Security Metrics - A Critical Analysis of Current Methods

This paper documents and analyses a number of security metrics currently in popular use. These will include government standards and commercial methods of measuring security on networks. It will conclude with a critical look at some of the problems and challenges faced when using the metrics available today, and also with the development of new metrics

Knowledge Sharing and Customer Relations in Mobility

After the events of September 11, 2001, inadequacies in how government organizations and agencies shared knowledge and communication with defense mission partners became readily apparent. A reasonable U.S. government information technology expectation is the integrated use of mobile phones across organizations and agencies. Yet, it is difficult to meet this expectation, as the provisioning process for mobile devices can be different for each government organization or agency. The Department of Commerce National Institute of Standards and Technology does not set provisioning standards, and organizations and agencies determine policies tailored to their particular needs. Using Schein\u27s theory on organizational culture, the focus of this phenomenological study was to explore the Mobility provisioning process from the experiences of government customer support personnel. Eleven personnel responded to 10 semistructured interview questions derived from the research question. The data were manually transcribed and then coded, arranged, and analyzed using a software tool. Three major themes emerged from the analyzed data: (a) expand communication with customers and leaders, (b) identify policy guidelines, and (c) streamline and centralize the process. Using these themes, recommendations include enhancing communication among stakeholders, provisioners, and Warfighters, soldiers in the field; implementing standardized user policies; and improving cross-organization and cross-agency provisioning processes. Social change actions include increasing mobility provisioning efficiencies among provisioners, which not only saves time and money, but also provides Warfighters with affordable, dependable, and reliable mobile communications systems

Exploring Identity Management at Community Colleges in Texas with Open Access to College Computer Networks

The study addressed the lack of identity management practices in Texas community colleges to identify guest users who access college computers. Guest user access is required by Texas law and is part of the state\u27s mission to bridge the technology gap; however, improper identification methods leave the college vulnerable to liability issues. The purpose of this study was to eliminate or mitigate liabilities facing colleges by creating and using security policies to identify guest users. This study combined the theoretical concepts of Cameron\u27s internal security management model with the external trust models of the Liberty Alliance and Microsoft\u27s Passport software. The research question revolved around the identity and access management framework used by 13 community colleges in Texas to track guest users and the college\u27s ability to protect the college from illegal acts. Using a grounded theory approach, data were collected by interviewing 13 information technology management professionals at the community colleges regarding their security policies and procedures as well as by campus observations of security practices. The results of constant comparison analysis indicate that no universal theory was being used. Only 3 of the 13 colleges tracked guest user access. Reasons for not tracking guest access included lack of financial and technology resources and process knowledge. Based on these findings, the identity management infrastructure theory was recommended for network access control, self-registration, and identity authentication at these colleges and many other colleges. The implications for social change include raising awareness of the risks most community colleges face from network security breaches, regulatory noncompliance, and lawsuit damages that could result from the lack of an identity management process