Tag Archives: Government

Secure Web Browsing Using Lightweight Portable Security

Posted by Steven Swafford on January 22, 2012

Stop for a moment and ask yourself just how safe to do feel when logging into your favorite social network site and at some point in time logging into online banking for example. I am not advocating that social networks fall short in the area of security but the reality is the internet is a dangerous place.

Today’s threats are increasing with each passing day and I would go so far to say that many individuals do not understand nor take the time to properly address security. In fact the Software Engineering Institute at Carnegie Mellon states:

  1. Many users have a tendency to click on links without considering the risks of their actions.
  2. Web page addresses can be disguised or take you to an unexpected site.
  3. Many web browsers are configured to provide increased functionality at the cost of decreased security.
  4. New security vulnerabilities may have been discovered since the software was configured and packaged by the manufacturer.
  5. Computer systems and software packages may be bundled with additional software, which increases the number of vulnerabilities that may be attacked.
  6. Third-party software may not have a mechanism for receiving security updates.
  7. Many web sites require that users enable certain features or install more software, putting the computer at additional risk.
  8. Many users do not know how to configure their web browsers securely.
  9. Many users are unwilling to enable or disable functionality as required to secure their web browser.

Each of these points demonstrate the need for a mechanism that the average person can utilize to reduce the risk across the internet. Going back to the example of online banking, what would you say if you could simply boot off a DVD into a Linux Operating system and protect you credentials? This is entirely possible with Lightweight Portable Security (LPS) which was developed by the United States Air Force.

Lightweight Portable Security

LPS differs from traditional operating systems in that it isn’t continually patched. LPS is designed to run from read-only media and without any persistent storage. Any malware that might infect a computer can only run within that session.

LPS is updated on a regular basis (at least quarterly patch and maintenance releases). Update to the latest versions to have the latest protection.

For those that are not familiar with Linux there is nothing to fear. Go grab yourself a download of Lightweight Portable Security (LPS) and see for yourself just how easy LPS is and protect yourself at the same time.

Books and Whitepapers

Discover how to protect yourself from Firesheep and other Sidejacking attacks! The release of the Firesheep Wi-Fi attack tool has increased awareness among both users and attackers of the inherent insecurity of unprotected HTTP connections. Firesheep allows an attacker connected to the local network to monitor the web sessions of other users on that network. As experts proclaimed in reaction to Firesheep, the best solution to the problem is to use TLS/SSL for all connections to web sites, including the home page. Download ” Protecting Users From Firesheep and other Sidejacking Attacks with SSL” to learn how to avoid these attacks.

The Web Security Challenge: A Competitive Guide to Selecting Secure Web Gateways. In the search for reliable, comprehensive Web security, there is a clear leader. Third-party testing confirms that only Websense Web Security Gateway meets or exceeds industry analyst criteria across nine functional areas including malware protection, data loss prevention, and Web 2.0 threat detection accuracy when tested against competitive products.

Amazon ImageAmazon ImageAmazon ImageAmazon ImageAmazon Image

Stop Online Piracy Act And The Future Of Internet Freedom

Posted by Steven Swafford on January 12, 2012

I thought it was time that I sat down and put to paper so to speak my thoughts about the Stop Online Piracy Act (SOPA). For those of you that know me personally know that I am not a fan of SOPA for many of the reasons that other individuals as well as large technology companies have stated. In short SOPA is entirely to vague and leaves the door open for entirely a nanny state which I am sure you agree will kill the Internet freedoms we enjoy today.

SOPA “explained” by Guardian

Opinion Time

I must say that there are pros and cons that go along with SOPA and of course piracy is a problem and the internet of course helps to enable piracy but the answer is not SOPA in it’s current form. In fact according to ChadRocco, Rep. Lamar Smith refuses to take the concerns and complaints seriously.

