A R T I C L E S I A N D I W H I T E   P A P E R S  Part 2

How Vulnerable Is U.S. Infrastructure to a Major Cyber Attack? - Blog post by arshnet of an article by Glenn Derene

Could hackers take down key parts of our infrastructure? Experts say yes. They could use the very computer systems that keep America’s infrastructure running to bring down key utilities and industries, from railroads to natural gas pipelines. How worried should we be about hacking, the new weapon of mass disruption?

(Read Article)

Security News Daily

How to Clean Up an Infected Computer - Sue Marquette Poremba

Cleaning up a computer infected with a virus can be frustrating and a little scary.

Getting rid of the virus is not easy. Doing it by yourself can take hours, and there are times when a malware infection requires professional help.

(Read Article)

Do We Get the IT Security We Deserve? - Jon Collins, Freeform Dynamics

In recent weeks we have run a number of connected "articles" about IT security. In this, the last article in the series, we reflect on security as a whole, and reviewing some of your feedback.

(Read Article)

Proposed Cyber Security Legislation - Kevin Coleman

Amid calls for a comprehensive national strategy on cyber security, as well as stronger government leadership to ensure that security initiatives are implemented effectively, Sen. John D. Rockefeller IV and Sen. Olympia Snowe proposed a sweeping piece of legislation to address this significant and growing threat to the United States. This legislation comes in the wake of attacks on the Pentagon late last year and in the shadow of recent news of massive cyber espionage efforts spanning over 100 countries.

(Read Article)

U.S. Needs New Cybersecurity Leaders to Protect Nation - Commentary by James Jay Carafano and Eric Sayers, UPI Outside View Commentators

Feb. 19 (UPI) -- Efforts to safeguard the U.S. homeland tend to focus solely on the unrealistic task of protecting infrastructure. However, the politically charged "failure is not an option" approach to classify all infrastructure as "critical" is detrimental to prioritizing national security missions.

(Read Article)

Cyber Terrorists Learn How to Take Advantage of Cyberspace - Commentary by James Jay Carafano and Eric Sayers, UPI Outside View Commentators

Feb. 23 (UPI) -- The U.S. government and armed forces need to develop the knowledge, skills and attributes required for cyber-strategic leaders. And that next generation of leaders needs to understand the cyber environment.

(Read Article)

The Underground Economy of Cyberspace - A paper by Sam Curry and Amrit Williams

Online theft costs $1 trillion a year, the number of attacks is raising sharply and too many people do not know how to protect themselves, they said. 2008 was the year when cyber warfare began. It showed that you can bring down a country within minutes. The Law of Malware Probability can be used to implement stronger controls against a dynamic and increasingly hostile threat environment.

(Read Paper - free login required)

Wired

Inside Russia's Hacking Culture - Michelle Delio, March 12, 2001

Security experts were not surprised by the FBI's warning last week that more than 1 million credit card numbers have been stolen from e-commerce websites in the last 12 months by crackers who took advantage of a hole that could have been patched with software that was made available three years ago.

But a bit of intrigue was added to that report: Most of the dirty work was being done by "organized hacking" groups in Russia and the Ukraine.

(Read Article)

The Difference Between Feeling and Reality in Security - Commentary by Bruce Schneier on perceptions related to security

Security is both a feeling and a reality, and they're different. You can feel secure even though you're not, and you can be secure even though you don't feel it. There are two different concepts mapped onto the same word — the English language isn't working very well for us here — and it can be hard to know which one we're talking about when we use the word.

(Read Article)

Best Practices For Protecting Against Viruses, Sypware and Hacking
- Capers Jones

As of 2009 the value of information is approaching the value of gold, platinum, oil and other expensive commodities. In fact as the global recession expands, the value of information is rising faster than the value of natural products such as metals or oil. As the value of information goes up, it is attracting more sophisticated kinds of thievery. In the past hacking and viruses were often individual efforts, sometimes carried out by students and even by high-school students sometimes just for the thrill of accomplishing the act.

However in today's world theft of valuable information has migrated to organized crime, terrorist groups, and even to hostile foreign governments.

(Read Article)

2005 Story About Israeli Computer Hackers - Debkafile

Nine of Israel’s top business executives and 11 heads of three leading inquiry companies – including Modiin Ezrahi - are in custody suspected of complicity in a massive computerized commercial espionage conspiracy.

(Read Article)

Inside the Twisted Mind of the Security Professional - Commentary by Bruce Schneier on what constitutes the security mindset.

"Good engineering involves thinking about how things can be made to work; the security mindset involves thinking about how things can be made to fail. It involves thinking like an attacker, an adversary or a criminal."

(Read Article)

The China Security Threat - Michelle Price, Information Age

Emboldened and supremely ambitious, the ever-formidable Chinese economy undoubtedly presents an exciting emerging prospect in the flattened landscape of globalised commerce. But the proposition is not without significant caveats. Indeed, had China sceptics required any further suggestion that the country’s breathtaking pace of advancement might – at least in some respects – be doing more to indirectly harm Western businesses than to favour them, it has, in recent months, been forthcoming.

(Read Article)

Search Security provides several informative articles regarding security certifications:

SearchSecurity.com guide to information security certifications

The vendor-neutral information security certification landscape

Guide to vendor-specific information security certifications

The site also provides questions and answers about certifications and other security issues.

How to Assess Offshore Data Security - Adam Ely, Information Week

The global IT outsourcing trend shows every sign of continuing, with two-thirds of the 2007 InformationWeek 500 tapping offshore outsourcing. With experience, companies get confident in moving ever-more-sensitive IT or business processing work abroad. One of the foremost concerns for business technology managers is exposing data, so here we provide a broad overview of key areas to watch and delve deeper with offshore partners.

(Read Article)

Computer Forensics Faces Private Eye Competition - Deb Radcliff, Baselinemag.com

Who has the right to probe digital crime? That very question may be the next battleground between the flatfooted private detective of old and the new-age computer sleuth.

(Read Article)

Understanding the Web Browser Threat: Examination of Vulnerable Online Web Browser Populations and the "Insecurity Iceberg"
- Stefan Frei, Thomas Dubendorfer, Gunter Ollmann and Martin May

In recent years the Web browser has increasingly become targeted as an infection vector for vulnerable hosts. Classic service-centric vulnerability exploitation required attackers to scan for and remotely connect to vulnerable hosts (typically servers) in order to exploit them. Unlike these, Web browser vulnerabilities are commonly exploited when the user of the vulnerable host visits a malicious Web site.

(Read Article)

Sun Tzu Art of War in Information Article:
Knowledge Strategies: Balancing Ends, Ways, and Means in the Information Age

- Lieutenant Colonel William R. Fast, United States Army

Information age technologies are changing values and national interests, both of which drive the formulation of national security strategy. The strategy equals ends plus ways plus means paradigm must change. Information age knowledge strategy seeks the ends of cooperative and dynamic competition, uses the ways of network node control and organizational adaptation, and requires the resource means of valued information enhanced by experience in exploiting that information. A successful information age security strategy requires that we balance the ends, ways, and means of knowledge strategies.

(Read Article)

(Articles and White Papers, Part 1)

 

The sharing of knowledge among security professionals is vital to helping everyone stay ahead of developing threats.