate a plan that fosters teamwork and uses the skills of both disciplines to complement each other, while working to close any pay gap that exists between the 2 forces. By recognizing potential stumbling blocks, management can guide the organization toward a consolidated function that leverages divergent security strengths and encourages group cooperation. 20011580532683 (alk. paper)0*HG1710 .O45 2001 332/.0285 HG1710.M54 20010)Electronic payment systems for e-commerce 2nd Boston  Artech Housexiv, 345,%Artech House computer security series NHElectronic funds transfers. Data encryption (Computer science) Internet.2,O'Mahony, Donal Peirce, M. A. Tewari, Hitesh 20011580532683 (alk. paper)0*HG1710 .O45 2001 332/.0285 HG1710.M54 20010)Electronic payment systems for e-commerce 2nd Boston  Artech Housexiv, 345,%Artech House computer security series NHElectronic funds transfers. Data encryption (Computer science) Internet.2,O'Mahony, Donal Peirce, M. A. Tewari, Hitesh2+Luis Oliveira Amorim, Pedro Vilao, Cristina 1999Electronic Commerce("International Financial Law Review 37-42 Janimpediment security Industry profiles | Electronic commerce | Computer security | Electronic banking | (5250) Telecommunications systems | (5140) Security management | (9175) Western Europe | PortugalxgIn June 1998 the worldwide Internet population was estimated at 120 million users. According to International Data Corp., the total of purchases over the Web was $10 billion in 1997, and there will be more than $220 billion in 2001. One crucial aspect to ensure some degree of legal certainty as e-business pioneers settle the new frontiers of a digital Wild West, is that it makes good sense for all deals to be carefully enshrined in contract terms, expressly agreed by the parties. Encryption technology may be the solution to one of the major barriers to growth of electronic commerce: fear of lack of security.-  ! M  1d^0*Library science Technological innovations.@7The KGB and GRU in Europe, South America, and AustraliaX Fort George G. Meade, Md.t National Security Agency 1995(!VENONA historical monograph ; # 590306 (online) [computer file] / National Security Agency. Mode of access: Internet from the National Security Agency web site. Title from title screen.iEspionage, Soviet History Sources. Intelligence service United States History Sources. Soviet Union. Komitet gosudarstvenno*i bezopasnosti History Sources. Soviet Union. Glavnoe razvedyvatel*noe upravlenie History Sources.0)United States. National Security Agency.,rF?http://www.nsa.gov:8080/docs/venona/monographs/monograph-5.htmln(!Tiwana Endnote library-added 7/99eD 1.2:97008186VOThe KGB in San Francisco and Mexico City and the GRU in New York and Washingtonf Fort George G. Meade, Md.a National Security Agency 1995(!VENONA historical monograph ; # 410306 (online) [computer file] / National Security Agency. Mode of access: Internet from the National Security Agency web site. Title from title screen.2Espionage, Soviet United States History Sources. Intelligence service United States History Sources. Soviet Union. Komitet gosudarstvenno*i bezopasnosti History Sources. Soviet Union. Glavnoe razvedyvatel*noe upravlenie History Sources.0)United States. National Security Agency.,sF?http://www.nsa.gov:8080/docs/venona/monographs/monograph-4.html (!Tiwana Endnote library-added 7/99  He 3.2:n 38PXQProject NetWork : a new opportunity for people with disabilities who want to workt [Baltimore, Md.? HADept. of Health and Human Services Social Security Administration3 19901 folded sheet (6 )i>7516 Shipping list no.: 91-663-P. "December 1990"--P. 6.1TMHandicapped Employment United States Handicapped Rehabilitation United States.6/United States. Social Security Administration.,r(!Tiwana Endnote library-added 7/99 He 3.2:p 94/6d`ZProblem Statement Language/Problem Statement Analyzer (PSL/PSA) : introductory information [Washington, D.C.?]T piSocial Security Administration Office of Systems Requirements Office of System Modernization Requirements  1986 [10]`Y516 (mf) Cover title. Distributed to depository libraries in microfiche. "November 1986." pjInformation storage and retrieval systems. Programming languages (Electronic computers) Computer software.b\United States. Social Security Administration. Office of System Modernization Requirements.,(!Tiwana Endnote library-added 7/99 Vandaele, Walter 1978B;Participation in Illegitimate Activities: Ehrlich Revisited 81Blumstein, Alfred Cohen, Jacqueline Nagin, Daniel`YDeterrence and Incapacitation: Estimating the Effects of Criminal Sanctions on Crime Raten Washington, D. C.y "National Academy of Science 3540632328 (alk. paper)2 005.8 Qa76Information security and privacy : Second Australasian Conference, ACISP '97, Sydney, NSW, Australia, July 7-9, 1997 : proceedings Berlin ; New Yorke Springer 1997xi, 336b.'Lecture notes in computer science, 1270C^WComputer security Congresses. Data protection Congresses. Privacy, Right of Congresses.$0*Varadharajan, Vijay Pieprzyk, Josef Mu, Yi(!Tiwana Endnote library-added 7/9997PO@JDHackers develop new tool to invade computer systems; [Final Edition]Bruce MeyersonThe Atlanta JournalM Jul 12 1999 A; 3Computer security companies updated their virus detection software Sunday after the in-your-face launch at a hackers' convention of a new tool designed for stealthy invasion of networks operated by Microsoft Windows.; The hacking tool, called BO2K, can enable someone to gain control of a computer or network from a remote location. BO2K is an abbreviation for a slightly profane variation of Back Office, the name of a program in Microsoft's Office 2000 suite of business software.; CDC and other hackers attending the seventh annual DefCon convention in Las Vegas charged that Microsoft has stubbornly refused to address a multitude of gaping security holes in Windows.VOComputer security; Access control; Passwords; Systems development; RequirementsnAlternatives that considerably reduce the risks inherent in reusable passwords are considered. In addition, the overall system requirements for authentication, including the mechanisms and their embedding into systems and networks, are characterized. Various approaches and some commercially available devices exist for nonspoofable one-time passwords, including smart cards, randomized tokens, and challenge-response schemes. A basic set of idealized requirements relating to secure authentication include: 1. user authenticity and nonrepudiation, 2. ease of use, 3. device integrity and availability, and 4. system integrity and reliability. Even if these requirements are completely satisfied, some risks can still remain; weak links in the computer system or in personal behavior can undermine even the most elaborate authentication methods. What is needed is much better authentication than that provided by reusable passwords.^WPractitioner and SoftClass: A comparative study of two software reuse research projectsD>Mili, Hafedh Radai, Roy Wang, Weigang Strickland, Karl et al.,*#Journal of Systems & Software [JSS]252 1994147-170VOComputer security; Access control; Passwords; Systems development; RequirementsnAlternatives that considerably reduce the risks inherent in reusable passwords are considered. In addition, the overall system requirements for authentication, including the mechanisms and their embedding into systems and networks, are characterized. Various approaches and some commercially available devices exist for nonspoofable one-time passwords, including smart cards, randomized tokens, and challenge-response schemes. A basic set of idealized requirements relating to secure authentication include: 1. user authenticity and nonrepudiation, 2. ease of use, 3. device integrity and availability, and 4. system integrity and reliability. Even if these requirements are completely satisfied, some risks can still remain; weak links in the computer system or in personal behavior can undermine even the most elaborate authentication methods. What is needed is much better authentication than that provided by reusable passwords.^WPractitioner and SoftClass: A comparative study of two software reuse research projectsD>Mili, Hafedh Radai, Roy Wang, Weigang Strickland, Karl et al.,*#Journal of Systems & Software [JSS]252 1994147-170Object oriented programming; Systems development; Product development; Competition; Manycompanies; Manyproducts; StandardizationAfter a long learning and experimentation curve, technology managers will start employing object-oriented software for mission-critical systems in 1995. For users deciding to take the plunge into object tools, 1995 will see new players such as Taligent Inc. bring product to market. Object-oriented programming allows developers to use discrete parcels of code, called objects, to build applications. These can then be distributed and reused across an enterprise. Object tools are especially appealing to developers who use procedural programming languages, such as Cobol or C. Next Inc. was one of the first companies to market a mainstream object-oriented operating system, NextStep, with the Next computer in the 1980s. Since then, Next has discontinued its hardware line and licensed its object-oriented programming environment, OpenStep, to Digital Equipment, Hewlett-Packard, and Sun Microsystems. One factor that will increase the use of object technology is the development of standards.0*Concern raised over privacy on infohighwayMiller, CyndeeMarketing News [MNW]291 1995 1, 7+B;International experts see need for global encryption policy Elinor Mills InfoWorldi Jan 26 199873204/rkMost major countries are pushing global Internet commerce farther off as they grapple with policies on encryption and digital signatures. According to Adrian Lifely of Osborne Clarke, if electronic commerce is to fulfill its potential, there must be greater commitment toward standards for authentication. The Labor Party in England has indicated its opposition to controlling encryption but may be waiting to see what the European Union decides on the matter. The Department of Trade Industry expects that digital-signature legislation will be adopted by late 1998 and that a government policy statement on encryption and digital signatures will be released within the next 2 months. The European Commission, which has taken the stance that it cannot afford a divided regulatory landscape, plans to hold an international hearing in 1998 on encryption and digital signatures. Electronic commerce Digital transmission Data encryption Signatures Globalization Standardization Legislation Computer securitywhe most elaborate authentication methods. What is needed is much better authentication than that provided by reusable passwords.^WPractitioner and SoftClass: A comparative study of two software reuse research projectsD>Mili, Hafedh Radai, Roy Wang, Weigang Strickland, Karl et al.,*#Journal of Systems & Software [JSS]252 1994147-170B;International experts see need for global encryption policy Elinor Mills InfoWorldi Jan 26 199873204/rkMost major countries are pushing global Internet commerce farther off as they grapple with policies on encryption and digital signatures. According to Adrian Lifely of Osborne Clarke, if electronic commerce is to fulfill its potential, there must be greater commitment toward standards for authentication. The Labor Party in England has indicated its opposition to controlling encryption but may be waiting to see what the European Union decides on the matter. The Department of Trade Industry expects that digital-signature legislation will be adopted by late 1998 and that a government policy statement on encryption and digital signatures will be released within the next 2 months. The European Commission, which has taken the stance that it cannot afford a divided regulatory landscape, plans to hold an international hearing in 1998 on encryption and digital signatures. Electronic commerce Digital transmission Data encryption Signatures Globalization Standardization Legislation Computer securitywlSLQ@9Sony's Infobeat Leaked Data On User E-Mail To Advertisers By Michael MossWall Street JournalT Nov 8n 1999B1yInfoBeat, a popular Internet newsletter service owned by Sony Music Entertainment Corp., has been sending the e-mail addresses of its readers to advertisers despite a pledge to keep such data private, a computer-security expert has found.; Responding to questions by The Wall Street Journal, InfoBeat in a statement last week characterized the data leakage as a software flaw, which it was endeavoring to have fixed. "Infobeat respects the privacy of its customers and takes security issues very seriously, and we sincerely regret any concern this situation may have caused," the statement said.; Sony Music Entertainment, a unit of Sony Corp., acquired InfoBeat in January, but it delegates the newsletter's operation to Exactis.com, a major e-mail distribution firm based in Denver whose predecessor firm sold Infobeat to Sony. Infobeat says it inherited the software in the acquisition.<5Computer security Electronic mail systems NewslettersD>In the Age of Hackers, A Guide to Firewalls For Home ComputersBy Walter S. MossbergtWall Street Journal; Feb 24 2000B1IF HACKERS CAN bring down Yahoo!, with its huge banks of huge computers in huge buildings with huge staffs, can they bring down your lonely little PC in the spare bedroom? Can they invade its contents, peering right into your kid's term paper on Christopher Columbus? And, if so, what can you do to stop them?; There's no perfect answer to that question. Theoretically, any computer that connects to the Internet, even episodically, could be penetrated by malefactors. The invaders could then read or copy data on its hard disk, or plant "Trojan horse" programs you'd never find that could be activated later to do damage, either to your PC or to other computers on the Internet.; Before turning to the available defenses, let's talk about the problem. There are two main kinds of home computers connected to the Internet. Some are constantly connected and use a fixed Internet address, a sort of code that computers on the Net use to identify each other. Others aren't constantly connected and don't have a fixed address. Periodically, they dial up an Internet service provider (ISP) to link to the Net, and each time the ISP gives them a different, temporary Internet address.2,Personal computers Computer security Hackersj]nu-kp(>_XS (*s;;}<Z%5~^2:bTT`!|jXTEYddd(c3eii*.oosyllvvZ5=~<E\w2:Y-fDDt) #!WWM[.k%f uSc678};@v%CEb8Fnp"jehD~Rs3p;5 -/p.1 Lohr, Steve 199782Go Ahead, Be Paranoid : Hackers Are Out to Get YouNew York Times Online New York`Yhttp://search.nytimes.com/search/daily/bin/fastweb?getdoc+site+site+16517+23+wAAA+hackers March 17, 199700n a chilly, windowless room in a New York suburb, four men are tapping furiously at their laptop computers. Their mission: to crack into the computer system of a major U.S. corporation. Things seem to be going well, for them. "All right, we're through the firewall," announced one bearded hacker. A few moments later, a second practitioner of high-tech mischief pronounced himself pleased by what he saw inside -- a digital picture of vulnerability rendered by the lines of computer code dancing across his screen. "Looks like we can toast it," he said. Charles Palmer, a slender, bearded 40-year-old computer scientist, looked on with pride at the members of his team. Skilled hackers, Palmer noted, are scarce these days, at least ones that he will hire. "It's hard to find good people in this field who do not have criminal records," he explained. Palmer and his team work for IBM, and their brand of computer hacking is legal. Companies pay the IBM squad to attack their computer systems to test how well they can stand up to the increasing assaults by real hackers. The growing ranks of cyber intruders are engaged in everything from snooping around to "parking" pornography and pirated software on unsuspecting corporate machines to computer-assisted fraud and theft. White-hat hackers, like those at IBM, are only one kind of computer-security professional whose skills are much in demand today. Once an arcane specialty, computer security has moved into the mainstream. As companies rush onto the Internet, they benefit from improved communication with customers, suppliers and far-flung employees, but they also take on far greater risk that their corporate computer systems will be breached by outsiders with malicious intent. The dangers of a networked world have created boom times for computer-security consultants, auditors, cryptographers and others. Now they must contend with pushy headhunters as well as hackers. Five years ago, six-figure salaries were rare in the security field. Today it is not uncommon for skilled computer-security veterans to be making $200,000 a year or more. Recognizing a seller's market for computer-security expertise, Wietse Venema has come to the United States, and he's selling. A computer scientist from the University of Eindhoven in the Netherlands, Venema is the co-author of Satan, a sophisticated software program intended to find security flaws in any computer system linked to the Internet. The 45-year-old Dutch researcher is considering offers from IBM and other leading American computer companies. "Many people are interested in my capabilities now," he observed cheerfully. Experts like Venema are suddenly stars because corporations are spending more on computer security. This year, companies worldwide are expected to spend $6.3 billion on security for their computer networks, estimates Dataquest, a market-research firm. Within three years the security price tag is projected to more than double to nearly $12.9 billion -- a figure that is only for services supplied by outside contractors, so it excludes spending on in-house staff, security software or hardware products. The industry in the United States, the world leader in computer security, is composed of hundreds of companies. They run the gamut from large companies with worldwide computer consulting practices, like IBM, Science Applications International Corp. and Perot Systems, and Big Six accounting firms, like Coopers & Lybrand, Ernst & Young and Deloitte & Touche, down to one-man independent consultants, like Seiden. Fueling the surge in computer-security spending is fear. The corporate concerns are heightened with every report of hackers defacing well-known World Wide Web sites, like the recent attacks on the sites of the CIA and the Department of Justice. The FBI says few intrusions into corporate computer systems -- 15 percent at most -- are reported to law-enforcement agencies. But the handful that are reported, like the 1994 case of Russian hackers who tapped into Citibank and made $10 million in illegal fund transfers (all but $400,000 was recovered), tend to cause alarm. "The business is not so much network security as it is network insecurity," noted Alice Murphy, an analyst at Dataquest. "There's so much anxiety out there now." Just how great the threat is to corporate computer systems is a matter of debate. The Internet, observes Peter Neumann, a computer scientist at SRI International, a research group in Menlo Park, Calif., was never really designed to be secure. Once the bailiwick of a small community of researchers, it is starting to be used as a freeway of commerce. "The infrastructure is vulnerable," Neumann said. "From that larger perspective the risks are enormous." Dan Farmer, the co-author of Satan with the Dutch researcher Venema, did a survey of 1,700 corporate and government Web sites late last year and found that more than 60 percent of them had "serious potential security vulnerabilities." Farmer, a programmer at Sun Microsystems Inc., did not break into the computer systems, but he said they were open to attack and often could be severely damaged. (His survey results are posted on the Web.) Yet there is a significant difference, some analysts say, between potential vulnerability and the actual business risk to corporate computer systems. "There is risk, but the threat tends to be vastly overstated," said George Colony, president of Forrester Research Inc., a consulting firm in Cambridge, Mass. Forrester estimates that losses from fraud in Internet commerce are likely to be roughly $1 for every $1,000 of business. To put the matter into perspective, the fraud losses in cellular phone service are $20 for every $1,000, according to Forrester, while the losses on credit-card transactions are nearly $2 for every $1,000 of goods charged. Still, even skeptics, like Forrester's Colony, agree that computer security requires continuous attention. "It is a manageable risk, and it should not deter companies from jumping into Internet commerce," Colony said. "But I also tell our clients that they should think of computer security as a guerrilla war that will last forever." The FBI is treating the battle against computer crime as a long-running campaign. All new agents are now trained in cyberspace investigations as part of the curriculum at the FBI Academy in Quantico, Va. And last year the bureau established three computer-crime squads in San Francisco, New York and Washington, to pursue cybercrime more aggressively. "We're really on the cusp of this becoming a major problem," said James Kallstrom, head of the FBI office in New York. "As more and more of the economy goes digital, there are huge incentives for criminal attacks on American corporations." Computer crime, of course, comes in many forms. An employee with a grudge and access to a company's computer network may well be far more dangerous, and costly, than even the most artful hacker. A survey released two weeks ago by the Computer Security Institute, and conducted on behalf of the FBI's computer-crime unit, estimated computer security losses last year at $100 million -- a total only among some 250 companies and organizations that would place dollar figures on their losses from fraud, theft of trade secrets and other breaches. The criminal hackers have long been engaged in a kind of cat-and-mouse game with law-enforcement agencies and private computer-security experts. And that game is increasingly being played at a higher level, with greater skill and new tools. The cell-phone hackers of the past, who electronically jimmied phones for the thrill and free phone service, have graduated to Web-site hacking. Today there are an estimated 440 hacker bulletin boards, 1,900 Web sites purveying hacking tips and tools, and 30 hacker publications like "Phrack" and "2600: The Hacker Quarterly." There are readily available software programs for hacking tactics like "war dialing," "sniffing" and "fingering" -- all used to exploit security weaknesses in computer systems. "As the stakes become higher, the technical sophistication of the people doing this kind of illegal activity is increasing," said Edward Hart, a senior vice president of Science Applications International. Today there is a brisk illicit market in hacking, according to security experts, with the street price for breaking into a corporate Web site typically in the $8,000-to-$10,000 range. Bonus payments are usually demanded for trade secrets pilfered or damage inflicted on a competitor's computer system. Limiting the risk, and damage, to corporate computer systems is the goal of Palmer and the other security specialists at IBM. The test hacking done by his team is mainly a fact-finding tool, and only one of many. The authorized break-ins by these groups, called "tiger teams," are often more valuable as a marketing tactic than as a research tool. Thick and exhaustive studies of a company's computer security can be met with yawning indifference by top executives, but a break-in gets their attention. Mundane rules, not high-tech wizardry, are crucial to reducing security risks. A robust firewall to filter what electronic traffic gets into a company's computer system is helpful, but it can be a Maginot Line approach to security -- the real weaknesses are elsewhere. To work from home, employees may have dial-up modems at their desks, unprotected by firewalls or even passwords. Employees, security experts warn, must be told to give their passwords to no one; one scam is for hackers to call new employees, pretending to be members of the corporate technology staff doing a check of passwords. Another frequent weakness is simple physical security, watching who goes in or out of the building. These are hectic times for security consultants like IBM's Nick Simicich, a 44-year-old self-taught programmer. He works from his home in Boca Raton, Fla., equipped with powerful computers running Linux, a shareware program that is the operating system of choice for hackers. Mostly, though, Simicich is on the road -- 85 percent of the time, he estimates -- logging perhaps 150,000 air miles a year. Continental, the airline he flies most regularly, invited Simicich to a company parade last year. He proudly calls himself a "paid professional paranoid." His goal, he says, is not to make corporate computer systems immune to hackers. "That's impossible," he explained. "Our real goal is to raise the bar. First, we do want to make it harder for them to break in, so the average hacker moves to an easier target. Second, when they do get in, we want to ensure that the damage is limited."XW$Denial of service: An example Needham, RF?QC100 .U57 no. 800-2 QA76.9.A25 602/.18 s 005.8/2 C 13.10:800-2ePublic-key cryptography5 Gaithersburg, MD LEU.S. Dept. of Commerce National Institute of Standards and Technology  1991ix, 162 :3NIST special publication ; 800-2. Computer security & Computer security. Cryptography.NGNechvatal, James National Institute of Standards and Technology (U.S.),b(!Tiwana Endnote library-added 7/99C$Denial of service: An example Needham, Roger M.0 Communications of the ACM5 1994 42-46i3711A particular instance of a denial of service problem is considered and engineering considerations relevant to an appropriate defense are examined. A major aspect is the complexity and danger that result from unthinking use of what seem to be simple cost-saving measures. In the context of an alarm system, there are 3 mechanical components to deal with, namely a client, a network and a server. There are also 2 nonmechanical parts to the system - the customer and the contractor. The attack against the customer may consist of disabling or destroying the client, just as it may consist of interfering with the network or with the server. There are ready defenses against some attacks, and it is necessary to consider their scope, their limits, and most particularly, their objectives. In all security matters there are 2 objectives - to make violations difficult and to make them known to authority when they happen. In the case of denial of service, the balance between the 2 objectives swings quite far toward the latter.leComputer security Services Problems Prevention (5140) Security management; (5240) Software & systems;$Denial of service: An example Needham, Roger M.0 Communications of the ACM5 1994 42-46i3711A particular instance of a denial of service problem is considered and engineering considerations relevant to an appropriate defense are examined. A major aspect is the complexity and danger that result from unthinking use of what seem to be simple cost-saving measures. In the context of an alarm system, there are 3 mechanical components to deal with, namely a client, a network and a server. There are also 2 nonmechanical parts to the system - the customer and the contractor. The attack against the customer may consist of disabling or destroying the client, just as it may consist of interfering with the network or with the server. There are ready defenses against some attacks, and it is necessary to consider their scope, their limits, and most particularly, their objectives. In all security matters there are 2 objectives - to make violations difficult and to make them known to authority when they happen. In the case of denial of service, the balance between the 2 objectives swings quite far toward the latter.leComputer security Services Problems Prevention (5140) Security management; (5240) Software & systems;"New denial of service attackNeeley, DeQuendretSecurity Managementu 200028443.Distributed denial of service (DDOS) attacks allow a single attacker to use several computers to attack a target. As with all denial of service attacks, the objective of a DDOS is to overload a server with so many requests that it goes down. When a group of attackers band together to launch a DDOS attack, the results can be devastating. The software products used to execute these types of attacks are Tribe FloodNet 2K and Trinoo. Both spoof IP addresses to make it difficult to detect the origin of the attack.|uComputer security Hackers Trends (9190) United States; (5220) Data processing management; (5140) Security management;(YLXLA brick through a window John C Dvorak PC Magazine Apr 4 200099197XQDvorak discusses "white hat" hackers who devise and supply hacking tools free to anyone. These hackers believe they are doing every one a favor by demonstrating how weak some computer systems are. Dvorak considers this as analogous to a brick through a window: it is simple vandalism. It is these people who are actually ruining the Web.B;Hackers Computer crime Computer security Vandalism Internet60The newest technology tools: (Un)Limited access?6/Julia E Earp Laura R Ingraham J Gregory JenkinseThe CPA Journal JanO 2000 58-59i701hTNWhile the benefits of engaging in e-commerce may be significant, the risks are also substantial. Technological innovations will pose additional security concerns and, ultimately, decide the future of e-commerce. A discussion is presented of some technological innovations, potential security problems, and suggested security measures.D=Electronic commerce Computer security Semiconductors Software60The newest technology tools: (Un)Limited access?6/Julia E Earp Laura R Ingraham J Gregory JenkinseThe CPA Journal JanO 2000 58-59i701hTNWhile the benefits of engaging in e-commerce may be significant, the risks are also substantial. Technological innovations will pose additional security concerns and, ultimately, decide the future of e-commerce. A discussion is presented of some technological innovations, potential security problems, and suggested security measures.D=Electronic commerce Computer security Semiconductors Software60Protecting data is a demanding but secure careerEileen Ecklund InfoWorld Sep 7 1998922036The reality of information security work is much more mundane than the media hype. As companies have become more aware of the dangers of computer-related crime, the demand for information security staff has grown rapidly. Despite the field's rapid growth, most people who do information security work do it only part-time. To be very good, information security professionals need to know both the theory and practice of operating systems, databases, and networking.@9Computer security Professionals Careers Trends Employment60Protecting data is a demanding but secure careerEileen Ecklund InfoWorld Sep 7 1998922036The reality of information security work is much more mundane than the media hype. As companies have become more aware of the dangers of computer-related crime, the demand for information security staff has grown rapidly. Despite the field's rapid growth, most people who do information security work do it only part-time. To be very good, information security professionals need to know both the theory and practice of operating systems, databases, and networking.@9Computer security Professionals Careers Trends EmploymentEnabling Ebusiness Ted Ritter$Business Communications Review Decn 1999 26-30t2912A potential evolution path for enterprise network infrastructure is examined. The transition from hard application and services boundaries to one continuous architecture called an ebusiness infrastructure (EBI) is outlined. A new concept for the core of the EBI is introduced, where organizations can handle business to business and intra-business functions in an open, yet fully secure environment: a Free Trade Zone. The EBI supports a blurring of the traditional boundaries between the functions of business to business and intra-business. This change itself requires a shift in mind-set and operations that adds yet another layer of complexity to the migration process. Enterprises that make the transition can leverage the core of the EBI: the free trade zone.JCElectronic commerce World Wide Web Infrastructure Computer security +F U CORPORATIONSCORPORATIONS -- GrowthCost reductionCostsCPAsCPAs | Technological change | Information technology | Effects | (9190) United States | (4110) Accountants | (5250) Telecommunications systems | US | American Institute of Certified Public Accountants CredibilityCredit card fraud Credit cards Credit unionsCrimeCrime preventionCriminal investigations Criminal lawCriminal liabilityCRISIS management Criteria CryptographyCryptography Congresses.(%Cryptography Handbooks, manuals, etc.Cryptography | Computer security | Electronic commerce | Studies | Accountability | Protocol | Internet | (9130) Experimental/theoretical treatment | (5250) Telecommunications systems | (5140) Security management Cryptography. Curricula Custom design Customer information filesCustomer relationsCustomer servicesData Data basesData collectionData encryption("Data encryption (Computer science)4.Data encryption (Computer science) Congresses.HEData encryption (Computer science) Law and legislation United States.40Data encryption (Computer science) United States41Data encryption (Computer science) United States.d^Data encryption | Computer security | Computer programming | Problems | (9190) United States |Data encryption | Exports | Federal regulation | Regulatory reform | Market entry | Product introduction | (5240) Software & systems | (5140) Security management | (1300) International trade & foreign investment | (4310) Regulation | (9190) United StateData encryption | Smart cards | Computer security | Product introduction | Manycompanies | (9190) United States | (5140) Security management | (5240) Software & systems | USData integrityData integrity | Computer security | Work stations | Computer networks | (5240) Software & systems | (5140) Security management Data processing managementLGData processing management | ( 9130) Experimental/theoretical treatmentDATA protection Data protection Congresses.Data protection.$ Data recovery (Computer science)("Data structures (Computer science)83Data transmission systems Government policy Brazil.