27 research outputs found
Recommended from our members
Physical security models, philosophies, and context
This paper presents physical security of a computer facility within the context of a corporate environment. The context is established from several different perspectives. It first presents physical security philosophies and illustrates the philosophies via the Onion and Garlic Models. It defines a process for identifying and describing transition strategies between security levels. Once the models are defined, a Macro View of physical security is presented. This view discusses physical security goals and critical factors such as budget, monitoring and redundancy. With this context established, the Micro View is presented. Its focus is on information technology (IT) facilities that protect centralized or clustered IT resources. A variety of environmental threats, threat agents, and precautions are identified. Questions to help assess the security of off-site storage of backup media are provided. Procedures for establishing the transition strategy to the IT facility, authentication, access control logs, suggestions for handling emergency conditions, and other considerations are enumerated
Using Visual Capabilities to Improve Efficiency in Computer Forensic Analysis
Computer forensics is the preservation, analysis, and interpretation of computer data. Computer forensics is
dependent on the availability of software tools and applications. Such tools are critical components in law enforcement
investigations. Due to the diversity of cyber crime and cyber assisted crime, advanced software tools are essential
apparatus for typical law enforcement investigators, national security analysts, corporate emergency response teams,
civil lawyers, risk management personnel, etc.
Typical tools available to investigators are text-based, which are sorely inadequate given the volume of data needing
analysis in today’s environment. Many modern tools essentially provide simple GUIs to simplify access to typical textbased
commands but the capabilities are essentially the same. For simplicity we continue to refer to these as text-based
and command-based in constrast to the visualization tools and associated direct manipulation interfaces we are
attempting to develop. The reading of such large volumes of textual information is extremely time-consuming in
contrast with the interpretation of images through which the user can interpret large amounts of information
simultaneously. Forensic analysts have a growing need for new capabilities to aid in locating files holding evidence of
criminal activity. Such capabilities must improve both the efficiency of the analysis process and the identification of
additionally hidden files.
This paper discusses visualization research that more perceptually and intuitively represents file characteristics.
Additionally, we integrate interaction capabilities for more complete exploration, significantly improving analysis
efficiency. Finally, we discuss the results of an applied user study designed specifically to measure the efficacy of the
developed visualization capabilities in the analysis of computer forensic related data
Recommended from our members
New concepts in password management
Passwords have been used for many years in the security of computer systems. The password mechanism has not changed in recent years and has several inherent security problems. This paper examines several password problems including sniffers, dictionary and brute force attacks. A specific Department of Defense incident is cited to illustrate a method to thwart sniffers followed by several suggestions intended to increase the security of the password process
DEVELOPING AWARENESS OF COMPUTER ETHICS
The most important factor in effective computer security is people -- their attitudes, actions, and sense of right and wrong. This workshop will explore the ethical problems and issues raised in the computing environment. Topics to be discussed include misuse of computers, concepts of privacy, codes of conduct for computer professionals, disputed rights to products, defining ethical, moral, and legal parameters, and what security practitioners should do about ethics. Audience opinions will be wetcome as they will aid in developing ethical standards for the information systems profession
Recommended from our members
The Role of Quantitative Analysis in the Information Security Systems Development Lifecycle
Today’s numerous Quantitative Analysis (QA) tools have been successfully utilized to solve business problems in diverse applications. However, the application of QA tools in solving information security problems has been sparse. Devising the means and ways to use QA tools in resolving industry-wide security problems has the potential to yield enormous global economic benefit. The purpose of this paper is to explore the use of QA tools as a means of improving the processes involved in the Information Security Systems Development Lifecycle (SecSDL). Information security professionals use the SecSDL as a guide for formulating a comprehensive information security program. The paper examines the fit between QA tools and the processes of the SecSDL. A case application illustrates an example of QA tools applied specifically to risk assessment in the SecSDL