Lamar Smith Can't Hear You Art

There are many companies that have voiced opposition to SOPA and the list continues to grow each day. If you wish to see for yourself those who oppose SOPA, the Center for Democracy and Technology has compiled a list that you may want to review to understand the heavyweights who are behind this opposition. Also if you have the time, you will find some very interesting reading with the letters to Congress over SOPA.

So again I believe SOPA is a very bad idea in it’s current stage and like so many other bills surrounding technology that come out of Congress, I fell that Rep. Smith may mean well must one must ask the question is he doing this for the right reasons and does he truly understand the scope of the problem? I think not and in August 2011 another bill at Congress titled Protecting Children From Internet Pornographers Act of 2011 sounds good on the surface but this bill also presents problems in my mind.

Summary

Watch the following video and if you pay attention to the people in the background are uses their tablets and mobile phone while someone is reading the language of the proposed law which reinforces my opion that those involved not only do not understand the technology but choose not to listen when it is being spoken to.

In closing, I leave you with the following question. Is Congress equipped to address and enable laws around piracy to a level that will satisfy the supporters of SOPA without killing the Internet as we know it today? In fact, is the author of SOPA a copyright violator himself?

Financial Industry Modern Day Privacy Policies

Posted by Steven Swafford on November 16, 2011

 

Financial Privacy & Electronic Commerce: Who’s In My Business, this is the question. The financial industry whether banking, investments, or credit card services face an ever changing landscape when it comes to privacy and if they are to safeguard themselves and their consumers a proper plan must be implemented. There are a number of challenges surrounding privacy in terms of data protection, consumer confidence, supplier partnerships, and of course laws and regulations. The financial industry is particularly at risk because of the nature of business as well as the utter amount of transactions and the sizable customer base. Not only does the Internet pose what is likely the single largest risk in the realm of privacy but also traditional communications must accurately address privacy.

To set the stage of what privacy exemplifies the Webster dictionary defines privacy as the quality or state of being apart from company or observation. Now that the definition of privacy is clear, the financial industry must account for laws and regulations in order to both safeguard themselves and their customers. To address privacy it is imperative to establish a policy, which outlines the steps of how a bank manages and shares personal information. Many banks will use personal information to increase partnerships, provide a good or service, or even to assist in protection against fraud and identity theft. At this point, the scope of privacy begins to take form.

Over the years, a business typically used paper-based statements and communications to convey information but modern day, the Internet has improved the legacy business model. While the Internet has not entirely substituted the legacy model, it does offer convince for consumers and at the same time helps to diminish cost for a business, at least in terms of traditional mailers. Of course, the Internet opens the door to hackers who can exploit vulnerabilities as well as take advantage of the population that does not practice concrete security practices. In order to properly address privacy then the financial industry must abide by laws and regulations while also sharing in the responsibility of education for suppliers, partners, and consumers.

This article will take a deeper dive into the financial industry in terms of a comparison and contrast as well as recommendations in the area of change that must occur.

Organization and Mission

The banking industry exists to serve customers from individuals, corporations, and groups. The role of a bank is to facilitate in the end goal of financial freedom and investments. The banking industry also serves a staple in both the United States and global economies that in turn drive a robust need of regulations and laws. Typically, a mission statement may include:

  1. Provides best of breed financial services
  2. Accountability to shareholders and customers

By nature the banking industry is at abundant risk solely due to the utter amount of sensitive data from the customer is enormous. The details of personal information and daily transactions drive stout concerns from customers from both a privacy and security point of view.