<7Data transmission systems Security measures Congresses.0,Data transmission systems Security measures.Data warehouses$!Database management United States($Databases Moral and ethical aspects. DebuggingDecision making Defense$Defense contracts United StatesDenial of service attacksDesign engineeringDetection alarmsHCdevelopment | Manycompanies | Electronic data interchange | ( 5250) Diffusion, ITDigital certificatesDigital electronicsDigital subscriber lineDigital transmissiondisaster preparednessDisaster recovery DisclosureDisk operating systemsDistance learningDistributed processingDistributed processing | Auctions | Bidders | Cryptography | Computer security | Electronic commerce | (5240) Software & systems | (5140) Security managementDittrich, Dave("domain theory of moral development Donations DowntimeEconomic conditions Editorial cartoons -- Hackers Editorials Education EffectsElectronic bankingElectronic banking | Computer security | Internet | Bank services | Trends | Home banking | Systems design | Federal regulation | Electronic commerce | (8100) Financial services industry | (5240) Software & systems | (9190) United States | (4310) Regulan4P4Westland, Chris 1996<5A Rational Choice Model of Computer and Network Crimet2,International Journal of Electronic Commerce1s 2, Winterf109-126.f`access security, computer crime, information system controls, Internet security, law enforcement|Computer and network security are too often couched in terms of passwords and encryption, the computer equivalent of "lock and key" safekeeping for physical assets. Even though the sophistication of password-encryption schemes has improved dramatically, with new standards for secure Internet transfer of digital cash and card numbers, passwords still provide incomplete and flawed protection. Following the lead of law enforcement in traditional crimes, which has moved beyond "locks" to address the entire life cycle of crime, this research assesses how computer security can take what has been learned about effective crime prevention to move beyond passwords. It proposes a "rational choice" model of computer and network crime that identifies new points to be targeted for control. This broader perspective is used to define an expanded control agenda to fight computer and network crimeSecurity across bordersy Rusty WestonInformationweek) Aug 31 1998 117According to results of the InformationWeek/PricewaterhouseCoopers 1998 Global Information Security Survey, although security is no longer strictly an afterthought in IT shops, there is little evidence that it is developing into a highly significant business concern. Despite an apparent worldwide concern, about 1/3 of the respondents said they actually measure the effectiveness of their information security policy. Analysts who have compared the security practices of European and US organizations say that, in general, European companies are more likely to solve information security problems by creating a new policy rather than by deploying packaged solutions. Americans prefer to leverage technology investments.LEInformation technology Polls & surveys Network security Policy makingSecurity across bordersy Rusty WestonInformationweek) Aug 31 1998 117According to results of the InformationWeek/PricewaterhouseCoopers 1998 Global Information Security Survey, although security is no longer strictly an afterthought in IT shops, there is little evidence that it is developing into a highly significant business concern. Despite an apparent worldwide concern, about 1/3 of the respondents said they actually measure the effectiveness of their information security policy. Analysts who have compared the security practices of European and US organizations say that, in general, European companies are more likely to solve information security problems by creating a new policy rather than by deploying packaged solutions. Americans prefer to leverage technology investments.LEInformation technology Polls & surveys Network security Policy making&AT&T rounds out E-commerce linedWexler, Joanie Network World1134223 1996~xTo boost the use of electronic commerce, AT&T is now offering insurance against Web server downtime, lost orders and credit card fraud over the Internet, as well as promotional incentives to Web surfers and back-end transaction processing services. AT&T's new SecureBay offering adds transaction processing capabilities to the company's Easy World-Wide Web hosting services. In addition, AT&T has integrated Open Market Inc.'s OMTransact software into its server farm. The software forges links to financial networks, which will authorize a credit card and approve a user's credit line based on encrypted information sent from AT&T.D>Electronic commerce | Product lines | Service introduction | Computer security | Guarantees | Internet service providers | (9190) United States | (8302) Software & computer services industry | (5250) Telecommunications systems | (5140) Security management | (9120) Product specific treatment | US | AT&T Corp TICKER: T&AT&T rounds out E-commerce linedWexler, Joanie Network World1134223 1996~xTo boost the use of electronic commerce, AT&T is now offering insurance against Web server downtime, lost orders and credit card fraud over the Internet, as well as promotional incentives to Web surfers and back-end transaction processing services. AT&T's new SecureBay offering adds transaction processing capabilities to the company's Easy World-Wide Web hosting services. In addition, AT&T has integrated Open Market Inc.'s OMTransact software into its server farm. The software forges links to financial networks, which will authorize a credit card and approve a user's credit line based on encrypted information sent from AT&T.D>Electronic commerce | Product lines | Service introduction | Computer security | Guarantees | Internet service providers | (9190) United States | (8302) Software & computer services industry | (5250) Telecommunications systems | (5140) Security management | (9120) Product specific treatment | US | AT&T Corp TICKER: T(!0849371791 (hardcover alk. paper) Qa76.9.a25 w45 1996 005.8t*$Computer system and network security  Boca Raton  CRC Pressc 1996 296r,%CRC Press computer engineering seriesI>7Computer security. Computer networks Security measures.c4.White, Gregory B. Fisch, Eric A. Pooch, Udo W.(!Tiwana Endnote library-added 7/99pBVVp(p(Z.   Z66   Straub, D.W. 1986tmDeterring Computer Abuse: The Effectiveness of Deterrent Countermeasures in the Computer Security Environment"Graduate School of Business Indiana UniversityDoctoral Dissertation,Detmar W. Straub  1986 N1Instrument Validation in the MIS Research Process1  .Francois Bergeronr nRProceedings of the Administrative Sciences Association of Canada (ASAC) Conference  *Whistler, B.C. & 7, Part 4o $103-118B fJThis paper won the "Best Doctoral Student Paper" Award for the Conference. ,Detmar W. Straub  1987 pTControlling Computer Abuse: An Empirical Study of Effective Security Countermeasures jMProceedings of the 8th International Conference on Information Systems (ICIS)4  *Pittsburgh, PA $277-289; $December ,Detmar W. Straub  1988 X"Detmar W. Straub William D. Nance  1988 hLUncovering and Disciplining Computer Abuse: Managerial Responses and Options ,Information Age 10 $3 (July) $151-156 ,Detmar W. Straub  1989 B&Validating Instruments in MIS Research * MIS Quarterlyn 13 $2 (June) $146-169 .Straub, Detmar W.f  1990 F)Effective IS Security: An Empirical Studya 8Information Systems Research 1 3 $255-276 @#Straub, Detmar W. William D. Nance  1990 hKDiscovering and Disciplining Computer Abuse in Organizations: A Field Study * MIS Quarterly 14 & 1 (March) "45-62 ,&Straub, Detmar W. Collins, Rosann Webb 1990|uKey Information Liabilities Facing Managers: Software Piracy, Proprietary Databases, And Individual Rights to Privacy MIS QuarterlyJ142(June) 143-158nQDetmar W. Straub George DElia Joseph Branin Carl Adams Cynthia Beath Nancy Rohdel  1991 J.A Model Academic Integrated Information Center R6Journal of the American Society of Information Science 42 & 2 (March)  $143-146l lOin section entitled "Perspectives on an Academic Integrated Information Center"p >8Straub, Detmar W. Patricia J. Carlson Elizabeth H. Jones 1992ZTDeterring Highly Motivated Computer Abusers: A Field Experiment in Computer Security $Guy G. Gable William J. Caelli818th International Information Security Conference  Singapore335-350 Mayr>8Straub, Detmar W. Patricia J. Carlson Elizabeth H. Jones 1992ZTDeterring Highly Motivated Computer Abusers: A Field Experiment in Computer Security $Guy G. Gable William J. Caelli:4 IT Security: The Need for International Cooperation  Amsterdam  North-Holland309-324 <6SBCROriginator: Detmar Straub Date Added: 12/9/98>8Straub, Detmar W. Patricia J. Carlson Elizabeth H. Jones 1992ZTDeterring Highly Motivated Computer Abusers: A Field Experiment in Computer Security $Guy G. Gable William J. Caelli818th International Information Security Conference  Singapore335-350 Mayr>8Straub, Detmar W. Patricia J. Carlson Elizabeth H. Jones 1992ZTDeterring Highly Motivated Computer Abusers: A Field Experiment in Computer Security $Guy G. Gable William J. Caelli:4 IT Security: The Need for International Cooperation  Amsterdam  North-Holland309-324 <6SBCROriginator: Detmar Straub Date Added: 12/9/98>7Detmar W. Straub Patricia J. Carlson Elizabeth H. Joness 1993XRDeterring Cheating by Student Programmers: A Field Experiment in Computer Security$Journal of Management Systems 5y1 33-48>7Detmar W. Straub Patricia J. Carlson Elizabeth H. Joness 1993XRDeterring Cheating by Student Programmers: A Field Experiment in Computer Security$Journal of Management Systems 5y1 33-48,Detmar W. Straub  1994 hKThe Effect of Culture on IT Diffusion: E-Mail and FAX in Japan and the U.S.s : Information Systems Research 5 & 1 (March) "23-47 J-Detmar W. Straub Moez Limayem Elena Karahannao  1995 V:Measuring System Usage: Implications for IS Theory Testing .Management Science ("Straub, Detmar W. Richard J. Welke 1996@9Coping with Systems Risk: An Agenda for Managerial Action Benoit Aubert Wynne ChinF?ASAC (Administrative Sciences Association of Canada) Conference Montreal 17, No. 4138-146May 25-28, 1996<5SCROriginator: Detmar Straub Date Added: 12/9/98m("Straub, Detmar W. Richard J. Welke 1998XQCoping with Systems Risk: Security Planning Models for Management Decision-Making MIS Quarterly22 4 (December)441-469r:4SROriginator: Detmar Straub Date Added: 12/9/98.(Could e-cash threaten payment integrity?William Streeter81American Bankers Association. ABA Banking Journal Nov 1997 58-688911In an interview, John LaWare, Shawmut Bank CEO, and Thomas Hoenig, president of the Federal Reserve Bank of Kansas City, discussed the potential risks involved with electronic payments. Concerns center around 3 issues: consumer protection and privacy, the integrity of the payment system, and the potential for crime (money laundering in particular). According to John LaWare, if cybermoney is going to be a major part of the payment system, then it may be necessary to examine what standards need to be imposed. Thomas Hoeing feels that if you have a payments system based upon liquid assets, like the mutual fund industry, then you might not have the same concerns about systemic risk that you have in a system where loans are generated from deposits.:4Electronic commerce Computer security Retail bankingNC 13.10:800-10PJKeeping your site comfortably secure an introduction to Internet firewalls &Gaithersburg, MD Washington, DCD U.S. Dept. of Commerce Technology Administration National Institute of Standards and Technology ; For sale by the Supt. of Docs. U.S. G.P.O. 1994xii, 70p:4NIST special publication ; 800-10. Computer securityZSComputer networks Security measures. Computer security. Internet (Computer network)t\VWack, John P. Carnahan, Lisa J. National Institute of Standards and Technology (U.S.),(!Tiwana Endnote library-added 7/99, Wagner, Mitch 1996*#Online Sales Pose Security Concerns Computerworld v30n41 Oct 7l28 Electronic commerce | Web sites | Computer security | Systems design | (9190) United States | (9000) Short article | (5250) Telecommunications systems | (5140) Security management | (5220) Data processing management | US f_NOTES: 1 page(s) | English | ISSN: 0010-4841 | Word Count: 00266 -------------------------------------------------------------------------------- ABSTRACT: Electronic-payment mechanisms, where they exist, are almost universally by credit card and are encrypted using the Internet's Secure Sockets Layer standard. In most cases, a firewall stands between a Web site and a company's internal system. To prevent hackers from breaking into a system and reconfiguring it, configuration can not be done remotely over the Internet. -------------------------------------------------------------------------------- Wagner, Mitch 19960*Lines blur between internal, external nets Computerworldo v30n38 Sep 166t Internet | Intranets | Electronic commerce | Computer security | Trends | (9190) United States | (5250) Telecommunications systems | (5220) Data processing management | (5140) Security management | US2NOTES: 1 page(s) | English | ISSN: 0010-4841 | Word Count: 00350 -------------------------------------------------------------------------------- ABSTRACT: The intranet and Internet are dead as they are presently known: 2 separate entities - one inside the corporation and one out in the public world - separated by an impenetrable firewall. Companies that do business on the Internet are finding they must build strong links between information located inside the firewall and the outside world. The trick is to put enough information on the Internet to satisfy business partners and customers without revealing proprietary information to competitors.t Wagner, Mitch 1996*#Online Sales Pose Security Concerns Computerworld v30n41 Oct 7l28 Electronic commerce | Web sites | Computer security | Systems design | (9190) United States | (9000) Short article | (5250) Telecommunications systems | (5140) Security management | (5220) Data processing management | US f_NOTES: 1 page(s) | English | ISSN: 0010-4841 | Word Count: 00266 -------------------------------------------------------------------------------- ABSTRACT: Electronic-payment mechanisms, where they exist, are almost universally by credit card and are encrypted using the Internet's Secure Sockets Layer standard. In most cases, a firewall stands between a Web site and a company's internal system. To prevent hackers from breaking into a system and reconfiguring it, configuration can not be done remotely over the Internet. --------------------------------------------------------------------------------ZZZcomputing RequirementsResponsibilitiesRetail bankingRight of privacyd`Risk assessment | Computer security | Theory | ForecastY 4.Sci 2:101/18F?Implementation of the Computer Security Act : hearing before the Subcommittee on Transportation, Aviation, and Materials and the Subcommittee on Science, Research, and Technology of the Committee on Science, Space, and Technology, U.S. House of Representatives, One Hundred First Congress, first session, March 21, 1989  Washington ZSU.S. G.P.O. : For sale by the Supt. of Docs. Congressional Sales Office U.S. G.P.O. 1989iii, 148Computers Law and legislation United States Computers United States Access control. Electronic data processing departments Security measures.United States. Congress. House. Committee on Science, Space, and Technology. Subcommittee on Transportation, Aviation, and Materials., United States. Congress. House. Committee on Science, Space, and Technology. Subcommittee on Science, Research, and Technology.,(!Tiwana Endnote library-added 7/99Y 4.Sci 2:100/146.United States. Congress. House. Committee on Science, Space, and Technology. Subcommittee on Transportation, Aviation, and Materials.,Implementation of the Computer Security Act : hearing before the Subcommittee on Transportation, Aviation, and Materials of the Committee on Science, Space, and Technology, House of Representatives, One Hundredth Congress, second session, September 22, 1988o  Washington ZSU.S. G.P.O. : For sale by the Supt. of Docs. Congressional Sales Office U.S. G.P.O.  1989iii, 112Computers Law and legislation United States Computers United States Access control. Electronic data processing departments Security measures.(!Tiwana Endnote library-added 7/99SY 4.Sci 2:101/137United States. Congress. House. Committee on Science, Space, and Technology. Subcommittee on Transportation, Aviation, and Materials., Implementation of the Computer Security Act (Public Law 100-235) : hearing before the Subcommittee on Transportation, Aviation, and Materials of the Committee on Science, Space, and Technology, U.S. House of Representatives, One Hundred First Congress, second session, July 10, 1990  Washington ZSU.S. G.P.O. : For sale by the Supt. of Docs. Congressional Sales Office U.S. G.P.O.e 1990iii, 176Computers Law and legislation United States Computers United States Access control. Administrative agencies United States Data processing Security measures. Electronic data processing departments United States Security measures.(!Tiwana Endnote library-added 7/99tY 4.Sci 2:101/137United States. Congress. House. Committee on Science, Space, and Technology. Subcommittee on Transportation, Aviation, and Materials., Implementation of the Computer Security Act (Public Law 100-235) : hearing before the Subcommittee on Transportation, Aviation, and Materials of the Committee on Science, Space, and Technology, U.S. House of Representatives, One Hundred First Congress, second session, July 10, 1990  Washington ZSU.S. G.P.O. : For sale by the Supt. of Docs. Congressional Sales Office U.S. G.P.O.e 1990iii, 176Computers Law and legislation United States Computers United States Access control. Administrative agencies United States Data processing Security measures. Electronic data processing departments United States Security measures.(!Tiwana Endnote library-added 7/99t@@<<<<vv%ZZ%%%%CC555555-=R~~~~<^^IIOEE**\C$'RR wwww>>>>>222::bbbTTT88YY---VVfqqDDDDDFFtttt``````HHHHHGG))) JJJIIIMMMM   NNNaaazzzz^^##OOOhh{!!!!WW L? Thomas Weber 1997 The EnforcerThe Wall Street Journal  New York, NY R24,27 December 8?2?,The Enforcer Michael Geraghty's Job Is to Make Sure the Net Is a Safe Place -- for Children, for Businesses, for Consumers By THOMAS E. WEBER TRENTON, N.J. -- State Police Detective Michael T. Geraghty carries a badge, a gun and another piece of hardware he considers indispensable: a sleek, black notebook computer that can dial in to the Internet. "That's my workhorse," says Detective Geraghty, head of the State Police's High Technology Crime and Investigations Support Unit. "It goes with me everywhere. It's my most productive tool." Like any other rapidly growing community, the Internet is experiencing a steady rise in crime, from child pornography and industrial espionage to credit-card fraud and out-and-out vandalism. For law-enforcement officials, that means the Internet plays an increasingly important role not only in the crimes they encounter, but also in the techniques they use to investigate them. And as Internet policing evolves, expect experienced computer users like Detective Geraghty to lead the way. Out in Front "This is the new neighborhood that's showing up in your town," the 36-year-old detective says. "I expect this unit in five years to quadruple in size. Easily." In a way, this was Detective Geraghty's calling. Though the 11-year veteran of the force says he "never wanted to be a cop" and took the State Police qualifying exam only "on a whim," he has always been interested in science and technology. After graduating from Baylor University, Mr. Geraghty, a Jersey City native, had returned home to teach physics and chemistry at a parochial school. His early work for the State Police put him behind the wheel of a cruiser, chasing toll-evaders, speeders and broken taillights along the Garden State Parkway. A Byte Out of Crime? When the San Francisco-based Computer Security Institute surveyed 563 corporations, government agencies and universities earlier this year in cooperation with the Federal Bureau of Investigation, it found the Internet playing a growing role in computer crime. Among the findings: The number of organizations that cited their Internet connection as a frequent point of attack rose to 47% from 37% a year earlier. Those that experienced some form of intrusion into a computer system rose to 49% from 42%. About 75% of organizations surveyed reported that they suffered some financial loss due to computer crime. The number of respondents who had been attacked and then reported the attack to law-enforcement authorities was 17%. The most frequently cited reason for not reporting intrusions: fear of negative publicity. Source: Computer Security Institute When it came to technology, however, Mr. Geraghty was always out in front. "When I was teaching, I found out there were a lot of parents who couldn't help their kids with their homework," says the father of three. "I saw computers on the horizon and thought, 'I don't want to be one of those parents who can't help their kids with this.'" His first computer was an IBM clone with an 8088 microprocessor and a 10-megabyte hard drive -- a dinosaur today, but state-of-the-art for that time. Before long, he was learning the intricacies of the DOS computer program, the operating software at the heart of most PCs. Saving on Wite-Out Meanwhile, he was finding ways to use PCs at work. Initially, that meant simple word processing -- typing out routine forms, for instance. "It was a way to avoid those gallons of Wite-Out," he jokes. Soon, other officers were coming to him for help with their computer problems, such as digging out files from PCs recovered during investigations. In 1990, Mr. Geraghty sought and won a spot in the State Police's technical services unit, which maintains its computer systems. More and more, though, he found himself drawn into individual investigations because of his expertise with computers. And as criminals advanced in their computer knowledge, the requests got tougher. One day an officer would want his help recovering a file that a suspect had simply deleted; another day it would turn out that a suspect had actually reformatted the hard drive, making it much harder to recover the data. With so many requests, Mr. Geraghty began pushing for a unit that would specialize in computer crime. At first, he says, "the administration wasn't so keen on it ... .When you have so much street crime out there, it's tough to argue for more computer-crime resources." But computer-related cases kept mounting "and it became a full-time thing," he recalls. Mr. Geraghty himself was drawn into two major child-pornography investigations involving so-called bulletin-board systems. Bulletin boards, which began popping up frequently in child-porn investigations, were in some ways a precursor to the Internet. By using a modem attached to a personal computer, a user could connect by telephone directly to a bulletin board -- essentially another computer, either just down the street or halfway across the world. Once connected, a user could retrieve files from that remote machine, including, in some cases, images of child pornography. One of the pornography investigations involved a Denmark-based system that was under watch by the U.S. Customs Service. Customs agents had traced two of the bulletin board's customers to New Jersey. That's when Mr. Geraghty got involved, eventually turning one of those customers into an informant who provided information about another bulletin board in Mexico. When those computers were recovered, Mr. Geraghty was asked to scour them for all the customer lists and other records. Eventually, 63 customers were arrested. 'This Is Going to Be It' It was around then that the Internet was beginning to attract users outside of universities and research centers and becoming a mainstream commercial medium. Mr. Geraghty signed up for his first Internet account back in 1991 or 1992 after reading "The Cuckoo's Egg." In that nonfiction work, computer expert Clifford Stoll chronicles his virtual pursuit of a hacker over the Net. Mr. Geraghty was smitten. "I read that, and I put the computer together with crime and thought, 'This is going to be it,' " he recalls. And he was right. After years of sending computer-related cases Mr. Geraghty's way, the State Police in early 1996 reorganized a number-crunching group into its official High Technology Crime and Investigations Support Unit -- with Mr. Geraghty as the sole investigator. Since then, he has added two more investigators. And though the unit deals with all sorts of high-tech crime -- everything from on-line scams to the old, dreary work of recovering files from seized disk drives -- Mr. Geraghty finds that the vast majority of cases now involve the Internet. "The Internet now pops up about 80% to 90% of the time," he says. Nearly all of the pornography bulletin boards, for example, have migrated to the Net. And where breaching a computer system once meant linking directly to it, criminals can now trespass via the Internet. That introduces a whole new set of challenges for investigators like Mr. Geraghty. Foremost among them: anonymity. There's no such thing as a direct connection on the Internet, which automatically routes data across ever-changing paths, often traversing a dozen or more computers. Think of it as trying to trace a telephone call that has been purposely switched through many other phone lines. "A lot of our early successes with the bulletin boards -- a lot of those people never would have been caught if they'd had Internet access," Mr. Geraghty says. On the Internet, even if you track down the user you're looking for, chances are he or she is operating under an electronic nickname. Another challenge: Net investigations almost always span multiple jurisdictions. Mr. Geraghty's Rolodex now includes contacts at the Federal Bureau of Investigation, the Customs Service, the Royal Canadian Mounted Police, Scotland Yard and local police departments across the U.S. Solving cases usually means an exhausting job of coordination across all the agencies. "People don't fly from California to knock over a bodega in Washington Heights," Mr. Geraghty says, referring to a New York City neighborhood. "But the equivalent can happen on the Internet." Once an on-line criminal has been caught and arrested, the Net continues to pose obstacles, especially for prosecutors. They have to explain complex Internet jargon to a jury in sufficiently simple and clear terms -- making sense of routers, data packets and Internet addresses. It isn't easy, Mr. Geraghty says. Fortunately, no matter how intricate and technical Internet crimes get, the criminals remain much the same. They still make mistakes, Mr. Geraghty says. And the mechanics of solving a crime still focus on finding a suspect with the means, motive and opportunity to commit it, and then assembling evidence to prove a case. "Eighty percent of this turns out to be traditional investigative techniques," Mr. Geraghty says. "People think anybody who commits crime on a computer is a genius. But a lot of these guys are not geniuses. That's a big myth." Just as a low-tech criminal might leave behind fingerprints or other physical evidence at the scene of a robbery, careless Internet felons typically leave some trace of their activity, Mr. Geraghty says. Most computers hooked up to the Net automatically record extensive logs of how they're used. Those logs can yield valuable clues to those who know how to read them. In one recent case, Mr. Geraghty and his team were called upon to probe a security breach at a networking-services company in New Jersey. Someone was taking the company's computers down and stealing data -- even leaking information on contract bids to one of the company's rivals. The critical turn in the case came when the hacker intercepted an electronic-mail message from the company's president to another executive, then somehow managed to forward a copy to a sales manager at the company. When the sales manager called the executive for clarification, they realized that someone was loose in the company's e-mail system. Ultimately, though, it was old-fashioned police work that pulled the case together. Mr. Geraghty tracked down a suspect who was a former employee of the company, a computer-system administrator who had been fired. It's common for suspects in hacking cases to have some such tie to the victim, the detective says, just as many physical assaults can be traced to an acquaintance. So when Mr. Geraghty receives the initial call to investigate a new crime, he starts much as any detective would. He begins by building a game plan outlining all the potential evidence he's looking for. Next, he visits the scene of the crime. "You interview people. You ask about any ex-employees. It's the standard Q-and-A," he says. Then it's back to the office to examine interview notes, computer logs and any other potentially helpful records. That's when the busy work begins. "You're trying to find a little needle in a haystack," Mr. Geraghty says. "It's hours of work. Then, inevitably, you find that wherever the intrusion came from is not in your jurisdiction," which then means getting in touch with an officer at the appropriate agency or department and following the lead further. Even if the crime can be traced to a specific user's account, that's not necessarily the end of the hunt. Many on-line users make up pseudonyms or appropriate another person's account or identity. So Mr. Geraghty has to track down the account's owner, then try to ascertain whether the crime was perpetrated by that person or by someone else "borrowing" the account. With luck, he can make an arrest -- and turn his attention to helping prosecutors secure a conviction. "A typical day is very tedious," Mr. Geraghty says. Then there's the other part of Mr. Geraghty's job: working to get more resources for his unit. That covers everything from lobbying for more staff to hunting for bargains on computer equipment to meet the unit's needs. The detective realizes that on-line mischief still strikes many people as esoteric -- lending itself more to harmless pranks than serious criminal wrongdoing. Even some cops feel that way, Mr. Geraghty says. But whenever he hears such skepticism, he just tells the other officers about one of his biggest hacking investigations, an inquiry that nabbed an industry spy who was stealing highly valuable data. "I just tell them, 'I caught a guy who stole $130 million' " in trade secrets. " 'How many of you can say that?' "<>Business intelligence.Business networkingBUSINESS planning Business-government relations cable modem Cable modemscad Capital.CAPITALISTS & financiersCaptive insurance | Internet | Electronic commerce | Risk management | Liability | Computer security | Federal regulation | (9190) United States | (3300) Risk management | (5250) Telecommunications systems | (5140) Security management | (4310) Regulatio CWestland, Chris 1996<5A Rational Choice Model of Computer and Network Crimet2,International Journal of Electronic Commerce1s 2, Winterf109-126.f`access security, computer crime, information system controls, Internet security, law enforcement|Computer and network security are too often couched in terms of passwords and encryption, the computer equivalent of "lock and key" safekeeping for physical assets. Even though the sophistication of password-encryption schemes has improved dramatically, with new standards for secure Internet transfer of digital cash and card numbers, passwords still provide incomplete and flawed protection. Following the lead of law enforcement in traditional crimes, which has moved beyond "locks" to address the entire life cycle of crime, this research assesses how computer security can take what has been learned about effective crime prevention to move beyond passwords. It proposes a "rational choice" model of computer and network crime that identifies new points to be targeted for control. This broader perspective is used to define an expanded control agenda to fight computer and network crimeSecurity across bordersy Rusty WestonInformationweek) Aug 31 1998 117According to results of the InformationWeek/PricewaterhouseCoopers 1998 Global Information Security Survey, although security is no longer strictly an afterthought in IT shops, there is little evidence that it is developing into a highly significant business concern. Despite an apparent worldwide concern, about 1/3 of the respondents said they actually measure the effectiveness of their information security policy. Analysts who have compared the security practices of European and US organizations say that, in general, European companies are more likely to solve information security problems by creating a new policy rather than by deploying packaged solutions. Americans prefer to leverage technology investments.LEInformation technology Polls & surveys Network security Policy making &!Insurance industry | Electronic commerce | Computer security | Credit cards | Standards | Technology | Advantages | (9190) United States | (8200) Insurance industry | (7300) Sales & selling | (5250) Telecommunications systems | (8120) Retail banking serInsurance industry | Electronic commerce | Internet | World Wide Web | Web sites | Distribution channels | Computer security | Intranets | Manycompanies | (9190) United States | (8210) Life & health insurance | (7400) Distribution | (5140) Security manaInsurance industry | Internet | Computer security | Trends | Electronic commerce | (9190) United States | (8200) Insurance industry | (5250) Telecommunications systems | (5140) Security management | USInsurance industry | Internet | Editorials | Computer security | (9000) Short article | (9190) United States | (8200) Insurance industry | (5250) Telecommunications systems | (5140) Security management | (5220) Data processing management | USInsurance industry | Internet | Electronic commerce | Computer security | (9000) Short article | (9190) United States | (8200) Insurance industry | (7400) Distribution | (5140) Security management | USInsurance industry | Internet | Electronic commerce | Computer security | (9190) United States | (9000) Short article | (8200) Insurance industry | (7400) Distribution | (5140) Security management | USInsurance industry | Internet | Electronic commerce | Signatures | Software | Computer security | Commercial law | (8200) Insurance industry | (7400) Distribution | (5240) Software & systems | (5140) Security management | (4300) Law | (9190) United StatInsurance industry | Training | Electronic commerce | Risk assessment | Libel & slander | Copyright | Computer security | (9190) United States | (8200) Insurance industry | (6200) Training & development | (5250) Telecommunications systems | (5140) Secur<7Integrated services digital networks Security measures.Intel Pentium IIIIntellectual propertylgIntellectual property | Software | Piracy | Computer security | Control systems | Mathematical models |INTELLIGENCE service83Intelligence service United States History Sources.Intelligence service.Internal auditing("INTERNATIONAL business enterprisesD@International business enterprises Brazil Communication systems.International finance.International trade Internet Internet (Computer network)<9Internet (Computer network) Security measures Congresses.4.Internet (Computer network) Security measures.0+Internet (Computer network) Social aspects. Internet service providersInternet | Access control | Computer security | Systems design | (9190) United States | (5250) Telecommunications systems | (5140) Security management | USInternet | Commercialization | Computer security | Data encryption | Technological planning | (5250) Telecommunications systems | (5140) Security management | (2310) Planning | (9190) United States | USInternet | Commercialization | Computer security | Software packages | (9190) United States | (5250) Telecommunications systems | (5240) Software & systems | (5240) Software & systems | USInternet | Computer security | Data integrity | Commercialization | (9190) United States | (5250) Telecommunications systems | (5140) Security management | USInternet | Computer security | Guidelines | Case studies | Financial institutions | Strategic planning | Electronic commerce | (9172) Canada | (5250) Telecommunications systems | (9110) Company specific/case studies | (8100) Financial services industry Internet | Computer security | Problems | Recommendations | (5250) Telecommunications systems | (5140) Security management | (9190) United States | USHEInternet | Data encryption | Computer security | Protection | ProductCB Jeff 1997>7 Data General Aims Firewalls at Small, Midsize BusinessComputer Reseller News n748 Aug 4t30Internet | Firewalls | Servers | Bundling | Product introduction | (9190) United States | (5230) Hardware | (5240) Software & systems | (5140) Security management | (9120) Product specific treatment | US | Data General Corp | Compaq Computer Corp Bird, Jane 1992$How to Avoid That IT DisasteriManagement Today July82Chief executive officers | Chief information officers | Management training | Organizational behavior | Problem solving | (2500) Organizational behavior | (2120) Chief executive officers | (6200) Training & development | (9175) Western Europe | UKaA recent debate sponsored by Management Today and KPMG centered on the question of perceived culture gap between the chief executive of a business and the head of information technology (IT). According to Nigel Horne of KPMG, chief executives are not interested in IT except for its value to the business; meanwhile, IT directors feel as though they are treated as a "techie" and not involved in the business. IT directors have to meet increased demands for flexible and responsive systems on reduced budgets. One solution is the creation of so-called "hybrid managers," who have skills in technology and business so they can bridge the cultural divide. However, such hybrids in UK industry are not enough; top level management control is crucial. The size of computer mega-projects is often key to the problem. When possible, projects should be broken down into manageable tasks. Another strategy is to avoid customized software and concentrate on off-the-shelf packages. Some organizations have outsourced almost all of their computer operations.1565842766 (pbk.)1"E876 .w48 1995 973.927/09226hbWhite House E-Mail : the top secret computer messages the Reagan/Bush White House tried to destroy New York  New Pressc 1995 254e95016167 //r96 edited by Tom Blanton. 