Security periodicals written by experts

NETWORK WORLD NEWSLETTER: M. E. KABAY ON SECURITY
08/04/05
Today's focus: Security periodicals written by experts

Dear security.world@gmail.com,

In this issue:

* NUJIA hits the Web
* Links related to Security
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by SPI Dynamics
FREE Product Trial: "Protect Your Web Applications from Hacker
Attack!"

WebInspect 5.5 employs threat agents to simulate attackers
analyzing your web applications, formulating attacks and
applying them to determine if vulnerabilities exist. Run a FREE
Test of your Web Apps via our FREE 15 Day Product Trial that
delivers a comprehensive vulnerability report.
http://www.fattail.com/redir/redirect.asp?CID=109011
_______________________________________________________________
CAN'T STAND THE HEAT?

Neither can your servers. Having dense servers means more heat
and more power consumption in smaller spaces. Find out why just
adding more air conditioners won't cut it and what you need to
do to stay cool this summer... and beyond. Click here:
http://www.fattail.com/redir/redirect.asp?CID=109066
_______________________________________________________________

Today's focus: Security periodicals written by experts

By M. E. Kabay

As information security grows in importance and recognition,
security practitioners can sometimes feel overwhelmed by the
flood of information available through published journals,
magazines, and the Web. For example, my favorite information
security portal <http://www.infosyssec.com/> is packed with
resource links. The SecurityTraq section lists 60 white papers
and magazines about the topic of management of security,
networks and systems, most of which are free to professionals.

Many fine security publications rely on their editors and
editorial boards to suggest or select writers for new topics or
to evaluate proposals for or drafts of articles. Most of these
publications also have columnists who publish regularly. Funding
is this usually through advertising. Although articles often
include references for further reading in these commercial
publications, the style is largely relatively informal and easy
to read. In addition, the simple editorial review process makes
for speedy publication and highly topical reading.

Another category of security periodicals is the peer-reviewed
scholarly journals. In addition to editorial review, these
publications rely on a system known as peer review: typescripts
are sent to a number of reviewers with expertise in the subject
area. These referees comment on the substance and style of the
writing, make suggestions for improvement, and offer their
judgment of whether the paper should be published at all. To
avoid bias resulting from friendships or animosity, this process
is sometimes refined by removing identifying information about
the author(s) from the typescript in a process known as blind
peer review. Typically, a scholarly journal requires every
assertion of fact to be backed up by direct observation or by
reference to published sources.

Scholarly journals are mostly sponsored by commercial publishing
houses, associations, government agencies or universities. Many
of these journals cost hundreds of dollars for a subscription.
Examples of scholarly journals in information assurance (and
their publishers and yearly cost in U.S. dollars) include

* _Computers of the & Security_ (Elsevier, $800)
* _Computer Security Journal_ (Computer Security Institute,
  $110)
* _The Computer Law and Security Report_ (Elsevier, $1049)
* _The John Marshall Journal of Computer & Information Law_
  (J.M. Law School, $97.50)

As I have written before in this column
<http://www.networkworld.com/nlsec4412>, my colleagues and I
have created the Norwich University Journal of Information
Assurance as a peer-reviewed journal that is available to all at
no cost. Our editor, G. Will Milor, MSIA, CISSP, ISSMP, is
funded through the MSIA program and the journal is particularly
interested in publishing work from MSIA students and
instructors. We also welcome submissions from the entire
security community. We publish our documents as PDF files that
are freely downloadable and printable and (unlike many journals)
our authors keep their copyright on their material so they can
freely use their own writing later without having to ask for
permission from anyone.

Our first issue is up on the Web at <http://nujia.norwich.edu/>
and includes a valuable case study by Damon Small, MSIA, CISSP,
GSCEC on identifying, localizing and neutralizing a network worm
infestation. Courtney Falk, a graduate student at Purdue
University's Center for Education and Research in Information
Assurance and Security <http://www.cerias.purdue.edu/>, has
published a thoughtful article challenging hackers on ethical
grounds. John Orlando, PhD, the MSIA's original administrative
program director, addresses weaknesses in the conventional
approaches to ethical decision making (including mine!) and
provides fascinating and valuable insights into more effective
approaches to applying ethical reasoning to information
technology questions.

Come and visit - and please feel free and encouraged to submit
ideas for articles to our editor <mailto:nujia@norwich.edu> or
to me directly.

**CORRECTION:

In the article "Thesis spells out threats to VoIP"
<http://www.networkworld.com/nlsec4413> I sent the editor a
draft that contained the sentence "I was able to reach
Thalhammer and he pointed me to additional VoIP research that he
has published."

Unfortunately, this was a _placeholder_ in my draft and I should
have taken it out before sending it in! I never was able to
contact Thalhammer (his e-mail addresses were dead). I apologize
to everyone for this error and hope that Thalhammer will
eventually hear that I am trying to reach him. If I do, I shall
report on his further research if I can. And I won't put
placeholders in my drafts any more.

The top 5: Today's most-read stories

1. Leaked Cisco slides pulled after legal threats
<http://www.networkworld.com/nlsec4414>

2. Gartner: Bank card fraud too easy for phishers
<http://www.networkworld.com/nlsec4415>

3. BellSouth cuts DSL pricing
<http://www.networkworld.com/nlsec4416>

4. Cisco vulnerability posted to Internet
<http://www.networkworld.com/nlsec4417>

5. Google now a hacker's tool
<http://www.networkworld.com/nlsec4418>
_______________________________________________________________
To contact: M. E. Kabay

M. E. Kabay, Ph.D., CISSP, is Associate Professor in the
Division of Business and Management at Norwich University in
Northfield, Vt. Mich can be reached by e-mail
<mailto:mkabay@norwich.edu> and his Web site
<http://www2.norwich.edu/mkabay/index.htm>.

New information assurance journal - Norwich University Journal
of Information Assurance (NUJIA). See
<http://nujia.norwich.edu/>
_______________________________________________________________
This newsletter is sponsored by Ciena
NetworkWorld Special Report - The Adaptive WAN: The factors
driving WAN evolution

A combination of business and technology trends are changing the
demands on the enterprise WAN. This NetworkWorld Special Report
explores some of the key business and technology trends that are
driving and enabling the evolution of the enterprise WAN and how
the enterprise WAN can become adaptive to support these trends.
http://www.fattail.com/redir/redirect.asp?CID=109220
_______________________________________________________________
ARCHIVE LINKS

Archive of the Security newsletter:
http://www.networkworld.com/newsletters/sec/index.html

Security Research Center:
http://www.networkworld.com/topics/security.html

Instant sign-up for Security News Alert:
http://www.networkworld.com/isusecna

Instant sign-up for Virus & Bug Patch Alert:
http://www.networkworld.com/isubug
_______________________________________________________________
FEATURED READER RESOURCE
HARD WORK, GOOD PAY

According to Network World's 2005 Salary Survey, network
professionals are enjoying substantial increases in pay,
especially at the highest- and lowest-tier job titles. But are
those increases coming with higher titles, more work or both?
Find out if compensation alone is keeping network professionals
happy in their careers - or is something else? Click here:
<http://www.networkworld.com/you/2005/072505-salary-survey.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005