Cyber Security and Global Information Assurance: Threat Analysis and Response Solutions

Book Publication Information

2009-04-03T18:29:00.000-07:00

Thanks to all the author-contributors, advisory board members, reviewers, supporters, and the publisher, IGI Global, who helped make this project a reality! -- Virtual regards, the editor.

Book information available at: IGI Global

Table of Contents with Short Abstracts

2009-01-08T09:00:00.000-08:00

Book Publication: April 2009 -- Publisher: IGI Global

Editor: Kenneth Knapp, USAF Academy, USA

Foreword by Merrill Warkentin, Mississippi State University, USA

------- ------- -------

SECTION I: RISK & THREAT ASSESSMENT

Chapter I. Dynamic Modeling of the Cyber Security Threat Problem: The Black Market for Vulnerabilities

Jaziar Radianti, University of Agder, Norway
Jose. J. Gonzalez, University of Agder and Gjøvik University College, Norway

This paper discusses the possible growth of black markets (BMs) for software vulnerabilities and factors affecting their spread. The authors conduct a disguised observation of online BM trading sites to identify causal models of the ongoing viability of BMs. Results are expressed as a system dynamic model and suggest that without interventions, the number and size of BMs is likely to increase. A simulation scenario with a policy to halt BM operations results in temporary decrease of the market. Combining the policy with efforts to build distrust among BM participants may cause them to leave the forum and inhibit the imitation process to establish similar forums.

Chapter II. An Attack Graph Based Approach for Threat Identification of an Enterprise Network

Somak Bhattacharya, Indian Institute of Technology, India
Samresh Malhotra, Indian Institute of Technology, India
S. K. Ghosh, Indian Institute of Technology, India

As networks continue to grow in size and complexity, automatic assessment of the security vulnerability becomes increasingly important. The typical means by which an attacker breaks into a network is through a series of exploits, where each exploit in the series satisfies the pre-condition for subsequent exploits and makes a causal relationship among them. Such a series of exploits constitutes an attack path where the set of all possible attack paths form an attack graph. Attack graphs reveal the threat by enumerating all possible sequences of exploits that can compromise a given critical resource. The contribution of this chapter is to identify the most probable attack path based on the attack surface measures of the individual hosts for a given network and subsequently to identify the minimum securing options. As a whole, the chapter deals with the identification of probable attack path and risk mitigation that can significantly help improve the overall security of an enterprise network.

Chapter III. Insider Threat Prevention, Detection and Mitigation

Robert F. Mills, Air Force Institute of Technology, USA
Gilbert L. Peterson, Air Force Institute of Technology, USA
Michael R. Grimaila, Air Force Institute of Technology, USA

This chapter introduces the insider threat and discusses methods for preventing, detecting, and responding to the threat. Trusted insiders present one of the most significant risks to an organization. They possess elevated privileges when compared to external users, have knowledge about technical and non-technical control measures, and potentially can bypass security measures designed to prevent, detect, or react to unauthorized access. The authors define the insider threat and summarize various case studies of insider attacks in order to highlight the severity of the problem. Best practices for preventing, detecting, and mitigating insider attacks are provided.

Chapter IV. An Autocorrelation Methodology for the Assessment of Security Assurance

Richard T. Gordon, Bridging The Gap, Inc., USA
Allison S. Gehrke, University of Colorado, Denver, USA

This chapter describes a methodology for assessing security infrastructure effectiveness utilizing formal mathematical models. The goal of this methodology is to determine the relatedness of effects on security operations from independent security events and from security event categories, identify opportunities for increased efficiency in the security infrastructure yielding time savings in the security operations and identify combinations of security events which compromise the security infrastructure. The authors focus on evaluating and describing a novel security assurance measure that governments and corporations can use to evaluate the strength and readiness of their security infrastructure.