Privacy Policy and Laws

The Federal Deposit Insurance Corporation (FDIC) is in place to aid in the protection of the privacy of participants and the overall banking industry. The FDIC commonly provides both high and low level guidance in the area of financial activities and operations, and in other limited circumstances such as where required for law enforcement and public disclosure activities. In addition, the minimum necessary information will be used, except in limited situations specified by applicable law. Other uses and disclosures of financial transactions will not occur unless the customer authorizes them. Customers will have the opportunity to inspect, copy, and amend their privacy elections as required by both existing laws and regulations. Privacy is extremely important within the financial industry. Customers may also exercise the rights granted to them under these same laws and regulations free from any intimidating or punitive acts. The public in general is becoming much more educated and aware of the risk of personal information as well how all facets of business and how they share information, because of this there are two fundamental principles:

  1. Establish both initial and annual privacy policies
  2. Provide a mechanism for customers to opt in or opt out with information sharing

There are established acts that allow banks to share customer information and once such act is the Gramm-Leach-Bliley Banking Modernization Act of 1999. Oddly enough, the Gramm-Leach-Bliley Banking Modernization Act is rooted in a case from Victoria’s Secret. In this case, Representative Joe Barton of Texas felt that his credit union had disclosed his address to Victoria’s Secret even though he had not established a business relationship with Victoria’s Secret. As we turn our attention to the scope of technology and the variety of usage it brings to the table, it becomes apparent that technology helps in everyday life activities but at the same time, this same technology has unmistakably broken down other aspects of privacy.

Policy and Law Changes

Amazon Image The single largest challenge within the financial industry may be how privacy is addressed in terms of business and the end consumers. While there are both modern and historical laws and regulations, they often conflict one another or worse leave open opportunities that are easily exploited or maybe even entirely overlooked. The banking industry as a whole is doing a much better job surrounding privacy but as technology and business partnerships continue to evolve, so does the need to address current policies and laws.

Data collection and sharing has become ever so important in terms of conducting business to the degree that ethics becomes center place. Over two decades ago, four issues of ethics arose from the information age and a new acronym was born called PAPA which calls out privacy, accuracy, property, and accessibility. The challenge is to take all existing laws, whether at state or federal level and balance these laws across the banking industry while keeping in mind the needs of the business and most importantly the customers.

Individual Rights

All consumers must have the right to access, inspect, and copy his or her information within accordance to policy and laws. The banking industry generally must honor these rights, except in certain circumstances when the information may result is a breach of privacy that a spouse or family member is allowed to under applicable laws. Once consumers begin to understand their rights, only then will they be in a better position to both protect them and self-police the banking industry. Of course, this is easier said than done. Most consumers are provided privacy information from the financial vendor in which they conduct business but the information is confusing at best. Stop and consider for a moment the process a consumer undergoes when opening a checking account with a bank. The bank adheres to laws and provides a privacy statement but more often than not, these same privacy statements are written in legal terms rather that common everyday language. The Federal Trade Commission (FTC) plays a vital role between consumers and industries. Overall, the FTC performs as to expectations in terms of consumer protection and one such example is the Fair Information Practice Act of 1997. This act outlines five core principles:

  1. Notice and Awareness
  2. Choice and Consent
  3. Access and Participation
  4. Integrity and Security
  5. Enforcement and Redress
  6. Liability

Should banks not conform to laws and regulations the results it can be disastrous to the industry itself but more importantly it has the potential to destroy personal financial freedoms. For example, Chase Manhattan Bank was charged with selling their customers purchase history and an agreement was reached in 2000 with the New York State Attorney General’s office. There are many other cases, which relate directly to the Chase Bank infraction that driven the need for strong penalties when the area of privacy is violated. To better understand the liabilities surrounding privacy, one must first understand the measures of protection, which may include:

  1. Implement a clean desk practice. Personal Identifiable Information (PII) must be put away if the employee is away from his or her desk throughout the day and PII will be placed in closed and locked drawers or cabinets when the employee is not in the office.
  2. PII in paper format will be destroyed when it is obsolete or is not required to be retained for storage purposes, with shredding the preferred method of destruction.
  3. Limit the substance of PII in conversations with partners and other outside vendors to the required minimum necessary.
  4. Implement reasonable measures to prevent other individuals from overhearing conversations, e.g., using speakerphone only when in a closed office.
  5. Limit remote access to systems to secure methods.

