CRITICAL INFRASTRUCTURE PROTECTION IN HOMELAND SECURITY
|
|
- Percival Hall
- 8 years ago
- Views:
Transcription
1 CRITICAL INFRASTRUCTURE PROTECTION IN HOMELAND SECURITY
2 CRITICAL INFRASTRUCTURE PROTECTION IN HOMELAND SECURITY DEFENDING A NETWORKED NATION Ted G. Lewis Naval Postgraduate School Monterey, California A JOHN WILEY & SONS, INC., PUBLICATION
3 Copyright # 2006 by John Wiley & Sons, Inc. All rights reserved. Published by John Wiley & Sons, Inc., Hoboken, New Jersey. Published simultaneously in Canada. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) , fax (978) , or on the web at Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) , fax (201) , or online at Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) , outside the United States at (317) or fax (317) Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at Library of Congress Cataloging-in-Publication Data: Lewis, T. G. (Theodore Gyle), 1941 Critical infrastructure protection in homeland security: defending a networked nation/ted G. Lewis. p. cm. Published simultaneously in Canada. ISBN-13: ISBN-10: Computer networks Security measures United States. 2. Computer security United States Planning. 3. Terrorism United States Prevention. 4. Terrorism Government policy United States. 5. Civil defense United States. I. Title. QA A25L dc22 Printed in the United States of America
4 &CONTENTS Preface About the Author vii xi 1. Strategy 1 2. Origins Challenges Networks Vulnerability Analysis Risk Analysis Water SCADA Power Energy Telecommunications Internet Cyber-Threats Cyber-Security 429 v
5 &PREFACE This book explains why the various infrastructure sectors have evolved into today s critical infrastructures and then proposes several quantitative procedures for evaluating their vulnerability and establishing optimal policies for reducing these vulnerabilities. It is the first scientific study of the new field called critical infrastructure protection. By scientific I mean that I have tried to explain why infrastructure sectors as diverse as water supply systems and the Internet have surprisingly similar structures. Even more important, I propose a rigorous approach for studying these sectors that I believe is general enough to analyze fundamental sectors such as water, power, energy, telecommunications, and the Internet. The reader will learn how to apply quantitative vulnerability analysis to a variety of infrastructure sectors and then be able to decide the best way to allocate limited funding in such as way as to minimize overall risk. As far as I know, this is the first time anyone has tried to formalize and quantify the field of critical infrastructure protection. I have attempted to establish the foundations of a new discipline made necessary by the al-qaeda attacks on the United States on September 11, 2001 (9/11). Before 9/11, the security of infrastructure was taken for granted. It was unthinkable for anyone to purposely destroy power plants, cut off water supplies, disable voice and data communications, deny access to information-processing computers, and render the Internet useless. Consequently, these systems were optimized for profit, efficient operation, and low cost. Security was sacrificed for economy. This public policy in operation for more than a century has left nearly all infrastructure systems vulnerable to manmade destruction. The question addressed by this book is, what should be protected, and how? This question is nontrivial because of the enormous size and complexity of infrastructure in the United States. The solution is made even more challenging by the entangled regulatory and system interdependencies of the various infrastructure sectors. The answer is to allocate the nation s scarce resources to the most critical components of each infrastructure the so-called critical nodes. In short, the best way to protect infrastructure is to identify and protect (harden) the critical nodes of each sector. But what parts of these vast structures are critical? This question is key. I claim that the optimal policy for critical infrastructure protection is to identify and protect a handful of critical assets throughout the United States. For example, perhaps less than 100 essential servers maintain the World Wide Web. There are perhaps fewer than a dozen critical nodes in the nation s energy supply chain, and vii
6 viii PREFACE maybe as few as 1000 key links in the major power grids that all other sectors depend on so heavily. Chapter 1 surveys the national strategy and recommends five principles as guides for how to approach the protection of infrastructures. Although critical infrastructure protection is a massive problem, it turns out that a handful of principles can be applied to solve this problem, or at least to start the journey that will lead to a solution. Chapter 1 also analyzes the national strategy and points out several gaps between the ideal approach and the reality. In Chapter 2, I briefly review the history of infrastructure protection from the 1962 Cuban Missile Crisis to the formation of the U.S. Department of Homeland Security in This historical account of how the United States became aware of, and concerned for, infrastructures sets the stage for subsequent chapters. However, it does not offer any solutions to organizational and structural problems that plague government. I leave this challenge to another author. Chapter 3 surveys some challenges to protecting the nation s infrastructures and key assets. This necessity is preliminary so that the reader can put the challenges into perspective and understand why I have narrowed the study of infrastructures down to a much smaller subset than actually exists. I have attempted to carve out a small enough territory that it can be adequately covered in a single book. In Chapters 4 6, I establish the theory needed to master critical infrastructure protection as a scientific, formal discipline. I begin by claiming that all infrastructures of interest can be represented as a network of connected components called nodes. These nodes are connected by links. By simply counting the number of links at each node, I can identify the critical nodes. In most cases, there are one or two critical nodes, which reduces the problem of protection by several orders of magnitude. In this way, the concept of an infrastructure as a network is established and used to reduce the complexity of size a challenge we need to surmount because of the vastness of each critical infrastructure. Without network theory, the problem is too large we can never protect every mile of railroad, every power line, and every telephone pole. Only through network analysis can we reduce the problem of critical infrastructure protection to a workable (and solvable) problem! Chapters 5 and 6 describe a method of vulnerability analysis and risk assessment based on network theory and the reliability engineer s fault tree technology. In these two chapters, I present a five-step vulnerability and risk assessment process that uses estimates of the cost and probability of an attack to compute an investment strategy aimed at reducing risk in the most effective way. Chapter 5 is focused on modeling the infrastructure as a fault tree, and Chapter 6 is focused on computing the best way to allocate the risk reduction budget. The first step in the process described in Chapters 5 and 6 is to model the infrastructure as a network, find the critical nodes of this network, and then represent the structure of the critical node as a fault tree. The fault tree is converted into an event tree that enumerates all possible vulnerabilities and combinations of vulnerabilities. The fault and event trees identify the single- and multiple-combination events as well as the most-probable events that may occur because of threats.