1 computer disk (3 1/2 in.) Accompanying disk housed in reserve department. "A National Security Archive documents reader." Includes bibliographical references (p. 243-244) and index.$United States Politics and government 1981-1989 Sources. United States Politics and government 1989-1993 Sources. Reagan, Ronald. Bush, George, 1924- Electronic mail messages United States. Presidents United States Staff Archives.Blanton, Thomas S.(!Tiwana Endnote library-added 7/99f60Privacy Advocates See Subliminal Side to Web AdsBy Glenn R. SimpsontWall Street Journaln Dec 9i 1999B, 10 4iPrivacy advocates are resurrecting the specter of subliminal advertising to battle against surreptitious corporate tracking of consumers' Websurfing habits and preferences.; In a hypothetical example, if an advertiser discerns from the tracking information that a consumer's favorite color is pink, it could place pink ads on the Web sites to catch the consumer's attention, an online-marketing expert says. That amounts to subliminal messaging, privacy advocates say.; The argument is the latest by privacy advocates searching for ways to prod regulators into greater scrutiny of such online marketing tactics. But the advertising industry says there is nothing subliminal about marketing based on online profiling. While consumers are targeted using information collected secretly, there aren't any secret messages in the appeals themselves. "Every time you make an 800 call or fill out a warranty card, you are becoming part of marketer's database," says Hal Shoup, executive vice president of the Association of American Advertising Agencies.("Computer security Computer privacy60Privacy Advocates See Subliminal Side to Web AdsBy Glenn R. SimpsontWall Street Journaln Dec 9i 1999B, 10 4iPrivacy advocates are resurrecting the specter of subliminal advertising to battle against surreptitious corporate tracking of consumers' Websurfing habits and preferences.; In a hypothetical example, if an advertiser discerns from the tracking information that a consumer's favorite color is pink, it could place pink ads on the Web sites to catch the consumer's attention, an online-marketing expert says. That amounts to subliminal messaging, privacy advocates say.; The argument is the latest by privacy advocates searching for ways to prod regulators into greater scrutiny of such online marketing tactics. But the advertising industry says there is nothing subliminal about marketing based on online profiling. While consumers are targeted using information collected secretly, there aren't any secret messages in the appeals themselves. "Every time you make an 800 call or fill out a warranty card, you are becoming part of marketer's database," says Hal Shoup, executive vice president of the Association of American Advertising Agencies.("Computer security Computer privacy Singhal, A. C. Johnson, P. 1983$How to Halt Student DishonestyCollege Student Journall17 Spring 13-19a<6Progressive or payola? Archipelago pushes the envelope Michael SiskUSBanker FebC 2000 10S  11022mIt has been reported that Goldman bankers are architecting a plan for Archipelago Holdings, of which it is a part owner, that will give equity to brokers or investors who direct order flow to the electronic communications network. The question now is what SEC chairman Ted Levitt thinks. Separately, a newly formed company focusing on Web security, (At)Stake Inc., is comprised largely of a group of computer hackers.\VCommunications networks Equity Strategic planning Financial services Computer security<6Progressive or payola? Archipelago pushes the envelope Michael SiskUSBanker FebC 2000 10S  11022mIt has been reported that Goldman bankers are architecting a plan for Archipelago Holdings, of which it is a part owner, that will give equity to brokers or investors who direct order flow to the electronic communications network. The question now is what SEC chairman Ted Levitt thinks. Separately, a newly formed company focusing on Web security, (At)Stake Inc., is comprised largely of a group of computer hackers.\VCommunications networks Equity Strategic planning Financial services Computer securityex$* * Austin, Tom 1998F?Flawed SSL: Cryptographer reveals top 10 problems with software1 Computerworld 3210 p. A22 March 9, 19982Data encryption | Computer security | Computer programming | Problems | (9190) United States | (9000) Short article | (5240) Software & systems | (5140) Security management | USThere are more than 80 million copies of Secure Sockets Layer (SSL) encryption software on the street today. The top 10 list of SSL problems includes: 1. does not work well with proxies and filters, 2. adds additional computational overhead at server and client, 3. adds extra network roundtrips for handshake, 4. does not work well with existing crypto tokens, and 5. requires a certification authority with appropriate policies. Austin, Tom 1998F?Flawed SSL: Cryptographer reveals top 10 problems with software1 Computerworld 3210 p. A22 March 9, 19982Data encryption | Computer security | Computer programming | Problems | (9190) United States | (9000) Short article | (5240) Software & systems | (5140) Security management | USThere are more than 80 million copies of Secure Sockets Layer (SSL) encryption software on the street today. The top 10 list of SSL problems includes: 1. does not work well with proxies and filters, 2. adds additional computational overhead at server and client, 3. adds extra network roundtrips for handshake, 4. does not work well with existing crypto tokens, and 5. requires a certification authority with appropriate policies.1566091713 (pbk.)k Qa76.9.a25 b33 1995 005.8 Bacard, Andrn$The computer privacy handbookn  Berkeley, CA Peachpit Press 1995xii, 274Computer security. Data encryption (Computer science) Internet (Computer network) Security measures. Computer networks Security measures. Data protection.(!Tiwana Endnote library-added 7/99o(^Computer security Fontana, John 1996*$Security Policy Key to 'Net commerceCommunicationsWeek83Conferences | Electronic commerce | Computer security | Policy making | (9190) United States | (5250) Telecommunications systems | (5140) Security management | USLEAccording to security experts speaking at the NCSA Firewall, Web and Internet Security Conference '96 last week, companies wishing to conduct secure business over the Internet would have to develop policies for confidentiality through cryptography, authentication, data integrity, non-repudiation and authorization. Such policies could act as a map to successful and secure business over the Internet. Two points that should help define the future of secure electronic commerce are the universal standardization of cryptographic techniques and credibility of authenticating agents.g Fontana, John 1996*$Security policy key to 'Net commerceCommunicationsWeek n632 Oct 7n83 Conferences | Electronic commerce | Computer security | Policy making | (9190) United States | (5250) Telecommunications systems | (5140) Security management | US ~NOTES: 1 page(s) | English | ISSN: 0746-8121 ABSTRACT: According to security experts speaking at the NCSA Firewall, Web and Internet Security Conference '96 last week, companies wishing to conduct secure business over the Internet would have to develop policies for confidentiality through cryptography, authentication, data integrity, non-repudiation and authorization. Such policies could act as a map to successful and secure business over the Internet. Two points that should help define the future of secure electronic commerce are the universal standardization of cryptographic techniques and credibility of authenticating agents.Forbes, Daniel 1984ngComputer Criminals Are Outstripping Risk Management Preventive Efforts to Stem Fraud Wave, Says Experts{Risk Managementt 31 (January)1f62HBComputer security, Crime, Fraud, Risk management, Loss, PreventionAt a recent seminar held by the New York Chapter of the Society of Chartered Property and Casualty Underwriters, Roger L. Huss, vice-president of Marsh & McLennan Inc.,stated that computer fraud is outstripping the ability of traditional risk management policies and procedures to cover it. According to Allen Butkow, president of Wood, Butkow Kemp Ltd., computer fraud prevention is the responsibility of executive officers and requires top management involvement. A centralized risk management philosophy should help management decide on: 1. what risks to retain, 2. security measures, 3. data encryption, and 4. other prevention factors. Laurance J. Ochs, an attorney with Compulaw, stated that, although proof of claims ishard to establish, computer fraud claims generally follow bankers' blanket bond precedents. Grant R. Hubbard, senior vice-president at Shand, Morahan & Co., noted that a statement from the insured to the insurer concerning the insured's operations helps the underwriters understand potential computer fraud situations.ter security("domain theory of moral developmentdata encryption.'Fear and loathing on the World Wide WebcGarner, Rochelle<6Computerworld | Electronic Commerce Journal Supplement 28-300 1996(!Companies can safely transmit critical business information over the world's interlocking public networks, provided they take the right approach. The first step is to adopt the proper perspective. Cryptography is essential for authenticating users, protecting confidentiality, and ensuring integrity. From it comes encryption, decryption, digital signatures, and digital identifications. A lack of security standardization is keeping some companies, such as American Family Mutual Insurance Co., from taking advantage of the Internet for electronic commerce. To truly understand how to secure Internet transmissions, it is important to know the technology's vulnerabilities. Today, the full promise of global electronic commerce remains unrealized because there is no universal way to verify identity.Computer security | Electronic commerce | Data encryption | Electronic commerce | World Wide Web | (9190) United States | (5250) Telecommunications systems | (5140) Security management | US +BL9Computer security | Property & casualty insurance | Guidelines | (9175) Western Europe | (5140) Security management | (8220) Property casualty insurance | (9150) Guidelines | UKComputer security | Responsibilities | Information systems | Management | Departments | Guidelines | Computer centers | (5140) Security management | (5220) Data processing management | (9150) Guidelinesd`Computer security | Risk assessment | Guidelines | ( 5240) Software & systems | ( 5140) SecuritypjComputer security | Risk assessment | Reliability | Analysis | Scientific method | Validity | ( 5220) Datad_Computer security | Systems design | Risk assessment | Computer audits | Municipal government |Computer security | Systems development | Government agencies | Stages | Risk assessment | Risk management | Methods | (9175) Western Europe | (5140) Security management | (5220) Data processing management | (9550) Public sector organizations | UKhdComputer security | Systems | Theory | Industrial | Security | ( 5140) Security management | ( 5220)HEComputer security | Technological change | ( 5250) TelecommunicationsComputer security | Technological planning | Insurance industry | Guidelines | Computer networks | Internet | (5220) Data processing management | (5140) Security management | (8200) Insurance industry | (9172) Canada | CanadaHBComputer security, Crime, Fraud, Risk management, Loss, PreventionlhComputer Security, Information Systems Security, Information Systems Design, Information Systems MethodsXRComputer security, Information systems, Polls & surveys, Professionals, Ethics, USComputer security.Computer service industryComputer service industry | Electronic commerce | Service introduction | (8302) Software & computer services industry | (5250) Telecommunications systems | (9120) Product specific treatment | (9190) United States | (9000) Short article | US | Best Inter,'Computer software Development Auditing.$Computer software Development.84Computer software Law and legislation United States.Computer software.Computer upgradingComputer viruses0*Computer viruses United States Prevention. ComputersComputers Access control($Computers Access control Congresses.<8Computers Access control Government policy United States4.Computers Access control Passwords Congresses.,&Computers Access control United States,'Computers Access control United States.Computers Access control. Computers and civilization.0+Computers Law and legislation United StatesComputers SecurityComputers social aspects.,'Computers United States Access control.D?Conference on Security and Cooperation in Europe (Organization) ConferencesConferences | Electronic commerce | Computer security | Policy making | (9190) United States | (5250) Telecommunications systems | (5140) Security management | US Confidence,)Confidential communications United StatesConfidentiality Connectivity ConsultantsConsumer attitudesConsumer behaviorConsumer creditConsumer protectionContingency planning Control Conventions CooperationCopeland, John0,Copyright Broadcasting rights United States.daCopyright | Infringement | Software | Management science | Mathematical models | Data integrity |Corporate objectivesCorporate profilesCorporate profiles | Software industry | Going public | Firewalls | Customer services | (9110) Company specific/case studies | (8302) Software & computer services industry | (2310) Planning | (2400) Public relations | (5240) Software & systems | (9190) VJ8Lederer, Albert L. Sethi, V.  1991 Z=Critical Dimensions of Strategic Information Systems Planningi .Decision Sciences 22 & 1 (Winter) $104-119 RKBetter On-Line Security Has Meant More Passwords, and More Frustrated UsersrJennifer 8. Lee New York Times Aug 5c 19991rIt is understandable that Mr. (Kevin) McGuire would drop a password or two. On a regular basis, he must remember three dozen passwords to gain access to computer networks, software programs, E-mail, voice mail, fax mail, Web sites, ATM's and even the security system for his house.; Forgotten passwords are an inevitable consequence of the digitization of everything from money to mail. Twenty years ago, people had to remember only their Ssocial Security number and maybe a phone number or two. But since the introduction of the automated teller machine, people have accumulated an arsenal of passwords, access codes and personal identification numbers to use everything from answering machines to office bathrooms. A result is lost computer files, inaccessible accounts and a lot of banged-up keyboards.; The exponential growth of Web sites creates an exponential growth in forgotten passwords. Almost all password-protected sites either encourage people who have forgotten their passwords to reregister or provide a mechanism where they can automatically retrieve their password. The New York Times on the Web site estimates that more than 1,000 people forget their password to the site each week, and 10 to 15 percent of its registrants are duplicates.("Passwords Computer security MemoryRKBetter On-Line Security Has Meant More Passwords, and More Frustrated UsersrJennifer 8. Lee New York Times Aug 5c 19991rIt is understandable that Mr. (Kevin) McGuire would drop a password or two. On a regular basis, he must remember three dozen passwords to gain access to computer networks, software programs, E-mail, voice mail, fax mail, Web sites, ATM's and even the security system for his house.; Forgotten passwords are an inevitable consequence of the digitization of everything from money to mail. Twenty years ago, people had to remember only their Ssocial Security number and maybe a phone number or two. But since the introduction of the automated teller machine, people have accumulated an arsenal of passwords, access codes and personal identification numbers to use everything from answering machines to office bathrooms. A result is lost computer files, inaccessible accounts and a lot of banged-up keyboards.; The exponential growth of Web sites creates an exponential growth in forgotten passwords. Almost all password-protected sites either encourage people who have forgotten their passwords to reregister or provide a mechanism where they can automatically retrieve their password. The New York Times on the Web site estimates that more than 1,000 people forget their password to the site each week, and 10 to 15 percent of its registrants are duplicates.("Passwords Computer security Memory 0801960959Hf5548.2 .l393LFUsers' guide to computer crime: its commission, detection & prevention:474010662 [by] Stephen W. Leibholz & Louis D. Wilson. [1st ]  Radnor, Pa., Chilton Book Co. 1974xii, 204b\Electronic data processing departments Security measures. White collar crimes United States.,%Leibholz, Stephen W. Wilson, Louis D.2(!Tiwana Endnote library-added 7/99cLeming, James S. 1978F?Cheating Behavior, Situational Influence, and Moral Development &Journal of Educational Researchn714(March-April)214-217e2+Your PCs are more vulnerable than you thinkt Levi, Philip(!Chief Information Officer Journalt5r4 11-13A 1993A comprehensive security plan for personal computers (PC) does not have to be threatening or complicated. Security planning can be simplified by concentrating efforts in the areas with the greatest risks: 1. controls and procedures, 2. physical security, 3. data security, and 4. backup security. The first line of defense in a security plan is the establishment of proper internal controls, such as procedure manuals and audit trails. The risk of errors can be reduced by stringent training programs, constant monitoring and updating of internal operating controls, and technological controls. The 2nd line of defense is physical security, which can be assured with a wide variety of products. Securing data against unauthorized use is the 3rd line of defense. This can be accomplished by using multiple levels of passwords and user ID codes that restrict access to bona fide users. The last line of defense is to institute a fail-safe policy that willComputer security | Implementations | Factors | Systems management | Back up systems | Procedures | (5220) Data processing management | (5140) Security management Hayes, Mary 1998 Co Hayes, Mary 199881Digital Boosts NT Servers And Sets Rebate ProgramoInformationweeks n680 May 4\ 162fProduct introduction | Minicomputers | Bundling | Product lines | Microprocessors | Rebates | (9190) United States | (9000) Short article | (9120) Product specific treatment | (5230) Hardware | (7000) MARKETING | US | Digital Equipment Corp NOTES: 1 page(s) | English | ISSN: 8750-6874 | DUNS #: 00-103-8066 | Word Count: 00359 ABSTRACT: Digital Equipment is shoring up its Windows NT server line with more powerful midrange systems and bundles designed for specific applications. Digital is offering servers configured with Lotus Domino, AltaVista Firewall, and Microsoft server offerings like Exchange, Proxy, Internet Commerce and NT on both its Intel and Alpha lines. Digital is offering an Investment Protection Program for all its NT servers. The program is intended to induce users to buy now with the promise of a rebate of up to $8,000 on systems due out this summer that include faster processors. TICKER: DEC" Author: Hayes, Mary Publication: Informationweek | n680 | p. 162 | May 4, 1998 | Word Count: 00359 Digital Boosts NT Servers And Sets Rebate Program Headnote: New systems to offer more power, bundled applications Digital Equipment is shoring up its Windows NT server line with more powerful midrange systems and bundles designed for specific applications. Digital is offering servers configured with Lotus Domino, AltaVista Firewall, and Microsoft server offerings like Exchange, Proxy, Internet Commerce, and NT on both its Intel and Alpha lines. "Customers are asking why they're spending time integrating software packages," says Andrew Allison, a Carmel, Calif., consultant. "More people want a complete solution out of the box." Digital has also brought its highend 600-MHz Alpha 21164 chippreviously used only on Unix servers-down to its four-processor Windows NT Server 7000 line. A Server 7310 with one 600-MHz processor, 8 Mbytes of onboard cache, 128 Mbytes of memory, and Windows NT 4.0 is priced at $23,086 Digital is offering an Investment Protection Program for all its NT servers. The program is intended to induce users to buy now with the promise of a rebate of up to $8,000 on systems due out this summer that include faster processors-Intel's Pentium II Xeon or Digital's Alpha 21264. For example, purchasers of a 7310 with an Alpha 21164 chip will be offered a rebate toward the nextgeneration system. However, analysts say users should carefully consider the effect of the pending Compaq-Digital merger before buying Digital servers. The merger is likely to get approval from the Federal Trade Commission as early as this week. Analysts expect the merger to proceed, with one result being the eventual consolidation of Digital's NT/Intel server line with Compaq's NT/Intel line. Digital and Compaq officials won't comment on the status of the pending merger, but Digital says all contracts and investment-protection programs will be honored if the deal is completed. "We have all sorts of large contracts that have multiyear terms and conditions built into them," says Andrei Shishov, director of NT server marketing at Digital. "Compaq will honor whatever Digital would honor with customers." But Joe Barkan, an analyst with Gartner Group Inc., notes that even though Compaq would support Digital Intel systems if the lines were consolidated, customers could face difficulty finding parts that are no longer manufactured. -Mary HayessZHY( Caroll, John  1987 .Computer Securityf  "Boston  ( Butterworths  2nd RLIntel and AMA Form Service to Improve Security of Online Medical Information By Ann CarrnsaWall Street Journal: Oct 12 1999B6The computer-chip maker and the national doctors' society will offer "online credentials" to physicians, providing a means to authenticate the identity of doctors seeking to access and transmit health data in cyberspace. The service is expected to be available to physicians in the first quarter of next year.; The alliance kicks off Intel's "Internet Authentication Services" business, which will provide tools to let parties at both ends of an Internet transaction confirm each other's identity. The move also expands Intel's relationship with the AMA; the two already co-sponsor educational sessions around the country to encourage doctors to use the Internet.F?Service introduction Computer security Internet Medical recordsRLIntel and AMA Form Service to Improve Security of Online Medical Information By Ann CarrnsaWall Street Journal: Oct 12 1999B6The computer-chip maker and the national doctors' society will offer "online credentials" to physicians, providing a means to authenticate the identity of doctors seeking to access and transmit health data in cyberspace. The service is expected to be available to physicians in the first quarter of next year.; The alliance kicks off Intel's "Internet Authentication Services" business, which will provide tools to let parties at both ends of an Internet transaction confirm each other's identity. The move also expands Intel's relationship with the AMA; the two already co-sponsor educational sessions around the country to encourage doctors to use the Internet.F?Service introduction Computer security Internet Medical records&Carter, David L. Katz, Andra J. 1996VPTrends and Experiences in Computer-Related Crime: Findings From A National Study@:Annual Meeting of the Academy of Criminal Justice Sciences  Las Vegas, NV- 1-25A national study of corporate security directors was conducted to examine their experience with computer crime. Using established survey research methods, the authors assessed the extent of victimization, the character of computer crimes, who the perpetrators were, the introduction of viruses, unauthorized access to computer files, harassment via computers, destruction of virtual property, telecommunications fraud via computers, and computer security countermeasures. The results showed the 98.5% of the reporting businesses had been victimized by computer crime with the most common target being the theft or attempted theft of intellectual property. Full time employees committed the most crimes although a substantial number of incursions by hackers were reported with his threat growing disproportionately. Significant relationships were found between employees introducing viruses into computers and the unauthorized "browsing" of files as pre-cursors to stealing or attempting to steal information. With respect to security counter measures, there were statistically significant relationship for the use of data encryption, operations security, and surveillance of employees when tested against the different security counter measures. Use of authentication software and firewalls did not show significant relationships as security counter measures, most likely because of extraneous variables. The significant findings are discussed with anecdotes and motivations of behaviors.[`|`@"Elliptic-curve cryptographynAndrew D FernandesDr. Dobb's Journal Deca 1999 56-63o2412{Fernandes compared elliptic-curve cryptography to other cryptosystems and shows how elliptic-curve cryptosystems are built. :3Cryptography Computer programming Computer securityoInformation is power Nancy FerrisGovernment Executive Mar 2000 28-33 3236/The Veterans Benefits Administration (VBA) and many other agencies are beginning to enjoy the benefits of assembling disparate data, often from decades-old mainframe systems, in virtual warehouses and making it accessible with a familiar World Wide Web browser. Once the information is displayed on the computer screen, areas of deviation from the norm are easy to spot and investigate. Once agencies put data in warehouses, users can analyze it in ways that were not possible before, shedding new light on relationships among causes, effects, resources, and results. The low cost and flexibility of these systems make them easy to develop and modify. The Coast Guard's executive information system was also designed to make sense out of a morass of data. The system relies on Cognos Inc.'s PowerPlay. GPRA is the impetus for much of the interest in business intelligence within the executive branch, but these products and services are selling well in the private sector. One increasingly important issue that an IT architecture can help resolve is information security.`ZGovernment agencies Information management Environmental impact statements Data warehousesInformation is power Nancy FerrisGovernment Executive Mar 2000 28-33 3236/The Veterans Benefits Administration (VBA) and many other agencies are beginning to enjoy the benefits of assembling disparate data, often from decades-old mainframe systems, in virtual warehouses and making it accessible with a familiar World Wide Web browser. Once the information is displayed on the computer screen, areas of deviation from the norm are easy to spot and investigate. Once agencies put data in warehouses, users can analyze it in ways that were not possible before, shedding new light on relationships among causes, effects, resources, and results. The low cost and flexibility of these systems make them easy to develop and modify. The Coast Guard's executive information system was also designed to make sense out of a morass of data. The system relies on Cognos Inc.'s PowerPlay. GPRA is the impetus for much of the interest in business intelligence within the executive branch, but these products and services are selling well in the private sector. One increasingly important issue that an IT architecture can help resolve is information security.`ZGovernment agencies Information management Environmental impact statements Data warehouses"Nigel Fielding Jan Fielding} 1986 Linking Data Newbury Park, CA Sage Finne, Thomas 1998F@The three categories of decision-making and information securityComputers & Security175397-405 1998d]Studies Decision making Computer security Information management Uncertainty Risk Game theoryTMDecision-making can be categorized into 3 levels: decision-making under certainty, risk, and uncertainty. In what category decisions on information security are made is investigated. Recognizing the category in which decisions are made on information security should give support in the decision-making situation. The 4 well-known criteria for making decisions under uncertainty are: 1. the Laplace criterion, 2. the Minimax (maximin) criterion, 3. the Savage Minimax Regret criterion, and 4. the Hurwicz criterion. Game theory can also be referred to as decision-making under uncertainty.sEmDNathaniel S. 1996$[Continued from prior record] Communications of the ACM396 (June) 36-44Internet | Electronic commerce | Payment systems | Technological change | Startups | Computer security | Software industry | Case stuBottom, Norman R., Jr. 1983*#An Informational Theory of Security\Computers & Security2l 3 (November)275-280fComputer security | Systems | Theory | Industrial | Security | ( 5140) Security management | ( 5220) Data processing management | ( 9130) Experimental/theoretical treatmentZTAn information systems theory is presented to conceptually integrate private-sector security practice. All organizations face threats to security, including waste, accidents, errors, crimes, and unethical practices. Attempting to control any single threat without controlling all others will ultimately lead to a failed security system. Crime has been the traditional concern of security departments, leading them to be structured according to a law enforcement model. However, this model is inappropriate for the current business environment in which organizations can experience substantial loss from violated computer assets. The loss-control function of an organization must focus on audit and training, requiring information transfer to assess past losses, anticipate future vulnerabilities, and train computer personnel to recognize loss hazards. While law-enforcement efforts have the goal of service, focus on crime, and use reactive methods, loss control takes a proactive approach to securing the organization from all threats, with the goal of ensuring organizational stability and profitability.Bowen, Ted Smalley 1997.(Firewall Spec to Strengthen Web Security InfoWorld v19n49 Dec 8 1-24Electronic commerce | Computer security | Product development | Standardization | (9190) United States | (5250) Telecommunications systems | (5140) Security management | (7500) Product planning & development | US | Object Management Group"NOTES: 2 page(s) | English | ISSN: 0199-6649 | Word Count: 00342 ABSTRACT: Major Web-server vendors and object-software players are working through the Object Management Group (OMG) to standardize the creation of secure I-commerce applications. Groups including IBM, Oracle, Sun Microsystems, Netscape, Iona Technologies, NEC, and Visigenic have submitted proposals for a standard means of using the Internet Inter-ORB Protocol over the Secure Sockets Layer security protocol for transactions across firewalls. The CORBA/Firewall Security proposals, which outline mechanisms for securing object-based communications in a CORBA configuration, are aimed at simplifying the development of secure Internet applications, and countering Microsoft's Component Object Model-based security initiatives.Bowen, Ted Smalley 1997.(Firewall Spec to Strengthen Web Security InfoWorld v19n49 Dec 8 1-24Electronic commerce | Computer security | Product development | Standardization | (9190) United States | (5250) Telecommunications systems | (5140) Security management | (7500) Product planning & development | US | Object Management Group"NOTES: 2 page(s) | English | ISSN: 0199-6649 | Word Count: 00342 ABSTRACT: Major Web-server vendors and object-software players are working through the Object Management Group (OMG) to standardize the creation of secure I-commerce applications. Groups including IBM, Oracle, Sun Microsystems, Netscape, Iona Technologies, NEC, and Visigenic have submitted proposals for a standard means of using the Internet Inter-ORB Protocol over the Secure Sockets Layer security protocol for transactions across firewalls. The CORBA/Firewall Security proposals, which outline mechanisms for securing object-based communications in a CORBA configuration, are aimed at simplifying the development of secure Internet applications, and countering Microsoft's Component Object Model-based security initiatives. /1L8>Secret service.Securities analysisSecurities trading,)Securities United States Data processing. Security@8Capital, technology, and labor in the new global economy Washington, D.C. >8American Enterprise Institute for Public Policy Research 1988 xxvii, 203AEI studies ; 480vjc88019416 [Arthur F. Burns ... et al.] ; James H. Cassing and Steven L. Husted, eds. Includes index.dtmCapital. Financial services industry. Information technology. Marketing. Labor supply. International finance.v:4Burns, Arthur F. Cassing, James H. Husted, Steven L.(!Tiwana Endnote library-added 7/99n 0160363837C 13.10:500-189eSecurity in ISDN &Gaithersburg, MD Washington, DC xrU.S. Dept. of Commerce National Institute of Standards and Technology ; For sale by the Supt. of Docs. U.S. G.P.O. 1991 iv, 70F?NIST special publication ; 500-189. Computer systems technologyr>7Integrated services digital networks Security measures..NGBurr, William E. National Institute of Standards and Technology (U.S.),-|u0247 (mf) [microform] / William E. Burr. Distributed to depository libraries in microfiche. Shipping list no.: 93-0032-M. "September 1991." Includes bibliographical references (p. 65-67). Microfiche. [Washington, D.C.?] : Supt. of Docs., U.S. G.P.O., [1992] 1 microfiche : negative. NIST special publication ; 500-189. NIST special publication. Computer systems technology.i(!Tiwana Endnote library-added 7/99>7Rigorous certification maintains ANX security standardsr Dawn BushausInformationweek Mar 6n 200096JDFrom the start of the Automotive Network Exchange (ANX), it was clear that security and reliability were top priorities. ANX developers decided on the Internet Engineering Task Force's Internet Protocol Security and came up with a rigorous, mandatory certification process for ANX service providers. The protocol performs 3 basic functions: 1. It authenticates communication devices. 2. It encrypts data. 3. It ensures data integrity by not allowing bits to be scrambled during transmission. To use the ANX, trading partners must have an ANX-certified IPSec gateway on their premises if they are connecting using a dedicated link. Six providers are certified to provide ANX services: Ameritech, AT&T, BCE Emergis, EDS, Ideal Technology Solutions, and MCI WorldCom. Global Crossing and Sprint are going through the certification process.