By starting with these five points, the groundwork starts to take shape and a clear understanding of risks begins to bubble up to the surface. As risks are identified and categorized only then can the liability start to be reduced by taking these risks and build out strong policies and procedures. In the case where a bank is conducting business over the Internet, The Federal Reserve Board (FRB) has established guidelines where additional disclosure rules are needed to both protect consumers and reduce the liability of the company in question.

Risk Management

The areas of managing risks are mutual by both the financial industry as well as consumers and each must participate in certain risk management activities to ensure compliance. The business has the greatest responsibility and because of this, there are numerous opportunities when it comes to reducing risk.

  1. Workforce training on the Policies and Procedures
  2. Developing a complaint process for individuals to file complaints
  3. Designing a system of written disciplinary policies and sanctions
  4. Mitigating damages resulting from improper use or disclosure
  5. Retaining copies of its Policies and Procedures, written communications, and actions

Some of these risk management rules require stakeholders to design processes affecting employees under their control.

Complaints

Banks must have an established process to process a person’s complaint about the privacy policies and procedures, practices, and compliance. The resolution of complaints depends on the varying facts and circumstances of the complaint. Examples of viable complaint resolution include:

  1. Educating the consumer
  2. Implementing changes in the policies, procedures, and practices
  3. Providing appropriate training for employees
  4. Issuing new communication materials both to the company and consumers

This process will assist in properly addressing consumer concerns as well as assisting banks in terms of legal obligations.

Security Implications

At the end of the day, privacy is much more than just protecting information. When a bank’s information is breached by hackers or even by the everyday nature of business, the results are extremely damaging. The criminal act of stolen identities is a billion dollar criminal enterprise and it all starts with improper privacy practices. While many countries have defined agencies that oversee privacy, the reality is these same agencies tend to be rooted in existing laws that are outdated or even must advocate the need for new laws.

Conclusion

At this point, the gravity of privacy as applied to both the banking industry and consumers should be a call to action. Banks must make every reasonable effort to protect the privacy rights and interests of consumers in the collection, use, transfer, or retention of information to prevent inappropriate or unnecessary disclosures of information.

In closing, the following is instrumental to continually understanding and measuring privacy concerns. The financial industry must make every reasonable effort to protect the privacy rights and interests of consumers and their partners to include unnecessary disclosures of information. The industry must further comply with all existing laws and regulations. Since technology has become commonplace the online privacy aspect opens another area of concern that warrants a drastic change is regulations. Of course, the challenge is the ever-changing technology landscape that typically drives parties who enact laws to move quickly but often do not fully comprehend the challenges surrounding modern day technology.

References

  1. Burton, R. N. (2000). Discussion of information technology-related activities of internal auditors. Journal Of Information Systems, 14(1), 57. Retrieved from http://www.atypon-link.com
  2. Earp, J., & Payton, F. (2006). Information privacy in the service sector: an exploratory study of health care and banking professionals. Journal Of Organizational Computing & Electronic Commerce, 16(2), 105-122. doi:10.1207/s15327744joce1602_2
  3. FDIC. (2001). Privacy Rule Handbook. Federal Deposit Insurance Corporation (FDIC). Retrieved on November 13, 2011 from http://www.fdic.gov
  4. Hale, R. (2001). Federal privacy regulation of Internet credit card advertising and solicitation. Journal Of Internet Law, 4(7), 16. Retrieved from http://www.aspenpublishers.com
  5. Hoofnagel, C. & Honig, E. (2005). Victoria’s Secret and financial privacy. Retrieved from http://epic.org/privacy/glba/victoriassecret.html
  6. Mason, R. (1986). Four ethical issues of the information age. MIS Quarterly, 10(1), 5-12. Retrieved from http://www.jstor.org
  7. Nilakanta, S., & Scheibe, K. (2005). The digital persona and trust bank: A privacy management framework. Journal of Information Privacy & Security, 1(4), 3-21. Retrieved from http://www.ivylp.com
  8. Warren, A. (2007). Stolen identity: Regulating the illegal trade in personal data in the ‘Data-Based Society’. International Review of Law, Computers & Technology, 21(2), 177-190. doi:10.1080/13600860701492187