7 PREFACE ix Chapter 6 describes a variety of risk assessment algorithms. The idea is to allocate limited resources (money) in an optimal fashion such that overall risk is minimized. But how is vulnerability and risk defined? And what is the objective of resource allocation? Is it to reduce risk, eliminate all vulnerabilities, or simply prevent the worst thing from happening? As it turns out, we must decide which strategy is best, from among several competing strategies. This method of assessment called model-based vulnerability analysis (MBVA) for obvious reasons is based on sound principles of logic, probability, and cost minimization. MBVA provides the policy maker with a scientific answer to the questions, what is worthwhile protecting, and by how much? MBVA is the only known method of vulnerability analysis and risk assessment that combines asset identification with quantitative analysis to reach a policy decision. It tells the decision maker how much money to spend on protecting the most critical components of the infrastructure. Chapters 7 14 simply apply the MBVA technique to level 1 infrastructures: water, power and energy, information (telecommunications, Internet, Web, and cyber-security), and the monitoring and management networks that control them (SCADA). Power and energy are treated separately because of their size and complexity. The information sector is discussed in several chapters because it is a large and important topic. Unfortunately, the remaining eight major sectors defined by the national strategy are not covered in this volume because of their shear size and complexity. There are several companions to this book: a website at a CD containing audio and video lectures and articles, and the software described in this book. Both of these companions contribute more depth to the subject. The electronic media (Web and disk) contain executable programs for demonstrating concepts and reducing the mathematical labor during vulnerability analysis. Program FTplus.html",4>FTplus.html (FT.jar",4>FT.jar on the desktop), for example, performs the optimal resource allocation calculations described in Chapter 6. The RSA program calculates a public key and encrypts text automatically, thus providing the reader with hands-on tools for studying encryption. Other programs perform simulations, such as POWERGRAPH, which shows how a scale-free network emerges from a random network the basis for today s critical infrastructure architectures. A program called TERMITES reinforces one of the most important concepts of this book: how and why critical nodes are formed. TER- MITES illustrates clustering the concentration of assets around one or more critical nodes, which then become the most vulnerable components of all. A novel program called NetworkAnalysis.html (a.k.a. NA.jar on the desktop) uses complex adaptive system algorithms to allocate resources to networks that tend to fail by cascading, such as the power grid. This program computes the best way to protect an infrastructure by allocating resources optimally to critical components of the infrastructure. FTplus.html and NetworkAnalysis.html run from within any standard browser whether on a Microsoft Windows or Apple Macintosh computer. NA.jar and FT.jar run as stand-alone desktop applications and allow you to save your work
8 x PREFACE as a local file. The source code is available as well, so you can modify it and do your own research. In addition, the website and disk contain several audio tracks of the materials covered in the book. The audio tracks may be downloaded into a computer and then into an MP-3 player for mobile learning. For example, the 2003 National Strategy for the Protection of Critical Infrastructure and Key Assets is available as a collection of several audio tracks. For history and political science students, the foundational presidential directives (PDD-39, PDD-63, and HSPD-7) have been similarly transcribed into an audio book and are available online and on the disk. This book is one component of blended learning the combination of text, audio/video disk, and Web page. Specifically, several electronic lectures have been produced for online and CD viewing. All you need is a browser and either access to or a copy of the companion CD. The audio/ video streaming lectures are tuned to this book, the website, and other content, such as the software for simulating various sectors and demonstrating vital concepts. In this way, the self-taught learner or classroom instructor can elect to learn by reading, listening, looking, or through participation in a traditional classroom setting. I began developing the ideas for this book in the fall of 2002 and published a draft textbook in The material was class-tested in 2004, revised, and republished in This book, the website, and the associated