Chapter V. Security Implications for Management from the Onset of Information Terrorism

Ken Webb, Perth, Australia

In this chapter, the author presents the results of a qualitative study and argues that a heightened risk for management has emerged from a new security environment that is increasingly spawning asymmetric forms of Information Warfare. This chapter defines for readers what the threat of Information Terrorism is and the new security environment that it has created. Security implications for management have subsequently evolved, as managers are now required to think about the philosophical considerations emerging from this increasing threat.

SECTION II: ORGANIZATIONAL AND HUMAN SECURITY

Chapter VI. The Adoption of Information Security Management Standards: A Literature Review

Yves Barlette, GSCM-Montpellier Business School, France
Vladislav V. Fomin, Vytautas Magnus University, Lithuania and Rotterdam School of Management, The Netherlands

This chapter discusses major information security management standards, particularly the ISO/IEC 27001 and 27002 standards. A literature review was conducted in order to understand the reasons for the low level of adoption of information security standards by companies, and to identify the drivers and the success factors in implementation of these standards. Based on the findings of the literature review, the authors provide recommendations on how to successfully implement and stimulate diffusion of information security standards.

Chapter VII. Data Smog, Techno Creep and the Hobbling of the Cognitive Dimension

Peter R. Marksteiner, U. S. Air Force, USA

The overabundance of information, relentless stream of interruptions, and potent distractive quality of the Internet can draw knowledge workers away from productive cognitive engagement. Information overload is an increasingly familiar phenomenon, but evolving United States military doctrine provides a new analytical approach and a unifying taxonomy organizational leaders and academicians may find useful. Using military doctrine and thinking to underscore the potential seriousness of this evolving threat should inspire organizational leaders to recognize the criticality of its impact and motivate them to help clear the data smog, reduce information overload, and communicate for effect.

Chapter VIII. Balancing the Public Policy Drivers in the Tension between Privacy and Security

John W. Bagby, The Pennsylvania State University, USA

The public expects that technologies used in electronic commerce and government will enhance security while preserving privacy. This chapter posits that personally identifiable information is a form of property that flows along an “information supply chain” from collection, through archival and analysis and ultimately to its use in decision-making. The conceptual framework for balancing privacy and security developed here provides a foundation to develop and implement public policies that safeguard individual rights, the economy, critical infrastructures and national security. The illusive resolution of the practical antithesis between privacy and security is explored by developing some tradeoff relationships using exemplars from various fields that identify this quandary while recognizing how privacy and security sometimes harmonize.

Chapter IX. Human Factors in Security: The Role of Information Security Professionals within Organizations

Indira R. Guzman, TUI University, USA
Kathryn Stam, SUNY Institute of Technology, USA
Shaveta Hans, TUI University, USA
Carole Angolano, TUI University, USA

This chapter contributes to a better understanding of role conflict, skill expectations, and the value of information technology (IT) security professionals in organizations. Previous literature has focused primarily on the role of information professionals in general but has not evaluated the specific role expectations and skills required by IT security professionals in today’s organizations. The authors take into consideration the internal and external factors that affect the security infrastructure of an organization and therefore influence the role expectations and skills required by those who are in charge of security. The authors describe the factors discussed in the literature and support them with quotes gathered from interviews conducted with information security professionals in small organizations in central New York. They present a set of common themes that expand the understanding of this role and provide practical recommendations that would facilitate the management of these professionals within organizations.

Chapter X. Diagnosing Misfits, Inducing Requirements, and Delineating Transformations within Computer Network Operations Organizations

LTJG Nikolaos Bekatoros, US Naval Postgraduate School, USA
Major Jack L. Koons III, US Naval Postgraduate School, USA
Dr. Mark E. Nissen, US Naval Postgraduate School, USA

In this chapter, the authors use Contingency Theory research to inform leaders and policy makers regarding how to bring their Computer Networked Operations (CNO) organizations and approaches into better fit, and hence to improve performance. The authors identify a candidate set of organizational structures that offer potential to fit the U. S. Department of Defense better as it strives, and struggles, to address the technological advances and risks associated with CNO. Using the Organization Consultant expert system to model and diagnose key problems, the authors propose a superior organizational structure for CNO that can also be applied to organizations in the international environment. Results elucidate important insights into CNO organization and management, suitable for immediate policy and operational implementation, and expand the growing empirical basis to guide continued research