}Extranets Automobile industry Computer aided design cad Electronic data interchange Computer security Standards Certification .dL4.Intrusion-detection tools to stop hackers cold Ellen Messmerk Network World Feb 15 199934167Host-based monitoring software from Centrax, WebTrends, Axent Technologies, Tripwire Security Systems, and Internet Security Systems will send a warning if they detect misuse of protected files, the operating system, or Web server. Network-based scanners sold by Netect, Network Associates, Internet Security Systems, and Security Dynamics Technologies check for holes in firewalls or servers, so IS can close them. Another type of intrusion-detection product guards LANs by inspecting and analyzing packet flows across the network, detecting patterns of connection that indicate an attack. It is getting harder to avoid intrusion-detection tools because these capabilities are being built directly into more network gear. While 3 years ago, there was virtually no commercial intrusion-detection market, sales in 1998 hit $100 million and are expected to double again in 1999. Axent Technologies and Internet Security Systems are the market-share leaders at this point. nhComputer security Security systems Detection alarms Hackers Trends Industrywide conditions Manycompanies6/Secure extranet is just what the doctor orderedd Ellen Messmere Network World- Jan 10 2000 31-34w172pd^The National Board of Medical Examiners (NBME) has set up an extranet to provide online access to doctors' test scores and other data. The NBME's main challenge was finding a way to really be sure of the online user's identity and restrict access to the appropriate information, all housed in an Oracle database. NBME's Steve Lopez last year added 2 Axent Technologies products - the SecureLink Bridge Server and WebDefender. These 2 products work inside the intranet to provide the remote user with single sign-on to Web pages. SecureLink Bridge Server acts as a proxy to the firewall for the remote user.ngCase studies Extranets Computer security Access control Technological planning Physicians CertificationdO.jiElectronic commerce*$Your bank may have a privacy problemMichelle Clayton America's Community Banker Jan 1999 18-2181Everyday breaches of branch security, such as leaving monitors on, throwing out unshredded papers and allowing a customer to wear the teller down for information are adding to privacy problems. Community banks are responding to this dilemma by posting policies on their Web sites and revamping employee manuals. Some community banks are forming groups to study privacy vulnerabilities in the branch. Revising the bank's personnel manual is another tactic to step up the attack on potential breaches of privacy.jdCommunity banks Privacy Security management Guidelines Records management Training Computer security$The President's radio addresseWilliam J Clintono2,Weekly Compilation of Presidential Documents Dec 6e 1999 2453-2454a3548In a Nov 27 radio address to the nation, Pres Clinton discusses the potential pitfalls of electronic commerce and recommends online Christmas shoppers look into the Federal Trade Commission's online buyer's checklist, available at www.consumer.gov.D=Electronic commerce Computer security Web sites Clinton, Bill$The President's radio addresseWilliam J Clintono2,Weekly Compilation of Presidential Documents Dec 6e 1999 2453-2454a3548In a Nov 27 radio address to the nation, Pres Clinton discusses the potential pitfalls of electronic commerce and recommends online Christmas shoppers look into the Federal Trade Commission's online buyer's checklist, available at www.consumer.gov.D=Electronic commerce Computer security Web sites Clinton, BillD=TechReport: One site can manage all passwords; [Home Edition]m Mark Clothiere2,The Atlanta Journal the Atlanta Constitution Oct 17 1999 ; 10XRThen came the Internet, and they added things like search engines and e-mail accounts and airline reservations and online banking to make it worthwhile to us. But how do you manage it all? How do you keep track of all the sites and all the passwords?; Then there's Desktop.com, a San Francisco start-up that has developed a desktop interface for the Internet. The idea is to make all Internet functions --- e-mail, calendars, bookmarks, phone lists - -- accessible from the Web, which means it would be accessible anywhere there's Internet access.; Most were related to a few specific areas: the sending of spam, or junk e-mail, and the verification of digital signatures and records. Eight states ---Virginia, North Carolina, West Virginia, Connecticut, Nevada, Oklahoma, Washington and Tennessee --- enacted anti-spam laws. Most try to ban deceitful in-state spam by requiring that people or companies that send large amounts of spam use accurate names, addresses and subject lines. In New York, California, Connecticut, North Carolina, Virginia and West Virginia, sending spam can be a criminal offense.*$Passwords Computer security SoftwarecubLaV$Cyberfraud and computer crimec Glenn CheneyStrategic Financew Novo 1999 38-43w815eyThe odds of any malevolent invasion on your computer network are probably in approximate proportion to the size and fame of your organization and the resources it has to defend itself. The more likely danger by far is the cleaning crew that has been bribed to snatch diskettes off your desk, the disgruntled employee who knows the passwords and the encryption keys, the bookkeeper who has created a fake vendor account, the wag who is pulling racist jokes off the Web and e-mailing them to half the company. These insiders might not qualify as computer criminals, but computers can certainly facilitate their dirty deeds. If invasion or misuse of the corporate computer system can lead to financial devastation, the issue belongs ultimately on the desk of the CFO. Steps the CFO can take to prevent financial loss or disaster through the use or misuse of the computer system are discussed.VPComputer security Chief financial officers Guidelines Strategic planning Hackers*#High-confidence design for security  Shiu-Kai ChinmD>Association for Computing Machinery. Communications of the ACM Jult 1999 33-37C427tyThe widespread use of networks makes information security a major concern when the underlying network is assumed to be insecure. Systems with security requirements typically must operate with a high degree of confidence - they must be highly assured. The task of designing and building secure systems raises a fundamental question: how does one know with confidence that the design will be secure? Having confidence in a secure system requires having confidence in the strength of the cryptographic algorithms, the correctness of the hardware and software implementations, and knowing the implementation supports a security model. Methods for establishing confidence that implementations meet their specifications and security requirements are described. These methods are rigorous in nature, relying on mathematical logic, and are accessible to engineering students at the master's level.XQData encryption Network security Algorithms Confidence Design engineering Studies*#High-confidence design for security  Shiu-Kai ChinmD>Association for Computing Machinery. Communications of the ACM Jult 1999 33-37C427tyThe widespread use of networks makes information security a major concern when the underlying network is assumed to be insecure. Systems with security requirements typically must operate with a high degree of confidence - they must be highly assured. The task of designing and building secure systems raises a fundamental question: how does one know with confidence that the design will be secure? Having confidence in a secure system requires having confidence in the strength of the cryptographic algorithms, the correctness of the hardware and software implementations, and knowing the implementation supports a security model. Methods for establishing confidence that implementations meet their specifications and security requirements are described. These methods are rigorous in nature, relying on mathematical logic, and are accessible to engineering students at the master's level.XQData encryption Network security Algorithms Confidence Design engineering StudiesPI0387582657 (New York acid-free paper) 3540582657 (Berlin acid-free paper)d 005.7/2 Qa76Error control, cryptology, and speech compression : Workshop on Information Protection, Moscow, Russia, December 6-9, 1993 : selected papers Berlin ; New York. Springer-Verlagi 1994 viii, 121o.'Lecture notes in computer science ; 829k@9Computer security Congresses. Data protection Congresses.a(!Chmora, Andrew Wicker, Stephen B.B(!Tiwana Endnote library-added 7/99PI0387582657 (New York acid-free paper) 3540582657 (Berlin acid-free paper)d 005.7/2 Qa76Error control, cryptology, and speech compression : Workshop on Information Protection, Moscow, Russia, December 6-9, 1993 : selected papers Berlin ; New York. Springer-Verlagi 1994 viii, 121o.'Lecture notes in computer science ; 829k@9Computer security Congresses. Data protection Congresses.a(!Chmora, Andrew Wicker, Stephen B.B(!Tiwana Endnote library-added 7/99*$Security or privacy? No easy answersPankaj Chowdhry PC Weeka Feb 28 200080179g(!The recent distributed denial-of-service attacks against the Internet make it even more apparent that when major companies were building their Internet presences, they chose quick instead of secure. The current Internet cannot securely and reliably support high-volume electronic commerce.<6Internet Computer security Hackers Electronic commercenJCPrecautions can keep hackers out of your hard drive; [Home Edition]n Bill Hustedk2,The Atlanta Journal the Atlanta Constitution Aug 15 1999 E; 1F@Ordinarily they didn't lock the doors. It was that kind of a town, a small place nestled in a little valley that ought to have been on a postcard. It was if "Leave It to Beaver" were real. Folks didn't need to lock their doors.; The Internet used to be that way. But it has grown from a little electronic community of people who either knew each other, or at least had a lot in common, into a busy world that mirrors the world, complete with saints, crooks and average folks. Nowadays it's the sort of place where a person should lock the doors.; To understand the downside to that progress, you need to understand how an Internet connection works. When you are logged on to the Net through your provider, your computer is assigned an address. Like addresses in the world of "Leave It to Beaver," it is a way for others to find you. Computer security Hackers rr22D>Will SET secure electronic commerce or lead to its extinction?(!Friedman, Aharon Schiffman, Allans Bank Systems & Technology 336u58 1996Opposing views about the Secure Electronic Transactions (SET) protocol are presented. According to Aharon Friedman of Digital Secured Network Technologies Inc., SET is not ready for its prime-time cyberspace debut, and its proponents will be in for a rude awakening if they begin conducting electronic commerce with the protocol. Allan M. Schiffman of Terisa Systems Inc. believes that the SET protocol is more than adequate security to secure users' credit card information.tComputer security | Electronic commerce | Protocol | Disputes | (9190) United States | (5140) Security management | (5250) Telecommunications systems | USD>Will SET secure electronic commerce or lead to its extinction?(!Friedman, Aharon Schiffman, Allans Bank Systems & Technology 336u58 1996Opposing views about the Secure Electronic Transactions (SET) protocol are presented. According to Aharon Friedman of Digital Secured Network Technologies Inc., SET is not ready for its prime-time cyberspace debut, and its proponents will be in for a rude awakening if they begin conducting electronic commerce with the protocol. Allan M. Schiffman of Terisa Systems Inc. believes that the SET protocol is more than adequate security to secure users' credit card information.tComputer security | Electronic commerce | Protocol | Disputes | (9190) United States | (5140) Security management | (5250) Telecommunications systems | USySystems management; Computer networks; Local area networks; Computer security; Data integrity; Network management systems0nhDownsizing, client-server computing, and distributed processing have added to the network security task, since spreading data across the network makes the data vulnerable to corruption. The US government established a practical set of standards to address the issues of network security. Known as C2, the standards involve: identification and authentication; discretionary access control; audits; and object reuse. One solution is a single sign-on system that can allow for virus protection, automatic screen blanking, boot protection and encryption. Another option is to centralize the PC's boot files, forcing users to first pass through the network security system before gaining access to their PC. Evaluating the environment is key to any successful security system. Barton McKinley with Summitt Communications recommends taking advantage of all network capabilities.,%Technology 1994: Software engineeringGabel, David A.IEEE Spectrum [SPC]311 1994 38-41ySystems management; Computer networks; Local area networks; Computer security; Data integrity; Network management systems0nhDownsizing, client-server computing, and distributed processing have added to the network security task, since spreading data across the network makes the data vulnerable to corruption. The US government established a practical set of standards to address the issues of network security. Known as C2, the standards involve: identification and authentication; discretionary access control; audits; and object reuse. One solution is a single sign-on system that can allow for virus protection, automatic screen blanking, boot protection and encryption. Another option is to centralize the PC's boot files, forcing users to first pass through the network security system before gaining access to their PC. Evaluating the environment is key to any successful security system. Barton McKinley with Summitt Communications recommends taking advantage of all network capabilities.,%Technology 1994: Software engineeringGabel, David A.IEEE Spectrum [SPC]311 1994 38-41 Gage, Deborah 1996"SunScreen gets new treatmentComputer Reseller News n691 Jul 8S24Software industry | Market strategy | Intranets | Marketing agreements | Alliances | (9190) United States | (9000) Short article | (8302) Software & computer services industry | (7000) MARKETING | US | Sun Microsystems Computer Corp | Network Imaging Corp-NOTES: 1 page(s) | English | ISSN: 0893-8377 | Word Count: 00208 ABSTRACT: Sun Microsystems Inc.'s Internet Commerce Group will team with Network Imaging Corp. to market Sun's family of firewall products which enable the building of secure virtual private networks. Sun believes the intranet market will total from $6 billion to $8 billion by 1998. --------------------------------------------------------------------------------Author: Gage, Deborah Publication: Computer Reseller News | n691 | p. 24 | Jul 8, 1996 | Word Count: 00208 SunScreen gets new treatment SUN MICROSYSTEMS INC. has a new marketing and bundling agreement for SunScreen, its family of firewall products which enable the building secure virtual private networks (VPNs). Sun's Internet Commerce Group will team with Network Imaging Corp., based in Herndon, Va., which makes a suite and tools for storing and managing multimedia applications on a network. Network Imaging's 1View:WebMOM, or multimedia object manager, works with any database and any language and can integrate multimedia with both legacy and Internet-based applications. Sun believes the intranet market will total from $6 billion to $8 billion by 1998. Humphrey Tolanen, general manager of the Internet Commerce Group, said companies that switch from private leased lines to VPNs can save 20 percent to 50 percent in the first year. "The intranet is the place where most of the so-called Internet dollars are being spent, because the intranet is a proof of concept for business-to-business commerce. This is the first phase," Tolanen said. Lockheed Martin Information Systems and Technologies is the first integrator to sell the bundle, although the bundles also will be sold through both Sun's and Network Imaging's channels. Pricing for Network Imaging's 1 View: WebMOM starts at $30,250; SunScreen starts at $20,000. Network Imaging's products are being retooled to support Java.F$The milk mustache of security John Gallant Network Worldm Apr 14 1997481415b[An editorial discusses security, which remains the biggest obstacle to electronic commerce. @9Computer security Electronic commerce Internet Editorialsc G&pV Flexibility Flow control Food programs ForecastsForeign policy Formal languages Congresses.Fraud FreewareFreishstat, Gregg Future Game theoryGarfinkel, Steven Gateways gendergeneral deterrence theoryGillespie, Mary Helen GlobalizationGoalsGovernment agenciesGovernment employees(#Government purchasing United States GREAT Britain GuidelinesGullotto, Vincent Hackers($Handicapped Employment United States,(Handicapped Rehabilitation United States Hashing (Computer science)40Hewlett Packard HP Praesidium WebEnforcer for NT,&Hewlett Packard Praesidium WebEnforcer High speedhigh speed connectionsHigh tech industries Hiring Hoaxes Holidays & special occasionsHome Loans IncPLhttp://www.nytimes.com/library/tech/99/07/circuits/articles/08hack-side.html Human-computer interaction. HurricanesIdentification identity ImmunologyImpact analysisImplementations ImprovementsINDUSTRIAL managementINDUSTRIAL surveysIndustry profiles | Electronic commerce | Computer security | Electronic banking | (5250) Telecommunications systems | (5140) Security management | (9175) Western Europe | Portugalhdindustry | Computer security | Protocol | (9190) United States | (5250) Telecommunications systems |Industrywide conditionsInformation controlInformation management`]Information management | Computer security | Data encryption | Access control | Smart cards |85Information networks United States Security measures.Information retrievalInformation scienceinformation security Information security staffing$ Information services Management.Information storage,)Information storage and retrieval systems83Information storage and retrieval systems Business.85Information storage and retrieval systems Congresses.<6Information storage and retrieval systems Periodicals.0*Information storage and retrieval systems.0+Information superhighway Security measures.,(Information superhighway Social aspects.Information systems`]Information systems | Information management | Attitude surveys | Executives | Associations |Information systems | Professionals | Computer security | Trends | Internet | Skills | (5220) Data processing management | (5140) Security management | (9190) United States | USInformation systems | Systems design | Methods | Implications | Computer security | Comparative analysis | (5240) Software & systems | (5140) Security management | (9130) Experimental/theoretical treatmentInformation technology("Information technology Management.41Information technology Moral and ethical aspects.($Information technology United States85Information technology | Computer security | DisasterInformation technology.INFORMATION-SYSTEMSInfrastructure InitiativesInsurance companies | Computer security | Software packages | (9190) United States | (9000) Short article | (8220) Property casualty insurance | (5140) Security management | (5240) Software & systems | US | TIG Insurance Co | Sterling Commerce Inc-DallaInsurance companies | Internet | Electronic commerce | Computer security | Data encryption | Technological change | (9190) United States | (8200) Insurance industry | (7400) Distribution | (5140) Security management | (5220) Data processing management |Insurance industryInsurance industry | Alliances | Electronic commerce | Network directories | Virtual networks | Computer security | (8200) Insurance industry | (9190) United States | (5250) Telecommunications systems | (5140) Security management | US | Sedgwick Group PInsurance industry | Computer security | Internet | Electronic commerce | Opinions | (8200) Insurance industry | (5140) Security management | (5200) Communications & information management | (9190) United States | USVVj 0071125027 Qa76.9.a25 r44 1994 005.8rRhee, Man Youngd,&Cryptography and secure communications Singapore ; New York  McGraw-Hill. 1994 xxiii, 5044-McGraw-Hill series on computer communicationscTMComputer security. Telecommunication systems Security measures. Cryptography.a(!Tiwana Endnote library-added 7/99 $Protecting the Data Cookie JarRhodes, Wayne L., Jr.5 InfosystemsS 1981 36-385288CZSThere is no doubt that there is a need for some type of protection against data misuse. Although those who have access to data cannot be prevented from misusing it, software packages can be used to control access. However, malicious use of data is not the biggest threat to data. The biggest threat is human error, followed in order by systems error, deliberate theft of information, deliberate modification, and deliberate denial of service. One of the problems of protecting data is that many people are not security conscious enough; they are not aware that they have something to protect. Another problem with protection is that those who are aware of the need for protection must rely on people who have the ability to do the most damage. Three of the best security software packages are SECURE, ACF2, and Resource Access Control Facility (RACF).|Computer security Protection Software packages (5100) Facilities management; (5200) Communications & information management;$Protecting the Data Cookie JarRhodes, Wayne L., Jr.5 InfosystemsS 1981 36-385288CZSThere is no doubt that there is a need for some type of protection against data misuse. Although those who have access to data cannot be prevented from misusing it, software packages can be used to control access. However, malicious use of data is not the biggest threat to data. The biggest threat is human error, followed in order by systems error, deliberate theft of information, deliberate modification, and deliberate denial of service. One of the problems of protecting data is that many people are not security conscious enough; they are not aware that they have something to protect. Another problem with protection is that those who are aware of the need for protection must rely on people who have the ability to do the most damage. Three of the best security software packages are SECURE, ACF2, and Resource Access Control Facility (RACF).|Computer security Protection Software packages (5100) Facilities management; (5200) Communications & information management;[ 81 Newman, David Holzbaur, Helen Bishop, Kathleen 1997$ *Firewalls: Don't Get Burned Data Communications  v26n4 Mar 21p. 36-53Manyproducts | Performance evaluation | Software packages | Computer security | Network management systems | Manycompanies | Firewalls | (9190) United States | (5240) Software & systems | (5140) Security management | (8302) Software & computer services industry | (9120) Product specific treatment | US | Checkpoint Software Technologies Ltd | CyberGuard Corp | Seattle Software Labs Inc | Sun Microsystems IncARTICLE TITLE: Firewalls: Don't Get Burned AUTHOR: Newman, David | Holzbaur, Helen | Bishop, Kathleen PUBLICATION: Data Communications | v26n4 | p. 36-53 | Mar 21, 1997 NOTES: Charts | Graphs | Diagrams | 17 page(s) | English | ISSN: 0363-6399 | DUNS #: 01-304-4532 -------------------------------------------------------------------------------- ABSTRACT: Twenty firewalls were put through an exhaustive evaluation that included nearly 100 different forms of attack, a thorough investigation of management features, and a stress test involving 100-Mbit/s fast Ethernet segments. It was found that firewalls are not yet at the commodity state where one product is as good as another. Attacks by Safesuite, a security scanning tool from Internet Security Systems, were used to exploit well-known weaknesses in firewall or OS code. Because firewall management features have such strong implications for network security, most of the testing was focused in this area. The firewall was also subjected to 4 types of denial-of-service attacks. The final management scenario involved the setup of reporting and alerts. Some firewalls just are not ready for service on 100Base-T production networks. The top performers were: 1. Check Point Software Technologies Inc.'s Firewall-1, 2. Cyberguard Corp.'s Cyberguard Firewall, 3. Seattle Software Labs Inc.'s Watchguard Security Management System, and 4. Sun Microsystems Inc.'s Sunscreen EFS. -------------------------------------------------------------------------------- SUBJECT(S): Manyproducts | Performance evaluation | Software packages | Computer security | Network management systems | Manycompanies | Firewalls | (9190) United States | (5240) Software & systems | (5140) Security management | (8302) Software & computer services industry | (9120) Product specific treatment | US | Checkpoint Software Technologies Ltd | CyberGuard Corp | Seattle Software Labs Inc | Sun Microsystems Inc TICKER: SUNWjj 0306456362"Hv6773 .g8513 1997 364.16/80 Guisnel, Jeanu,%Cyberwars : espionage on the Internetm New York  Plenum Trade 1997 295mComputer crimes. Computer security. Information superhighway Security measures. Internet (Computer network) Security measures. World Wide Web (Information retrieval system) Security measures. Secret service. Intelligence service. Business intelligence.(!Tiwana Endnote library-added 7/99 C 13.10:800-4nComputer security considerations in federal procurements a guide for procurement initiators, contracting officers, and computer security officials 60Gaithersburg, MD Washington, DC [Springfield, VA U.S. Dept. of Commerce Technology Administration National Institute of Standards and Technology ; For sale by the Supt. of Docs. U.S. G.P.O. ; Order from National Technical Information Service]e 1992 x, 107:4NIST special publication ; 800-4. Computer security.JCComputer security United States Government purchasing United States NGGuttman, Barbara National Institute of Standards and Technology (U.S.),r(!Tiwana Endnote library-added 7/99o C 13.10:800-4nComputer security considerations in federal procurements a guide for procurement initiators, contracting officers, and computer security officials 60Gaithersburg, MD Washington, DC [Springfield, VA U.S. Dept. of Commerce Technology Administration National Institute of Standards and Technology ; For sale by the Supt. of Docs. U.S. G.P.O. ; Order from National Technical Information Service]e 1992 x, 107:4NIST special publication ; 800-4. Computer security.JCComputer security United States Government purchasing United States NGGuttman, Barbara National Institute of Standards and Technology (U.S.),r(!Tiwana Endnote library-added 7/99oC 13.10:800-12<6An introduction to computer security the NIST handbook &Gaithersburg, MD Washington, DCp U.S. Dept. of Commerce Technology Administration National Institute of Standards and Technology ; For sale by the Supt. of Docs. U.S. G.P.O. 1995xi, 276i:3NIST special publication; 800-12. Computer security Computer security United States Handbooks, manuals, etc. Computer networks Security measures United States Handbooks, manuals, etc.d\VGuttman, Barbara Roback, Edward National Institute of Standards and Technology (U.S.),(!Tiwana Endnote library-added 7/99aC 13.10:800-12<6An introduction to computer security the NIST handbook &Gaithersburg, MD Washington, DCp U.S. Dept. of Commerce Technology Administration National Institute of Standards and Technology ; For sale by the Supt. of Docs. U.S. G.P.O. 1995xi, 276i:3NIST special publication; 800-12. Computer security Computer security United States Handbooks, manuals, etc. Computer networks Security measures United States Handbooks, manuals, etc.d\VGuttman, Barbara Roback, Edward National Institute of Standards and Technology (U.S.),(!Tiwana Endnote library-added 7/99aVirtual shopping Guy, Sandra. Telephonyg 232g1118 1997>7AT&T and Wells Fargo Bank are now offering merchants an Internet commerce solution that simplifies the maintenance of World Wide Web sites. To ease security concerns, AT&T guarantees that end users can access the merchants' Web sites around the clock and that its SecureBuy Service will not lose an order forwarded from AT&T to a merchant. The carrier also guarantees the safety of consumers' Internet purchases charged to AT&T Universal cards through the Web sites. The SecureBuy Service uses secure socket layer technology and encryption to process real-time sales.a Service introduction | Internet | Electronic commerce | Web sites | Computer security | Data encryption | (9120) Product specific treatment | (5250) Telecommunications systems | (8120) Retail banking services | (9190) United States | US | AT&T Corp | Wells Fargo BanknVirtual shopping Guy, Sandra. Telephonyg 232g1118 1997>7AT&T and Wells Fargo Bank are now offering merchants an Internet commerce solution that simplifies the maintenance of World Wide Web sites. To ease security concerns, AT&T guarantees that end users can access the merchants' Web sites around the clock and that its SecureBuy Service will not lose an order forwarded from AT&T to a merchant. The carrier also guarantees the safety of consumers' Internet purchases charged to AT&T Universal cards through the Web sites. The SecureBuy Service uses secure socket layer technology and encryption to process real-time sales.a Service introduction | Internet | Electronic commerce | Web sites | Computer security | Data encryption | (9120) Product specific treatment | (5250) Telecommunications systems | (8120) Retail banking services | (9190) United States | US | AT&T Corp | Wells Fargo BanknPJID Enigma: Are biometrics a threat to privacy or the key to protecting it?James E GuyettesAutomatic I.D. Newsn MayM 1999 45-47155Protecting the privacy and individual rights of the people was viewed by the founders of the US as the major Constitutional goal. Specific guidelines for managing biometric information did not make the list. The US now finds itself seeking a balance between facilitating the free flow of information and maintaining the long-held privacy rights Americans hold so dear. Some serious decisions are to be made as automatic data capture capabilities become the center of a nationwide decision-making process with worldwide implications. The data capture industry should be gearing up to pitch its plusses in a proactive manner, urges Gary Clayton, a privacy analyst and lawyer with Stone Investments. Failure to take a proactive stance could bring dire results, according to David Harper of ICSA. The protection and confidentiality of medical records is a key concern of Americans, who are also very private about their financial affairs.LFBiometrics Right of privacy Automatic identification Computer security;6]0 \/@:Hewlett-Packard offers security software fo NT enterprisesJames Niccolai InfoWorldn Feb 7b 2000 68Ag226eHewlett-Packard Co. has introduced Praesidium WebEnforcer, which is designed to automatically eliminate known security holes in Web server environments that are based on Microsoft's Windows NT operating system. The software also sets best security practices in NT Web server environments, monitors the integrity of security settings, and enforces those settings when unintended changes are detected.g~xSoftware packages Computer security Windows operating system Product introduction Hewlett Packard Praesidium WebEnforcer@:Hewlett-Packard offers security software fo NT enterprisesJames Niccolai InfoWorldn Feb 7b 2000 68Ag226eHewlett-Packard Co. has introduced Praesidium WebEnforcer, which is designed to automatically eliminate known security holes in Web server environments that are based on Microsoft's Windows NT operating system. The software also sets best security practices in NT Web server environments, monitors the integrity of security settings, and enforces those settings when unintended changes are detected.g~xSoftware packages Computer security Windows operating system Product introduction Hewlett Packard Praesidium WebEnforcerQa76.55 .n52 1990eNichols, David A.t2,Multiprocessing in a network of workstations Pittsburgh, Pa.i 81Carnegie Mellon University Computer Science Dept.e 1990xiii, 97^WResearch paper / Carnegie Mellon University. School of Computer Science ; CMU-CS-90-107CAbstract: "The recent move to workstation-based computing environments has introduced a new point in the design space of multiprocessors: a loosely-coupled collection of workstations using a network file system for shared memory. One problem with such a system is managing the available workstations and making them available to clients on demand. The Butler system has been running at CMU for three years and is used hundreds of times daily to allow students and faculty to use idle workstations. I discovered that the system is used far more for interactive programs than expected. Surprisingly, security attacks involving the Butler system have been quite rare, despite the large student population among its users. A natural class of UNIX applications that can take advantage of idle workstations includes programs consisting of multiple processes communicating via a shared file system. With such applications, the file system becomes a bottleneck for performance. The second part of the thesis examines the performance of a particular file system, the Andrew File System (AFS), developed at CMU. The major tool for the AFS performance analysis is a discrete-event simulation of the file server and its client workstations. The simulation's accuracy is verified by comparison with experiments run on the file system. Experiments show that the model's parameters can be used to construct a simple linear equation model of the server. While this model is not accurate under conditions when resources are nearing exhaustion, it is useful for a wide range of normal operation. Using simulation, I estimate the effects of various parameters of AFS performance, such as network latency, CPU speed, and disk seek time. In addition, I examine the effect of proposed changes to the system, such as the use of encryption during transmission of file data. The simulation provides a number of insights about the operation of AFS. These include the fact that AFS is very CPU-limited, that it achieves respectable performance while using relatively slow communications primitives, and that it can handle a wide range of workloads without trashing. The conclusions give more general observations about the process of constructing its simulator."*#Multiprocessors. Computer networks.David A. Nichols. "February 1990." Thesis (Ph.D.)--Carnegie Mellon University, 1990. Includes bibliographical references. Research paper (Carnegie Mellon University. School of Computer Science) ; CMU-CS-90-107.(!Tiwana Endnote library-added 7/99r:4Niederman, Fred James C. Brancheau James C. Wetherbe 1991:3Information Systems Management Issues for the 1990s MIS Quarterly15 4 (December)475-495Noble, Suzanne 19994.Successful steps to enterprisewide integration"Health Management Technology206 26-27vGRA 1999, 12/2/1999 Enterprisewide computing | Internet | Computer security | Case studies | Hospital systems | Health care delivery | Computer networks | Internet | Systems integration | (9190) United States | (9110) Company specific/case studies | (8320) Health care industry | (5250) Telecommunications systems | (5240) Software & systems | (5140) Security management | US | Baptist Healthcare System Incv|Louisville, Kentucky-based Baptist Healthcare System is planning a fully integrated enterprisewide system to improve the delivery of care. One of the initial steps in the process is testing a Web-based application to make crucial patient information more easily accessible to their doctors. Measures have been put in place with the Physician Access Network (PAN) to address a variety of patient confidentiality and security issues. IS Director Kelly Hall says PAN has provided Baptist Healthcare with the opportunity to be able to provide ubiquitous access over the Internet, access which has won over many of the facility's physicians.Noble, Suzanne 19994.Successful steps to enterprisewide integration"Health Management Technology206 26-27vGRA 1999, 12/2/1999 Enterprisewide computing | Internet | Computer security | Case studies | Hospital systems | Health care delivery | Computer networks | Internet | Systems integration | (9190) United States | (9110) Company specific/case studies | (8320) Health care industry | (5250) Telecommunications systems | (5240) Software & systems | (5140) Security management | US | Baptist Healthcare System Incv|Louisville, Kentucky-based Baptist Healthcare System is planning a fully integrated enterprisewide system to improve the delivery of care. One of the initial steps in the process is testing a Web-based application to make crucial patient information more easily accessible to their doctors. Measures have been put in place with the Physician Access Network (PAN) to address a variety of patient confidentiality and security issues. IS Director Kelly Hall says PAN has provided Baptist Healthcare with the opportunity to be able to provide ubiquitous access over the Internet, access which has won over many of the facility's physicians.Noll, A. Michael 1996$The Hazards of Cyber OverloadTelecommunications30 3 (March){44 Internet | Electronic mail systems | Psychological aspects | Nonverbal communication | Problems | ( 9190) United States | ( 5250) Telecommunications systems | USA commentary discusses problems with using the Internet and E-mail. Some of the reasons not to use E-mail include: 1. There are serious computer security issues in connecting one computer to another. 