electronic media have been used extensively to teach a course labeled, CS 3660 Critical Infrastructure: Vulnerability and Analysis one of a dozen courses given to military and civilian students enrolled in the Master of Arts in Security Studies, Homeland Defense, and Security curriculum at the Naval Postgraduate School, Monterey, CA. It is appropriate for upper division undergraduate and first-year graduate students majoring in national security, computing, and policy subjects where both policy and technical decisions are analyzed. Although it has been thoroughly class tested, it is still now without flaws. I take responsibility for any errors, inconsistencies, and exaggerations that may still exist in this edition. I would like to thank my students for their insights, feedback, and contributions to this work. They have taught me well! Additionally, I would like to thank Steve McNally of Bellevue University, Hilda Blanco, University of Washington, and her students, for giving feedback on early drafts of this book. Joe Weiss was invaluable as a careful reader and critic of the SCADA chapter. Rudy Darken made many important contributions to the ideas and delivery methods used over 2 years of class testing. TED G. LEWIS December 2005
9 &ABOUT THE AUTHOR Ted G. Lewis has a distinguished 35-year career as a computer scientist, author, businessman, and scholar. His undergraduate degree is in Mathematics from Oregon State University (1966), and his graduate degrees were awarded in 1970 (M.S. Computer Science) and 1971 (Ph.D. Computer Science) from Washington State University. Since 1971 he has participated in several significant firsts : In the late 1970s, he wrote the first personal computer book (How to Profit From Your Personal Computer); in 2002, he co-created, with Paul Stockton, the first graduate degree program in Homeland Security. In between, Lewis helped create the first Internet Car while serving as President and CEO of DaimlerChrysler Research and Technology, North America. During his technical career, he invented several important algorithms in software engineering (horizontal vertical algorithm for deadlock detection); parallel processing (static scheduling of parallel programs on arbitrary architectures); and the model-based vulnerability analysis method of critical infrastructure risk assessment. And now he has written the first textbook to establish the study of critical infrastructure protection as a formal, scientific discipline. He has over 100 publications, including over 30 books. In , his books, Friction-Free Economy and Microsoft Rising documented the technical and economic forces that shaped the Internet Bubble, and in March 2000, he predicted its precipitous fall (IEEE Computer Magazine, March 2000). He is perhaps best known to the members of the IEEE Computer Society for a series of provocative articles appearing in the Binary Critic column of IEEE Computer from 1995 to His management experience began in 1988 as Technical Director of the Oregon Advanced Computing Institute. During , he was chairman of the Computer Science Department at the Naval Postgraduate School, and during , he was CEO of DaimlerChrysler Research and Technology NA in Palo Alto, CA. From 2001 to 2002, he was Senior Vice President of Digital Development for the Eastman Kodak Company. Currently, he is professor of Computer Science and Academic Associate of the Homeland Defense and Security curriculum at the Naval Postgraduate School. With the much-awaited publication of Critical Infrastructure Protection in Homeland Security, Professor Ted Lewis has provided Homeland Security specialists, law enforcement personnel, emergency managers, critical infrastructure experts and those whose day-to-day duties involve infrastructure security and protection with a timely, relevant and invaluable resource for defending the very essence of the American homeland. Lucidly written, perceptively analyzed and exhaustively xi
10 xii ABOUT THE AUTHOR researched, Critical Infrastructure Protection in Homeland Security is a work that reflects the concerns of our time while providing a viable blueprint for protecting our shared technological heritage. For those interested in critical infrastructure protection, Homeland Security and national defense, there is no better one-stop resource than this book. Read it, and you ll never be in the dark again when it comes to critical infrastructure protection. David Longshore, New York City Homeland Security Liaison Professor Lewis s definitive textbook on critical infrastructure protection is a fascinating study of one of the challenges facing the nation in combating terrorism. In clear and concise language he establishes the foundation for his theory that critical infrastructure sectors are networks of critical nodes and links. Through network analysis, he identifies the most critical components of water systems, telecommunication systems, power grids, energy supply chains, and cyber systems such as the Internet and the World Wide Web. This is a must-read for anyone who wants to understand how to protect the nation s most-valuable physical assets. Richard Elster, Provost, Naval Postgraduate School
