New INFOSEC workbook now online

Security Strategies This newsletter is sponsored by SolarWinds The Shortcut Guide to Network Management for the Mid-Market This guide outlines real-world technologies and processes to implement centralized management of your network infrastructure. Using the OSI FCAPS model as a framework, this eBook explains the critical components of fault, performance, configuration and security management, as well as network troubleshooting and diagnostics. Network World's Security Strategies Newsletter, 07/03/07 New INFOSEC workbook now online By M. E. Kabay Regular readers of this column know that I give a graduate seminar to my MSIA students every year in June called “INFOSEC Year in Review” or “IYIR” for short. This year the 135 graduating students and about 50 more students who will graduate in December received a 453-page book with 1,240 abstracts (including introductory material such as the list of categories) dating from Jan. 1, 2006, through May 30, 2007, classified using 280 possible categories. The workbook is a selection I made from a total of 3,532 abstracts in that period. The full database and a complete PDF listing of the contents will be posted on my Web site later after some volunteers and I finish adding keywords to the abstracts. I added up my time sheets on this project and it personally took me 163.5 hours from mid-May to mid-June to enter, format, and classify those abstracts; I tell you, I sure missed my research assistants this year! Get Everyone from the CEO to the MySpace Generation to Support Your Security Plans. September 10-11, 2007 | The Fairmont Chicago How do you get everyone from the boardroom to the mailroom to comply with your security initiatives? Come collaborate with peers on critical business topics like this at The Security Standard-the only business summit for senior security executives. For the latest in planning and management strategies. Click here for more details. Click here for more details For now, readers may download the 3MB PDF file http://www2.norwich.edu/mkabay/msia/conference/2007/IYIR_2007-06.pdf freely for non-commercial uses such as teaching, research or just plain reading. Please do not post copies of the file on the Web - multiple copies are impossible to keep updated, and I do issue corrected versions of these files as I catch typos and other errors. The IYIR course always sparks interesting discussions among the participants, and I hope that readers will be able to use the workbook fruitfully for brown-bag lunches and other stimulating meetings to discuss trends in information assurance. I doubt you will want to print this fairly hefty workbook, but you are welcome to do so if you want to as long as you don’t sell it (growl). The workshop is broken into four sections (morning and afternoon of the two days) and the codes correspond to the parts: those beginning with 1 correspond to topics for the morning of Day 1 and so on. Some of the sections (and their codes) that I found particularly interesting this year in discussions with the graduate students were the following: 14.4 Trojans 14.5 Rootkits & back doors 14.6 Bots & botnets 16.3 Infrastructure vulnerabilities 16.5 Military perspectives on cyberwar & battlespace 18.1 Stolen equipment or media 18.2 Lost or missing equipment or media 1A7 Contests 23.7 VoIP 23.A Open-source software 24.6 Wireless 25.1 Remote control, RATs, reprogramming, auto-updates 25.2 Jamming 26.3 Keystroke loggers 26.4 Cell/mobile phones tracking, eavesdropping & cameras 29.4 Online & electronic voting 29.7 Social networks 31.1 Surveys, studies 31.2 Audits, GAO reports 31.4 New technology with potential security vulnerabilities or implications 33.2 Spam, spim, spit, splogs, phish, vish & pharms 33.5 Data-encryption policies 33.6 Outsourcing & offshoring 43.2 Biometrics 43.7 IPv6 & Internet2 49.1 U.S.-government surveillance 49.2 Non-U.S.-government surveillance 49.3 Anti-terrorist measures 49.4 Airport & Air Transport security 49.7 National ID cards/documents; REAL ID I hope you will find the document useful and perhaps even stimulating.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. The $2.3M home lab of Quadruple CCIE 2. Top 25 'iPhonies' 3. Harry Potter worm says he is dead 4. Withdrawn Black Hat paper hints at security flaws 5. iPhone buzz reaches to Microsoft's back yard 6. Lawyers show how to avoid hiring an American 7. 3Com to spin out TippingPoint 8. IPv6 D-Day is coming up fast 9. Gartner to IT: Avoid Apple's iPhone 10. Hackers target C-level execs and their families MOST E-MAILED STORY: How MySpace is hurting your network

Contact the author: M. E. Kabay, Ph.D., CISSP-ISSMP, is Associate Professor of Information Assurance and CTO of the School of Graduate Studies at Norwich University in Northfield, Vt. Mich can be reached by e-mail and his Web site. This newsletter is sponsored by SolarWinds The Shortcut Guide to Network Management for the Mid-Market This guide outlines real-world technologies and processes to implement centralized management of your network infrastructure. Using the OSI FCAPS model as a framework, this eBook explains the critical components of fault, performance, configuration and security management, as well as network troubleshooting and diagnostics. ARCHIVE Archive of the Security Strategies Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007