Chapter XI. An Approach to Managing Identity Fraud

Rodger Jamieson, The University of New South Wales, Australia
Stephen Smith, The University of New South Wales, Australia
Greg Stephens, The University of New South Wales, Australia
Donald Winchester, The University of New South Wales, Australia

This chapter outlines components of a strategy for government and a conceptual identity fraud management framework for organizations. Identity crime, related cybercrimes and information systems security breaches are insidious motivators for governments and organizations to protect and secure their systems, databases and other assets against intrusion and loss. Model components used to develop the identity fraud framework were selected from the cost of identity fraud, identity risk management, identity fraud profiling, and fraud risk management literature.

SECTION III: EMERGENCY RESPONSE PLANNING

Chapter XII. A Repeatable Collaboration Process for Incident Response Planning

Alanah Davis, University of Nebraska at Omaha, USA
Gert-Jan de Vreede, University of Nebraska at Omaha, USA
Leah R. Pietron, University of Nebraska at Omaha, USA

This chapter presents a repeatable collaboration process as an approach for developing a comprehensive Incident Response Plan for an organization or team. This chapter discusses the background of incident response planning as well as Collaboration Engineering, which is an approach to design repeatable collaborative work practices. A collaboration process for incident response planning is presented that was designed using Collaboration Engineering principles, followed by a discussion of the application process in three cases. The presented process is applicable across organizations in various sectors and domains, and consist of codified ‘best facilitation practices’ that can be easily transferred to and adopted by security managers.

Chapter XIII. Pandemic Influenza, Worker Absenteeism and Impacts on Critical Infrastructures: Freight Transportation as an Illustration

Dean A. Jones, Sandia National Laboratories, USA
Linda K. Nozick, Cornell University, USA
Mark A. Turnquist, Cornell University, USA
William J. Sawaya, Texas A&M University, USA

A pandemic influenza outbreak could cause serious disruption to operations of several critical infrastructures as a result of worker absenteeism. This paper focuses on freight transportation services, particularly rail and port operations, as an illustration of analyzing performance of critical infrastructures under reduced labor availability. Using current data on performance of specific rail and port facilities, the authors reach some conclusions about the likelihood of severe operational disruption under varying assumptions about the absentee rate. Other infrastructures that are more dependent on information technology and less labor-intensive than transportation might respond to large-scale worker absenteeism in different ways, but the general character of this analysis can be adapted for application in other infrastructures such as the cyber infrastructure.

Chapter XIV. Information Sharing: A Study of Information Attributes and their Relative Significance During Catastrophic Events

Preeti Singh, University at Buffalo, the State University of New York, USA
Pranav Singh, University at Buffalo, the State University of New York, USA
Insu Park, University at Buffalo, the State University of New York, USA
JinKyu Lee, Oklahoma State University, USA
H. Raghav Rao, University at Buffalo, the State University of New York, USA

We live in a digital era where the global community relies on Information Systems to conduct all kinds of operations, including averting or responding to unanticipated risks and disasters. This chapter focuses on Information Sharing within a disaster context. To study the relative significance of various information dimensions in different disaster situations, content analyses are conducted. The results are used to develop a prioritization framework for different disaster response activities, thus to increase the mitigation efficiency. The authors also explore roles played by existing organizations and technologies across the globe that are actively involved in Information Sharing to mitigate the impact of disasters and extreme events.

