-
Apply Countermeasures to Protect IT Security Now (August 2002)
Many IT managers worry about the vulnerability of their systems, but their attempts to improve protection are often hampered by budgetary and administrative concerns. Any security measure will inconvenience users and the organization to some degree. Past ineffectiveness of protective applications often results in a cynical user community and a hard sell to management when attempts are made to add new security protection.
August, 2002
-
Prudence Calls for Delaying Public Key Infrastructure Implementation (Jan 2002)
The events of September 11 and afterward have increased pressure on managers to provide better protection for IT systems and networks. One protective candidate that has received a lot of press over the last several years is public key infrastructure (PKI). PKI offers strong protection for information while at the same time providing reassurances that only authorized individuals participate in transactions. The potential of PKI is what keeps it perennially in the media's attention, but the unpleasant realities of using the technology remain a stumbling block.
May, 2002
-
FTC “Operation Detect Pretext” (Apr 2001)
The staff of the Federal Trade Commission's Division of Financial Practices announced in January 2001 the beginning of "Operation Detect Pretext," an effort to protect consumers from firms that obtain their customer information under false pretenses--a practice known as "pretexting."
May, 2002
-
Computer Economics Joins the National Cyber Security Alliance (Apr 2002)
The National Cyber Security Alliance, a unique partnership between the federal government and leading private sector companies, continues to gain momentum. The Allianceâs Stay Safe Online Campaign website, www.staysafeonline.info, has received over 2 million hits since its launch in February 2002.
May, 2002
-
Security Management Update
The importance of managing information systems as well as corporate security has been highlighted by the terrorist attacks of 2001. Computer Economics has been consistently reporting on significant research on security management and the perspectives of managers, security professionals, and consumers on security issues. The following studies and events have occurred over the last few months.
April, 2002
-
Security Awareness Is Low (April 2002)
PentaSafe Security Technologies has published its 2002 Security Awareness Index (SAI) Report based on results from a free online survey, designed to measure organizationsâ information security awareness. Analyzing responses from 583 companies and 1,350 individual employees worldwide, the 2002 SAI Report indicates that 23% of security officers consider their organizationâs security awareness as dangerously inadequate, while an additional 44% consider their security awareness inadequate. Nearly 6 out of 10 employees who have taken the survey score, on average, only a D or unsatisfactory grade when it comes to appropriate security awareness and behavior.
April, 2002
-
Global Tensions Heighten IT Security Awareness (March 2002)
The war on terrorism has increased anxiety throughout the U.S. Not the least concerned are managers and users of IT systems. Numerous statistics show that this concern is well placed, but the source of attacks on IT systems is more likely to be domestic than foreign. Company employees, not hackers on the Internet, have caused the largest financial losses from security breaches. This fact should not be interpreted as recommending minimizing protecting against exterior security invasions but rather that good security must consider all potential points of attack.
March, 2002
-
Financial Impact and Background Information on Distributed Denial of Service Attacks
In early February 2000, seven top e-commerce websites in the private sector were attacked by distributed denial of service (DDoS) intrusions, resulting in a $10.6 million loss in unrealized revenues from sales and advertising. From our analysis of Securities and Exchange Commission (SEC) filings and Media Metrix data, we estimate that in a reporting quarter, there are 75 high-volume days. We estimate that DDoS attacks cost the e-commerce sites 24 hours worth of high-volume revenues.
March, 2002
-
How to Report Internet and Computer-Related Crimes (Jul 2000)
Internet and computer-related crimes should be reported to appropriate law enforcement investigative authorities at the local, state, federal, or international level.
March, 2002
-
Biometric Security Moves Into the Real World
No system administrator wants to admit the vulnerability of IT systems protected merely by passwords. The need to protect valuable, proprietary information systems against unauthorized access is encouraging a number of organizations to introduce biometric security measures. This short report outlines six types of biometric security systems. (3 pp, 2 figs.)
March, 2002
-
Internet Security Rises to No. 2 Concern in Annual Pinkerton Study (Sep 2000)
Workplace violence is considered the most significant security threat to American business, according to a seventh annual Pinkerton survey completed by 286 corporate security professionals. The second most important security concern identified by the survey is the potential threat to Internet sites and computer networks. This concern jumped to second place this year from seventh last year. The study "Top Security Threats and Security Issues Facing Corporate America" was completed in May 2000 and identified the following top 10 security threats.
March, 2002
-
FTC Cupcake Party Nabs Mousetrapping Scammer
A cyberscammer who used more than 5,500 copycat Web addresses to divert surfers from their intended Internet destinations to one of his sites and hold them captive while he pelted their screens with a barrage of ads was charged by the Federal Trade Commission with violating federal laws. At the request of the FTC, a U.S. District Court enjoined his activities pending further order of the court. The FTC is going to court to force the defendant to give up his ill-gotten gains.
March, 2002
-
Build a Security Conscious Organization
Based on Computer Economics projections, computer crime will grow by an estimated 230 percent during 2001. Similar trends are expected with Internet fraud. All IT managers would agree that securing their IT resources is a necessity, but many are not willing to commit to the continual effort required.
February, 2002