Managing network security: Time-based security

Over the last few years, computing has changed to an almost purely networked environment, but the technical aspects of information protection have not kept up. As a result, the success of information security programmes has increasingly become a function of our ability to make prudent management decisions about organizational activities. This series of articles takes a management view of protection and seeks to reconcile the need for security with the limitations of technology.     

信息安全与网络安全关系辨析

随着科学技术和网络信息技术的飞速发展,越来越多的网络信息安全问题逐渐出现.本文主要研究了网络信息安全和网络安全之间的关系,并且对如何创造安全的网络环境提出了几点建议.     

Managing network security: Simulating network security

Computing operates in an almost universally networked environment, but the technical aspects of information protection have not kept up. As a result, the success of information security programmes has increasingly become a function of our ability to make prudent management decisions about organizational activities. Managing Network Security takes a management view of protection and seeks to reconcile the need for security with the limitations of technology.     

主流操作系统安全性分析及安全策略

随着全球信息化时代的来临,使用互联网办公和娱乐的人越来越多,但人们对网络操作系统的安全意识却相对薄弱。操作系统是计算机系统运行的基础,也是构筑网络信息系统的基础。该文对主流操作系统进行了对比分析,并提供了几种操作系统安全策略。     

A security evaluation framework for cloud security auditing

Cloud computing is clearly one of today’s most enticing technologies due to its scalable, flexible, and cost-efficient access to infrastructure and application services. Despite these benefits, cloud service users (CSUs) have serious concerns about the data security and privacy. Currently, there are several cloud service providers (CSPs) offering a wide range of services to their customers with varying levels of security strengths. Due to the vast diversity in the available cloud services, from the customer’s perspective, it has become difficult to decide which CSP they should use and what should be the selection criteria. Presently, there is no framework that can allow CSUs to evaluate CSPs based on their ability to meet the customer’s security requirements. We propose a framework and a mechanism that evaluate the security strength of CSPs based on the customer’s security preferences. We have shown the applicability of our security evaluation framework using a case study.     

Computer security

A strong factor in the early development of computers was security – the computations that motivated their development, such as decrypting intercepted messages, generating gunnery tables, and developing weapons, had military applications. But the computers themselves were so big and so few that they were relatively easy to protect simply by limiting physical access to them to their programmers and operators. Today, computers have shrunk so that a web server can be hidden in a matchbox and have become so common that few people can give an accurate count of the number they have in their homes and automobiles, much less the number they use in the course of a day. Computers constantly communicate with one another; an isolated computer is crippled. The meaning and implications of “computer security” have changed over the years as well. This paper reviews major concepts and principles of computer security as it stands today. It strives not to delve deeply into specific technical areas such as operating system security, access control, network security, intrusion detection, and so on, but to paint the topic with a broad brush. Published online: 27 July 2001     

Software security

Software security is the idea of engineering software so that it continues to function correctly under malicious attack. Most technologists acknowledge this undertaking's importance, but they need some help in understanding how to tackle it. The article aims to provide that help by exploring software security best practices. A central and critical aspect of the computer security problem is a software problem. Software defects with security ramifications, including implementation bugs such as buffer overflows and design flaws such as inconsistent error handling, promise to be with us for years. All too often, malicious intruders can hack into systems by exploiting software defects. Internet-enabled software applications present the most common security risk encountered today, with software's ever-expanding complexity and extensibility adding further fuel to the fire. By any measure, security holes in software are common, and the problem is growing.     

Mission security

Mit einer weltweiten Security Awareness-Kampagne wurden bei T-Systems das Sicherheitsbewusstsein und das Wissen um den Umgang mit sensiblen Informationen von 56.000 Mitarbeiter gesteigert. Als Vorbild diente dabei der fiktive Kollege „James Bit“.     

Network security

Security in computer networks is often viewed as too expensive, but it is important. A first step in protecting a computer network is to restrict access. A product has been designed to provide secure identification of a user for access to a network, computer and data system. A system has also been developed which handles user verification, message protection and message privacy. This system is application-dependent.     

User security enhancement: A worldwide security project

The Society for Worldwide Interbank Financial Telecommunication (S.W.I.F.T.) provides financial processing and communication services of the highest quality and integrity. Its network and value-added services enable customers to reduce costs, raise productivity and control risks. Security is one of the key benefits that S.W.I.F.T. offers to customers, and the User Security Enhancement (USE) programme is a major part of the company's security strategy.     

Personal security

I am sitting on a plane, listening to two executives outline their strategy for a major buyout of a bridge/router vendor. Since I am a geek and understand what they are talking about, it's an interesting set of tactics that they are considering to get the price of the company down to something they want. What's even more interesting is how open they are with what they are talking about and, even more, I know the president of the company which they are planning to acquire. It would be very easy for me to make a phone call when we land and completely trash all their plans.