Search This Blog

Thursday, June 07, 2007

CIMIP fights identity theft

Network World

Security Strategies




Network World's Security Strategies Newsletter, 06/07/07

CIMIP fights identity theft

By M. E. Kabay

A year ago, the Center for Identity Management and Information Protection (CIMIP) at Utica College was created in a partnership including the Economic Crime Institute (ECI) of Utica College, LexisNexis and IBM Entity Analytics.

The CIMIP’s mission is “a research collaborative dedicated to furthering a national research agenda on identity management, information sharing, and data protection… [I]ts ultimate goal is to impact policy, regulation, and legislation, working toward a more secure homeland.”

Since its founding, it has attracted many other sponsors and collaborators, including the U.S. Secret Service, the FBI, Carnegie Mellon University Software Engineering Institute’s CERT/CC, Indiana University’s Center for Applied Cybersecurity Research, and Syracuse University’s CASE Center (for links, see the Partners page).

Don't Overlook Inside Security Threats

Research says it's not just vendor hype: Most companies have significant vulnerabilities they're not aware of and vastly underestimate the risk of insider attacks. Watch this Webcast and learn which attacks you need to be worried about, which are the most underestimated threats and much more.

Click here to view the webcast.

Last October, the Center was awarded $1.7 million by the State of New York for its operations.

The CIMIP has several valuable research projects under way, including the following, which are described in more detail on the research page:

* Identity Fraud Trends and Patterns: Building a Data-Based Foundation for Proactive Enforcement
* Identity Theft Assistance Corporation (ITAC)
* Survey: ID Theft Awareness and Behavior of 18-29 Year Olds
* The Use of Identity Management by Non-Compliant Sexual Offenders
* Identity Management Research Workshop

I downloaded several interesting white papers from the site after a simple registration process. These older documents (all PDFs) provided the basis for creation of the CIMIP and have information that is still of value.

* The Growing Threat of Economic and Cyber Crime (2000) - 42 pages of foundational information, including types of economic crime, costs as of the late 1990s, effects on victims, law-enforcement organizations and coordination, and recommendations.

* Identity Fraud: A Critical National and Global Threat (2003) - 48 pages of follow-up to the original 2000 report by two of the major authors, Gary R. Gordon of the ECI and Norman A. Willox Jr. of LexisNexis. Topics include the role of identity fraud in criminal and terrorist activities, U.S. and international laws about identity fraud, and technological and policy recommendations.

* Using Identity Authentication and Eligibility Assessment to Mitigate the Risk of Improper Payments (2005) - an 18-page brief from Gordon and Willox about fraud and abuse of entitlement programs run by the federal government. The paper discusses the role of false identities in such abuse and reports on three field studies of different methods of verifying the authenticity of identities used in registering for government programs or benefits. The authors discuss risk assessment methodologies that can usefully be applied to all types of identification and authentication requirements for large populations, including the issues raised in my recent articles about the weakness of identification and weak authentication as a basis for improving security.

* The Ongoing Critical Threat of Identity Fraud: An Action Plan (2006) - an 11-page continuation by Gordon and Willox of their 2003 report. The paper uses the same headings as the 2003 report but unfortunately omits a table of contents. Each section discusses changes since the 2003 status and adds recommendations. The report has many fascinating insights; for example, the authors cite John Sparks’ comment from a January 2006 review, “And then there's China, where Internet penetration is expected to top 10 percent in 2006. Because China's PCs don't generally run licensed versions of Microsoft's Windows, they're not eligible for the security patches Microsoft makes available to its legitimate users. Hackers have already taken control of the PCs of thousands of unsuspecting Chinese and used them as a platform from which to launch spam attacks. These so-called botnets are routinely bought, sold and swapped in Internet chat rooms.”

I have registered on the CIMIP site to receive alerts when they publish new research reports and I wish them well in their important work.


  What do you think?
Post a comment on this newsletter

TODAY'S MOST-READ STORIES:

1. 5 new ways to authenticate users
2. FAQ: What Avaya going private is all about
3. What Google bought in the past 12 months
4. Churn in the VoIP market?
5. Will Cisco suffer IBM's fate?
6. Firefox flaws raise Mozilla security doubts
7. Adult filmmakers taking their lumps on ‘Net?
8. Avaya goes private in $8.2B deal
9. Slideshow: 5 new ways to authenticate users
10. Stealthy attack serves malicious code only once

MOST-READ REVIEW:
How low can your data go with virtual tape libraries?


Contact the author:

M. E. Kabay, Ph.D., CISSP-ISSMP, is Associate Professor of Information Assurance and CTO of the School of Graduate Studies at Norwich University in Northfield, Vt. Mich can be reached by e-mail and his Web site.



ARCHIVE

Archive of the Security Strategies Newsletter.


BONUS FEATURE

IT PRODUCT RESEARCH AT YOUR FINGERTIPS

Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details.


PRINT SUBSCRIPTIONS AVAILABLE
You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today.

International subscribers, click here.


SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here.

This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription.


Advertising information: Write to Associate Publisher Online Susan Cardoza

Network World, Inc., 118 Turnpike Road, Southborough, MA 01772

Copyright Network World, Inc., 2007

No comments: