INFOSEC MANAGEMENTThis section includes papers from a variety of sources that bear
on the management of information security.
|
|
ACM Ubiquity ArticlesThese articles for computing professionals appeared in the Ubiquity series edited by John Gehl and Suzanne Douglas for the Association of Computing Machinery from 2000 through 2008. Video ReviewsThis section include page-long summaries and evaluations of some excellent awarness and training films available on CDs and DVDs from various sources. Backups HTML PDFConsolidated 20 articles originally published in Network World Security Strategies newsletter. Botnet Response: Why Inadequate? HTML PDFResearch student Akshay Awasthi asked me a question for his research paper and I have posted my answer here. Caller-ID Spoofing in Robocalls: How Telcos can Stop It. HTML PDFCareers In Information Security: HTML PDFCloud Storage: The Risks and Rewards HTML PDFExcellent review article by Jérémy Legendre -- originally his term paper for the IS340 Introduction to Information Assurance course in Fall 2012. Mildly edited by Mich and posted with permission of the author. Computer Security Incident Response Team Management HTML PDFHow to set up and run an effective CSIRT. CYBER OPSEC ZIPProtecting Yourself Online. Interagency OPSEC Support Staff materials (public domain) from 2010. ZIP archive (2.4GB) contains contents of the DVD for installation. See the description file (PDF). Developing Security Policies HTML PDFChapter 44 from the Computer Security Handbook, 4th Edition (CSH4) reviews methods for developing security policies in specific organizations. It was later updated to become Chapter 66 of the CSH5. DISA TRAINING MATERIALSThe Defense Information Systems Agency (DISA) stopped producing the excellent training CD-ROM "Computer Incident Response Team Management" in 2007. In response to my enquiry about providing the CD-ROM to MSIA students enrolled in the CSIRTM Elective, someone from DISA with a bit of gender confusion about me caused by my name responded "Dear Ms Kabay, / Thank you for your interest! However we discontinued that product, CIRT Management, just recently. We do have a few copies may have kept on hand, if you want a copy, then you can make copies of it for your students. There is no charge for our products. . . ."* The same lack of restrictions applies to all of the following public-domain, US-government-created CD-ROM contents from DISA which I have ZIPped up for you. Feel free to download the ZIP files and install them to disk. Use the README files or click on the appropriate start file for instructions on installation of the specific title. May be freely copied and distributed on condidion that there is no charge and that no data are modified in any manner. _____________________
E-discovery, Privacy, and Cybersecurity LawWith thanks to Billy Adams for the link. End of Passwords, The HTML PDFWhy I hate passwords as a method for authentication. English in China MP3The Bus Driver and the Tour Guide were Not What They Seemed: A cautionary tale from a trip to the People's Republic of China in 1994. (2 MB sound file) Eternity in Cyberspace HTML PDFLong-term persepectives on backup media.. Facilities Security-Audit Checklist HTML PDFQuestions to help you evaluate the security of your building.
How Telcos Can Stop Caller-ID Spoofing in Robocalls HTML PDFHow to block robocalls using spoofed IDs. INFORMATION ASSURANCE: Legal, Regulatory, Policy, and Organizational Considerations, 4th Edition. PDFWhite Paper on the Clinton Administration's Policy on Critical InfrastructureProtection: Presidential Decision Directive 63, May 1998.535 pp. Appendices, Indices. Published by United States Joint Chiefs of Staff, August 1999. Identification, Authentication and Authorization on the World Wide Web HTML PDFThis white paper appeared in 1997 as part of the ICSA (International Computer Security Association) [previously National Computer Security Association and later TruSecure and then CyberTrust] Web site. This version has a few updates to the identifying information (e.g., removing and old e-mail address) but is otherwise as originally written (and thus now out of date). This later became the basis of an evolving chapter in the Computer Security Handbook editions from Wiley. Identity Theft Resource Center Advice for 2010 PDF10 practical measures you can take to reduce the likelihood of successful identity theft and the nightmare of recovering from the damage to your finances and reputation. With thanks to the ITRC for their excellent work and permission to distribute their document. Implementing Computer Security: If Not Now, When? HTML PDFThis little paper reviews key threats to information and urges managers not to wait in developing and implementing security policies. ITAR Sticks Users with Unfair Encryption Restrictions HTML PDFIn 1993, Phil Zimmermann and others were being harrassed for violating the International Traffic in Arms Regulations (ITAR) because strong cryptography was being shared across international boundaries. This Network World Security Perspectives article was one of many attacks on the policy. NCSA Guide to Enterprise Security PDF1996 textbook I wrote .(ISBN 0-07-033147-2). xii + 383. Index. Net Present Value of Information Security HTML PDFThoughts about ways of presenting information security as more than just loss-avoidance. This paper was later published with additions by colleagues Karen Worstell and Mike Gerdes of AtomicTangerine and published on the now-defunct SecurityPortal Web site. Over the years I have added to my original version with corrections and updates. Passwords HTML PDFCompilation of articles on passwords originally published in Network World Security Strategies. Personnel Management and INFOSEC HTML PDFHiring, management and firing with an eye to information assurance. Later became a chapter in the Computer Security Handbook, 4th Edition and then in the 5th edition. Preparing for Pentests PDFPractical advice to avoid wasting resources or ending up in jail. Preparing for the Next Solar Max PDFSolar storms threaten the critical infrastructure. Get ready. Protecting Your Reputation in Cyberspace HTML PDFThis paper looks at how we can use e-mail and other electronic communications responsibly and professionally. It is intended to provide useful information for corporate INFOSEC awareness programs. Securing Your Business in the Age of the Internet HTML PDFFive pages this time to convince your bosses to pay attention to INFOSEC. Security on a Budget HTML PDF
|
|