CRITICAL INFRASTRUCTURE PROTECTION IN HOMELAND SECURITY
CRITICAL INFRASTRUCTURE PROTECTION IN HOMELAND SECURITY DEFENDING A NETWORKED NATION Ted G. Lewis Naval Postgraduate School Monterey, California A JOHN WILEY & SONS, INC., PUBLICATION CRITICAL INFRASTRUCTURE
More informationwww.wileyglobalfinance.com
Wiley Global Finance is a market-leading provider of over 400 annual books, mobile applications, elearning products, workflow training tools, newsletters and websites for both professionals and consumers
More informationHUMAN RESOURCES MANAGEMENT FOR PUBLIC AND NONPROFIT ORGANIZATIONS
HUMAN RESOURCES MANAGEMENT FOR PUBLIC AND NONPROFIT ORGANIZATIONS Essential Texts for Public and Nonprofit Leadership and Management The Handbook of Nonprofit Governance, by BoardSource Strategic Planning
More informationFundamentals of Financial Planning and Management for mall usiness
E REPRE EUR A F A CE Fundamentals of Financial Planning and Management for mall usiness M.J. Alhabeeb ENTREPRENEURIAL FINANCE The first effective form of investment was realized when the primitive man
More informationCOVERS ALL TOPICS IN LEVEL I CFA EXAM REVIEW CFA LEVEL I FORMULA SHEETS
2016 CFA EXAM REVIEW COVERS ALL TOPICS IN LEVEL I LEVEL I CFA FORMULA SHEETS Copyright 2016 by John Wiley & Sons, Inc. All rights reserved. Published by John Wiley & Sons, Inc., Hoboken, New Jersey. Published
More informationStatistics for Experimenters
Statistics for Experimenters Design, Innovation, and Discovery Second Edition GEORGE E. P. BOX J. STUART HUNTER WILLIAM G. HUNTER WILEY- INTERSCIENCE A JOHN WILEY & SONS, INC., PUBLICATION FACHGEBIETSBGCHEREI
More informationProgramming Interviews Exposed: Secrets to Landing Your Next Job
Programming Interviews Exposed: Secrets to Landing Your Next Job Preface.... xxv Introduction....xxix Chapter 1 Before the Search... 1 Chapter 2 The Job Application Process....9 Chapter 3 Approaches to
More informationPraise for Launch. Hands on and generous, Michael shows you precisely how he does it, step by step. Seth Godin, author of Linchpin
Praise for Launch Launch is your road map to success in an ever-changing world. Stelzner shows you how to enchant your customers so that they ll want to help you change the world. Guy Kawasaki, author
More informationGraph Analysis and Visualization
Graph Analysis and Visualization Graph Analysis and Visualization DISCOVERING BUSINESS OPPORTUNITY IN LINKED DATA Richard Brath David Jonker Graph Analysis and Visualization: Discovering Business Opportunity
More informationMethods for Assessing Vulnerability of Critical Infrastructure
March 2010 Methods for Assessing Vulnerability of Critical Infrastructure Project Leads Eric Solano, PhD, PE, RTI International Statement of Problem Several events in the recent past, including the attacks
More informationBEYOND 401(k)S SMALL BUSINESS OWNERS
BEYOND 401(k)S FOR SMALL BUSINESS OWNERS A Practical Guide to Incentive, Deferred Compensation, and Retirement Plans JEAN D. SIFLEET John Wiley & Sons, Inc. BEYOND 401(k)S FOR SMALL BUSINESS OWNERS BEYOND
More informationAnalysis of Financial Time Series
Analysis of Financial Time Series Analysis of Financial Time Series Financial Econometrics RUEY S. TSAY University of Chicago A Wiley-Interscience Publication JOHN WILEY & SONS, INC. This book is printed
More informationPraise for Agile Contracts
Agile Contracts Praise for Agile Contracts Agile development is starting to become popular in Japan, though Japanese companies have used all in one contracts for the last three decades. In this movement,
More informationMANAGEMENT OF DATA IN CLINICAL TRIALS
MANAGEMENT OF DATA IN CLINICAL TRIALS Second Edition ELEANOR MCFADDEN Frontier Science, Ltd. Kincraig, Inverness-shire, Scotland WILEY-INTERSCIENCE A JOHN WILEY & SONS, INC., PUBLICATION MANAGEMENT OF
More informationBE SMARTER THAN YOUR LAWYER AND VENTURE CAPITALIST
Venture Deals Venture Deals BE SMARTER THAN YOUR LAWYER AND VENTURE CAPITALIST Second Edition Brad Feld Jason Mendelson John Wiley & Sons, Inc. Cover image: Light Ray TEEKID/iStockPhoto; Ripped Paper
More informationARCHITECTING THE CLOUD
ARCHITECTING THE CLOUD Founded in 1807, John Wiley & Sons is the oldest independent publishing company in the United States. With offices in North America, Europe, Asia, and Australia, Wiley is globally
More informationThese materials are the copyright of John Wiley & Sons, Inc. and any dissemination, distribution, or unauthorized use is strictly prohibited.
