First Topic Listing
Previous Topic Listing
Next Topic Listing
Last Topic Listing
Dr. Simon Liu explained that the biggest threats for computer security at NLM are from information gathering and viruses and that the challenge is to maintain performance and reliability in the face of these threats. The current security architecture at NLM includes three zones, however, in 2002, they will be moving to a five zone architecture. The new architecture separates the internal IDS from the incident monitoring and for public servers from the private servers. Dr. Liu characterized the new system as being multidimensional in nature. He closed by saying that good security is better than perfect security that can never be implemented. A presentation at the February 2002 CENDI meeting.
ICSU is a non-governmental organization, founded in 1931 to bring together natural scientists in international scientific endeavor. The Council acts as a focus for the exchange of ideas and information and the development of standards. This site links to the conference program, committees, and summaries of invited papers for this joint conference with UNESCO. The 13 invited papers cover topics on standards, archiving, electronic publishing in developing countries, digital libraries, S&T information, copyright, data security, and economics of information.
A review of standards and initiatives aimed at STM publishers. These standards are to be applied to identifying digital information objects and creating metadata for Web-based publishing. The document provides summaries of activities with links to projects documented on the Web for the following topics: electronic commerce systems, the Publisher Item Identifier (PII), International Standard Work Code (ISWC), Serial Item and Contribution Identifier (SICI), Digital Object Identifier (DOI), Meta Content Framework (MCF) and others. A list of themes for solutions for STM publishers and a glossary of acronyms are included at the end. The summaries and embedded links to additional information on standards for STI Web publishing make this an excellent overview of emerging standards and initiatives.
This report discusses the state of knowledge regarding secure, trustworthy and reliable systems, and outlines a research agenda to improve trust in cyberspace. The nation's security relies on a variety of infrastructures for telecommunications, finance, transportation, etc. All of these systems are increasingly dependent on computers and computer network technology.
Description of the CNI organization. There are over 200 institutional members, predominantly higher education institutions. All are concerned about the impact of networking on education. Four major areas of effort: general advocacy about networked information, content and organization on the Internet, organization and professional issues, including strategies and best practices, and standards and infrastructure. Specific projects in these areas are described. Of particular interest is distance learning/education.
This report discusses the role that cryptography has played in security information to date, and discusses the law enforcement and national security dilemmas that are posed by cryptography. The global economy requires the sharing of information, even sensitive information, with appropriate parties, across national boundaries. However, it is important for competitiveness and national security that this information be protected from vandalism or interception. The committee recommends that national policy should be changed to support the broad use of cryptography in ways that take into account security as well as privacy, economic competitiveness and other competing interests. A framework for a new national cryptography policy is outlined.
This document collects papers from this conference which cover a wide range of topics including encryption, intellectual property related metadata for rights management, secure servers, copyright management systems, etc.
The Council on Library and Information Resources held a workshop to begin a discussion among communities that have a stake in the authencity of digital information. Another goal of the workshop was to create a common understanding of the key terms and concepts surrounding authenticity. In order to prepare for the discussion, five individuals were asked to write position papers that identify the attributes that define authentic digital data over time. The papers and workshop discussions are presented in this publication.
This article reports on the ongoing work of the International Research on Permanent Authentic Records in Electronic Systems (InterPARES). This project is involved in taking a record-centric approach to the development of a typology of requirements for maintaining the authenticity of records over time. Authenticity issues and long-term preservation are central to the work of this project. The article covers the requirements for preserving the authenticity of electronic records, provides a template for analysis and a model of the preservation process and the appraisal of electronic records. The authors conclude by identifying several key areas of concern.
This memorandum transmits OMB guidance to executive agenices concerning the interpretation and implementation of the Electronic Signatures in Global and National Commerce Act (E-SIGN) (Public Law 106-229) enacted on June 30, 2000. This law enables companies to contract online to buy and sell a broad array of products and services. Although it eliminates barriers to electronic commerce, it also provides consumers with protections equivalent to those available in the world of paperbased transactions. The Guidance provides an overview of E-SIGN and suggests some steps for Federal agency implementation.
This White paper summarizes some of the insights from a RAND Workshop regarding the issues of email communication between federal agencies and citizens. The authors point out that a secure communications system between the government and individual citizens for the transmission of sensitive information needs to be created.. This system should have strong provisions for privacy, integrity, and authentication. The Government also needs to promulgate security standards that can be adopted by non-governmental users. Several components of a secure system including identity, authority, and certificate authorities are discussed at length. The Social Security Administration, the U.S. Postal Service, and state departments of motor vehicles were pointed out as being agencies that would benefit from such a system. In conclusion, the authors provide a summary of the primary issues that would need to be resolved before such a system could be put in place. These include the responsibilities of certificate authorities; private key management and protection; legal status of electronic transactions; key escrow laws and standards; cost issues; relations among certificate authorities; e-mail addresses for all citizens; and equal access to government services. In conclusion, the authors suggest that the best approach to the problem is an incremental, experimental one and that success will largely depend on education and training.
ITAA is a trade organization with over 26,000 members from a broad spectrum of the U.S. IT industry. The Web site focuses on information about the IT industry, its issues, association programs, publications, reports, new developments, electronic commerce, ASP, information security, and NextGen as well as many other topics.