Cyber Warfare: Modern Day Threat Tactics

Posted by Steven Swafford on November 6, 2011

The use of technology in both the public and private sectors comes at a cost in terms of risk and security.  Countries adopt technology in every day facets of life and business whether it is financial or military operations, this same technology also serves as a tactical consideration of warfare.  There are a number of possible tactics available to cripple or even decimate an enemy or individual; a few examples include denial of service, data modifications, espionage, or even manipulation of core infrastructure assets, which include electric or nuclear plants.  The possibilities are endless and only limited by the scope of technology employed by the perceived enemy.

Introduction

Amazon ImageThe advent and rapid expansion of technology in modern times has provided an abundant deal of positive impact but at the same time has destabilized the security infrastructure of the United States as well as many other countries.  While current and future battles, at least in the short term, are fought by the Armed Forces, the battlefield of the future will be supported with coordinated cyber-attacks.  Never before in history have countries been attacked by foreign intelligence agencies, enemies of the state, or even activist groups using cyber tactics that occur today.  A number of fundamental day to day services are at risk and while the U.S. Federal Government have begun addressing cyber threats from a military standpoint (CBS News, 2011), the reality is that the infrastructure surrounding economic, public water works, electrical, and nuclear power plants face countless risk.  While it is unclear what role governments are to perform in terms of security in the private sector, it becomes apparent that businesses must make vital investments to ensure proper protections.  If you have any doubts that the infrastructure is at risk, consider for a moment in the time of war when manufacturers are distributing equipment to the military.  If an enemy is successful in taking down a power grid, the results are chilling.  The tactic of attacking infrastructure is not new but the ease of attacking these areas has never been easier.  To combat the problem, it is imperative to understand the threats and ultimately implement and sustain security.

The Cyber Threat

Cyber war is something that the population can only envision or turn to Hollywood for a glimpse into the possibility. In 2007, a movie titled Live Free and Die Hard was released where a small group attacked every aspect of the American economy termed as a “fire sale” which meant every part of infrastructure that make use of technology must be taken down. In theory, this type of attack is completely possible.

Threats are pertinent to both the government and public because of the interdependency of these entities, if one falls victim, the other feels the impact. The Department of Homeland Security determined that anyone attacking infrastructure would have to do so with multiple targets and over time, which in turn would propagate terror and cause the target to respond in a way that could either prevent the attack or even divert attention from another target (Lewis, 2002). Once put into context of how a virus, malware, or even something as basic as access control works, the reality is all of these components can affect a country in an adverse way that in turn ripples thru an infrastructure. In 2003, a virus known as SQL Slammer hit computer systems around the globe and impacted South Korea particularly hard. Because of this virus, South Korea experienced an internet outage that lasted nine hours, affected the citizens, and adversely affected e-commerce transactions (Hinde, 2003). This example must serve as a wakeup call for everyone! Stop for a moment and consider the possible outcome should a foreign state launch a cyber-attack on the United States where the target was air traffic control. The loss of life, impact to the airline industry, and the government would be tremendous and this type of attack is entirely feasible should any aspect of security fail.