Session Border Controllers For Dummies, Sonus Special Edition Published by John Wiley & Sons, Inc. 111 River Street Hoboken, NJ 07030-5774 www.wiley.com Copyright 2012 by John Wiley & Sons, Inc. Published
More informationA 6-Step How-To Guide to Contracting for Cloud Services Includes a 137-Element Contracting Checklist
Contracting for Cloud Services A 6-Step How-To Guide to Contracting for Cloud Services Includes a 137-Element Contracting Checklist Ron Scruggs, Thomas Trappler, & Don Philpott ii Contracting for Cloud
More informationSolving the Security Puzzle
Solving the Security Puzzle How Government Agencies Can Mitigate Today s Threats Abstract The federal government is in the midst of a massive IT revolution. The rapid adoption of mobile, cloud and Big
More informationBeyond the Hype: Advanced Persistent Threats
Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,
More informationProtecting Data with a Unified Platform
Protecting Data with a Unified Platform The Essentials Series sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor For several years now, Realtime has produced dozens and dozens
More informationThe Evolving Threat Landscape and New Best Practices for SSL
The Evolving Threat Landscape and New Best Practices for SSL sponsored by Dan Sullivan Chapter 2: Deploying SSL in the Enterprise... 16 Infrastructure in Need of SSL Protection... 16 Public Servers...
More informationE-Commerce Operations Management Downloaded from www.worldscientific.com -COMMERCE. by 37.44.207.139 on 06/15/16. For personal use only.
-COMMERCE O p e r a t i o n s M a n a g e m e n t 2nd Edition This page intentionally left blank -COMMERCE O p e r a t i o n s M a n a g e m e n t 2nd Edition Marc J. Schniederjans University of Nebraska-Lincoln,
More informationCriteria for Accrediting Computer Science Programs Effective for Evaluations during the 2004-2005 Accreditation Cycle
Criteria for Accrediting Computer Science Programs Effective for Evaluations during the 2004-2005 Accreditation Cycle I. Objectives and Assessments The program has documented, measurable objectives, including
More informationCourse Title: ITAP 2431: Network Management. Semester Credit Hours: 4 (3,1)
Course Title: ITAP 2431: Network Management Semester Credit Hours: 4 (3,1) I. Course Overview This course introduces students to business data communications and networking concepts, tools and methods.
More informationData Visualization. Principles and Practice. Second Edition. Alexandru Telea
Data Visualization Principles and Practice Second Edition Alexandru Telea First edition published in 2007 by A K Peters, Ltd. Cover image: The cover shows the combination of scientific visualization and
More informationRestructuring an MBA Program: What Becomes of the CIS Option?
Restructuring an MBA Program: What Becomes of the CIS Option? Doris G. Duncan California State University, East Bay doris.duncan@csueastbay.edu Abstract Leaders at California State University, East Bay,
More informationCyber threats are growing.
Cyber threats are growing. So are your career opportunities. Put the future of your cybersecurity career in the hands of a respected online education leader. Everything you need to succeed. Excelsior College
More informationBest Practices in Deploying Anti-Malware for Best Performance
The Essentials Series: Increasing Performance in Enterprise Anti-Malware Software Best Practices in Deploying Anti-Malware for Best Performance sponsored by by Eric Schmidt Be st Practices in Deploying
More informationNICK SMITH AND ROBERT WOLLAN WITH CATHERINE ZHOU. John Wiley & Sons, Inc.
NICK SMITH AND ROBERT WOLLAN WITH CATHERINE ZHOU John Wiley & Sons, Inc. Copyright # 2011 by Accenture, LLP. All rights reserved. Published by John Wiley & Sons, Inc., Hoboken, New Jersey. Published simultaneously
More informationMalware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction
More informationPanel on Emerging Cyber Security Technologies. Robert F. Brammer, Ph.D., VP and CTO. Northrop Grumman Information Systems.