2. E-mail may actually decrease productivity by stimulating much useless communication that must be read and disposed of appropriately. 3. The use of E-mail requires a modem and special software.gF;FflParker, Donn B. 1981"Computer Security Management  Reston, VA Reston Publishing,Parker, Donn B.  1983 4Fighting Computer Crime  $New York  & Scribner's  Pasher, Victoria Sonshinee 1997(!Some see a need for 'net watchdog>7National Underwriter (Life & Health/Financial Services)28Insurance industry | Internet | Computer security | Trends | Electronic commerce | (9190) United States | (8200) Insurance industry | (5250) Telecommunications systems | (5140) Security management | US)According to Tim James Higham, president and CEO of The Insurance Resource Center, the insurance industry's Internet activities could perhaps be monitored along the lines of either an industrywide intranet or a new "mega-" or "super-site" created on the World Wide Web. Higham said so much is at stake in making the Internet safe for insurance transactions, that there is an urgent need for such things as electronic identifying stamps during processing. Higham was one of a number of industry officials addressing consumer protection issues during a national satellite broadcast on Insurance Through the Internet: Consumer, Company, and Regulatory Issues, sponsored by the Society of Chartered Property Casualty Underwriters. Pasher, Victoria Sonshinee 1997(!Some see a need for 'net watchdog>7National Underwriter (Life & Health/Financial Services)28Insurance industry | Internet | Computer security | Trends | Electronic commerce | (9190) United States | (8200) Insurance industry | (5250) Telecommunications systems | (5140) Security management | US)According to Tim James Higham, president and CEO of The Insurance Resource Center, the insurance industry's Internet activities could perhaps be monitored along the lines of either an industrywide intranet or a new "mega-" or "super-site" created on the World Wide Web. Higham said so much is at stake in making the Internet safe for insurance transactions, that there is an urgent need for such things as electronic identifying stamps during processing. Higham was one of a number of industry officials addressing consumer protection issues during a national satellite broadcast on Insurance Through the Internet: Consumer, Company, and Regulatory Issues, sponsored by the Society of Chartered Property Casualty Underwriters.TNPaternoster, Raymonn Saltzman, Linda F. Waldo, Gordon P. Chiricos, Theodore G. 1982`YPerceived Risk and Deterrence: Methodological Artifacts in Perceptual Deterrence Research..'Journal of Criminal Law and Criminologyl733(Fall)5 1238-1258CF?Some Basic Bytes on Keeping Computer Thieves Out of Your SystemePattakos, Arion N.Security Managements 1985 30-34a292.XQA security plan should be developed, implemented, and tested for all computer facilities or systems to avoid devastating losses and to curb the damage from computer crime or accident. Establish security goals to minimize loss - whether accidental and intentional - and to maximize the availability of data, equipment, and processing capability. Determination of computer security requirements should begin with a risk assessment of administrative, personnel, physical, and technical security. A comparison of threats to vulnerabilities will provide a security profile of the system. Plan for such crises as: 1. equipment failure, 2. damage to software, files, and documentation, 3. absence of key personnel, 4. inaccessibility or loss of major company assets, 5. severe damage or destruction of the facility, and 6. denial of service to users. Early restoration of services depends on a recovery plan that specifically states responsibilities during emergencies and specifically addresses: 1. priorities, 2. succession of personnel, 3. protection of records and documentation, and 4. emergency procedures.Computer security Theft Security Planning Risk management Goals Needs analysis Guidelines (5220) Data processing management; (5140) Security management; (3300) Risk management; (9150) Guidelines;u$t$v Crash-proof your Web sitel2+Frank J Derfler Jr Les Freed Rich Santalesa1 PC Magazinee Apr 4n 2000134-144 197nDerfler et al discuss how to crash proof one's web site. They review seven load balancing software packages, including the Editor's Choice, Alteon 180e.>8Software Web sites Computer security Servers Alteon 180erlDeclassifier in a Class by Himself; Man Who KeepsNation's SecretsIs Known forHis Own Candor; [FINAL Edition]George Lardner Jr.The Washington Post  Dec 29 1999 A25i For a government bureaucrat privy to the nation's most closely held secrets, Steven Garfinkel is in a class by himself. He's accessible to historians and researchers. He even talks to reporters.; A lawyer who has worked for the government for almost 30 years, Garfinkel, 54, is director of the tiny Information Security Oversight Office (ISOO), a little-known agency that keeps changing its address, but always takes with it the same responsibilities: overseeing the classification of sensitive national security information, making sure that real secrets are kept secret, and promoting the declassification of as much of the rest as soon as possible.; It's a delicate balancing act and Garfinkel necessarily takes a long view of what "as soon as possible" means. He's working under a 1995 executive order--which he helped draft--that says 25 years is long enough for most sensitive information, but he's had some setbacks recently, dictated by congressional fears that nuclear secrets might be lurking undetected on old records about to be released.>7Federal government Archives & records Garfinkel, StevenrlDeclassifier in a Class by Himself; Man Who KeepsNation's SecretsIs Known forHis Own Candor; [FINAL Edition]George Lardner Jr.The Washington Post  Dec 29 1999 A25i For a government bureaucrat privy to the nation's most closely held secrets, Steven Garfinkel is in a class by himself. He's accessible to historians and researchers. He even talks to reporters.; A lawyer who has worked for the government for almost 30 years, Garfinkel, 54, is director of the tiny Information Security Oversight Office (ISOO), a little-known agency that keeps changing its address, but always takes with it the same responsibilities: overseeing the classification of sensitive national security information, making sure that real secrets are kept secret, and promoting the declassification of as much of the rest as soon as possible.; It's a delicate balancing act and Garfinkel necessarily takes a long view of what "as soon as possible" means. He's working under a 1995 executive order--which he helped draft--that says 25 years is long enough for most sensitive information, but he's had some setbacks recently, dictated by congressional fears that nuclear secrets might be lurking undetected on old records about to be released.>7Federal government Archives & records Garfinkel, Steven>7Business World: Some Things Are Worse Than a Woolly WebeBy Holman W. Jenkins Jr.Wall Street Journalo Feb 16 2000 A27aB;The Internet has been likened to a town where nobody has to lock their doors. People idealize such places, but they often forget the downside: A stranger can't spit without half a dozen neighbors noticing. Not for nothing have people been fleeing small towns for millennia, gladly exchanging a "sense of community" for the thrills of city life.; The Web stands at such a crossroads now, thanks partly to last week's mau-mauing of major sites by unknown pranksters. With unseemly haste the White House and Janet Reno tried to inflate these acts of vandalism into national security threats. But the bigger danger may be the Web's true believers and most devoted adherents, who want it still to be a small town.; Stories on Saturday had the FBI chasing after a young programmer, "Mixter," who wrote the software that others may have exploited to briefly disrupt business at Yahoo, eBay and other sites. Most of the reports omitted to mention that the FBI had gotten its information from reading Friday's papers, which had followed up interviews Mixter had given to the technology press.81Computer security Computer crime Internet HackersKZ("Security vendors strut their stuffMessmer, Ellen Network Worldp144S10 1997At the annual RSA Data Security Conference, VeriSign Inc. will launch a custom version of its X.509 public-key digital certificates for organizations. Called Private Label Digital ID Services, the restricted-use digital IDs are what Visa International Inc. and Novus Services Inc. will issue to card carriers in the future for electronic commerce on the Internet. Entrust Technologies has unveiled a desktop encryption product, the Integrated Cryptographic Engine. Trade shows | Computer security | Data encryption | Product introduction | Manycompanies | (7300) Sales & selling | (5240) Software & systems | (5140) Security management | (9190) United States | US | VeriSign Inc | Entrust Technologies Ltd | Milkyway Networks CorpaMessmer, Ellen 1997,&Doing Electronic Commerce the Java Way Network Worldl v14n33 Aug 18 35,40eJava | Electronic commerce | Intranets | Retail stores | (9190) United States | (8390) Retail stores, includes groceries | (5250) Telecommunications systems | US | Beamscope Canada IncNOTES: 2 page(s) | English | ISSN: 0887-7661 | Word Count: 00552 ABSTRACT: Since July 1997, Beamscope Canada Inc. has given approximately 500 stores access through its Internet firewall to view an electronic catalog of merchandise, place orders or check shipping status around the clock. As an alternative to phone orders, the electronics distributor is letting retail stores place online orders using a Java-enabled browser.Author: Messmer, Ellen Publication: Network World | v14n33 | p. 35,40 | Aug 18, 1997 | Word Count: 00552 Doing electronic commerce the Java way As an alternative to phone orders, electronics distributor Beamscope Canada, Ltd. is now letting retail stores into its intranet to place online orders using a Java-enabled browser. For the past two months, the large Canadian distributor of video games and computer hardware has given approximately 500 stores access through its Internet firewall to view an electronic catalog of merchandise, place orders or check shipping status around the clock. The software facilitating this is a server-based Java application from Ironside Technologies, Inc., which the company has yet to name. The application, which is running on an AS/400 server, acts as a front end to Beamscope's supply chain management system, Cantoc Business Systems, Inc.'s Censys program. After authentication through encrypted password and ID, the online buyer gets a Java applet downloaded to his browser from the Ironside application. The Java applet gives buyers access to the Censys customer service, warehouse, inventory and order approval system. Customers then can enter their order, rather than have a Beamscope telephone representative take it. Beamscope hopes this will reduce transaction costs associated with telephone-based orders. "The customer can look at the catalog and place orders without having to use our telemarketing department," said Jim Jameson, Beamscope Canada's executive vice president and chief operating officer. "Censys does the credit check and the order confirmation." In the two months since Beamscope has put the new system in place, customers appear to be placing bigger orders via the Java applet than they did through telephone representatives, Jameson said. "It may be they feel they are getting more product information, such as info on special promotions," he said. The customers making use of the Ironside electronic commerce application in this initial rollout are"the small mom and pop stores,"Jameson said. This is because Beamscope's larger trading partners already use another electronic commerce technology called Electronic Data Interchange. "A lot of the big guys, like Wal-Mart, Business Depot and Canadian Tire, have been using EDI," Jameson noted. "But these companies are looking at our system and asking themselves, 'Why the heck are we doing EDI? EDI is not interactive.' " EDI provides a standard format for exchanging purchase orders and freight information, but the EDI valueadded networks are proprietary, making it costly and difficult to support multiple connections with different trading partners. "It costs me thousands upon thousands of dollars to catch all these transactions,"Jameson said. However, with millions of dollars invested in EDI networks integrated with backend business systems, it's unlikely large trading partners will abandon EDI overnight. The advent of Java-based electronic commerce over the 'Net has the potential to radically alter the balance of power in the traditional distribution chain, because it makes it easier than ever for the supplier to sell directly to the consumer. "If we wanted, we could break our relations with the distributors and go directly to the public, but we're choosing to be the virtual warehouse instead,"Jameson said. "Right now, it's not our intent to compete with our resellers." The Ironside Java application works with Censys and other enterprise business systems, such as those from SAP AG, said Bill Lipsin, Ironside Technologies' president and CEO. The current version of the Ironside Java application is based on the Java Development Kit (JDK) 1.02 specification. The company expects to come out with a JDK 1.1 version in February.rZ Negron, Tomas 1992*$Audit Concerns in the PC EnvironmentInternal Auditingi73 38-43Computer audits | Computer security | Auditing procedures | Internal controls | Local area networks | (4130) Auditing | (5220) Data processing management | (5140) Security management | (9190) United States | US ABSTRACT: Issues of control and security relative to personal computers (PC) have not kept pace with the technological explosion in hardware and software. Electronic data processing (EDP) audit managers are challenged to create PC audit procedures that deal with the PC not only as a standalone tool but also as a node within a local area network (LAN) or wide area network (WAN). In addition, data security concerns go beyond the PC itself because of sophisticated communications hardware and software. At a minimum, audit procedures for the review of a PC system should address the following: 1. policies, 2. organization and administration, 3. hardware-software description, 4. license agreements, 5. physical environment, 6. physical security, 7. logical security, 8. internal (I/O) controls, 9. PC-to-PC communications, 10. PC-to-mainframe communications, 11. documentation, and 12. disaster recovery.prevent counterfeiting by virtue of the issuer's digital signature on the digital cash, which verifies its authenticity. For the proposed payment systems, issues such as consumer protection, disclosure and assignment of participant liability and privacy are being addressed by regulators and law makers. Recently, the Federal Reserve suggested that stored-value-cards that can store no more than $100 be exempted form the provision of Regulation E, which governs many conventional electronic methods of payment. BV+#($Computer networks Security measures.$!Computer networks Social aspects.82Computer networks United States Security measures.Computer networks | Product development | Product lines | Computer security | Systems management | Network directories | (9190) United States | (7500) Product planning & development | (5250) Telecommunications systems | (5240) Software & systems | US |Computer networks.Computer peripheralsComputer privacyComputer programmingcomputer programsComputer security$Computer security Bibliography. Computer security Congresses.41Computer security Government policy United States82Computer security Government policy United States.0,Computer security Moral and ethical aspects.82Computer security Study and teaching United States$Computer security United States0+Computer security United States Evaluation.<8Computer security United States Handbooks, manuals, etc.$ Computer security United States.Computer security | Characteristics | Information control | Objectives | Implications | Problems | Access control | (5220) Data processing management | (5140) Security managementComputer security | Computer networks | Computer viruses | Downtime | Losses | Data communications | Local area networks | ( 5140) Security management | ( 5250) TelecommunicationsComputer security | Computer networks | Technological planning | Installations | Guidelines | (9190) United States | (5240) Software & systems | (5250) Telecommunications systems | (5140) Security management | (5220) Data processing management | (2310) Computer security | Data encryption | Electronic commerce | Computer privacy | (9190) United States | (5240) Software & systems | (5140) Security management | USComputer security | Electronic commerce | Data encryption | Electronic commerce | World Wide Web | (9190) United States | (5250) Telecommunications systems | (5140) Security management | USComputer security | Electronic commerce | Product development | Software industry | Manycompanies | (9190) United States | (5140) Security management | (5250) Telecommunications systems | (8302) Software & computer services industry | (7500) Product plaComputer security | Electronic commerce | Protocol | Disputes | (9190) United States | (5140) Security management | (5250) Telecommunications systems | USComputer security | Implementations | Factors | Systems management | Back up systems | Procedures | (5220) Data processing management | (5140) Security managementheComputer security | Information systems | Problems | Planning | Risk assessment | Solutions | ( 5140)Computer security | Internet | Forecasts | Systems integration | (9000) Short article | (9172) Canada | (5240) Software & systems | (5140) Security management | Canada | IBM Corp | IBM Canada LtdComputer security | Internet | Niche marketing | Business growth | Market potential | Manycompanies | Software industry | Earnings forecasting | (9190) United States | (5140) Security management | (8302) Software & computer services industry | (3400) InComputer security | Licensing | Service introduction | Certification | Electronic commerce | (9190) United States | (5140) Security management | (8302) Software & computer services industry | (7500) Product planning & development | US | Electronic Frontd`Computer security | Life cycles | Management | Methods | Implementations | Maintenance | ( 5140)Computer security | Methods | Advantages | Controls | Criteria | (5140) Security management | (5220) Data processing management | (9180) International | (9175) Western Europe | FinlandXSComputer security | Planning | ( 9130) Experimental/theoretical treatment | ( 2500) Ag_ |Landseth, Bill Lang, JayLangley, WilliamLathrop, David L. Lavers, SimonLawton, GeorgeLederer, Albert L.Lee, Danial C.Lee, Jennifer 8.Leibholz, Stephen W.Leitheiser, R.L.Leming, James S.Lending, Diane Levi, Philip Levitt, JasonLewis, Bruce R. Lewis, Jamie Limayem, Moez Lin, HerbertLipner, Seth E.Littlefield, RussellLittwin, AngelaLivingston, Brian$ LocalGovernmentAuditInspectorate Loch, KarenLoch, Karen D.Loch, Karen D.Loeb, Martin P. Lohr, Steve Lomas, MarkLongmore-Etheridge, Ann Lorange, P.Lovelace, Herbert W.Lucas, Henry C. Ludlow, PeterLuker, Norman W.Lumbaugh, RobertLumbaugh, Robert E. Lund, DouglasLyytinen, KalleMacgahan, AileenMachlis, SharonMadnick, StuartMadnick, Stuart E. Maiwald, Eric Malik, ImtiazMambo, MasahiroMann, Charles CMarcial, Gene G.Maremont, By Mark Markoff, JohnMarlin, StevenMarshall, Martin Marston, C. Martin, JamesMartinez, AnthonyMathews, Nancy IrleMathus, David LMatsumoto, TsutomuMattod, Herbert J.Matyas, Stephen M.McAndrews, James JMcAndrews, James J. McBride, JeffMcCarthy, By Michael J. McCarthy, EdMcCarthy, JackMcCarthy, VanceMcChesney, Michael CMcClure, StuartMcConnell, By MikeMcCreary, Jerry D.McDannell, Jay McDermott, J.McDuffie, R. Steve McHugh, JohnMcIntosh, Neil McKee, Bob McLean, E. R.McLean, EphraimMcLean, Ephraim R.McMenamin, BrigidMcWilliams, By GaryMendoza, MichaelMenkus, BeldenMerenbloom, PaulMessmer, Ellen Metcalfe, BobMeyer, Carl H. Meyer, IngridMeyerson, Bruce Mili, HafedhMiller, Cyndee Miller, Eric Miller, P. Mills, Elinor Min, ZhengMoore, PedrickMorgan, Cynthia Morris, NMoskowitz, Ira S.Moss, By MichaelMossberg, By Walter S.Msezane, Temba Mu, YiMulqueen, John TMylott, Thomas R. III Naffah, Najah(#Naftali Bendavid, Washington Bureau Nagin, D Nagin, DanielNance, William D. Nash, Kim S.($National Institute of Justice (U.S.)85National Institute of Standards and Technology (U.S.)XRNational Research Council (U.S.). Committee to Study National Cryptography Policy. Nechis, M.Nechvatal, JamesNeedham, Roger M.Neeley, DeQuendre Negron, TomasNelson, MatthewNeumann, Peter G. Newman, DavidNiccolai, JamesNichols, David A.Niederman, FredNoble, SuzanneNoll, A. MichaelNorris, Dwight R.Nosworthy, Julie D. Notkin, D.Novak, Thomas P.O Heney, SheilaO Leary, John G.O'Mahony, Donal Okamoto, EijiOkamoto, TatsuakiOliveira, LuisOlsen, Florence Olsen, Karen Orleans, S.Ostfeld, Stacy Otis, L. H.sterle, Hubert Palmieri, S.Panettieri, Joseph C. Park, SeongParker, Donn B.Pasher, Victoria SonshinePaternoster, RaymonnPattakos, Arion N. Pavlou, P.A. Peach, SidPearson, Frank S. Peirce, M. A.Peralta, MarcosPerrow, CharlesPerry, William E.Pervan, Graham P.Petersen, By AndreaPfitzmann, BirgitPfleeger, Charles P. Pfleger, S.Phillips, BarryPichler, FranzPieprzyk, JosefPILLER, CHARLES Pitt, MichaelDdd>8Tools of the trade: Killer apps at the hostile perimeterSchwartau, Winnd Network World1 199935162.pjKiller app can mean a program used to counter attacks on a network and establish hostile perimeters. For companies that choose to employ such tactics, there is a range of options that include: 1. passive data collecting, 2. alerting the ISPs along a hacker's trail, 3. browser interrupts, 4. denial of service, 5. bandwidth and e-mail flooding, and 6. deception.Computer networks Computer security Systems design (9190) United States; (5250) Telecommunications systems; (5140) Security management;o>8Tools of the trade: Killer apps at the hostile perimeterSchwartau, Winnd Network World1 199935162.pjKiller app can mean a program used to counter attacks on a network and establish hostile perimeters. For companies that choose to employ such tactics, there is a range of options that include: 1. passive data collecting, 2. alerting the ISPs along a hacker's trail, 3. browser interrupts, 4. denial of service, 5. bandwidth and e-mail flooding, and 6. deception.Computer networks Computer security Systems design (9190) United States; (5250) Telecommunications systems; (5140) Security management;o"Schwartz, R. D. Orleans, S.s 1967On Legal Sanctions& University of Chicago Law Review34 Winter274-300rSchwartz, Melvin 1990>7Computer Security: Planning to Protect Corporate Assetsi"Journal of Business Strategy111 (January-February) 38-41iComputer security | Computer networks | Computer viruses | Downtime | Losses | Data communications | Local area networks | ( 5140) Security management | ( 5250) Telecommunications systemsiThe level of computer crime has grown along with the number of computers. Although it is not uncommon to read newspaper articles about a system being violated, the vast majority of computer break-ins are by those who have no interest in publicity. Information asset is an umbrella term for copyrights, trademarks, patents, and trade secrets. Corporations gain access to this information by tampering with competitive companies' computer systems, where much of this data resides. Three types of technologies account for the bulk of data communications that include the use of the telephone system: dial-up or leased line systems, the packet network, and the local area network (LAN). Two strategies to combat potential computer security problems are access management and data encryption. Access management mainly concerns determining who is initiating a session on a network system and the user's location. Encryption is the only way to manage security on LANs, and most LAN vendors offer the option. Schwartz, Melvin 1990>7Computer Security: Planning to Protect Corporate Assetsi"Journal of Business Strategy111 (January-February) 38-41iComputer security | Computer networks | Computer viruses | Downtime | Losses | Data communications | Local area networks | ( 5140) Security management | ( 5250) Telecommunications systemsiThe level of computer crime has grown along with the number of computers. Although it is not uncommon to read newspaper articles about a system being violated, the vast majority of computer break-ins are by those who have no interest in publicity. Information asset is an umbrella term for copyrights, trademarks, patents, and trade secrets. Corporations gain access to this information by tampering with competitive companies' computer systems, where much of this data resides. Three types of technologies account for the bulk of data communications that include the use of the telephone system: dial-up or leased line systems, the packet network, and the local area network (LAN). Two strategies to combat potential computer security problems are access management and data encryption. Access management mainly concerns determining who is initiating a session on a network system and the user's location. Encryption is the only way to manage security on LANs, and most LAN vendors offer the option.  Scott, Kary 1990:3E-Mail Security System Developed for Internet UsersrData Communicationsf1915 18, 22November 21, 1990lElectronic mail systems | Security systems | Communications networks | Communications equipment | Computer security | Architecture | Standards | ( 5250) Telecommunications systems | ( 5140) Security management | ( 5220) Data processing managementNowhere is the threat of unauthorized access more present than on the Internet, the nationwide network linking thousands of users at US government facilities, research organizations, and universities, mostly through electronic mail. In response to growing concerns, the Privacy and Security Research Group of the Internet Activities Board (IAB) has developed a set of guidelines for secure e-mail. The group is conducting a test of a technology called privacy enhanced mail, which it expects to have adopted as an Internet standard early in 1991. The security standard will provide end-to-end encryption of messages through the use of public and private cryptographic keys. It will also ensure that messages are not corrupted en route to recipients. The architecture is similar to Open Systems Interconnection's (OSI) 1988 standard for X.400. Privacy enhanced mail encryption technology is designed by RSA Data Security Inc.^>7Computer Security and Integrity: Problems and Prospects.'Srinivasan, Cadambi A. Dascher, Paul E.e Infosystemsa 1981116-123928 5(Part 1)8Computer system security problems revolve around 3 basic issues: 1. data confidentiality, 2. data integrity, and 3. protection against denial of service. Management must see the need for security countermeasures, establish a computer security charter, and institute a security policy. The policy should coordinate and delegate: 1. developing security standards, 2. implementation of security countermeasures, 3. ensuring reliability of countermeasures, 4. formulating contingency plans, and 5. performing tests and audits. Risk analysis must first be done, and compliance to standards verified, by the audit function. Prevention- and detection-oriented data security measures are instituted. Audits check the adequacy and effectiveness of systems and software. After physical safeguards are implemented, limits must be put on data use through identification authorization, access audit, and data encryption procedures. A security audit is done to assign responsibility for improper data use and monitor security violations.Computer security Data Security Policy Protection Computers Safeguards Access Control Audits Authorizations (5100) Facilities management; (5200) Communications & information management; (4100) Accounting;>7Computer Security and Integrity: Problems and Prospects.'Srinivasan, Cadambi A. Dascher, Paul E.e Infosystemsa 1981116-123928 5(Part 1)8Computer system security problems revolve around 3 basic issues: 1. data confidentiality, 2. data integrity, and 3. protection against denial of service. Management must see the need for security countermeasures, establish a computer security charter, and institute a security policy. The policy should coordinate and delegate: 1. developing security standards, 2. implementation of security countermeasures, 3. ensuring reliability of countermeasures, 4. formulating contingency plans, and 5. performing tests and audits. Risk analysis must first be done, and compliance to standards verified, by the audit function. Prevention- and detection-oriented data security measures are instituted. Audits check the adequacy and effectiveness of systems and software. After physical safeguards are implemented, limits must be put on data use through identification authorization, access audit, and data encryption procedures. A security audit is done to assign responsibility for improper data use and monitor security violations.Computer security Data Security Policy Protection Computers Safeguards Access Control Audits Authorizations (5100) Facilities management; (5200) Communications & information management; (4100) Accounting;60Information security in workstation environmentsStahl, Stanley H.iComputers & Security122u117-122n 1993Workstation security in a distributed environment extends the general problem of information security. A heterogeneous distributed workstation environment is subject to a greater range of threats than the more homogeneous host-terminal environment. It is also less amenable to physical security measures. Consequently, greater reliance must be placed on technological solutions at the level of the workstation and the network to which the workstations are connected. The US National Computer Security Center has several workstation systems on its evaluated product list. Any of these may be used to provide assured security at their rated level. There are also 3 secure network products on the center's evaluated product list. In addition, special purpose products like smartcards and Kerberos offer additional security in those environments requiring it. Kerberos is particularly interesting in that, in addition to providing enhanced user authentication, it also offers both data privacy and message integrity.Data integrity | Computer security | Work stations | Computer networks | (5240) Software & systems | (5140) Security management TT >"Detmar W. Straub Cathy Spatz Widom  1984 ^ADeviancy by Bits and Bytes: Computer Abusers and Control Measures4  8James H. Finch E.G. Dougall4 B%Computer Security: A Global Challengef  & Amsterdamr  L0Elsevier Science Publishers B.V. (North Holland) $431-4420 *# Detmar W. Straub Cathy Spatz Widom 1984HADeviancy by Bits and Bytes: Computer Abusers and Control Measures "James H. Finch E.G. Dougall@:Second International IFIP Conference on Computer Security Toronto, Ontario, Canada 91-102  Straub, D.W. Widom, C. S. 1984HADeviancy by Bits and Bytes: Computer Abusers and Control Measuresd "Finch, J. H. Dougall, E. G.{,%Computer Security: A Global Challengeu  AmsterdamN 60Science Publishers B.V. (North-Holland) and IFIP 91-102C(,Detmar W. Straub  1985 ^BToward the Empirical Study of Computer Abuse and Computer Security  * Albert Dexter nRProceedings of the Administrative Sciences Association of Canada (ASAC) Conference  6Montreal, Ontario, Canada & 6, Part 4 "47-60  June ,Detmar W. Straub  1985 ^BToward the Empirical Study of Computer Abuse and Computer Security  * Albert Dexter nRProceedings of the Administrative Sciences Association of Canada (ASAC) Conference  6Montreal, Ontario, Canada & 6, Part 4 "47-60  June .Straub, Detmar W.r  1986 ^BComputer Abuse and Computer Security: Update on an Empirical Study @#Security, Audit, and Control Reviewt 4a & 2 (Spring) "21-31r .Straub, Detmar W.  1986 mDeterring Computer Abuse: the Effectiveness of Deterrent Countermeasures in the Computer Security Environmento 0Systems & Operations  0Bloomington, IN, USA  J.Indiana University Graduate School of Business ( dissertation  Straub, D.W. 1986tmDeterring Computer Abuse: The Effectiveness of Deterrent Countermeasures in the Computer Security Environment"Graduate School of Business Indiana UniversityDoctoral Dissertation.Straub, Detmar W.r  1986 ^BComputer Abuse and Computer Security: Update on an Empirical Study @#Security, Audit, and Control Reviewt 4a & 2 (Spring) "21-31r .Straub, Detmar W.  1986 mDeterring Computer Abuse: the Effectiveness of Deterrent Countermeasures in the Computer Security Environmento 0Systems & Operations  0Bloomington, IN, USA  J.Indiana University Graduate School of Business ( dissertation  GF?84Electronic data interchange Standards United States.0*Electronic data interchange United States.Electronic data interchange | Electronic commerce | Technological planning | Internet | Intranets | (9190) United States | (5250) Telecommunications systems | (5220) Data processing management | US40Electronic data processing departments Auditing.<8Electronic data processing departments Security measuresHBElectronic data processing departments Security measures Auditing.<9Electronic data processing departments Security measures.HEElectronic data processing departments United States Safety measures.XRElectronic data processing departments United States Security measures Management.LGElectronic data processing departments United States Security measures.HDElectronic data processing Distributed processing Security measures.82Electronic data processing Distributed processing.,(Electronic data processing United StatesLHElectronic data processing United States Backup processing alternatives.84Electronic digital computers Programming Congresses.0,Electronic filing systems Computer programs.<8Electronic funds transfers Security measures Congresses. Electronic funds transfers.,'Electronic mail messages United States.Electronic mail systems,'Electronic mail systems Social aspects.Electronic mail systems | Security systems | Communications networks | Communications equipment | Computer security | Architecture | Standards | ( 5250) Telecommunications systems | ( 5140) Security management | ( 5220) Data processing management(%Electronic surveillance United StatesElectronics industryEMERGENCY management Employees Employment encryption End usersEnterprisewide computing | Internet | Computer security | Case studies | Hospital systems | Health care delivery | Computer networks | Internet | Systems integration | (9190) United States | (9110) Company specific/case studies | (8320) Health care indu$Environmental impact statements Equity Errors Erwin, Doug("Espionage, Soviet History Sources.40Espionage, Soviet United States History Sources. EthicsEthics | Computer security | Social psychology | Freedom of speech | Information technology | ( 5200) Communications & information management | ( 5140) Security managementEthics | Computer security | Social psychology | Freedom of speech | Information technology | (5200) Communications & information management | (5140) Security managementEurope Defenses.LFExecutive departments United States Data processing Security measures. Executives$Export controls United States. extra costsextra problems Extranets FactorsFalse informationFarnsworth, Roger Fay, JeffFederal fundingFederal governmentFederal legislationFederal regulation FiltersFinancial services Financial services industry.Financial services | Electronic commerce | Computer security | Technological change | (9190) United States | (8130) Investment services | (5250) Telecommunications systems | (5140) Security management | US | Currency Management Corp FirewallsFirewalls | Equipment acquisition planning | Guidelines | (5240) Software & systems | (5120) Purchasing | (9150) Guidelines | (9190) United States | USFirewalls | Plug & play | Web sites | Product introduction | Computer upgrading | (9190) United States | (5240) Software & systems | (5140) Security management | (9120) Product specific treatment | US | On Technology Corp | Raptor Systems IncFirewalls | Problems | Network management systems | (9190) United States | (5140) Security management | (5250) Telecommunications systems | USFirewalls | Product development | Plug & play | Manycompanies | Manyproducts | (7500) Product planning & development | (5240) Software & systems | (9190) United States | US | On Technology Corp | Raptor Systems Inc | Checkpoint Software Technologies Ltd Frr  \UThe Internet Under Siege: Cisco, the Web's Traffic Cop, Sits at the Center of the JamrBy Scott ThurmWall Street Journals Feb 11 2000B5Cisco is, quite literally, at the core of much of the Internet. The San Jose, Calif., company makes the majority of the specialized computers called "routers" that direct Internet traffic, whether it be e-mail, Web pages or streaming video. Cisco claims that almost all Internet traffic moves through its equipment at some point.; A: As an industry, over the last several years, we've been asked to build faster and wider highways so people can use the Internet more effectively. That's a doubleedged sword. Through the development of this very efficient highway system we've made it possible for a few misguided or angry individuals to block traffic on the highway, if you will. As an industry, we now face the issue of being able to detect, respond and clear these traffic jams very quickly. As the Internet grows and matures, our ability to detect and react to these issues is improving.; A: When these types of situations started arising, one of our major customers started asking for assistance. We in turn reached out to other customers to give them advice on how to configure their network and respond to these types of attacks. We recommend that businesses that are serious users of the Internet take a proactive approach to Internet security with the goal of developing an intelligent self-defending network. There's a page on Cisco's Web site dedicated to these issues, with configuration guides for our equipment. It's been updated in the last few days.:4Hackers Computer security Internet Farnsworth, Roger.