Commercial and Government Targets

The Internet, while some would say is really still in the early stages of use, it is evident that over the last two decades over 30 countries have incorporated cyber warfare tactics into military and intelligence operations (Knapp & Boulton, 2006).  For the United States, there have been indications that China has been targeting both military and commercial systems.  Early in 2010, Google released a statement that they were victim of a breach in security by China and as the result; Google suffered theft of intellectual property (Lee, 2010).  Similarly William Mathews (2008) references a Security Review Commission report that stated “China is targeting U.S. government and commercial computers for espionage, and has developed cyber espionage capabilities so advanced that the U.S. may be unable to counteract or even detect the efforts.”  To further outline the where cyber warfare tactics are employed an in-depth study of remote access tools (RAT) perform by McAfee generated a number of interesting points (Alperovitch, 2011).  First, while there were vast amounts of data, the report outlined 71 attacks across a number of governments, technologies, and private sectors.  Not surprisingly, the U.S. has been victimized 10 to 40 times more than any other country.  At this point, the scale of cyber warfare starts to dictates that government bodies and private industry focus much more on security, no matter at what cost.  If cyber security fails to be addressed in a much more aggressive manner, then the alternative is unthinkable.

The Measure of Protection

Now that the groundwork surrounding cyber warfare is defined, as it is essential to understand the risk and it is also equally as important to raise awareness and implement a strong and comprehensive cyber security infrastructure.  There are wide variations of approaches in defining an achievable cyber security program that will place the tools and responsibility directly in the hands of every individual.  The challenges at times may seem insurmountable but persistence and attention to detail will always pay off in the end.  In order to address security there are two fundamental components which are the systems and the personnel.

Personnel Background Checks

The single common thread to any organization are people who make up the business and this is true for both private industry and the government.  In today’s modern age of computers, background checks of personnel becomes tremendously important.  The challenge with this process, while used at a number of governments agencies, is that the process is not typically used in the private sector and the reason may very well come down to cost and time.  At the state and federal level, one would think that everyone would undergo a background check however this is not always the case.  For example, mayors and governors generally do not hold a security clearance and are restricted to intelligence information (Kaiser, 2003).  In the modern brave new world of information technology, local, and foreign threats it is now imperative that any personnel that potentially require access to sensitive informative undergo a proper and complete security check.  Consider for a moment electric companies and what may occur should an individual who desires to bring down a power grid.  While this example may be unlikely, the reality is an organization and the public rely upon the individual performing a particular job.  The upfront cost would always justify security and ensure proper screening of personnel.

Personnel Training

The single largest threat to any organization is the person sitting at the keyboard and this is especially true for government bodies and companies that hold contracts with the government.  Training does not start or end with the before mentioned entities, rather training is imperative in all aspects of business.  As a deeper dive into personnel begins to occur, the numbers that arise begin to be alarming and this data greatly assist in terms of identifying and implementing training opportunities.  To further drive home the risk that personal bring to the organization Cisco (2008) performed a study that produced findings that only 17% of employees never used assets for personal use whereas 63% used assets at a minimum of once a day.  This same study yielded further details in terms or unauthorized access, password use, and physical security.  The hurdle is changing human behavior and the initial step is identification of the risks.  To ensure a training program is successful it takes a variety of measures, which include annual training, management buy-in, and finally being able to adapt to the changing threats.  Should an organization fail to have the expertise in house, there are organizations available that provide assistance such as the Information Technology Essential Body of Knowledge Framework (Conklin & McLeod, 2009).  Any comprehensive security program includes engagement of everyone and by doing so; everyone has a stake in security.

System Controls

Technology itself provides a vast array of opportunity to assist in terms of security and protection but it is also important to understand people manage technology at the end of the day.  System controls make up multiple aspects of technology, which include but are not limited to operating systems, secure coding, access control, and hardware.  Each facet presents its own unique solutions and problems.

Operating Systems

The foundation of every system is the operating system (OS).  The majority of vulnerabilities start at the OS level, (Edwards, 2011) and because of this, the organization is at the mercy of the vendor.  There are steps to lessen the vulnerabilities, which include a strong patch management process as well as establishing a baseline for OS distribution across the organization.  For example, Microsoft Windows by default ships with a number of services enabled that may result in ports being open when they should not.  A concise understanding of the features within an OS will provide for greater security in the end.

