共查询到20条相似文献,搜索用时 609 毫秒
1.
In these years, the company budgets are raised dramatically for eliminating the security problems or mitigating the security risks in companies, but the numbers of incidents happening on computer systems in intranet or internet are still increasing. Many researchers proposed the way–to isolate the computers storing sensitive information for preventing information on these computers revealed or vulnerability on these computers exploited. However, there are few materials available for implementing network isolation. In this paper, we define ways of network isolation, “physical isolation” and “logical isolation”. In ISO-17799, there is no implementation guidance for practicing network logical isolation but auditing network physical isolation. This paper also provides the implementation guidance of network isolation in two aspects. One is for the technique viewpoints. The other aspect is for management viewpoints. These proposed implementation outlines and security measures will be considered in revising the security plan, “The Implementation Plan for Information Security Level in Government Departments” [“The implementation plan for information security level in government departments,” National Information and Communication Security Taskforce, Taiwan R.O.C., Programs, Jul. 20 2005]. 相似文献
2.
Wayne Madsen 《Network Security》1999,1999(8):18-19
On 13 May 1999, Georgia Republican Congressman Bob Barr successfully introduced an amendment to the Intelligence Authorization Act that would require the Department of Justice, the National Security Agency (NSA), and the CIA to provide to the Congress oversight information on America's international eavesdropping of telecommunications. Within 60 days of the amended Bill's enactment a report must be made to Congress setting forth the legal basis and procedures whereby the intelligence community gathers communications intelligence. The amendment is specifically directed at the international communications surveillance system known as Project ECHELON. 相似文献
3.
Betsy Rohaly Smoot 《Cryptologia》2017,41(5):476-478
The National Security Agency (NSA) will release approximately 5,000 pages of Army Security Agency (ASA) histories from the period 1945–1963. 相似文献
4.
Journal of Automated Reasoning - The Tokeneer project was an initiative set forth by the National Security Agency (NSA, USA) to be used as a demonstration that developing highly secure systems can... 相似文献
5.
6.
Wayne Madsen 《Computer Fraud & Security》1997,1997(7):7-8
“Are those in opposition to the administration's [encryption] policy prepared to sacrifice public safety in the interests of commercial gain?” Those words, uttered by Deputy Assistant Attorney General Robert Litt, would etch themselves in the minds of those who attended the 7 May 1977 House International Economic Policy and Trade hearing on “Encryption: Individual Rights vs National Security”. The hearing was held to consider Representative Bob Goodlatte's liberalized encryption export bill. 相似文献
7.
《Computer Fraud & Security》2000,2000(4):14
According to knowledgeable sources, hearings by the US House of Representatives Government Reform Committee on potential communications surveillance illegalities by the National Security Agency (NSA) will not be held until April 2000, at the earliest. 相似文献
8.
《Information Security Journal: A Global Perspective》2013,22(5):19-28
Abstract A nearly classic symptom of ineffective Security Programs is the annual security review conducted by outside consultants that only resurrects last year's problems with new report covers and a new invoice. All too often, consultants hear clients saying, “…oh yeah, the other consultant we had said the same thing.” 1 相似文献
9.
Wayne Madsen 《Computer Fraud & Security》1998,1998(11):6-7
According to several documents provided to the Electronic Privacy Information Center (EPIC) in Washington, DC, USA the National Security Agency (NSA) is encouraging civilian agencies of the US Government to utilize its computer security services, including risk and threat assessments. According to knowledgeable officials in Washington, this is in blatant contravention of the Computer Security Act, which assigns such responsibilities to the National Institute of Standards and Technology (NIST). 相似文献
10.
Perry Luzwick 《Computer Fraud & Security》2001,2001(1):16-17
What would you do if you were stuck in one place, and everyday was exactly the same, and nothing you did mattered?”Phil Connor, Ground Hog Day“That about sums it up for me,” answered Ralph, and I’m sure most system administrators, information system security officers (ISSOs), physical security, operations security, and other security professionals would agree. Everybody takes them for granted — until the network goes down or applications can’t be used. And that’s the problem: a totally wrong perception of what’s required for the serious business of properly doing full spectrum security. Security is not something extra. Security is a normal part of doing business. 相似文献
11.
The Internet community all over the world is showing growing interest in a subject of information security and anonymity on the Internet, especially after revelations of Edward Snowden, when it became known about mass spying by certain organizations (such as the US National Security Agency) on Internet users, companies, political organizations, etc. This led to the active development of various anonymous networks, VPN services, proxies, etc. The aim of this article is to review popular methods of providing Internet anonymity, compare them, and discover their benefits and disadvantages. 相似文献
12.