(E-business tops tech priorities for CPAs Robert TieJournal of Accountancy Mare 2000 20-21a 189 3lRepresentatives of AICPA technology committees gathered in Tuscon, Arizona, to identify the 10 most important technological challenges and opportunities facing CPAs in 2000. The group was unanimous on one point in particular: You cannot duck these issues. Confront and resolve them, or they will overwhelm you and your business. The group's choices include: 1. E-business, 2. information security and controls, 3. training and technology competence, and 4. disaster recovery.*#CPAs Technological change Forecasts.(E-business tops tech priorities for CPAs Robert TieJournal of Accountancy Mare 2000 20-21a 189 3lRepresentatives of AICPA technology committees gathered in Tuscon, Arizona, to identify the 10 most important technological challenges and opportunities facing CPAs in 2000. The group was unanimous on one point in particular: You cannot duck these issues. Confront and resolve them, or they will overwhelm you and your business. The group's choices include: 1. E-business, 2. information security and controls, 3. training and technology competence, and 4. disaster recovery.*#CPAs Technological change ForecastsTittle, Charles R. 1980@9Sanctions and Social Deviance: the Question of Deterrence New York PraegeriLFQC100 .U57 no. 500-172 QA76.9.A25 602/.18 s 005.8/0715 C 13.10:500-172,%Computer security training guidelinesa "Gaithersburg, MD Washingtoni U.S. Dept. of Commerce National Institute of Standards and Technology ; U.S. G.P.O. : For sale by the Supt. of Docs. U.S. G.P.O. 1989 v, 32 ("NIST special publication ; 500-17282Computer security Study and teaching United States`YTodd, Mary Anne Guitian, Constance National Institute of Standards and Technology (U.S.),a(!Tiwana Endnote library-added 7/999LFQC100 .U57 no. 500-172 QA76.9.A25 602/.18 s 005.8/0715 C 13.10:500-172,%Computer security training guidelinesa "Gaithersburg, MD Washingtoni U.S. Dept. of Commerce National Institute of Standards and Technology ; U.S. G.P.O. : For sale by the Supt. of Docs. U.S. G.P.O. 1989 v, 32 ("NIST special publication ; 500-17282Computer security Study and teaching United States`YTodd, Mary Anne Guitian, Constance National Institute of Standards and Technology (U.S.),a(!Tiwana Endnote library-added 7/999"0471121754 (pbk alk. paper)n$Qa76.9.d348 t65 1996 658.4/782Toigo, Jon WilliamLFDisaster recovery planning : for computers and communication resources New York  John Wiley 1996 xxii, 329.f`Data recovery (Computer science) Computer security. Telecommunication systems Security measures.(!Tiwana Endnote library-added 7/997"0471121754 (pbk alk. paper)n$Qa76.9.d348 t65 1996 658.4/782Toigo, Jon WilliamLFDisaster recovery planning : for computers and communication resources New York  John Wiley 1996 xxii, 329.f`Data recovery (Computer science) Computer security. Telecommunication systems Security measures.(!Tiwana Endnote library-added 7/997F?Tighter security loosens the constraints on electronic commerceTomasula, DeanWall Street & Technology152 34-42C 19972+Despite the security risks and threat of firewall break-ins, Wall Street firms have been conducting EC with retail customers for the past 3 years, coinciding with the emergence of the World Wide Web as a force in EC. In 1996, London's Currency Management Corp. (CMC) began offering foreign exchange trading over the Internet. CMC worked with RSA Data Security Inc. on encryption methods used on the service. To have effective security, firms must take a multi-layered approach that includes firewalls, frequently-changed passwords, and encryption. Because there is a widespread recognition that the Internet is emerging as a vehicle for electronic payments, efforts are under way by firms such as Cybercash to imbed security methods into electronic wallets. Banks believe the role played by the EFT system, a proprietary network used by banks to transfer money between one another, can be expanded to electronic commerce between corporations and consumers. Certification authorities provide digital identification services that support secure electronic transactions.Financial services | Electronic commerce | Computer security | Technological change | (9190) United States | (8130) Investment services | (5250) Telecommunications systems | (5140) Security management | US | Currency Management CorpRity staffingPersonnel recources*$Working at the NSF FastLane web site Donald J Wink $Journal of Chemical Educationr Sepc 1999 1181-1182W769,The NSF has been developing a cutting-edge online communications portal, called FastLane, for several years. Wink discusses this portal, and argues that it may represent the future of secure transmittal of sensitive scientific material.0*Web sites Computer security CommunicationsWood, Charles Cressonb 1988:3A Context for Information Systems Security Planning\Computers & Security7  5 (October)S455-465fComputer security | Information systems | Problems | Planning | Risk assessment | Solutions | ( 5140) Security management | ( 5220) Data processing management | ( 2310) PlanningAs a new organizational entity, information security at most firms has never been properly controlled. The perpetuated biases against information security, the inadequate information security models, the reactive and incremental improvement approaches used to address security, the information overload, and insufficient staffing and resources are all symptoms of a most serious problem. Control over the information security function will only take place through rigorous planning that managers recognize as essential to the firm. Establishing a foundation for information security means establishing required policies, technical standards, and procedural standards. Automated tools that can help in planning security efforts are quantitative risk analysis packages, spreadsheets, data dictionaries and encyclopedias, project management packages, and graphics packages. Only after one is much more serious about planning can one actually anticipate, avoid, prevent, and mitigate problems before they occur.tA Loss of Innocence2 Wood, PatrickI UNIX Review  1988 36-42 602.& Properly administrated, UNIX can be a very difficult, general-purpose computing environment to breach. To understand the present state of UNIX security, it is necessary to look at where UNIX comes from, where it is going, and some of the basic underlying principles of its security features. UNIX security matters can be broken down into 4 general areas of concern: 1. preventing unauthorized access, 2. preventing compromise, 3. preventing denial of service, and 4. preserving the integrity of the system. The popular use of the UNIX file permission mechanism is the most obvious way of preventing compromise. A program for the encryption of data also is provided by UNIX. Nonetheless, there are a number of loopholes in the UNIX security model, including lax default protections. Maintaining the proper security of a UNIX system requires that users remember that computer security is simply one part of a larger administrative plan for a computer center and that it can only be maintained through the joint efforts of administrators, users, and managers.Operating systems Computer security Access Protection Data encryption (5140) Security management; (5220) Data processing management;G2d13540632328 (alk. paper)2 005.8 Qa76Information security and privacy : Second Australasian Conference, ACISP '97, Sydney, NSW, Australia, July 7-9, 1997 : proceedings Berlin ; New Yorke Springer 1997xi, 336b.'Lecture notes in computer science, 1270C^WComputer security Congresses. Data protection Congresses. Privacy, Right of Congresses.$0*Varadharajan, Vijay Pieprzyk, Josef Mu, Yi(!Tiwana Endnote library-added 7/999"354064265X (pbk. alk. paper) 005.8/2 Qa76tnFast software encryption : 5th international workshop, FSE '98, Paris, France, March 23-25, 1998 : proceedings Berlin ; New Yorkr Springer 1998 viii, 296 .'Lecture notes in computer science, 1372 NH98013006 FSE '98 (1998 : Paris, France) Serge Vaudenay, (ed.). Includes bibliographical references and index. New results in linear cryptanalysis of RC5 / Ali Aydin Seluk -- Higher order differential attack of a CAST cipher / Shiho Moriai, Takeshi Shimoyama, Toshinobu Kaneko -- Cryptanalysis of TWOPRIME / Don Coppersmith ... [et al.] -- JEROBOAM / Herv Chabanne, Emmanual Michon -- Fast hashing and stream encryption with PANAMA / Joan Daemen, Craig S.K. Clapp -- Joint hardware/software design of a fast stream cipher / Craig S.K. Clapp -- On the security of the hashing scheme based on SLb2s / Kanat S. Abdukhalikov, Chul Kim -- About Feistel schemes with six (or more) rounds / Jacques Patarin --Monkey : black-box symmetric ciphers designed for MONopolizingKEYs / Adam Young, Moti Yung -- MRD hashing / Rei Safavi-Naini, Shahram Bakhtiari, Chris Charnes -- New constructions for secure hash functions / Wiliam Aiello, Stuart Haber, Ramarathnam Venkatesan -- Cryptanalytic attacks on pseudorandom number generators / John Kelsey ... [et al.] -- CS-CIPHER / Jacques Stern, Serge Vaudenay -- On the design and security of RC2 / Lars R. Knudsen ... [et al.] -- Serpent : a new block cipher proposal / Eli Biham, Ross Anderson, Lars R. Knudsen -- Attacking triple encryption / Stefan Lucks --Cryptanalysis of some recently-proposed multiple modes of operation / David Wagner -- Differential cryptanalysis of the ICE encryption algorithm / Bart Van Rompay, Lars R. Knudsen, Vincent Rijmen -- The first two rounds of MD4 are not one-way / Hans Dobbertin - Differential cryptanalysis of KHF / David Wagner.4.Computers Access control Passwords Congresses.Vaudenay, Sergeo(!Tiwana Endnote library-added 7/99 b\Integration of computer security into the software engineering and computer science programs,%Rayford B Vaughn Julian E Boggess III *#The Journal of Systems and Software  Dec 30 1999149-153m49 2,3 This paper presents a role for computer security education in a computer science curriculum and argues that it should become a standard course offering at both the undergraduate and graduate levels of instruction. Computer security instruction requires a fundamental computer science foundation and integrates nicely into the junior or senior year of study. Additionally, a typical computer security overview course tends to reinforce previously taught material - particularly in the areas of networks, operating systems, database, software engineering, computer hardware design/architecture, data communications, and artificial intelligence.JDStudies Computer security Curricula Teaching Colleges & universitiesb\Integration of computer security into the software engineering and computer science programs,%Rayford B Vaughn Julian E Boggess III *#The Journal of Systems and Software  Dec 30 1999149-153m49 2,3 This paper presents a role for computer security education in a computer science curriculum and argues that it should become a standard course offering at both the undergraduate and graduate levels of instruction. Computer security instruction requires a fundamental computer science foundation and integrates nicely into the junior or senior year of study. Additionally, a typical computer security overview course tends to reinforce previously taught material - particularly in the areas of networks, operating systems, database, software engineering, computer hardware design/architecture, data communications, and artificial intelligence.JDStudies Computer security Curricula Teaching Colleges & universities,Venkatraman, N.n $1985-86S fJResearch on MIS Planning: Some Guidelines from Strategic Planning Research F)Journal of Management Information Systems 2 & 3 (Winter) "65-77 $Fueling an electronic allianceVice, Patrick A.Canadian Underwriter645 28-309 1997D=It is clear that the 1990s will be known for the growth of the Internet. At the same time, a parallel phenomenon is occurring that is an effect of and a cause for the Internet's growth. Potentially, it may have far greater implications - the development of electronic commerce alliances. The Electric Coffee House has been involved in several projects that demonstrate the potential impact of electronic technologies. Projects in which the company has been involved deal with the issue of certificates of insurance in several ways, using the concept of electronic alliances. Through the ADVice Inc. unit of the Electric Coffee House, it recently became manager of the Electronomics Alliance - a group of 7 suppliers to the insurance industry. The alliance has been hosting roundtable meetings to address specific industry issues.  Electronic commerce | Alliances | Insurance industry | Internet | Projects | Certificates | Computer security | (9172) Canada | (5250) Telecommunications systems | (2310) Planning | (8200) Insurance industry | (5140) Security management | Canada | Electric Coffee House Jr.2000 Kabay1996 Kabay1996 Kahai1990H Kahai1990- Kailar1996 Kailar1996Kalakota1994Kalakota1994 Kaliski1997 Kalman1989xKaminski1999Kaminski1999 Kane1993" Kanell1999 Kanell1999 Kaneshige1996 Kaneshige1996 Kang1996 Kang1996 Karahanna1995s Katz19969[ Katz19969 Katzke1989 Katzke1989y Kaven2000 Kaven2000_ Kazlauskas1986 Kearns1994 Kearns1994zKedrosky2000Kedrosky2000 Keil1995 Kelley19999 Kelley19999{ Kelly1999  Kelly1999# Kelso1999  Kelso1999 Kerr19799 Kerr19799 Kerr19799 Kerr19799 Killcrece2003  Killcrece2003 Kim1996  Kim1996 Kimmins1995  Kimmins1995o King19801 King1984 King1995 King1995 Klein1995 Klete1978U Klopp1990 Klopp1990 Knueven1980 Koblitz1996Kohlberg1978 Kopf1998 Kopf1998| Koppell2000 Koppell2000 Kossakowski2003  Kossakowski2003Kranakis1986}Kranhold2000Kranhold2000 Kraus1979 Krishna1998 Krishna1998 Kujubu1998 Kung19931Kusserow1983~ KUTLER1998 KUTLER1998$ KUTLER1999 KUTLER1999 Kutner1999 Kutner1999 LaBeff1986 LaBeff1986 Labuschagne1993 Labuschagne1993% Laliberte2000 Laliberte2000Landseth1985Landseth1985 Lang1998 Lang1998 Langley1993 Lathrop1990 Lathrop1990 Lavers2000 Lavers2000 Lawton1995 Lawton1995 Lederer1991 Lee1996 Lee1996 Lee1999 Lee1999Leibholz1974p Leitheiser1984 Leming1978b Lending1995V Levi1993 Levi1993 Levi1993 Levi1993 Levitt1995  Levitt1995& Levitt2000 Levitt2000! Levitt2000" Levitt2000 Lewis1995' Lewis2000# Lewis2000 Limayem1995c Lin1996 Lipner1989 Littlefield1993b Littlefield1995 Littwin1996$ Littwin1996 Livingston2000% Livingston2000' LocalGovernmentAuditInspectorate1981 Loch1992& Loch1992 Loch1992w Loch19959 Loch19959p Loch19959q Loch19959 Loch1996 Loch1996 Loch1996 Loeb20010 Loeb20010. Lohr1997' Lohr1997 Lomas1997( Lomas1997WLongmore-Etheridge1997)Longmore-Etheridge1997Lovelace2000*Lovelace2000 Lucas1974 Lucas1991 Ludlow1996 Luker1990b Lund1995lLyytinen19959Macgahan1979/ Machlis19970 Machlis19971 Machlis1997 Machlis1997+ Machlis1997, Machlis1997- Machlis1997. Machlis1997 Madnick1978/ Madnick1978 Madnick1979 Madnick1979 Madnick1979 Madnick1979 Maiwald20010 Maiwald2001 Malik19961 Malik1996y Mambo1998z Mambo1998 Mann19992 Mann1999( Marcial19983 Marcial1998)Maremont19994Maremont1999* Markoff19995 Markoff1999 MARKOFF20006 MARKOFF2000 Marlin19987 Marlin1998Marshall19966~ Marston1992 Marston1992 Martin1973Martinez1996 Mathews1985 Mathus19998 Mathus1999 Matsumoto1993 Matsumoto1993 Matsumoto1996  Matsumoto1996 Mattod20044 Mattod20044 Matyas19822 McAndrews19979 McAndrews1997 McAndrews1999: McAndrews1999" McBride20023McCarthy1997;McCarthy1997McCarthy2000McCarthy2000McCarthy2000<McCarthy2000McCarthy2004 McChesney1997= McChesney1997+ McClure1999> McClure1999 McClure2000 McClure2000? McClure2000@ McClure2000 McConnell2000A McConnell2000McCreary1995UMcCreary1995 McDannell1999 McDermott1980tMcDuffie1992\McDuffie1992 McHugh2000B McHugh2000,McIntosh2000CMcIntosh2000I McKee1997J McKee1997 McKee1997 McKee1997 McLean1977J McLean1995 McMenamin1992 McWilliams1999D McWilliams1999- Mendoza2000E Mendoza2000X Menkus1991F Menkus1991Y Menkus1992G Menkus1992 Merenbloom1996H Merenbloom19964 Messmer1995 Messmer1995I Messmer1995J Messmer1995 Messmer19965 Messmer1997K Messmer1997 Messmer1997 Messmer1998 Messmer19986 Messmer1999999̀ Labuschagne1993 Labuschagne1993% Laliberte2000 Laliberte2000Landseth1985Landseth1985̢ Lang1998 Lang1998̮ Lathrop1990 Lathrop1990 Lavers2000 Lavers2000̣ Lawton1995 Lawton1995 Lee1996 Lee1996 Lee1999 Lee1999V Levi1993̤ Levi1993 Levi1993 Levi1993̥ Levitt1995  Levitt1995& Levitt2000 Levitt2000! Levitt2000" Levitt2000' Lewis2000# Lewis2000 Littwin1996$ Littwin1996 Livingston2000% Livingston2000 Loch1992& Loch1992w Loch19959  Loch19959p Loch19959q Loch19959 Loeb20010 Loeb20010. Lohr1997' Lohr1997̦ Lomas1997( Lomas1997WLongmore-Etheridge1997)Longmore-Etheridge1997Lovelace2000*Lovelace2000/ Machlis19970 Machlis19971 Machlis1997 Machlis1997+ Machlis1997, Machlis1997- Machlis1997. Machlis1997 Madnick1978/ Madnick1978 Madnick1979 Madnick1979 Madnick1979 Madnick1979 Maiwald20010 Maiwald2001 Malik19961 Malik1996y Mambo1998z Mambo1998 Mann19992 Mann1999( Marcial19983 Marcial1998)Maremont19994Maremont1999* Markoff19995 Markoff1999 MARKOFF20006 MARKOFF2000 Marlin19987 Marlin1998~ Marston1992 Marston1992 Mathus19998 Mathus1999̘ Matsumoto1993 Matsumoto1993 Matsumoto1996  Matsumoto1996 Mattod200442 McAndrews19979 McAndrews1997 McAndrews1999: McAndrews19993McCarthy1997;McCarthy1997̅McCarthy2000̿McCarthy2000̜McCarthy2000<McCarthy2000̪ McChesney1997= McChesney1997+ McClure1999> McClure1999 McClure2000 McClure2000? McClure2000@ McClure2000 McConnell2000A McConnell2000McCreary1995UMcCreary1995tMcDuffie1992\McDuffie1992 McHugh2000B McHugh2000,McIntosh2000CMcIntosh2000I McKee1997J McKee1997 McWilliams1999D McWilliams1999- Mendoza2000E Mendoza2000X Menkus1991F Menkus1991Y Menkus1992G Menkus1992̫ Merenbloom1996H Merenbloom19964 Messmer1995 Messmer1995I Messmer1995J Messmer19955 Messmer1997K Messmer19976 Messmer1999Messmer19976 Messmer1999H\BTechnological planning,&Cerullo, Michael J. McDuffie, R. Steve 1992d^Computer Contingency Plans and the Auditors: A Survey of Businesses Affected by Hurricane HugoComputers & Security11 7 (November)620-622oZTComputer security; Contingency planning; Hurricanes; Downtime; Internal auditing; US Hurricane Hugo slammed into Charleston, South Carolina on September 21, 1989. An examination of the effect Hugo had upon companies in the Charleston area and their ability to process significant computer accounting applications indicates that a key element influencing the ability of these companies to process critical accounting applications after a disaster involves their computer contingency plan or their lack of one. Eighteen of the 41 companies that responded to a questionnaire, or 44%, had a computer contingency plan prior to Hurricane Hugo. Three of these companies reported that they experienced no computer downtime as a result of Hurricane Hugo. To minimize the effects of disasters, firms should establish and maintain an effective computer contingency plan. Companies must identify the most suitable plan for their organization, obtain management's commitment to the plan, then implement the plan. The external and internal auditor should be actively involved with all aspects of the computer contingency plan. 200413353281,%Cerullo, Virginia Cerullo, Michael J.>7BUSINESS CONTINUITY PLANNING: A COMPREHENSIVE APPROACH.$Information Systems Management 2004///SummerT213BArticlei 70-78 Auerbach Publications Inc.10580530The risks of business interruption expand as companies become more dependent on information technology (IT) infrastructure. A comprehensive approach to business continuity planning seeks to mitigate against all major business interruptions of business systems. This article analyzes recent national and international surveys to develop insights about the current status of business continuity plans, including perceptions about internal and external information security threats.ABSTRACT FROM AUTHORd^BUSINESS planning CRISIS management DATA protection INFORMATION technology SECURITY managementTY - GEN Accession Number: 13353281; Cerullo, Virginia 1Cerullo, Michael J. 1; Affiliations: 1: Professor, Southwest Missouri State University, Springfield; Source Information: Summer2004, Vol. 21 Issue 3, p70; Thesaurus Term: BUSINESS planningThesaurus Term: CRISIS managementThesaurus Term: DATA protectionThesaurus Term: INFORMATION technologyThesaurus Term: SECURITY management; Number of Pages: 9p; Illustrations: 2 charts, 4 graphs; Document Type: Article L/ 8@Statistical analysisdaStatistical analysis | Studies | (9190) United States | (4300) Law | (5140) Security management | statusD@Stock exchanges United States Data processing Security measures.4.Stock exchanges United States Data processing. Stock pricesStrategic planningdaStrategic planning | Advantages | (5240) Software & systems | (5140) Security management | (2310)d^Strategic planning | Information technology | Foreign subsidiaries | Risk management | ( 2310) Students Studiesdastudies | ( 8120) Retail banking services | ( 5250) Telecommunications systems | ( 5140) Security`\Studies | Organizational behavior | Organizational structure | Corporate culture | Impacts |Summit conferencesSupply & demand SurveillanceSystem design. systemsSystems analysisSystems design Systems design Periodicals.Systems developmentSystems engineering.Systems integrationSystems management@:systems | ( 4310) Regulation | ( 5140) Security managementhesystems | ( 5140) Security management | ( 2310) Planning | ( 9130) Experimental/theoretical treatmentD@systems | (4300) Law | (9130) Experimental/theoretical treatmentTarget markets Task forces Taxation Teaching TechniquesTechnological changeTechnological planning Technology41Telecommunication Security measures United States($Telecommunication Security measures.<7Telecommunication systems Security measures Congresses.PLTelecommunication systems Security measures Government policy United States.0,Telecommunication systems Security measures.$Telecommunication United States82Telecommunication United States Security measures.HBTelecommunications systems | ( 5140) Security management | ( 7500)HBTelecommunications systems | ( 5140) Security management | ( 9110)@Dowden Hutchinson & Ross ; exclusive distributor Halsted Press 1977ix, 142pXQComputers Access control Electronic data processing departments Security measuresS$Walker, Bruce J. Blake, Ian F.(!Tiwana Endnote library-added 7/99e 0879332476Qa76.9 .a25 w3472+Computer security and protection structures, "Stroudsburg, Pa. [New York]s D>Dowden Hutchinson & Ross ; exclusive distributor Halsted Press 1977ix, 142pXQComputers Access control Electronic data processing departments Security measuresS$Walker, Bruce J. Blake, Ian F.(!Tiwana Endnote library-added 7/99eb\GEORGIA FOCUS: Interest diminishes in security stocks DAILY INVESTING REPORT; [Home Edition] Tom Walker2,The Atlanta Journal the Atlanta Constitution Feb 12 2000 D; 66/The shares of computer security stocks that had jumped earlier this week due to the mischief of computer hackers dropped back Friday, including those of ISS Group (ticker symbol ISSX).; Shares of the Atlanta-based security software firm fell $3.68 3/ 4, or about 4 percent, to $88.87 1/2 on turnover of more than 1.6 million shares, or more than double the average daily volume.; Other big gainers prior to Friday's setbacks included SonicWall (SNWL) in Sunnyvale, Calif.; VeriSign (VRSN), Mountain View, Calif.; and Entrust Technologies (ENTU), Plano, Texas.82Security services Securities analysis Stock priceswv,andards, Don't Issue Fiats, High-Tech Chiefs Tell Clinton&By Neil King Jr. David S. CloudnWall Street Journalw Feb 16 2000A4High-tech leaders called on President Clinton to set the standard for Internet security by protecting the government's computer networks butF?Set Standards, Don't Issue Fiats, High-Tech Chiefs Tell Clinton&By Neil King Jr. David S. CloudnWall Street Journalw Feb 16 2000A4High-tech leaders called on President Clinton to set the standard for Internet security by protecting the government's computer networks but warned him against imposing new rules on private industry.; In a 90-minute White House session described by some participants as lively and amiable, Mr. Clinton assured industry participants that he had no intention of meddling in the booming arena of Internet commerce. What is needed, he said, is greater cooperation between industry and government, particularly in the area of increased security and law enforcement. "The only contribution the government made to the Internet was the early research over 30 years ago," Mr. Clinton said, all but vowing to keep the Web "free of government regulation."; In their session with President Clinton, industry executives criticized the government for moving too slowly to protect its own vast computer networks. Most of the administration's multibillion-dollar program to protect the country's critical infrastructure has gone so far into Pentagon or intelligence projects, with little left over for more commonplace computer systems. The government should lead by example and should prepare to spend more to research and develop new high-security technology, the executives told Mr. Clinton.|Internet Computer crime Federal regulation Computer security Electronic commerce Business-government relations Clinton, BillztClinton to Hold Internet Security Summit --- Session Planned for Tuesday Will Involve Executives And Cabinet MembersvpBy Wall Street Journal staff reporters Neil King Jr. Glenn R. Simpson in Washington, Ann Grimes in San FranciscoWall Street Journalo Feb 11 2000A3The White House will convene an Internet-security summit with high-tech industry leaders next week to plot a response to this week's stunning attacks on the Web's most popular sites.; As many as 20 top Internet executives are expected to meet with President Clinton, Attorney General Janet Reno, Commerce Secretary William Daley and National Security Adviser Samuel R. Berger.; The National Security Council has taken the lead in organizing the conference, a sign that the Clinton administration views the attacks as a potential security threat rather than as a nuisance crime or a moderate economic disruption. A week later, the U.S. Chamber of Commerce will host another meeting on hightech vulnerabilities, a closed-door retreat involving more than 100 Internet and technology companies.VPHigh tech industries Summit conferences Computer security Internet Clinton, Bill'g&f%xThe cyberspace riski Anonymous, Rough Notesr 139210 62-63 1996\UHighlights from the talks presented at "Managing Risks in Cyberspace," a seminar sponsor1566091713 (pbk.)k Qa76.9.a25 b33 1995 005.8 Bacard, Andrn$The computer privacy handbookn  Berkeley, CA Peachpit Press 1995xii, 274Computer security. Data encryption (Computer science) Internet (Computer network) Security measures. Computer networks Security measures. Data protection.(!Tiwana Endnote library-added 7/99o,%Badenhorst, Karin P. Eloff, Jan H. P.f 1989\UFramework of a Methodology for the Life Cycle of Computer Security in an OrganizationfComputers & Security8\ 5 (August)433-442BComputer security | Life cycles | Management | Methods | Implementations | Maintenance | ( 5140) Security management | ( 5220) Data processing managementtThe life cycle of computer security is a paradigm to the software development life cycle. A methodology is developed for the introduction, development, and maintenance of computer security within large organizations. The methodology stipulates phases and tasks in chronological sequence to provide a more structured management scheme for controlling costs and schedules and to ensure proper and responsive communications channels among users, auditors, top management, and computer department personnel. The methodology is based on functional computer security levels representing the multidisciplinary concept. The technique consists of 5 phases: 1. initiation, which falls mostly within the organizational arena, 2. the establishment of a computer security policy, 3. risk analysis and project definition, 4. installation, which covers all technological aspects of computer security, and 5. maintenance.,%Badenhorst, Karin P. Eloff, Jan H. P.f 1989\UFramework of a Methodology for the Life Cycle of Computer Security in an OrganizationfComputers & Security8\ 5 (August)433-442BComputer security | Life cycles | Management | Methods | Implementations | Maintenance | ( 5140) Security management | ( 5220) Data processing managementtThe life cycle of computer security is a paradigm to the software development life cycle. A methodology is developed for the introduction, development, and maintenance of computer security within large organizations. The methodology stipulates phases and tasks in chronological sequence to provide a more structured management scheme for controlling costs and schedules and to ensure proper and responsive communications channels among users, auditors, top management, and computer department personnel. The methodology is based on functional computer security levels representing the multidisciplinary concept. The technique consists of 5 phases: 1. initiation, which falls mostly within the organizational arena, 2. the establishment of a computer security policy, 3. risk analysis and project definition, 4. installation, which covers all technological aspects of computer security, and 5. maintenance. C 13.10:800-7oSecurity in open systems Gaithersburg, MD f_U.S. Dept. of Commerce Technology Administration National Institute of Standards and Technologys 1994xv, 284-:3NIST special publication ; 800-7. Computer securitye82Computer security. OSI (Computer network standard)VPBagwill, R. Barkley, John National Institute of Standards and Technology (U.S.),(!Tiwana Endnote library-added 7/99  C 13.10:800-7oSecurity in open systems Gaithersburg, MD f_U.S. Dept. of Commerce Technology Administration National Institute of Standards and Technologys 1994xv, 284-:3NIST special publication ; 800-7. Computer securitye82Computer security. OSI (Computer network standard)VPBagwill, R. Barkley, John National Institute of Standards and Technology (U.S.),(!Tiwana Endnote library-added 7/99 HGzBzF n n mBowen, Ted Smalley 1997.(Firewall Spec to Strengthen Web Security InfoWorld v19n49 Dec 8 1-24Electronic commerce | Computer securitBozman, Jean S 1995Jets and the 'net Computerworld v29n31 Jul 31481Case studies | Aircraft industry | Internet | Information dissemination | Computer security | Systems design | (9190) United States | (9110) Company specific/case studies | (8680) Transportation equipment industry | (5250) Telecommunications systems | (5140) Security management | US | Douglas Aircraft Co|vNOTES: 1 page(s) | English | ISSN: 0010-4841 | Word Count: 00551 -------------------------------------------------------------------------------- ABSTRACT: Douglas Aircraft Co. is developing a new Internet service, which holds the promise of delivering large segments of 40,000-page maintenance manuals for the MD-11 jet to dozens of airlines worldwide by 1988. By September 1995, airline maintenance crews will get their first look at repair bulletins provided by the Internet server, a Hewlett-Packard Co. HP 9000 Model 800 E Unix server and an Oracle 7.1 database. All visitors to Douglas' home page will get basic company information, but those with passwords will be allowed to dive into a deeper level of secure data. The server includes several layers of security, including encryption from Netscape Communications Corp.'s Commerce Server, passwords, and an Internet firewall.Bozman, Jean S 1995Jets and the 'net Computerworld v29n31 Jul 31481Case studies | Aircraft industry | Internet | Information dissemination | Computer security | Systems design | (9190) United States | (9110) Company specific/case studies | (8680) Transportation equipment industry | (5250) Telecommunications systems | (5140) Security management | US | Douglas Aircraft Co|vNOTES: 1 page(s) | English | ISSN: 0010-4841 | Word Count: 00551 -------------------------------------------------------------------------------- ABSTRACT: Douglas Aircraft Co. is developing a new Internet service, which holds the promise of delivering large segments of 40,000-page maintenance manuals for the MD-11 jet to dozens of airlines worldwide by 1988. By September 1995, airline maintenance crews will get their first look at repair bulletins provided by the Internet server, a Hewlett-Packard Co. HP 9000 Model 800 E Unix server and an Oracle 7.1 database. All visitors to Douglas' home page will get basic company information, but those with passwords will be allowed to dive into a deeper level of secure data. The server includes several layers of security, including encryption from Netscape Communications Corp.'s Commerce Server, passwords, and an Internet firewall.IP security protocols Eva BozokiDr. Dobb's Journal Dect 1999 42-55 2412The need to address IPv4's lack of security has prompted the release of a number of standards, protocols, and applications. General-purpose IP protocols, dial-up protocols, and application-oriented protocols are discussed. Computer security ProtocolIP security protocols Eva BozokiDr. Dobb's Journal Dect 1999 42-55 2412The need to address IPv4's lack of security has prompted the release of a number of standards, protocols, and applications. General-purpose IP protocols, dial-up protocols, and application-oriented protocols are discussed. Computer security Protocol:4David A. Bradbard Dwight R. Norris Paramjit H. Kahai 1990>7Computer Security in Small Business: An Empirical Studyn*$Journal of Small Business Management 9-19 HC - Libby:4David A. Bradbard Dwight R. Norris Paramjit H. Kahai 1990>7Computer Security in Small Business: An Empirical Studyn*$Journal of Small Business Management 9-19 HC - Libby<6Security Specialists Valicert and Receipt.com to MergeJEFFREY KUTLERAmerican Bankerv Dec 16 1999 13 1f_Valicert Inc. and Receipt.com, three-year-old companies that have successfully sold their data security specialties to banks and other electronic commerce businesses, announced a definitive merger agreement Wednesday.; The size of the transaction between the privately held Silicon Valley companies was not disclosed. They expect to complete the deal by Dec. 31. Thirty Receipt.com people will join 80 from Valicert under the latter's identity, but without eliminating the brand name of the former's digital receipt technology.; Mountain View, Calif.-based Valicert made a name for itself with its Validation Authority, a system for ascertaining that a digital certificate is valid and not expired or revoked. Valicert has benefited from growing demand for certificates, though this has not blossomed as quickly as many e-commerce industry observers had expected..