Panel on Emerging Cyber Security Technologies Robert F. Brammer, Ph.D., VP and CTO Northrop Grumman Information Systems Panel Moderator 27 May 2010 Panel on Emerging Cyber Security Technologies Robert
More informationData Protection in a Virtualized Environment
The Essentials Series: Virtualization and Disaster Recovery Data Protection in a Virtualized Environment sponsored by by J. Peter Bruzzese Da ta Protection in a Virtualized Environment... 1 An Overview
More informationMaking Endpoint Encryption Work in the Real World
Endpoint Data Encryption That Actually Works The Essentials Series Making Endpoint Encryption Work in the Real World sponsored by Ma king Endpoint Encryption Work in the Real World... 1 Th e Key: Policy
More informationNavigating the NIST Cybersecurity Framework
Navigating the NIST Cybersecurity Framework Explore the NIST Cybersecurity Framework and tools and processes needed for successful implementation. Abstract For federal agencies, addressing cybersecurity
More informationEvolutions in Browser Security
ANALYST BRIEF Evolutions in Browser Security TRENDS IN BROWSER SECURITY PERFORMANCE Author Randy Abrams Overview This analyst brief aggregates results from NSS Labs tests conducted between 2009 and 2013
More informationDashBoard Beta Web Server
DashBoard Beta Web Server Version 6.2 Release Notes Copyright Notice 2014 Ross Video Limited. Ross and any related marks are trademarks or registered trademarks of Ross Video Limited. All other trademarks
More informationPractical Support for ISO 900 1 Software Project Documentation
Practical Support for ISO 900 1 Software Project Documentation IEEE~ COMPUTER SOCIETY +IEEE Press Operating Committee Chair Roger U. Fujii, Vice President Northrop Grumman Mission Systems Editor-in-Chief
More informationInstructional Design
Instructional Design for Librarians and Information Professionals Lesley S. J. Farmer Neal-Schuman Publishers New York London Published by Neal-Schuman Publishers, Inc. 100 William St., Suite 2004 New
More informationUnderstanding the Predictive Analytics Life Cycle
Understanding the Predictive Analytics Life Cycle Wiley & SAS Business Series The Wiley & SAS Business Series presents books that help senior-level managers with their critical management decisions. Titles
More informationStreamlining Web and Email Security
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor
More informationHow Configuration Management Tools Address the Challenges of Configuration Management
Streamlining Configuration Management The Essentials Series How Configuration Management Tools Address the Challenges of Configuration Management sponsored by Introduction to Realtime Publishers by Don
More information11 ways to migrate Lotus Notes applications to SharePoint and Office 365
11 ways to migrate Lotus Notes applications to SharePoint and Office 365 Written By Steve Walch, Senior Product Manager, Dell, Inc. Abstract Migrating your Lotus Notes applications to Microsoft SharePoint
More informationObject Storage: Out of the Shadows and into the Spotlight
Technology Insight Paper Object Storage: Out of the Shadows and into the Spotlight By John Webster December 12, 2012 Enabling you to make the best technology decisions Object Storage: Out of the Shadows
More informationCyber Security Ultimately Is Military Security
Cyber Security Ultimately Is Military Security Reporter: ZUO Xiaoyu You Ji Professor of Macau University, School of Social Sciences. Research Area: national security. With deepening development of cyber
More informationInformation Systems Security Certificate Program
Information Technologies Programs Information Systems Security Certificate Program Accelerate Your Career extension.uci.edu/infosec University of California, Irvine Extension s professional certificate
More informationContent Collaboration Tools: An Analysis of 13 Technology Solutions in a Disruptive Marketplace
Content Collaboration Tools: An Analysis of 13 Technology Solutions in a Disruptive Marketplace A Special Content Marketing Institute Technology Report http://contentmarketinginstitute.com A Bit of History
More informationInteroperable Learning Leveraging Building Information Modeling (BIM) in Construction Management and Structural Engineering Education
Interoperable Learning Leveraging Building Information Modeling (BIM) in Construction Management and Structural Engineering Education Eric L. Richards and Caroline M. Clevenger, PhD Colorado State University
More informationUniversal design for learning A lens for better learning and instruction in higher education
Universal design for learning A lens for better learning and instruction in higher education Dr. Frances (Fran) G. Smith, CVE is an adjunct professor with the Department of Special Education and Disability
More informationRARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE. CISY 103 Computer Concepts and Programming
RARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE CISY 103 Computer Concepts and Programming I. Basic Course Information A. Course Number and Title: CISY-103, Computer Concepts and Programming B. New or
More informationNorthrop Grumman Cybersecurity Research Consortium
Northrop Grumman Cybersecurity Research Consortium GUIRR Spring Meeting Washington DC 9 February 2011 Robert F. Brammer, Ph.D. VP Advanced Technology and Chief Technology Officer Northrop Grumman Information
More informationWelcome to Maritime Information Systems Merchant Vessel Database (MVDB)
Welcome to Maritime Information Systems Merchant Vessel Database (MVDB) MVDB for Windows 95* and Windows 98 offers a complete U.S. Vessel Documentation database capable of searching, saving, exporting,
More informationUnderstanding the Business Value of Infrastructure Management
The Essentials Series: Infrastructure Management Understanding the Business Value of Infrastructure Management sponsored by by Chad Marshall Understanding the Business Value of Infrastructure Management...1
More informationInternational Marketing Research
International Marketing Research Third edition C. SAMUEL CRAIG and SUSAN P. DOUGLAS Leonard N. Stern School of Business, New York University Allie International Marketing Research Third edition Allie International
More informationBest Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper
Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationEMC ACADEMIC ALLIANCE
EMC ACADEMIC ALLIANCE Preparing the next generation of IT professionals for careers in virtualized and cloud environments. Equip your students with the broad and deep knowledge required in today s complex
More informationDATA CENTER IPS COMPARATIVE ANALYSIS
DATA CENTER IPS COMPARATIVE ANALYSIS Security 2014 Thomas Skybakmoen, Jason Pappalexis Tested Products Fortinet FortiGate 5140B, Juniper SRX 5800, McAfee NS- 9300, Sourcefire 8290-2 Data Center Overview
More informationActive Learning with the CyberCIEGE Video Game
Active Learning with the CyberCIEGE Video Game 2011 Michael F. Thompson and Dr. Cynthia E. Irvine Department of Computer Science Naval Postgraduate School Monterey, CA USA The CyberCIEGE Educational Video
More informationProtecting Data with a Unified Platform
Protecting Data with a Unified Platform The Essentials Series sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor For several years now, Realtime has produced dozens and dozens
More informationCAPTURE-THE-FLAG: LEARNING COMPUTER SECURITY UNDER FIRE
CAPTURE-THE-FLAG: LEARNING COMPUTER SECURITY UNDER FIRE LCDR Chris Eagle, and John L. Clark Naval Postgraduate School Abstract: Key words: In this paper, we describe the Capture-the-Flag (CTF) activity
More informationCan Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?