《Information Security Journal: A Global Perspective》2013,22(6):21-28
Abstract The information security industry has finally developed and published standards. This article examines each of the ten areas identified in the standards document, ISO 17799, and identifies key points the security professional should address in his or her security program. While there are other standards (BS 7799, ISO/TR 15369), this article concentrates on the recommendations of the International Standard ISO/IEC 17799:2000, “Information Security Management, Code of Practice for Information Security Management.” The International Organization for Standardization (ISO)1 and the International Electrotechnical Commission (IEC) form a specialized system on worldwide standardization. National bodies that are members of ISO and IEC participate in the development of international standards through technical committees. The United States, through the American National Standards Institute (ANSI), is the secretariat. Twenty-four other nations (Brazil, France, United Kingdom, China, Democratic People's Republic of Korea, Czech Republic, Germany, Denmark, Belgium, Portugal, Japan, Republic of Korea, the Netherlands, Ireland, Norway, South Africa, Australia, Canada, Finland, Sweden, Slovenia, Switzerland, New Zealand, and Italy) have participant status and 40 other nations are observers. 相似文献
13.
Training for information assurance 总被引:1,自引:0,他引:1
In 2001, cadets from three military institutions built networks and defended them against a week of attacks led by the National Security Agency. The trial-by-fire exercise; which repeats in 2002, is a step toward preparing future network designers and administrators to think more strategically 相似文献
14.
Wayne Madsen 《Network Security》1999,1999(11):18-19
At a 27 October news conference, the National Research Council (NRC) unveiled a study called ‘Trust in Cyberspace’ commissioned by the NSA and the Defense Advanced Research Projects Agency (DARPA), the study by the Committee on Information Systems Trustworthiness, a panel composed of several leading industry specialists and academics, concluded that all the work done heretofore by NSA, the Communications Security Establishment (CSE) of Canada, and a group of four European countries on information security standards, has been largely fruitless. 相似文献
15.
Bashar Alyousef Peter Hoonakker Ann Schoofs Hundt Doreen Salek Janet Tomcavage 《International journal of human-computer interaction》2017,33(4):313-321
ABSTRACTCare managers play a key role in coordinating care, especially for patients with chronic conditions. They use multiple health information technology (IT) applications in order to access, process, and communicate patient-related information. Using the work system model and its extension, the Systems Engineering Initiative for Patient Safety (SEIPS) model, we describe obstacles experienced by care managers in managing patient-related information. A web-based questionnaire was used to collect data from 80 care managers (61% response rate) located in clinics, hospitals, and a call center. Care managers were more likely to consider “inefficiencies in access to patient-related information” and “having to use multiple information systems” as major obstacles than “lack of computer training and support” and “inefficient use of case management software.” Care managers who reported “inefficient use of case management software” as an obstacle were more likely to report high workload. Future research should explore strategies used by care managers to address obstacles, and efforts should be targeted at improving the health information technologies used by care managers. 相似文献
16.
Wayne Madsen 《Computer Fraud & Security》1998,1998(4):10
The new director of the National Institute of Standards and Technology, Dr Raymond Kammer, has told the US Senate Subcommittee for Technology and Space that his agency and the National Security Agency (NSA) have worked very closely together in many computer security efforts. 相似文献
17.
O. M. Fal’ 《Cybernetics and Systems Analysis》2017,53(1):78-82
The author overviews the international standards developed by SC 27 “IT Security techniques” of the ISO/IEC Joint Technical Committee “Information technologies.” The standards include cryptographic mechanisms, evaluation and testing of products and information systems, countermeasures, and security services. Both published standards and those under development are considered. 相似文献
18.
《Computers, Environment and Urban Systems》2001,25(4-5):367-387
The assumption of this paper is that Governments pursue the following strategic objectives with respect to geospatial information, as produced by National Surveys (including Cadastres):
- 1.for its own purposes, i.e. to govern, it must be assured of unlimited and efficient access to National Survey material;
- 2.society should have the broadest possible “free”, but not “cost free”, access to the products and services of National Surveys because this increases “positive externalities” for society as a whole; and
- 3.the products and services of National Surveys, including Cadastres, should, in a planned fashion, become independent of government subsidies.
19.
The National Security Agency's (NSA) mission is to provide support for the security of the United States. Over the years, the Agency has become extremely dependent on the software that makes up its information technology infrastructure. NSA has come to view software as a critical resource upon which much of the world's security, prosperity, and economic competitiveness increasingly rests. To ensure cost effective delivery of high quality software, NSA has analyzed effective quality measures applied to a sample code base of 25 million lines. This case study dramatically illustrates the benefits of code level measurement activities 相似文献
20.
Wayne Madsen 《Network Security》1997,1997(7):11-12
After years of FBI Director Louis Freeh, White House operatives, and various National Security Agency (NSA) and Justice Department officials threats that failure by industry to voluntarily embrace government encryption key recovery schemes would result in mandatory programmes and legislation, such a forecast may have been realized. 相似文献