Physical security models, philosophies, and context

This paper presents physical security of a computer facility within the context of a corporate environment. The context is established from several different perspectives. It first presents physical security philosophies and illustrates the philosophies via the Onion and Garlic Models. It defines a process for identifying and describing transition strategies between security levels. Once the models are defined, a Macro View of physical security is presented. This view discusses physical security goals and critical factors such as budget, monitoring and redundancy. With this context established, the Micro View is presented. Its focus is on information technology (IT) facilities that protect centralized or clustered IT resources. A variety of environmental threats, threat agents, and precautions are identified. Questions to help assess the security of off-site storage of backup media are provided. Procedures for establishing the transition strategy to the IT facility, authentication, access control logs, suggestions for handling emergency conditions, and other considerations are enumerated

Using Visual Capabilities to Improve Efficiency in Computer Forensic Analysis

Computer forensics is the preservation, analysis, and interpretation of computer data. Computer forensics is dependent on the availability of software tools and applications. Such tools are critical components in law enforcement investigations. Due to the diversity of cyber crime and cyber assisted crime, advanced software tools are essential apparatus for typical law enforcement investigators, national security analysts, corporate emergency response teams, civil lawyers, risk management personnel, etc. Typical tools available to investigators are text-based, which are sorely inadequate given the volume of data needing analysis in today’s environment. Many modern tools essentially provide simple GUIs to simplify access to typical textbased commands but the capabilities are essentially the same. For simplicity we continue to refer to these as text-based and command-based in constrast to the visualization tools and associated direct manipulation interfaces we are attempting to develop. The reading of such large volumes of textual information is extremely time-consuming in contrast with the interpretation of images through which the user can interpret large amounts of information simultaneously. Forensic analysts have a growing need for new capabilities to aid in locating files holding evidence of criminal activity. Such capabilities must improve both the efficiency of the analysis process and the identification of additionally hidden files. This paper discusses visualization research that more perceptually and intuitively represents file characteristics. Additionally, we integrate interaction capabilities for more complete exploration, significantly improving analysis efficiency. Finally, we discuss the results of an applied user study designed specifically to measure the efficacy of the developed visualization capabilities in the analysis of computer forensic related data

New concepts in password management

Passwords have been used for many years in the security of computer systems. The password mechanism has not changed in recent years and has several inherent security problems. This paper examines several password problems including sniffers, dictionary and brute force attacks. A specific Department of Defense incident is cited to illustrate a method to thwart sniffers followed by several suggestions intended to increase the security of the password process

DEVELOPING AWARENESS OF COMPUTER ETHICS

The most important factor in effective computer security is people -- their attitudes, actions, and sense of right and wrong. This workshop will explore the ethical problems and issues raised in the computing environment. Topics to be discussed include misuse of computers, concepts of privacy, codes of conduct for computer professionals, disputed rights to products, defining ethical, moral, and legal parameters, and what security practitioners should do about ethics. Audience opinions will be wetcome as they will aid in developing ethical standards for the information systems profession

The Role of Quantitative Analysis in the Information Security Systems Development Lifecycle

Today’s numerous Quantitative Analysis (QA) tools have been successfully utilized to solve business problems in diverse applications. However, the application of QA tools in solving information security problems has been sparse. Devising the means and ways to use QA tools in resolving industry-wide security problems has the potential to yield enormous global economic benefit. The purpose of this paper is to explore the use of QA tools as a means of improving the processes involved in the Information Security Systems Development Lifecycle (SecSDL). Information security professionals use the SecSDL as a guide for formulating a comprehensive information security program. The paper examines the fit between QA tools and the processes of the SecSDL. A case application illustrates an example of QA tools applied specifically to risk assessment in the SecSDL

THE WORLD OF DROP-SHIP ETAILING: EFFECTIVE WAY TO USE E-BAY

ABSTRAC