ANALYST BRIEF Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities? Author Randy Abrams Tested Products Avast Internet Security 7 AVG Internet Security 2012 Avira Internet Security
More informationPCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1
PCI Policy Compliance Using Information Security Policies Made Easy PCI Policy Compliance Information Shield Page 1 PCI Policy Compliance Using Information Security Policies Made Easy By David J Lineman
More informationCYBER SECURITY TRAINING SAFE AND SECURE
CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need
More informationABET TAC CIP Report for the Academic Year 20010 2011. Mechanical Engineering Technology (MET) Program
ABET TAC CIP Report for the Academic Year 20010 2011 Mechanical Engineering Technology (MET) Program I. Introduction This document reports the findings and proposed changes resulting from analysis of data
More informationProgram Logistics for: Cyber Security Defense Certificate
Program Logistics for: Cyber Security Defense Certificate Naval Postgraduate School Center for Information Systems Security Studies and Research (CISR) Monterey, CA 93943 cyber@nps.edu Overview This document
More informationThe Telemedicine Response to Homeland Safety and Security Developing a National Network for Rapid and Effective Response for Emergency Medical Care
The Telemedicine Response to Homeland Safety and Security Developing a National Network for Rapid and Effective Response for Emergency Medical Care The unprecedented and growing threats to the safety and
More informationSecuring Endpoints without a Security Expert
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series
More informationCAPTURE-THE-FLAG: LEARNING COMPUTER SECURITY UNDER FIRE
CAPTURE-THE-FLAG: LEARNING COMPUTER SECURITY UNDER FIRE LCDR Chris Eagle, and John L. Clark Naval Postgraduate School Abstract: Key words: In this paper, we describe the Capture-the-Flag (CTF) activity
More informationBOARD OF HIGHER EDUCATION REQUEST FOR COMMITTEE AND BOARD ACTION
BOARD OF HIGHER EDUCATION REQUEST FOR COMMITTEE AND BOARD ACTION COMMITTEE: Academic Affairs NO.: AAC 12-26 COMMITTEE DATE: February 28, 2012 BOARD DATE: March 6, 2012 APPLICATION OF ENDICOTT COLLEGE TO
More informationCYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS
CYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS These Cybersecurity Testing and Certification Service Terms ( Service Terms ) shall govern the provision of cybersecurity testing and certification services
More informationOracle Binary Code License Agreement for the Java SE Platform Products and JavaFX
Oracle Binary Code License Agreement for the Java SE Platform Products and JavaFX ORACLE AMERICA, INC. ("ORACLE"), FOR AND ON BEHALF OF ITSELF AND ITS SUBSIDIARIES AND AFFILIATES UNDER COMMON CONTROL,
More informationWeb application security: automated scanning versus manual penetration testing.
Web application security White paper January 2008 Web application security: automated scanning versus manual penetration testing. Danny Allan, strategic research analyst, IBM Software Group Page 2 Contents
More informationControlling and Managing Security with Performance Tools
Security Management Tactics for the Network Administrator The Essentials Series Controlling and Managing Security with Performance Tools sponsored by Co ntrolling and Managing Security with Performance
More informationCourse Title: ITAP 4311: Database Management. Semester Credit Hours: 3 (3,0)
Course Title: ITAP 4311: Database Management Semester Credit Hours: 3 (3,0) I. Course Overview The objective of this course is to give students an understanding of key issues involved in the management
More informationUnderstanding Data and Information Systems for Recordkeeping. by Philip C. Bantin
Contents i Understanding Data and Information Systems for Recordkeeping by Philip C. Bantin The Archives & Record Manager s Bookshelf 2 Neal-Schuman Publishers, Inc. New York London Published by Neal-Schuman
More informationUSING ALGEBRA TILES EFFECTIVELY
MATHEMATICS USING ALGEBRA TILES EFFECTIVELY TOOLS FOR UNDERSTANDING by Bettye C. Hall Reviewers James Gates, Ed.D. Yvonne S. Gentzler, Ph.D. AUTHOR Bettye C. Hall is the former Director of Mathematics
More informationCS135 Computer Science I Spring 2015
CS135 Computer Science I Spring 2015 Instructor: Laura Pike Email: laura.pike@gbcnv.edu Phone: 775-753-2288 Office: HTC 131 Office Hours: Monday 9:00 11:30 am Thursday 1:00-3:30 pm Textbooks: ISBN: 978-0470927137,
More informationTWENTY FREQUENTLY ASKED QUESTIONS ABOUT MIT OPENCOURSEWARE
TWENTY FREQUENTLY ASKED QUESTIONS ABOUT MIT OPENCOURSEWARE 1. What is MIT OpenCourseWare? MIT OpenCourseWare (OCW) makes the course materials that are used in the teaching of almost all MIT s undergraduate
More informationRequirements Fulfilled This course is required for all students majoring in Information Technology in the College of Information Technology.