(Computer security Acquisitions & mergers V B8 cable modem Cable modemscad Capital.CAPITALISTS & financiersCaptive insurance | Internet | Electronic commerce | Risk management | Liability | Computer security | Federal regulation | (9190) United States | (3300) Risk management | (5250) Telecommunications systems | (5140) Security management | (4310) Regulatio Careers Case studiesCase studies | Aircraft industry | Internet | Information dissemination | Computer security | Systems design | (9190) United States | (9110) Company specific/case studies | (8680) Transportation equipment industry | (5250) Telecommunications systems | (Case studies | Firewalls | Internet | Publishing industry | Systems design | (9190) United States | (9110) Company specific/case studies | (5250) Telecommunications systems | (5140) Security management | (8690) Publishing industry | US | Cisco Systems ICentralization Certificates CertificationChief executive officersChief executive officers | Chief information officers | Management training | Organizational behavior | Problem solving | (2500) Organizational behavior | (2120) Chief executive officers | (6200) Training & development | (9175) Western Europe | UKChief financial officersClassified informationClinical sociology Clinton, Bill CloningColleges & universitiesCOMMERCIAL real estate4.Communication Security measures United States. Communication Social aspects.@:communication | Problems | ( 9190) United States | ( 5250)CommunicationsCommunications networkscommunications technologyCommunity banks$!Company specific/case studies | Ud_Comparative studies | Ratings & rankings | ( 9130) Experimental/theoretical treatment | ( 5240) CompetitionComputer aided designComputer algorithms.Computer audits | Computer security | Auditing procedures | Internal controls | Local area networks | (4130) Auditing | (5220) Data processing management | (5140) Security management | (9190) United States | USComputer audits | Computer security | Organizational behavior | Policy making | (4130) Auditing | (5220) Data processing management | (5140) Security management | (2500) Organizational behavior | (9190) United States | US$ Computer contracts United StatesComputer crime Computer crimes United States0,Computer crimes United States Investigation.,)Computer crimes United States Prevention.Computer crimes.($Computer industry Security measures.Computer industry | Distributors | Value added resellers | Market potential | Computer networks | Business growth | Manycompanies | (9190) United States | (8651) Computer industry | (8302) Software & computer services industry | (7000) MARKETING | US | Computer industry | Electronic commerce | Servers | Software packages | Product introduction | (9190) United States | (9000) Short article | (8651) Computer industry | (9120) Product specific treatment | (5230) Hardware | (5240) Software & systems | US Computer industry | Network computers | Minicomputers | Market strategy | Systems integration | (9190) United States | (8651) Computer industry | (7000) MARKETING | US | IBM CorpComputer industry | Product introduction | Software upgrading | Electronic commerce | Servers | Operating systems | (9120) Product specific treatment | (8651) Computer industry | (5240) Software & systems | (9190) United States | US | IBM Corp computer information securityComputer languages$Computer network architectures.Computer networks83Computer networks Law and legislation United States4/Computer networks Security measures Congresses.41Computer networks Security measures United StatesPJComputer networks Security measures United States Handbooks, manuals, etc.82Computer networks Security measures United States. _HoUnited States. Congress. House. Committee on Government Operations. Government Information, Justice, and Agriculture Subcommittee.,xsUnited States. Congress. House. Committee on Government Operations. Legislation and National Security Subcommittee.HDUnited States. Congress. House. Committee on Science and Technology.United States. Congress. House. Committee on Science, Space, and Technology. Subcommittee on Science, Research, and Technology.,lfUnited States. Congress. House. Committee on Science, Space, and Technology. Subcommittee on Science.,}United States. Congress. House. Committee on Science, Space, and Technology. Subcommittee on Technology and Competitiveness.,United States. Congress. House. Committee on Science, Space, and Technology. Subcommittee on Technology, Environment, and Aviation.,United States. Congress. House. Committee on Science, Space, and Technology. Subcommittee on Transportation, Aviation, and Materials.,TQUnited States. Congress. House. Committee on Science. Subcommittee on Technology.@;United States. Congress. House. Committee on the Judiciary.pmUnited States. Congress. House. Committee on the Judiciary. Subcommittee on Courts and Intellectual Property.<9United States. Congress. Office of Technology Assessment.pmUnited States. Congress. Senate. Committee on Governmental Affairs. Permanent Subcommittee on Investigations.@Technology: Top 15 technologies CPAs should know about in 1996 Anonymous,Journal of Accountancy 181c1  25,27+ 1996The American Institute of CPAs information technology division has released its annual list of information technologies and practices that will have the greatest impact on CPAs during the coming year. The following are the technologies that will have the most effect on CPAs during 1996: 1. image processing, 2. electronic data interchange, 3. computer security, 4. electronic commerce, 5. communications technologies, 6. workflow technology, 7. area networks, 8. collaborative computing and groupware, 9. cooperative and client-server computing, 10. intelligent agents, 11. business process reengineering, 12. mail technology, 13. expert systems, 14. quick response, and 15. telecommuting.CPAs | Technological change | Information technology | Effects | (9190) United States | (4110) Accountants | (5250) Telecommunications systems | US | American Institute of Certified Public Accountantsrticular bank is entitled to see.n F?QC100 .U57 no. 800-2 QA76.9.A25 602/.18 s 005.8/2 C 13.10:800-2ePublic-key cryptography5 Gaithersburg, MD LEU.S. Dept. of Commerce National Institute of Standards and Technology  1991ix, 162 :3NIST special publication ; 800-2. Computer security & Computer security. Cryptography.NGNechvatal, James National Institute of Standards and Technology (U.S.),b(!Tiwana Endnote library-added 7/99C,&Captives advised on managing Net risks Zolkos, RoddBusiness Insurance3035 17,20i 1996The Internet offers a broad range of opportunities to captive insurers and other companies, but those wanting to tap the Net also must be aware of potential liabilities and regulatory issues. As with any business activity, however, captive insurers can take steps to manage the risks that might be lurking online. In general, many of these risks could be reduced by taking appropriate precautions. Among them, captive officials should make sure they have a good education program for employees who might be going online. Captive insurance | Internet | Electronic commerce | Risk management | Liability | Computer security | Federal regulation | (9190) United States | (3300) Risk management | (5250) Telecommunications systems | (5140) Security management | (4310) Regulation | US"Risks, rewards of e-business Zolkos, RoddBusiness Insurance 20003 3422As the Internet and intranets change the way companies do business, the answer to the question of whether those changes represent a minefield or a gold mine to the insurance and risk management community may well be "Both." That was the conclusion to be drawn from the comments of industry experts discussing both the risks and opportunities posed by changing technology at last week's annual Harold H. Hines Jr. Memorial Symposium in Chicago. Among the exposures Pamela Rogers, director of risk management for Sears, Roebuck & Co. in Hoffman Estates, Illinois, said she sees accompanying Sears' e-business are: denial of service, computer hackers, order fulfillment and identity theft. Overall, Daniel M. Harris, an information security specialist at Aon's Corp.'s Aon Net Information Security Group, suggested the companies need to view e-business security as a process, rather than a one-time fix.Meetings Technological planning Computer security Electronic commerce Insurance industry Risk management (9190) United States; (3300) Risk management; (8200) Insurance industry; (5250) Telecommunications systems;"Risks, rewards of e-business Zolkos, RoddBusiness Insurance 20003 3422As the Internet and intranets change the way companies do business, the answer to the question of whether those changes represent a minefield or a gold mine to the insurance and risk management community may well be "Both." That was the conclusion to be drawn from the comments of industry experts discussing both the risks and opportunities posed by changing technology at last week's annual Harold H. Hines Jr. Memorial Symposium in Chicago. Among the exposures Pamela Rogers, director of risk management for Sears, Roebuck & Co. in Hoffman Estates, Illinois, said she sees accompanying Sears' e-business are: denial of service, computer hackers, order fulfillment and identity theft. Overall, Daniel M. Harris, an information security specialist at Aon's Corp.'s Aon Net Information Security Group, suggested the companies need to view e-business security as a process, rather than a one-time fix.Meetings Technological planning Computer security Electronic commerce Insurance industry Risk management (9190) United States; (3300) Risk management; (8200) Insurance industry; (5250) Telecommunications systems;X./(0rSu 2T EYxd(ck3ei#367*)8mh+9p0.os;6}9?|AB;y?l,@<v%ZD%JKLC5-P=R~<^IOE*\C$'aR w>\2:bT85_Y-VfqDFt``HG) JIM Naz^f#Ohl{!W$ jPM][ [np"j nna drtsuet.dH wovere ,htre era elaoss ohtrocimgn.sC moapinsem su tilknt ehrib ca-kfoifecs syetsmt oDE Iostfawer ,htnes nyhcorinezp orotocslw ti hhtie rrtdani gaptrensr 'ystsme.sT ehr gidia dnc molpxeX 21f roamstd oon tif tewllw ti hen wpalpcitaoi~}~~|2}~~|2xr3540534334 (Springer-Verlag Berlin, Heidelberg, New York) 0387534334 (Springer-Verlag New York, Berlin Heidelberg)QA76 .L4 no.4340Advances in cryptology--EUROCRYPT '89 : Workshop on the Theory and Application of Cryptographic Techniques, Houthalen, Belgium, April 10-13, 1989 : proceedingsu Berlin ; New Yorkh xr3540534334 (Springer-Verlag Berlin, Heidelberg, New York) 0387534334 (Springer-Verlag New York, Berlin Heidelberg)QA76 .L4 no.4340Advances in cryptology--EUROCRYPT '89 : Workshop on the Theory and Application of Cryptographic Techniques, Houthalen, Belgium, April 10-13, 1989 : proceedingsu Berlin ; New Yorkh Springer-VerlagA 1990 x, 710.'Lecture notes in computer science ; 4340<6Computer security Congresses. Cryptography Congresses.& Quisquater, J. J. Vandewalle, J.(!Tiwana Endnote library-added 7/99pSleeping with the enemyDeborah Radcliff Computerworld Oct 5 1998773240Fred Villella of New Dimensions Inc. hires hackers to teach information security courses to cops, agents and private-sector information technology managers. Hackers' abilities are so hard to find that even some of the Big Six, such as Cambridge Technology Partners, Inc. and KPMG Peat Marwick LLP, are hiring hackers to test systems for clients. There is a glut of open security positions and very few skilled IT people to fill them.hNGHackers Hiring Information technology Computer security Supply & demandnSleeping with the enemyDeborah Radcliff Computerworld Oct 5 1998773240Fred Villella of New Dimensions Inc. hires hackers to teach information security courses to cops, agents and private-sector information technology managers. Hackers' abilities are so hard to find that even some of the Big Six, such as Cambridge Technology Partners, Inc. and KPMG Peat Marwick LLP, are hiring hackers to test systems for clients. There is a glut of open security positions and very few skilled IT people to fill them.hNGHackers Hiring Information technology Computer security Supply & demandnTo much information Radcliff, Deborahn Network Worldf 200055175tCommon vulnerabilities and exposures (CBE) is a cross-referenceing system that will hopefully result in a single, common description for each computer security vulnerability. Already, CVE has drafted common descriptors for 320 potential risks, everything from buffer overflows in Network File System to denial of service in Internet Explorer 4. Every entry gets a number for cross referencing.oComputer networks Computer security Information management (9190) United States; (5240) Software & systems; (5140) Security management;oTo much information Radcliff, Deborahn Network Worldf 200055175tCommon vulnerabilities and exposures (CBE) is a cross-referenceing system that will hopefully result in a single, common description for each computer security vulnerability. Already, CVE has drafted common descriptors for 320 potential risks, everything from buffer overflows in Network File System to denial of service in Internet Explorer 4. Every entry gets a number for cross referencing.oComputer networks Computer security Information management (9190) United States; (5240) Software & systems; (5140) Security management;ollV$Saari, Juhani Parker, Donn B.d 1989\VNew Baseline Methodology in Reviewing Security -- Experiences from the USA and FinlandInformation Age111 19-25Computer security | Methods | Advantages | Controls | Criteria | (5140) Security management | (5220) Data processing management | (9Taming the Internet9Schonfeld, ErickFortunen 135s3|164; European 78 1997xrCheck Point Software Technologies, McAfee Associates, and Security Dynamics Technologies each lead the Internet security market in one niche or another, and all 3 are more tightly integrating the various technologies that help businesses more safely connect to one another and to remote employees, as well as to engage in electronic commerce. Check Point sells more firewalls than anyone else. Public only since June 1996, its estimated 1996 revenues tripled to $30 million, and profits more than doubled to over $13 million. McAfee offers a subscription-like online distribution of its antivirus software. Last year's profits shot up 162%, to $39 million, on revenues of $181 million. Security Dynamics specializes in encryption and authentication, making digital ID cards that authorize access to networks. Last year's net income grew 90%, to $12 million, on sales of $74 million.lfComputer security | Internet | Niche marketing | Business growth | Market potential | Manycompanies | Software industry | Earnings forecasting | (9190) United States | (5140) Security management | (8302) Software & computer services industry | (3400) Investment analysis | US | McAfee Associates | Security Dynamics Inc | Checkpoint Software Technologies Ltd Schuman, Evan 1996(!Better to be 'Net-safe than sorryCommunicationsWeek n594 Jan 29 23-24\Internet | Commercialization | Computer security | Software packages | (9190) United States | (5250) Telecommunications systems | (5240) Software & systems | (5240) Software & systems | US(!NOTES: 2 page(s) | English | ISSN: 0746-8121 ABSTRACT: Users are being forced to implement major security precautions so that potential customers will feel comfortable conducting commerce on the Internet. The first element of a security package is some sort of a firewall around the server. Automated scanning tools that repeatedly try and break into a system are popular. For sites that allow restricted outside access, some kind of authentication software is necessary. A technique exclusively for on-line commerce is a credit intermediary. Schuman, Evan 1996(!Better to be 'Net-safe than sorryCommunicationsWeek n594 Jan 29 23-24\Internet | Commercialization | Computer security | Software packages | (9190) United States | (5250) Telecommunications systems | (5240) Software & systems | (5240) Software & systems | US(!NOTES: 2 page(s) | English | ISSN: 0746-8121 ABSTRACT: Users are being forced to implement major security precautions so that potential customers will feel comfortable conducting commerce on the Internet. The first element of a security package is some sort of a firewall around the server. Automated scanning tools that repeatedly try and break into a system are popular. For sites that allow restricted outside access, some kind of authentication software is necessary. A technique exclusively for on-line commerce is a credit intermediary. g!A zHenthorn, AlexHerbane, BrahimHerbert, MartinHerther, NancyHester, Edward D Hext, J.B. HIAWATHA BRAY, GLOBE STAFFHiggins, Kelly Jackson Hines, MattHirschfeld, RafaelHirschheim, R. A. Hodges, MarkHoffer, Jeffery A.Hoffer, Jeffrey A.Hoffman, DavidHoffman, Donna L.Hoffman, Lance J.Holloway, Christopher JHolzbaur, Helen Hood, Keith LHood, Keith L.HouseHouston H. Carr Houston, J.P. Hovav, AnatHsaio, David K.Hsiao, David K. Huck, S. W.Hulme, George V Husted, BillHusted, Steven L.HCIEEE Computer Society. Technical Committee on Security and Privacy.III, John N BerryIII, Julian E Boggess Imai, HidekiIngemarsson, I.Ingraham, Laura R($Inspectorate, Local Government Audit4/Institute for Computer Sciences and Technology.(#Institute for Law and Justice, Inc.82Institute of Electrical and Electronics Engineers.HBInstitution of Electrical Engineers. Computing & Control Division.@:Institution of Electrical Engineers. Electronics Division.83International Association for Cryptologic Research.\VInternational Federation for Information Processing. Committee on Information Systems.Israel, Robert K. Jacobs, PaulaJacobs, Richard Janah, MonuaJankowitz, Hugo ThomasJanz, Brian D.Jarvenpaa, Sirkka Jenkins, IainJenkins, J GregoryJoachim, David Joch, Alan Johnson, Beda Johnson, P. Jones, A. Jones, ChrisJones, Elizabeth H.Jones, Kevin P.Jones, Thomas W.Jr, Frank J DerflerJr, Wayne L RhodesJr., By Holman W. JenkinsJr., By Neil King85Jr., By Wall Street Journal staff reporters Neil KingJr., George LardnerJr., Neil KingKabay, Michel E.Kahai, Paramjit H.Kailar, RajashekarKalakota, RaviKaliski, Burton S.Kalman, StephenKaminski, Paul G Kane, FrankKanell, Michael E.Kaneshige, ThomasKang, Myong H.Karahanna, ElenaKatz, Andra J.Katzke, Stuart W. Kaven, OliverKazlauskas, Edward John Kearns, JohnKedrosky, Paul Keil, Mark Kelley, H.Kelly, Brian J Kelso, PaulKerr, Douglas S.Killcrece, Georgia Kim, Kwangjo Kimmins, John King, Julia King, W. R. King, WilliamKing, William R.Klein, Heinz-Karl Klete, HansKlopp, Charlotte Knueven, P. Koblitz, NealKohlberg, Lawrence Kopf, DavidKoppell, By Jonathan G.S.Kossakowski, Klaus-Peter Kraemer, K.L.Kranakis, EvangelosKranhold, By KathrynKraus, Leonard I.Krishna, Arvind Kujubu, Laura Kung, Chen-HoKusserow, Richard P.KUTLER, JEFFREYKutner, Joshua ALaBeff, Emily E.Labuschagne, L.Laliberte, Richard7.("Security products flood net marketAnthes, Gary H.n Computerworldg294n61 1995Many vendors recently unveiled a group of products that address encryption, user and data authentication, end-to-end network security, and safe electronic commerce issues. Products include: 1. the ACE/Client for NetWare, a version of its SecurID smart card system, from Security Dynamics Technologies Inc., 2. RSA Secure from RSA Data Security Inc., and 3. the Digital Notary System from Surety Technologies Inc.Data encryption | Smart cards | Computer security | Product introduction | Manycompanies | (9190) United States | (5140) Security management | (5240) Software & systems | USe("Security products flood net marketAnthes, Gary H.n Computerworldg294n61 1995Many vendors recently unveiled a group of products that address encryption, user and data authentication, end-to-end network security, and safe electronic commerce issues. Products include: 1. the ACE/Client for NetWare, a version of its SecurID smart card system, from Security Dynamics Technologies Inc., 2. RSA Secure from RSA Data Security Inc., and 3. the Digital Notary System from Surety Technologies Inc.Data encryption | Smart cards | Computer security | Product introduction | Manycompanies | (9190) United States | (5140) Security management | (5240) Software & systems | USeAnthes, Gary H. 1996In Web E-Trust Computerworld3047 71-72November 18, 1996 Computer security | Licensing | Service introduction | Certification | Electronic commerce | (9190) United States | (5140) Security management | (8302) Software & computer services industry | (7500) Product planning & development | US | Electronic Frontier Foundation | CommerceNeteThe ETrust program - formed by an alliance between Electronic Frontier Foundation and CommerceNet - is a label that will establish consumer trust and confidence in electronic transactions. The program will offer certifications for companies that pass a series of security metrics monitored by the certification candidate and 3rd-party auditors. Certification under the ETrust program carries no ironclad guarantee of conformance to privacy principles, but ETrust said it will randomly audit licensees and respond to users' complaints.Anthes, Gary H. 1996In Web E-Trust Computerworld3047 71-72November 18, 1996 Computer security | Licensing | Service introduction | Certification | Electronic commerce | (9190) United States | (5140) Security management | (8302) Software & computer services industry | (7500) Product planning & development | US | Electronic Frontier Foundation | CommerceNeteThe ETrust program - formed by an alliance between Electronic Frontier Foundation and CommerceNet - is a label that will establish consumer trust and confidence in electronic transactions. The program will offer certifications for companies that pass a series of security metrics monitored by the certification candidate and 3rd-party auditors. Certification under the ETrust program carries no ironclad guarantee of conformance to privacy principles, but ETrust said it will randomly audit licensees and respond to users' complaints.Anthes, Gary H 1997*$'net outsourcing a risky proposition Computerworldo v31n14 Apr 7s 01,74+Internet | Outsourcing | Electronic commerce | Quality of service | (5250) Telecommunications systems | (5120) Purchasing | (5320) Quality control | (9190) United States | USNOTES: Charts | 3 page(s) | English | ISSN: 0010-4841 | Word Count: 00091 ABSTRACT: Several things about the Internet make outsourcing difficult and risky: 1. The technology is changing at an explosive rate. 2. The direction of emerging markets is unclear. 3. A company's strategy for electronic commerce may not be well-defined. Still, some companies, such as First Chicago Trust Co., have turned over to outsiders all things Internet-related. First Chicago uses BBN Planet to host and maintain its 2 Web servers and provide firewall security services. Functions that can be outsourced include Internet connectivity, Web server hosting, firewall security, World Wide Web site development, and content development. When the Chicago Mercantile Exchange outsourced its Web hosting to BBN Planet, it took several steps to ensure quality service. The exchange wrote special monitoring software to ensure that real-time feeds are sent to BBN and are posted correctly. Companies planning to outsource should pay special attention to contract terms.Author: Anthes, Gary H Publication: Computerworld | v31n14 | p. 01,74+ | Apr 7, 1997 | Word Count: 00091 'net outsourcing a risky proposition YOU JUMPED ON the outsourcing bandwagon long ago, farming out data center management, telecommunications, disaster recovery, legacy systems maintenance and a few other things. Now you're getting into the Internet game, so you might as well send that out the door as well, right? Not so fast, some users and outsourcing experts say. There are things about the Internet that make outsourcing difficult and risky: The technology is changing at an explosive rate, the direction of emerging markets is unclear, and your company's strategy for electronic commerce may not be well-defined. Lotsa talk, little walk  Gary H AnthesE Computerworld Sep 21 1998 70-71e3238According to a recent survey, despite statements of strong support for information security by top management, an astonishing number of companies fail to take the most basic steps to protect themselves from hackers, disgruntled employees, and industrial spies. Of the 4,255 IT and information security managers polled, 41% said they do not have formal security policies, and more than 1/2 lack disaster recovery plans. Asked to identify threats, respondents were almost twice as likely to cite hackers as employees, although studies have shown that the majority of security breaches come from inside the company. One way to get management to take information security seriously is to perform penetration testing. It is easy for management to shortchange security in favor of projects such as year 2000, because most companies are not getting hacked. The primary impetus for information security should come from the business unit managers, who own the company's products and services.piPolls & surveys Computer security Security management Technological planning Disaster recovery ManagementtrQXGNHBreach on Web Site of Northwest Air May Rekindle Consumer Security FearsBy Susan CareyWall Street Journalh Jan 10 2000 A22 Disclosure of a security breach -- now rectified -- on Northwest Airlines' Web site could rekindle consumer fears the online travel industry has been successfully dousing: that hackers will gain access to travelers' credit-card numbers, personal information and itineraries.; "People are very jittery about giving credit-card numbers online," said Rex Fritschi, owner of Rex Travel Organization, a Chicago travel agency that has its own Web site. The news about Northwest's problem "will definitely set back" budding confidence in Internet security, at least in the short term, he said. "It certainly puts a cloud over the situation," added David Stempler, president of Air Travelers Association, a Washington advocacy group.; The security breach came to light last week after Northwest sent e-mails to an undisclosed number of its frequent fliers, warning them that their credit-card numbers and personal information were unprotected for a time on the carrier's site because of a programmer's error. The St. Paul, Minn., airline learned in mid-December that a page on its Web site where customers can redeem frequent-flier miles for tickets wasn't secure. The discovery was made when several customers notified Northwest that security icons on their browsers didn't "lock" when they made a transaction.6/Consumer protection Web sites Computer securityNHBreach on Web Site of Northwest Air May Rekindle Consumer Security FearsBy Susan CareyWall Street Journalh Jan 10 2000 A22 Disclosure of a security breach -- now rectified -- on Northwest Airlines' Web site could rekindle consumer fears the online travel industry has been successfully dousing: that hackers will gain access to travelers' credit-card numbers, personal information and itineraries.; "People are very jittery about giving credit-card numbers online," said Rex Fritschi, owner of Rex Travel Organization, a Chicago travel agency that has its own Web site. The news about Northwest's problem "will definitely set back" budding confidence in Internet security, at least in the short term, he said. "It certainly puts a cloud over the situation," added David Stempler, president of Air Travelers Association, a Washington advocacy group.; The security breach came to light last week after Northwest sent e-mails to an undisclosed number of its frequent fliers, warning them that their credit-card numbers and personal information were unprotected for a time on the carrier's site because of a programmer's error. The St. Paul, Minn., airline learned in mid-December that a page on its Web site where customers can redeem frequent-flier miles for tickets wasn't secure. The discovery was made when several customers notified Northwest that security icons on their browsers didn't "lock" when they made a transaction.6/Consumer protection Web sites Computer security.Carley, William M.  1995 \?How Citicorp System was Raided and Funds Moved Around the World1 0Wall Street Journal $A1, A18 .12 September 1995 bFsecurity, EFT fraud, accidental discovery of computer abuse, collusion hLEFT fraud via collusion. Potential $10 million hit was averted by accident. ( Caroll, John  1987 .Computer Securityf  "Boston  ( Butterworths  2nd fRMRed*$Security or privacy? No easy answersPankaj Chowdhry PC Weeka Feb 28 200080179g(!The recent distributed denial-of-service attacks against the Internet make it even more apparent that when major companies were building their Internet presences, they chose quick instead of secure. The current Internet cannot securely and reliably support high-volume electronic commerce.<6Internet Computer security Hackers Electronic commerceNet can't deck the malls -- yet Though shopping on the Internet is expected to double this season, there still; remain the issues of security, service, and good old-fashioned window browsing; [City Edition]Chris Reidy, Globe Staff Boston Globe Dec 6 1998E1PIIn theory, he seems an ideal candidate for hunkering down in front of his personal computer and buying gifts from some trendy electronic commerce retailer like Amazon.com, which bills its World Wide Web site as the world's biggest bookstore.; Macy's, the hallowed department store chain, may offer one blueprint for future success. In June, Macy's mailed out its first catalog, and last month it "relaunched" its Web site. An early Web site sold only 400 items. At the new version of Macys.Com, shoppers can choose from among 150,000 items.; Not only can the Web help Macy's reach new geographic areas, but it will also help Macy's reach out to new demographic groups. Most department store customers range in age from 30 to 50, but on-line shoppers tend to be younger. Macy's hopes its Web site will attract this much coveted younger crowd.Retailing industry Electronic commerce Competition Shopping centers Retail sales Shopping Internet Computer security Customer servicesNet can't deck the malls -- yet Though shopping on the Internet is expected to double this season, there still; remain the issues of security, service, and good old-fashioned window browsing; [City Edition]Chris Reidy, Globe Staff Boston Globe Dec 6 1998E1PIIn theory, he seems an ideal candidate for hunkering down in front of his personal computer and buying gifts from some trendy electronic commerce retailer like Amazon.com, which bills its World Wide Web site as the world's biggest bookstore.; Macy's, the hallowed department store chain, may offer one blueprint for future success. In June, Macy's mailed out its first catalog, and last month it "relaunched" its Web site. An early Web site sold only 400 items. At the new version of Macys.Com, shoppers can choose from among 150,000 items.; Not only can the Web help Macy's reach new geographic areas, but it will also help Macy's reach out to new demographic groups. Most department store customers range in age from 30 to 50, but on-line shoppers tend to be younger. Macy's hopes its Web site will attract this much coveted younger crowd.Retailing industry Electronic commerce Competition Shopping centers Retail sales Shopping Internet Computer security Customer services"Beyond virtual vaccinations Damaris Christensen Science News Jul 31 1999 76-78N 156f5eResearchers are looking to biology for a new model of how to protect computers against unknown viruses, specifically the human immune system. :4Computer viruses Models Immunology Computer security"Beyond virtual vaccinations Damaris Christensen Science News Jul 31 1999 76-78N 156f5eResearchers are looking to biology for a new model of how to protect computers against unknown viruses, specifically the human immune system. :4Computer viruses Models Immunology Computer security FutureIT legal corner9Richard Scott DraughonInformation Executive SepP 19985a2N9EApproximately 60 bills are currently pending in Congress addressing a wide range of information technology issues and concerns. Six bills are pending on the issue of Interent taxation. The issues surrounding encryption are also getting legislative attention.VPInformation technology Bills Data encryption Internet Taxation Computer securityThe Wall Street Journal Millennium (A Special Report): Industry & Economics --- The Domino Effect: It's great being all connected; Until, that is, something goes wrongsBy Yochi J. DreazenWall Street Journal Dec 31 1999R, 38 3HBWithin the next few years, your refrigerator, television and pretty much every other major object in your house will talk to a centralized home computer, as well as to each other. A bevy of hand-held devices will seamlessly share information and access the Web. Most of the software you'll use will reside not on your hard drive but somewhere on the other side of the Internet, where you'll use it for a fee.; "You don't want to have a Y2K {equivalent} every time some idiot runs around and snips a cable or hacks into the network," says Dave Farber, a professor of telecommunications at the University of Pennsylvania and one of the Internet's elder statesmen. "If we're not careful now, you'll be having Y2Ks every six months."; The challenge of designing against, and coping with, deliberate and accidental network breakdowns will define computing and commerce as far into the new millennium as anyone can now see. Among vendors, each new product release will demand a corollary improvement in antivirus technology. In companies and government agencies, network administrators will continually weigh the benefits of seamless integration against the potential for systemwide collapse. And in the laboratory, researchers are studying how the complex interaction of networked local actions may create unintended -- and unwanted -- global results.VPPredictions Future Computer security Series & special reports Year 2000 Internet````HHHHHHHHHHHHG JJJIM   NNNaz^^fffff##lWWWP] [[ppp""Borenstein, Nathaniel S. 19964.Perils and Pitfalls of Practical Cybercommerce Communications of the ACMb396 (June) 36-44tInternet | Electronic commerce | Payment systems | Technological change | Startups | Computer security | Software industry | Case studies | ( 9190) United States | ( 8302) Software & computer services industry | ( 5250) Telecommunications systems | ( 5140) Security management | ( 9110) Company specific/case studies | UFirst Virtual Holdings was formed in early 1994 to facilitate Internet commerce. The first product offering from First Virtual was an Internet payment system, which was developed quietly and publicly announced as a fully operational open Internet service on October 15, 1994. Unlike many other would-be players in the field of Internet commerce, First Virtual chose to announce its payment system only after it was fully operational. In its first year of operation, the company has experienced exponential growth, and it has gained substantial experience with and insight into the nature of Internet commerce. The lessons learned by the First Virtual team during a year of actual operation of an Internet commerce system, as well as what the team sees as prospects for the future, are discussed.Borenstein, Nathaniel S. 1996$[Continued from prior record] Communications of the ACM396 (June) 36-44Internet | Electronic commerce | Payment systems | Technological change | Startups | Computer security | Software industry | Case studies | ( 9190) United States | ( 8302) Software & computer services industry | ( 5250) Telecommunications systems | ( 5140) Security management | ( 9110) Company specific/case studies | UFirst Virtual Holdings was formed in early 1994 to facilitate Internet commerce. The first product offering from First Virtual was an Internet payment system, which was developed quietly and publicly announced as a fully operational open Internet service on October 15, 1994. Unlike many other would-be players in the field of Internet commerce, First Virtual chose to announce its payment system only after it was fully operational. In its first year of operation, the company has experienced exponential growth, and it has gained substantial experience with and insight into the nature of Internet commerce. The lessons learned by the First Virtual team during a year of actual operation of an Internet commerce system, as well as what the team sees as prospects for the future, are discussed. S | First Virtual Holdings Inc 28Mathews, Nancy Irle+ 1985>7College Cheaters in an Educational Intervention Program Baton Rouge, LAo Louisiana State UniversityDoctoral Dissertation9:3Precautions can mitigate legal dangers of Web sites(!Mathus, David L Goldner, Andrew MNational Law Journal Jun 21 1999 C3-C5m2143Developing, launching and maintaining Web sites has become critical to the success of many companies. Attorneys must consider issues concerning privacy, use of technology, and governmental regulation when advising clients on their company Web sites. >8Web sites Attorneys Regulation Privacy Computer security:3Precautions can mitigate legal dangers of Web sites(!Mathus, David L Goldner, Andrew MNational Law Journal Jun 21 1999 C3-C5m2143Developing, launching and maintaining Web sites has become critical to the success of many companies. Attorneys must consider issues concerning privacy, use of technology, and governmental regulation when advising clients on their company Web sites. >8Web sites Attorneys Regulation Privacy Computer securityMcAndrews, James J.