This report discusses the problem of public safety and national security in regards to the Internet. The collection and use of information brought about by the revolution in information technology has created controversy in issues of privacy, public safety, and national security on the Internet. The author discusses the complexities of addressing these issues in todays technological world. To illustrate the need for law enforcement and security on the Internet, he briefly details some examples of computer crimes, e.g. computer hacking, Internet fraud, child pornography, espionage. The challenge is to balance the needs of commerce, law enforcement, national security, and privacy. Past approaches to the problem have been reactive. Mr. Charney recommends a re-evaluation of our fundamental assumptions about how to protect public safety and national security and the interplay between government and industry. The Internet has remained basically unregulated by the government. The responsibility for protecting the nation's critical infrastructure has been left to the private sector. While self regulation may appeal to the corporate sector, it should not be forgotten that public safety and national security are not their primary objectives. The concerns of Internet privacy makes this issue even more complex as our laws have been developed on an ad hoc basis. Access to confidential data is sometimes more dependent on technological choices rather than the information that is being protected. In conclusion, the author points out that many or our laws, procedures, and organizational structures are outdated and prevent us from meaningfully addressing major security violations. We want privacy, free markets, public safety, and national security, even though these goals are both compatible and contradictory. The author urges a re-thinking our legal, economic, and social regimes, how we protect data, promote economic growth, and respond to security violations. We need to strike a balance and not let markets dictate the choices.
This report describes the principal findings made in planning and coordinating PKI initiatives, discusses the major challenges of interoperability, operational experience, affordability, policies and procedures, and trained personnel that would be required for full PKI Implementation. The report also discusses the Committee's recommendations for executive action that would ensure the security of federal information systems. This report was made in response to House Representative Stephen Horn's request that GAO review the federal government's public key infrastructure (PKI) strategy and initiatives to assess the issues and challenges that would be faced when adopting this new technology throughout the government. PKI is considered an enabler of electronic government and the Federal PKI Steering Committee found that there has been progress in seeding PKI technology throughout the government, however, designing and implementing large-scale systems using this technology remains a large task.
This web site, sponsored by the Defense Information Systems Agency, serves as a clearinghouse for information assurance (IA) information. Some information is restricted to *.mil and *.gov users, however the public can access the policy and guidance sections which includes executive orders, national directives, standards and policies. The site also has a public key infrastructure (PKI) section that contains links to policy documents, other web site links (some sections in this area are not publicly available). Also of interest is the site's "What's New" section, most of which is publicly available.
The IATAC is a U.S. Department of Defense Information Analysis Center (IAC) sponsored by the Defense Technical Information Center (DTIC). The IATAC serves as the Department of Defense's central access point for information on Information Assurance emerging technologies in system vulnerabilities, research and development, models and analysis to support the development and implementation of effective defense against information warfare attacks. The site provides access to reports on vulnerability analysis, intrusion detection, review of products, and related information. Newly added information can easily be found by checking the "What's New" page. The site provides a recommended reading list, a list of their upcoming conference and training programs, and access to their newsletter.
The Internet Storm Center (ISC) web site gathers network intrusion detection log entries on a daily basis in an effort to track new network attacks faster, isolating the sites that are used for attacks, and providing authoritative data on the types of attacks being mounted against computers in various industries and regions around the globe. The Internet Storm Center is free to the Internet community, and is supported by the SANS Institute.
The National Infrastructure Protection Center (NIPC) has been absorbed in the DHS as Information Analysis Infrastructure Protection. The DHS/IAIP web site provides information on new threats to computer security. Pertinent laws, federal guidelines, and information systems security education and training opportunies are accessible on the site. The web site also provides access to the Department of Homeland Security's infrastructure warnings that are issued as assessments, advisories, alerts, and info-bulletins. A list of related sites has also been included.
The CERT Coordination Center (CERT/CC) is a federally funded research and development center operated by Carnegie Mellon University. CERT is a center of Internet Security expertise, located at the Software Engineering Institute. The web site provides a range of network security information. The Center's work includes publishing security alerts, researching long-term changes in networked systems, handling computer security incidents and vulnerabilities, and developing educational information and training programs to improve security.
The FedCIRC is part of the Department of Homeland Security's Information Analysis and Infrasstructure Protection (IAIP). Information about FedCIRC can be found under the Threats and Protection banner on the DHS web site. The web site provides information on incident prevention and reporting, incident analysis and response. The site contains informational notices, advisories, research vulnerabilities, definitions, reporting requirements and related information.
NIST's Computer Security Resource Center's mission is to improve information systems security by raising awareness of IT risks, vulnerabilities and protection requirements; researching, studying, and advising agencies of IT vulnerabilities and devising techniques for the cost-effective security and privacy of sensitive Federal systems; developing standards, metrics, tests and validation programs; and developing guidance to increase secure IT planning, implementation, management and operation. The web site contains a wealth of security related information and descriptions of the Center's recent projects on cryptographic standards and applications; security testing; security research and emerging technology; security management and guidance; and outreadch, awareness and education.
This document presents the key findings of a larger paper on the subject of information technology (IT) security at colleges and universities. This security is essential for protecting information assets, enhancing institutional reputation, and ensuring compliance with state and federal regulations. The study investigated the state of IT security practices in higher education and made comparisons in higher education areas to those relative to industry. Among the topics examined were current uses of IT security, and IT security management, policies, and procedures. The challenges and barriers to IT security were also discussed. Larger paper available for purchase at http://www.educause.edu/asp/doclib/abstract.asp?ID=ERS0305
First Topic Listing |
Previous Topic Listing |
Next Topic Listing |
Last Topic Listing |