Application Security

Many organizations produce custom software to complete a given task.  While software greatly helps in the business process, it does not come without its own risk.  Since the beginning of software development, the problem of code injection has and will continue to be a problem.  While there are many solutions available that they are software based and it may be beneficial to look to hardware as a potential solution (Riley, Xuxian, & Dongyan, 2010) based upon the complexity and nature of the business process to be protected.  In fact, the Open Web Application Security Project (OWASP) produces a Top 10 list of security vulnerabilities and at the top of this list are injection attacks (OWASP, 2010).  Injection attacks come in a variety of options but the most common are structured query language (SQL) attacks because the likelihood of a database being in place is commonplace.

Conclusion

At this point, the gravity of security as applied to both countries and business should be a call to action.  The potential for destruction is obvious and the result may be financial or worse, loss of life.  For example, turning attention to 1945, the United States delivered an atomic payload via an air strike on Hiroshima, Japan, which drove Japan’s surrender of World War II.  Modern day enemies have the capability to launch a similar attack from a remote location with the use of the Internet.  The modern day landscape of warfare continues to evolve and the evidence of these tactics is evident in recent times with cyber-attacks that have been making news and how these vulnerabilities lead to exploits to serve a political and social agenda.

Modern day threat tactics are exploited on a continual basis and tend to evolve more quickly than the solutions.  Because of these threats a comprehensive security model is required that is both network and people centric.  Within this model, the points of interest will fluctuate from organization to organization but the point is to call out all characteristics of business.  As the threat surface begins to be analyzed; only then is it practical to implement both a plan and training to either diminish or in some cases eradicate the threat.

References

  1. Alperovitch, D. (2011). Revealed: Operation Shady RAT. McAfee. Retrieved from http:// www.mcafee.com/
  2. CBS News. (2011). Obama hands military new cyber war guidelines. CBS News. Retrieved on October 26, 2011 from http://www.cbsnews.com
  3. Cisco. (2008). Data leakage worldwide: common risks and mistakes employees make. Cisco. Retrieved from http://www.cisco.com
  4. Conklin, W., & McLeod, A. (2009). Introducing the Information Technology Security Essential Body of Knowledge Framework. Journal of Information Privacy & Security, 5(2), 27-41. Retrieved from http://www.ivylp.com
  5. Edwards, C. C. (2011). Security: the new frontier. Engineering & Technology, 6(5), 80-83. doi:10.1049/et.2011.0508
  6. Hinde, S. (2003). Cyber-terrorism in context. Computers & Security, p. 188. doi:10.1016/S0167-4048(03)00303-1
  7. Kaiser, F. M. (2003). Access to classified information: seeking security clearances for state and local officials and personnel. Government Information Quarterly, 20(3), 213. doi:10.1016/S0740-624X(03)00040-6
  8. Knapp, K. J., & Boulton, W. R. (2006). Cyber-warfare threatens corporations: Expansion into commercial environments. Information Systems Management, 23(2), 76-87. Retrieved from http://www.tandf.co.uk
  9. Lee, M. (2010). Google attack puts spotlight on China’s “red” hackers. Reuters. Retrieved from http://www.reuters.com
  10. Lewis, J. A. (2002). Assessing the risks of cyber terrorism, cyber war and other cyber threats. Center for Strategic and International Studies. Retrieved from http://www.csis.org
  11. Matthews, W. (2008). Chinese Cyber Attacks On Rise: U.S. Report. Defense News. Retrieved from http://www.defensenews.com
  12. OWAP. (2010). OWASP Top 10 Application Security Risks. OWASP. Retrieved from http://www.owasp.org
  13. Riley R, Xuxian J, & Dongyan X. (2010). An architectural approach to preventing code injection attacks. IEEE Transactions on Dependable & Secure Computing, 7(4), 351-365. Retrieved from http://www.computer.org
Pages:123»