Course Title: ITAP 3382: Business Intelligence Semester Credit Hours: 3 (3,0) I. Course Overview The objective of this course is to give students an understanding of key issues involved in business intelligence
More informationUkulele In A Day. by Alistair Wood FOR. A John Wiley and Sons, Ltd, Publication
Ukulele In A Day FOR DUMmIES by Alistair Wood A John Wiley and Sons, Ltd, Publication Ukulele In A Day For Dummies Published by John Wiley & Sons, Ltd The Atrium Southern Gate Chichester West Sussex PO19
More informationHow to Install SSL Certificates on Microsoft Servers
How to Install SSL Certificates on Microsoft Servers Ch apter 3: Using SSL Certificates in Microsoft Internet Information Server... 36 Ins talling SSL Certificates in IIS with IIS Manager... 37 Requesting
More informationOrganized, Hybridized Network Monitoring
Organized, Hybridized Network Monitoring Use a combination of technologies and organizational techniques to master complex network monitoring Abstract In the world of network monitoring, you re basically
More informationManaging the Risk of Privileged Accounts and Privileged Passwords in Civilian Agencies
Managing the Risk of Privileged Accounts and Privileged Passwords in Civilian Agencies Reduce Risk while Streamlining Administrative Workflows Written by Dell Software Abstract Even IT environments that
More informationClient Virtualization in a Cloud Environment
Client Virtualization in a Cloud Environment ABSTRACT: Arguably computation models seen in client space are much more diverse than those in the server space proper. For servers, there are essentially two,
More informationProtecting Data with a Unified Platform
Protecting Data with a Unified Platform The Essentials Series sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor For several years now, Realtime has produced dozens and dozens
More informationFile Shares to SharePoint: 8 Keys to a Successful Migration
File Shares to SharePoint: 8 Keys to a Successful Migration Written by Doug Davis Director, SharePoint Product Management Quest Software, Inc. White Paper Copyright Quest Software, Inc. 2008. All rights
More informationWHY HR PRACTICES ARE NOT EVIDENCE-BASED
Academy of Management Journal 2007, Vol. 50, No. 5, 1033 1036. WHY HR PRACTICES ARE NOT EVIDENCE-BASED EDWARD E. LAWLER III University of Southern California The difference between the academic literature
More informationAutomated Firewall Analytics
Automated Firewall Analytics Ehab Al-Shaer Automated Firewall Analytics Design, Configuration and Optimization 123 Ehab Al-Shaer University of North Carolina Charlotte Charlotte, NC, USA ISBN 978-3-319-10370-9
More informationStrategyDriven.com. Organizational Performance Measures. Alignment. Business Execution Series...
StrategyDriven.com Business Execution Series... Organizational Performance Measures Alignment Copyright 2007 by Nathan A. Ives. All rights reserved. Limit of Liability/Disclaimer of Warranty: While the
More informationCloud-Client Enterprise Security Impact Report Increased Protection at a Lower Cost
y Cloud-Client Enterprise Security Impact Report Increased Protection at a Lower Cost An Osterman Research White Paper Published January 2009 SPONSORED BY onsored by Phone: +1 877-21-TREND www.trendmicro.com/go/smartprotection
More informationEDUCATION ISSUES IN BILL C- 32 Submission to Canadian Parliament Canadian School Boards Association December 2010
EDUCATION ISSUES IN BILL C- 32 Submission to Canadian Parliament Canadian School Boards Association December 2010 2 Table of Contents 1. INTRODUCTION... 3 2. EDUCATION ISSUES IN BILL C- 32... 3 3. EDUCATIONAL
More informationCourse Title: ITAP 3471: Web Server Management
Course Title: ITAP 3471: Web Server Management Semester Credit Hours: 4 (3,1) I. Course Overview The primary objective of this course is to give students a comprehensive overview of the tools and techniques
More information