\ 1997&Making Payments on the Internet1<6Business Review (Federal Reserve Bank of Philadelphia)Jan/Febt 3-14Electronic commerce | Internet | Computer security | Payment systems | Regulation | (9190) United States | (5250) Telecommunications systems | (5140) Security management | (4310) Regulation | USTo flourish as a marketplace, the Internet needs a means of payment. The challenge is to devise ways to protect against theft while conveying payment information that is recognized as authentic. Most payment services on the Internet use some form of public key/private key encryption, but others safeguard financial information in other ways. With a trusted-3rd-party method of payment, a customer authorizes the trusted 3rd party to make payments on his/her behalf. Another method of payment is digital cash, which is stored on a computer's hard disk and is electronically transferred to a payee. Digital cash systems typically propose to prevent counterfeiting by virtue of the issuer's digital signature on the digital cash, which verifies its authenticity. For the proposed payment systems, issues such as consumer protection, disclosure and assignment of participant liability and privacy are being addressed by regulators and law makers. Recently, the Federal Reserve suggested that stored-value-cards that can store no more than $100 be exempted form the provision of Regulation E, which governs many conventional electronic methods of payment. 644 Levi, Philip 19932+Your PCs Are More Vulnerable Than You Thinkh(!Chief Information Officer Journal}5 4 (March-April)lb\Computer security; Implementations; Factors; Systems management; Back up systems; Procedures<A comprehensive security plan for personal computers (PC) does not have to be threatening or complicated. Security planning can be simplified by concentrating efforts in the areas with the greatest risks: 1. controls and procedures, 2. physical security, 3. data security, and 4. backup security. The first line of defense in a security plan is the establishment of proper internal controls, such as procedure manuals and audit trails. The risk of errors can be reduced by stringent training programs, constant monitoring and updating of internal operating controls, and technological controls. The 2nd line of defense is physical security, which can be assured with a wide variety of products. Securing data against unauthorized use is the 3rd line of defense. This can be accomplished by using multiple levels of passwords and user ID codes that restrict access to bona fide users. The last line of defense is to institute a fail-safe policy that will enable vital company records to be reconstructed. 2 [ 2+Your PCs are more vulnerable than you thinkt Levi, Philip(!Chief Information Officer Journalt5r4 11-13A 1993A comprehensive security plan for personal computers (PC) does not have to be threatening or complicated. Security planning can be simplified by concentrating efforts in the areas with the greatest risks: 1. controls and procedures, 2. physical security, 3. data security, and 4. backup security. The first line of defense in a security plan is the establishment of proper internal controls, such as procedure manuals and audit trails. The risk of errors can be reduced by stringent training programs, constant monitoring and updating of internal operating controls, and technological controls. The 2nd line of defense is physical security, which can be assured with a wide variety of products. Securing data against unauthorized use is the 3rd line of defense. This can be accomplished by using multiple levels of passwords and user ID codes that restrict access to bona fide users. The last line of defense is to institute a fail-safe policy that willComputer security | Implementations | Factors | Systems management | Back up systems | Procedures | (5220) Data processing management | (5140) Security management Levi, Philip 19932+Your PCs Are More Vulnerable Than You Thinkh(!Chief Information Officer Journal}5 4 (March-April)lb\Computer security; Implementations; Factors; Systems management; Back up systems; Procedures<A comprehensive security plan for personal computers (PC) does not have to be threatening or complicated. Security planning can be simplified by concentrating efforts in the areas with the greatest risks: 1. controls and procedures, 2. physical security, 3. data security, and 4. backup security. The first line of defense in a security plan is the establishment of proper internal controls, such as procedure manuals and audit trails. The risk of errors can be reduced by stringent training programs, constant monitoring and updating of internal operating controls, and technological controls. The 2nd line of defense is physical security, which can be assured with a wide variety of products. Securing data against unauthorized use is the 3rd line of defense. This can be accomplished by using multiple levels of passwords and user ID codes that restrict access to bona fide users. The last line of defense is to institute a fail-safe policy that will enable vital company records to be reconstructed. 2 [  Levitt, Jason 1995& Save your money and build a wallInformationweek n519 Mar 20 108sInternet | Computer security | Data integrity | Commercialization | (9190) United States | (5250) Telecommunications systems | (5140) Security management | USNOTES: 1 page(s) | English | ISSN: 8750-6874 ABSTRACT: The Internet is a wild mix of machines and networks that offers plenty of services and data but little in the way of security. That means, for the time being, that companies seeking an online presence have to think in terms of survival, not commerce. Currently, the most popular security approach is a firewall, either a packet filter or an application gateway. The gateways are usually more expensive than packet filters, but they are also more flexible and offer better protection. The basic problem facing Internet commerce today is that once data move onto the Internet the data cannot be guaranteed to arrive where they are supposed to or that incoming data sent via the Internet are from who the data say they are from.-`LLxFFw Ehrlich, L. 1973ZSParticipation in Illegitimate Activities: A Theoretical and Empirical Investigation"Journal of Political Economy81521-564i*$Hack attacks spell $100 mil headache$Elkin, Tobi Gilbert, Jennifer$Advertising Agei 200016717aLast week's attacks on popular Internet sites such as Yahoo!, E*Trade, eBay and Buy.com resulted in frustrating denials of service for millions of consumers. The real costs to sites and advertisers, however, are less clear.tWeb sites Hackers Computer crime Losses Electronic commerce Online sales Computer security Advertisers (5250) Telecommunications systems; (4300) Law; (5120) Purchasing; (7200) Advertising; (9190) United States;*$Hack attacks spell $100 mil headache$Elkin, Tobi Gilbert, Jennifer$Advertising Agei 200016717aLast week's attacks on popular Internet sites such as Yahoo!, E*Trade, eBay and Buy.com resulted in frustrating denials of service for millions of consumers. The real costs to sites and advertisers, however, are less clear.tWeb sites Hackers Computer crime Losses Electronic commerce Online sales Computer security Advertisers (5250) Telecommunications systems; (4300) Law; (5120) Purchasing; (7200) Advertising; (9190) United States;0387178104 (U.S.)5Hf5548.2 .e445 1987e*$Design of office information systems Berlin ; New York. Springer-Verlage 1987vi, 2484"Surveys in computer scienceCVOInformation storage and retrieval systems Business. Office practice Automation.l*$Ellis, Clarence Arthur Naffah, Najah^W87009582 C.A. Ellis, N. Naffah. Bibliography: p. [221]-248. Surveys in computer science9(!Tiwana Endnote library-added 7/99r81Eloff, J. H. P. Labuschagne, L. Badenhorst, K. P. 199381A Comparative Framework for Risk Analysis Methods#Computers & Security12 6 (October)597-603Computer security | Risk assessment | Guidelines | ( 5240) Software & systems | ( 5140) Security management | ( 9150) GuidelinesRisk analysis is a prerequisite not only for the compilation of an information security policy but also for the step-by-step refinement of a policy to define a protection plan for implementation. Any approach to risk management should address the totality of the information technology field. The risk analysis packages currently available should be reviewed to identify the information technology components in the set of countermeasures provided. These components may include networks, environment, and documentation. Risks regarding technological information security, as already defined, include all aspects that have an impact, such as disclosure, modification, unavailability, and destruction. Aspects of risk management include risk identification, risk analysis, risk assessment, risk resolution, and risk moniotring. These concepts are applied using 3 risk analysis methods: 1. the CCTA risk analysis and management methodology (CRAMM), 2. the Los Alamos Vulernability-Risk Assessment (LAVA) system, and 3. Melisa.s81Eloff, J. H. P. Labuschagne, L. Badenhorst, K. P. 199381A Comparative Framework for Risk Analysis Methods#Computers & Security12 6 (October)597-603Computer security | Risk assessment | Guidelines | ( 5240) Software & systems | ( 5140) Security management | ( 9150) GuidelinesRisk analysis is a prerequisite not only for the compilation of an information security policy but also for the step-by-step refinement of a policy to define a protection plan for implementation. Any approach to risk management should address the totality of the information technology field. The risk analysis packages currently available should be reviewed to identify the information technology components in the set of countermeasures provided. These components may include networks, environment, and documentation. Risks regarding technological information security, as already defined, include all aspects that have an impact, such as disclosure, modification, unavailability, and destruction. Aspects of risk management include risk identification, risk analysis, risk assessment, risk resolution, and risk moniotring. These concepts are applied using 3 risk analysis methods: 1. the CCTA risk analysis and management methodology (CRAMM), 2. the Los Alamos Vulernability-Risk Assessment (LAVA) system, and 3. Melisa.s019505850X (alk. paper)0Qa76.9 .c66 c6575 1990$Computers, ethics, and society New York Oxford University Pressm 1990ix, 376.PJComputers and civilization. Computer security. Human-computer interaction.D>Ermann, M. David Williams, Mary B. Gutirrez Carranza, Claudio(!Tiwana Endnote library-added 7/99t}`5106 0070165114 (pbk.)$Tk5105.875.i57 d47 1994 384.3Dern, Daniel P.1& The Internet guide for new users New York  McGraw-HillG 1994 xxvii, 570LE93025649 Daniel P. Dern. Includes bibliographical references (p. 535-537) and index. Ramping up, getting started -- Internet history and technology: a brief introduction -- Internet on a dollar a day: how to get a user account and plug in -- Internet naming and addressing -- Enough Unix to survive as an internet user -- Electronic mail, usenet, remote login, and file transfer: the four basic internet food groups -- Electronic mail: how to exchange messages with other internet users and other exciting things you can do -- Usenet: the bulletin board of the internet -- Remote login with telnet -- Transfering files with FTP -- Navigating the internet -- Internet dashboard: navigating the internet rapids -- Gopher, archie, WAIS, and others: meet the navigators  Finne, Thomas 1998F@The three categories of decision-making and information securityComputers & Security175397-405 1998d]Studies Decision making Computer security Information management Uncertainty Risk Game theoryTMDecision-making can be categorized into 3 levels: decision-making under certainty, risk, and uncertainty. In what category decisions on information security are made is investigated. Recognizing the category in which decisions are made on information security should give support in the decision-making situation. The 4 well-known criteria for making decisions under uncertainty are: 1. the Laplace criterion, 2. the Minimax (maximin) criterion, 3. the Savage Minimax Regret criterion, and 4. the Hurwicz criterion. Game theory can also be referred to as decision-making under uncertainty.s* Fisher, Royalt  1984 8Information Systems Security  0Englewood Cliffs, NJ  * Prentice-Hall iewed to identify the information technology components in the set of countermeasures provided. These components may include networks, environment, and documentation. Risks regarding technological information security, as already defined, include all aspects that have an impact, such as disclosure, modification, unavailability, and destruction. Aspects of risk management include risk identification, risk analysis, risk assessment, risk resolution, and risk moniotring. These concepts are applied using 3 risk analysis methods: 1. the CCTA risk analysis and management methodology (CRAMM), 2. the Los Alamos Vulernability-Risk Assessment (LAVA) system, and 3. Melisa.s019505850X (alk. paper)0Qa76.9 .c66 c6575 1990$Computers, ethics, and society New York Oxford University Pressm 1990ix, 376.PJComputers and civilization. Computer security. Human-computer interaction.D>Ermann, M. David Williams, Mary B. Gutirrez Carranza, Claudio(!Tiwana Endnote library-added 7/99t$The milk mustache of security John Gallant Network Worldm Apr 14 1997481415b[An editorial discusses security, which remains the biggest obstacle to electronic commerce. @9Computer security Electronic commerce Internet EditorialscPeter C. Gardinern1994-95eJCNegligence, Litigation, and Responsibility for Information Security Robert E. Lumbaugh2+Handbook of IS management: 1994-95 Yearbook\ Boston Auerbach 33-46 3rdPeter C. Gardinern1994-95eJCNegligence, Litigation, and Responsibility for Information Security Robert E. Lumbaugh2+Handbook of IS management: 1994-95 Yearbook\ Boston Auerbach 33-46 3rd.(Ashish Garg Jeffrey Curtis Hilary Halper 2003>8Quantifying the financial impact of IT security breaches0*Information Management & Computer Security11 2/37409685227piStudies Network security Internet Information technology Impact analysis Costs Investment Decision making Internet security is a pervasive concern for all companies. However, developing the business case to support investments in IT security has been particularly challenging because of difficulties in precisely quantifying the economic impact of a breach. Previous studies have attempted to quantify the magnitude of losses resulting from a breach in IT security, but reliance on self-reported company data has resulted in widely varying estimates of limited credibility. Employing an event study methodology, this study offers an alternative approach and more rigorous evaluation of breaches in IT security. This attempt has revealed several new perspectives concerning the market reaction to IT security breaches. A final component of the study is the extension of the analysis to incorporate eSecurity vendors and a fuller exploration of market reactions before and after the denial of service attacks of February 2000. The key takeaway for corporate IT decision makers is that IT security breaches are extremely costly, and that the stock market has already factored in some level of optimal IT security investment by companies. [PUBLICATION ABSTRACT]T.(Ashish Garg Jeffrey Curtis Hilary Halper 2003>8Quantifying the financial impact of IT security breaches0*Information Management & Computer Security11 2/37409685227piStudies Network security Internet Information technology Impact analysis Costs Investment Decision making Internet security is a pervasive concern for all companies. However, developing the business case to support investments in IT security has been particularly challenging because of difficulties in precisely quantifying the economic impact of a breach. Previous studies have attempted to quantify the magnitude of losses resulting from a breach in IT security, but reliance on self-reported company data has resulted in widely varying estimates of limited credibility. Employing an event study methodology, this study offers an alternative approach and more rigorous evaluation of breaches in IT security. This attempt has revealed several new perspectives concerning the market reaction to IT security breaches. A final component of the study is the extension of the analysis to incorporate eSecurity vendors and a fuller exploration of market reactions before and after the denial of service attacks of February 2000. The key takeaway for corporate IT decision makers is that IT security breaches are extremely costly, and that the stock market has already factored in some level of optimal IT security investment by companies. [PUBLICATION ABSTRACT]T.'Fear and loathing on the World Wide WebcGarner, Rochelle<6Computerworld | Electronic Commerce Journal Supplement 28-300 1996(!Companies can safely transmit critical business information over the world's interlocking public networks, provided they take the right approach. The first step is to adopt the proper perspective. Cryptography is essential for authenticating users, protecting confidentiality, and ensuring integrity. From it comes encryption, decryption, digital signatures, and digital identifications. A lack of security standardization is keeping some companies, such as American Family Mutual Insurance Co., from taking advantage of the Internet for electronic commerce. To truly understand how to secure Internet transmissions, it is important to know the technology's vulnerabilities. Today, the full promise of global electronic commerce remains unrealized because there is no universal way to verify identity.Computer security | Electronic commerce | Data encryption | Electronic commerce | World Wide Web | (9190) United States | (5250) Telecommunications systems | (5140) Security management | US 0jHamburg, Morrist 1977<5Statistical Analysis for Decision Making. 2nd Edition New York &Harcourt, Brace, and Jovanovich@9Redesigning the Internet: Can It Be Made Less Vulnerable?lBy David P. HamiltonWall Street JournalS Feb 11 2000B1@:BRUCE SCHNEIER is a security expert at Counterpane Internet Security Inc. An article on Friday's Marketplace page incorrectly gave his name as Daniel Schneier. (WSJ Feb. 14, 2000); Other fixes would make it difficult or impossible to forge the "return address" on those packets, making it easier to trace their origin. More draconian measures would strengthen "authentication" services to ensure that both users and servers on the Internet are who they say they are. But that's a step that would reduce or even eliminate the anonymity of Internet users.; The bigger catch is that while individual Internet sites can take some steps to protect themselves, improving security across the network as a whole requires a much broader effort -- one that may well be beyond the capabilities of the Internet organizations now in place.>7Hackers Computer programming Internet Computer security@9Redesigning the Internet: Can It Be Made Less Vulnerable?lBy David P. HamiltonWall Street JournalS Feb 11 2000B1@:BRUCE SCHNEIER is a security expert at Counterpane Internet Security Inc. An article on Friday's Marketplace page incorrectly gave his name as Daniel Schneier. (WSJ Feb. 14, 2000); Other fixes would make it difficult or impossible to forge the "return address" on those packets, making it easier to trace their origin. More draconian measures would strengthen "authentication" services to ensure that both users and servers on the Internet are who they say they are. But that's a step that would reduce or even eliminate the anonymity of Internet users.; The bigger catch is that while individual Internet sites can take some steps to protect themselves, improving security across the network as a whole requires a much broader effort -- one that may well be beyond the capabilities of the Internet organizations now in place.>7Hackers Computer programming Internet Computer securityEditorial cartoont Bruce Hammondb Boston Globe Feb 15 2000 C.4A Bruce Hamond editorial cartoon satirizes the Internet community's bumbling attempt at creating computer security systems that will prevent hackers and "crackers" from disrupting electronic commerce.voHackers Computer security Customer information files Electronic commerce Internet Editorial cartoons -- HackersEditorial cartoont Bruce Hammondb Boston Globe Feb 15 2000 C.4A Bruce Hamond editorial cartoon satirizes the Internet community's bumbling attempt at creating computer security systems that will prevent hackers and "crackers" from disrupting electronic commerce.voHackers Computer security Customer information files Electronic commerce Internet Editorial cartoons -- Hackers(!354063696X (softcover alk. paper)  005.8 Qa76Information and communications security : first international conference, ICIS '97, Beijing, China, November 11-14, 1997 : proceedings New York Springer 1997 x, 484.(Lecture notes in computer science ; 1334\UComputer security Congresses. Telecommunication systems Security measures Congresses. 0*Han, Yongfei Okamoto, Tatsuaki Qing, Sihan(!Tiwana Endnote library-added 7/99 (!354063696X (softcover alk. paper)  005.8 Qa76Information and communications security : first international conference, ICIS '97, Beijing, China, November 11-14, 1997 : proceedings New York Springer 1997 x, 484.(Lecture notes in computer science ; 1334\UComputer security Congresses. Telecommunication systems Security measures Congresses. 0*Han, Yongfei Okamoto, Tatsuaki Qing, Sihan(!Tiwana Endnote library-added 7/99  Bill Hancock 2001@9GTE Employee Admits Guilt in Insider Data Corruption CaseComputers & Security203l 190mlfComputer security Crime 5140: Security management Michael Whitt Ventimiglia, a former IT worker at GTE Corp., faces up to 10 years in prison and a $250,000 fine after he pleaded guilty recently to a charge of intentionally damaging protected computers at a network support center owned by Verizon Communications Inc. Bill Hancock 2001@9GTE Employee Admits Guilt in Insider Data Corruption CaseComputers & Security203l 190mlfComputer security Crime 5140: Security management Michael Whitt Ventimiglia, a former IT worker at GTE Corp., faces up to 10 years in prison and a $250,000 fine after he pleaded guilty recently to a charge of intentionally damaging protected computers at a network support center owned by Verizon Communications Inc.0)The security risks of electronic commerce8Hannaford, Craig S.5Canadian Insurance 101a1u 17-18a 1996A thorough examination of risks is a critical first step before making the move to electronic commerce. MasterCard and Netscape Communications are working together to develop a new system that will ensure security for consumers on the Internet. As companies move into electronic commerce, they will need sound advice and clear guidelines to ensure protection from outside computer criminals or dishonest employees. The first step has to be an assessment of the threats and risks to the organization. This involves listing all the information technology assets and determining what can go wrong and the resulting consequences. Once the security risks are known, a security plan can be developed.Computer security | Technological planning | Insurance industry | Guidelines | Computer networks | Internet | (5220) Data processing management | (5140) Security management | (8200) Insurance industry | (9172) Canada | Canadah<.2+Micro Protection Involves Physical SecurityyBaskerville, Richard Computerworldt 1983Special Report 18t1748In small business microcomputer systems, security is frequently addressed casually. Little attention is paid to such issues as physical security or recovery from failures. However, the security of microcomputer systems revolves around physical security. Even if the system is a desktop unit, it can still be protected. For example, placement of the unit should be in a limited-access area of the office. Many microcomputers' operating procedures fail to back up files with optimum frequency. An estimate should be made of the maximum amount of time that can be expended in recovering from a data destruction incident, and that time period becomes the backup cycle. Desktop microcomputer systems in small businesses should not be allowed to become the ''property'' of one office worker, as this situation is a threat to the integrity of the data in the system. Access to data and programs should be compartmentalized as much as possible.Small business Microcomputers Computer security Back up systems Planning (9520) Small business; (5220) Data processing management; (5140) Security management;0Baskerville, Richard  1988 B&Designing Information Systems Security  *Chichester, UK  & John wiley  Baskerville, Richardm 1991:3Risk Analysis as a Source of Professional Knowledge\Computers & Security10 8 (December)749-764}Computer security | Risk assessment | Reliability | Analysis | Scientific method | Validity | ( 5220) Data processing management | ( 5140) Security management | ( 9130) Experimental/theoretical treatment|u Most severe criticism of computer security risk analysis is founded on a single, positivist, philosophical viewpoint. From this viewpoint, the method lacks objective elementary data points, and its simple statistical decision model fails at least one major test of scientific methods. However, such a method might be scientifically valid as a source for professional knowledge when applied within more appropriate social philosophical frameworks. For example, risk analysis has been, from its earliest descriptions, suitable as an interpretive artifact. The practical implications of these concepts include the importance of experience for practitioners, the ease of misuse, and the danger to the method's validity of naive extensions or adjustments to the original simple method. The practitioner should also recognize the ethical issues raised by the method's communication channel.:3Risk Analysis as a Source of Professional KnowledgeoBaskerville, RichardComputers & Security 1991749-764r108dztMost severe criticism of computer security risk analysis is founded on a single, positivist, philosophical viewpoint. From this viewpoint, the method lacks objective elementary data points, and its simple statistical decision model fails at least one major test of scientific methods. However, such a method might be scientifically valid as a source for professional knowledge when applied within more appropriate social philosophical frameworks. For example, risk analysis has been, from its earliest descriptions, suitable as an interpretive artifact. The practical implications of these concepts include the importance of experience for practitioners, the ease of misuse, and the danger to the method's validity of naive extensions or adjustments to the original simple method. The practitioner should also recognize the ethical issues raised by the method's communication channel.Computer security Risk assessment Reliability Analysis Scientific method Validity (5220) Data processing management; (5140) Security management; (9130) Experimental/theoretical treatment;x 0879422777Qa76.9 .a25 c6678 1992D>Contemporary cryptology : the science of information integrity Piscataway, NJ  IEEE Press 1992xv, 640nTMComputer security. Telecommunication systems Security measures. Cryptography. NHSimmons, Gustavus J. Institute of Electrical and Electronics Engineers.,(!Tiwana Endnote library-added 7/99t*Simon, Herbert  1960 B&The New Science of Management Decision  $New York  0Harper and Brothers PIWhite House Computer-Monitoring Plan Raises Concerns Over Civil LibertiesBy John SimonsWall Street Journalt Jul 29 1999A6The Clinton administration defended a draft proposal for a computer-monitoring system that officials say will protect the nation's critical information infrastructure from foreign and domestic cyberterrorism.; Faced with the year-2000 computer problem and a recent spate of high-profile hacker attacks, the White House is struggling with several plans to address the nation's vulnerability to an economy-crippling information breakdown.; Since late 1997, the administration has grown increasingly concerned with the threat of cyberterrorism or attacks from foreign powers that could hobble the nation's economic infrastructure. In his fiscal-2000 budget, President Clinton asked for $1.45 billion for defense against foreign and domestic cyberattacks, up from $950 million in fiscal 1999.XRComputer security Proposals National security Terrorism Surveillance Clinton, Bill6/Federal Agents, Recruiters Crash Hackers ConfabaBy John SimonsWall Street Journalo Jul 12 1999 A17M Here at the seventh annual convention of computer hackers, known as Defcon, Mr. (Ron) Gula will get as many hackers as possible to poke and prod a network security program he designed. Called Dragon, it detects suspicious hacker activity on computer systems linked to the Internet. An alarm of sorts, it doesn't stop intrusions but alerts computer systems administrators to attempted breakins.; So far, lady luck has smiled on Mr. Gula, a 29-year-old developer who runs Network Security Wizards Inc. of Columbia, Md. He says his program has detected every attempt to pierce the network's digital seal. Some hackers have offered advice on how he might shore up the program even further. "What better place to test my system?" asks Mr. Gula. "I'm going to go home a very happy man."; Defcon is the largest gathering of hackers in the world. This past weekend, the three-day confab drew more than 3,000 hackers and computer fans from as far away as Holland and Japan. At the vast convention center at the Alexis Park Hotel, the mostly male crowd is a mix of young hippies, green-haired punk-rockers, hip-hop kids and khaki-clad corporate types. They attend seminars and panels covering everything from hacking databases built by Oracle Corp. to "Hackers and the Media: A Love-Hate Thing."aD>Computer security Hackers Conventions Professional recruitmentvhv*#How to keep smart buildings runningu Peter Gross$Journal of Property ManagementJul/AugS 1999 44-48644fFor companies and individuals relying on the computer for critical daily tasks, a failure in any one of a number of systems can cause significant business disruption. Using risk management techniques, property managers must establish how much of a building shutdown is acceptable. The manager must be prepared and calculate the liability for a variety of scenarios should they occur. The most frequent cause of disruption to critical building systems is power loss, followed by mechanical system problems and human error. Various devices can be applied to the electrical system to minimize and even eliminate these problems. Redundancy is required not only in the electric systems but is equally important on the mechanical side.lfBuilding automation Computer security Uninterruptible power supply Risk management Property management4.FTC Reviews Privacy Issues at Health Web SitestnBy Wall Street Journal staff reporters Jerry Guidera Glenn R. Simpson in Washington Nick Wingfield in New YorkWall Street Journall Feb 18 2000B6jcAmong the companies contacted by the agency are HealthCentral.com, Emeryville, Calif., and iVillage.com, New York, which have been criticized by a private group for lax privacy protections.; The review was sparked by a scathing review of health-care Web sites late last month by the California Healthcare Foundation. The Oakland-based group asserted that some companies share information with third parties or don't observe their own privacy policies.; HealthCentral President Al Green said the FTC contacted his company late last week to ask a series of technical questions and learn with what third parties the company shares information. Among the third-party companies the agency has asked about is DoubleClick Inc., a prominent Internet advertising agency that also is being investigated by the FTC in what appears to be a separate inquiry into privacy policies.*#Web sites Privacy Computer security4.FTC Reviews Privacy Issues at Health Web SitestnBy Wall Street Journal staff reporters Jerry Guidera Glenn R. Simpson in Washington Nick Wingfield in New YorkWall Street Journall Feb 18 2000B6jcAmong the companies contacted by the agency are HealthCentral.com, Emeryville, Calif., and iVillage.com, New York, which have been criticized by a private group for lax privacy protections.; The review was sparked by a scathing review of health-care Web sites late last month by the California Healthcare Foundation. The Oakland-based group asserted that some companies share information with third parties or don't observe their own privacy policies.; HealthCentral President Al Green said the FTC contacted his company late last week to ask a series of technical questions and learn with what third parties the company shares information. Among the third-party companies the agency has asked about is DoubleClick Inc., a prominent Internet advertising agency that also is being investigated by the FTC in what appears to be a separate inquiry into privacy policies.*#Web sites Privacy Computer security 0306456362"Hv6773 .g8513 1997 364.16/80 Guisnel, Jeanu,%Cyberwars : espionage on the Internetm New York  Plenum Trade 1997 295mComputer crimes. Computer security. Information superhighway Security measures. Internet (Computer network) Security measures. World Wide Web (Information retrieval system) Security measures. Secret service. Intelligence service. Business intelligence.(!Tiwana Endnote library-added 7/99  1998Novell eyes the Web Informationweek n690 Jul 696Software industry | Electronic commerce | Internet | Market positioning | (9190) United States | (8302) Software & computer services industry | (7000) MARKETING | (9000) Short article | US | Novell Ince.'NOTES: 1 page(s) | English | ISSN: 8750-6874 | DUNS #: 03-778-7298 | Word Count: 00346  Janah, Monua 1998Novell eyes the Web Informationweek n690 Jul 696Software industry | Electronic commerce | Internet | Market positioning | (9190) United States | (8302) Software & computer services industry | (7000) MARKETING | (9000) Short article | US | Novell Ince.'NOTES: 1 page(s) | English | ISSN: 8750-6874 | DUNS #: 03-778-7298 | Word Count: 00346 ABSTRACT: Novell is strengthening its NetWare operating system as a platform for Web-based computing and positioning its directory service as an essential tool for building an E-commerce infrastructure. In 1997, Novell shipped BorderManager, which provides proxy, firewall, and virtual private network services. Under CEO Eric Schmidt, the company has accelerated its plans to provide platform-independent network services using server-side Java. TICKER: NOVL Author: Janah, Monua Publication: Informationweek | n690 | p. 96 | Jul 6, 1998 | Word Count: 00346 Novell eyes the Web Headnote: NetWare bolstered as Internet platform Novell has a long way to go before it can call itself a provider of E-business solutions. But it's strengthening its NetWare operating system as a platform for Web-based computing and positioning its directory service as an essential tool for building an E-commerce infrastructure. Novell will provide Netscape's Web server with NetWare 5, due this summer. For the first time, customers will have a full-fledged Web development platform on NetWare. NetWare 5 will ship with a free copy of the Oracle8 relational database, and it will support pure Internet Protocol. Last year, Novell shipped BorderManager, which provides proxy, firewall, and virtual private network services. Novell has also begun selling applications that leverage Novell Directory Services. These products could provide secure E-commerce transactions, with the d