Rob
Slade's Security Glossary
"This glossary concentrates on usage of terms. Capitalization
and spelling generally follows the most common usage, except where
such usage can be shown to be based on a specific error. Acronyms
and phrases have the definition placed with the most commonly
used form: for example, in most cases the phrase "denial
of service" is used unless it has been previously defined
in an article as the acronym "DoS," whereas the acronym
"DDoS" is almost universally used in preference to the
phrase "distributed denial of service." In all cases
an attempt has been made to have a link from the lesser used form
to the definition." Alternate link: http://victoria.tc.ca/int-grps/books/techrev/secgloss.htm
Security
News and Alerts - Gideon T. Rasmussen
It can be difficult to keep up with new security threats and vulnerabilities.
Newsletters, advisories and groups are an effective way to cover
a wide variety of developments with limited effort.
Recently
Prosecuted Computer Cases - U.S. Department of Justice
This page provides a summary of recently prosecuted computer cases.
Many cases have been prosecuted under the computer crime statute,
18 U.S.C. §1030. This listing is a representative sample;
it is not exhaustive.
Information Security Surveys
2006 CSI/FBI Computer
Crime and Security Survey (30 pages)
The Computer Security Institute (CSI) with the participation of the San Francisco Federal Bureau of
Investigation's (FBI) Computer Intrusion Squad today released its 2006 report citing that virus attacks are
the leading cause of financial losses. The top four categories -- virus attacks, unauthorized access to
networks, lost/stolen laptops or mobile hardware and theft of proprietary information or intellectual
property -- according to the 2006 Computer Crime and Security Survey, account for more than 74 percent of
financial loss.
Deloitte 2006
Security Survey (44 pages)
The 2006 Global Security Survey, produced by the member firms of Deloitte Touche Tohmatsu, is the fourth
annual assessment of the state of information security across the world. Among the compelling findings:
attacks are becoming more sophisticated — in some cases leading to government intervention; identity theft
is increasingly conducted by professional hackers; and business continuity management is essential in
planning for the unexpected. The study incorporates feedback from chief information security/chief security
officers, their designates and security management teams at more than 150 global financial institutions
from Asia Pacific, EMEA, Latin America/Caribbean and North America.
State of Information
Security 2005 Report - CIO & PWC (8 pages)
This worldwide study represents a broad range of industries. The results are based on the responses of more
than 8,200 CEOs, CFOs, CIOs, CSOs, and vice presidents and directors of IT and information security from
63 countries.
2005 E-Crime Watch Survey -
CERT (19 pages)
The E-Crime Watch survey results reveal the fight against electronic crimes (e-crimes) may be paying off.
Thirteen percent (13%) of the 819 survey respondents—more than double the 6% from the 2004 survey—report
the total number of e-crimes (and network, system or data intrusions) decreased from the previous year; 35%
report an increase in e-crimes and 30% report no change. Almost one third (32%) of respondents experienced
fewer than 10 e-crimes (versus the 25% reported in 2004), while the average number of e-crimes per respondent
decreased to 86 (significantly less than 136 average reported in the 2004 survey).
Operating System Hardening
Benchmarking
Tools - The Center For Internet Security
The CIS vulnerability assessment tools provide a quick way to
evaluate systems and networks, comparing their security configurations
against the CIS benchmark hardening standards. They automatically
create reports that guide users and system administrators to secure
both new installations and production systems. CIS tools are also
effective for monitoring systems to assure that security settings
continuously conform with CIS Benchmark configurations. CIS offers
tools and benchmark standards for Win2K, NT, Solaris, Linux, HP-UX,
Cisco IOS and Oracle databases.
Solaris
Hardening Document - Gideon T. Rasmussen
"This document details the configuration, hardening, monitoring
and vulnerability assessment of the Solaris operating system.
It can also be used as a configuration standard, providing a baseline
to audit against. It is important to understand the configurations
at a granular level to troubleshoot outages. Installs and hardening
can be automated with Jumpstart and the Solaris Security Toolkit
(respectively)."