Chapter XV. An Overview of the Community Cyber Security Maturity Model

Greg B. White, University of Texas at San Antonio, USA
Mark L. Huson, University of Texas at San Antonio, USA

The protection of cyberspace is essential to ensure that the critical infrastructures a nation relies on are not corrupted or disrupted. Government efforts generally focus on securing cyberspace at the national level. In the United States, states and communities have not seen the same concentrated effort and are now the weak link in the security chain. Until recently, there has been no program for states and communities to follow in order to establish a viable security program. The authors develop the Community Cyber Security Maturity Model to provide a framework for communities to prepare, prevent, detect, respond, and recover from potential cyber attacks. This model has a broad applicability and can be adapted to nations and organizations as well.

SECTION IV: SECURITY TECHNOLOGIES

Chapter XVI. Server Hardening Model Development: A Methodology-Based Approach to Increased System Security

Doug White, Roger Williams University, USA
Alan Rea, Western Michigan University, USA

The authors present essential server security components and develop a set of logical steps to build hardened servers. The authors outline techniques to examine servers in both the Linux/UNIX and the Windows Environment for security flaws from both the internal and external perspectives. The chapter builds a complete model covering tactics, and techniques that system administrators can use to harden a server against compromise and attack. The authors build a model to assist those who want to implement and maintain secure, hardened servers not only for today's intense demands but also for the foreseeable future as more servers come online to support new Internet-enabled services.

Chapter XVII. Trusted Computing: Evolution and Direction

Jeff Teo, Montreat College, USA

To effectively combat cyber threats, our network defenses must be equipped to thwart dangerous attacks. However, our software-dominated defenses are woefully inadequate. The Trusted Computing Group has embarked on a mission to use an open standards-based interoperability framework utilizing both hardware and software implementations to defend against computer attacks. Specifically, this group uses trusted hardware called the trusted platform module (TPM) in conjunction with TPM-enhanced software to provide better protection against such attacks. This chapter will detail a brief history of trusted computing, the goals of the Trusted Computing Group and the workings of trusted platforms.

Chapter XVIII. Introduction, Classification and Implementation of Honeypots

Miguel Jose Hernandez y Lopez, Universidad de Buenos Aires, Argentina
Carlos Francisco Lerma Resendez, Universidad Autónoma de Tamaulipas, Mexico

This chapter discusses the basic aspects of Honeypots, how they are implemented in modern computer networks, as well as their practical uses and implementation in educational environments. This chapter covers the most important points regarding the characteristics of Honeypots and Honeynets. The implementation of Honeypots provides an answer to a common question posted by the field of information security and forensics: How to dissect the elements that make up an attack against a computer system. The chapter summarizes the different features and capabilities of Honeypots once they are set up in a production environment.

Book Preface

2009-01-06T09:11:00.000-08:00

PREFACE

In the 2003 publication, The National Strategy to Secure Cyberspace, the United States Government acknowledged, “our economy and national security is now fully dependent on information technology and the information infrastructure” (U. S. Government, 2003, p. 9). The candid use of the word ‘fully’ is no overstatement. If the Internet infrastructure were significantly compromised, critical systems supporting supply chains, financial markets and telecommunications, for example, could simultaneously be severely handicapped or completely cease from functioning.

Particularly since the turn of the century, modern society’s dependence on cyber and information related technologies for daily living has increased at an astonishing rate. Entire cultures of what many call ‘developed nations’ such as the United States are engulfed in a cyber technology way of life that takes for granted the availability and integrity of information systems and the Internet. Additionally, in some ‘developing’ nations, the outsourcing of knowledge work from developed nations has created high-technology subcultures in the developing world. While a global digital divide certainly exists between nations with ready access to cyberspace and those without such access, overall, an increasing global economic dependency on cyberspace is undeniable. Some argue, such as James Lewis in testimony to the U. S. Congress, “Cyber security is now one of the most important national security challenges facing the U. S. This is not some hypothetical catastrophe. We are under attack and taking damage." Indeed, the cyber security situation facing the U. S. has gotten worse in the past decade, while cyberspace now supplies the foundation of much of the nation’s economic activity (Lewis, 2008).

This book addresses the growing societal dependence on information technologies by providing a literature resource for academics and practitioners alike that speaks to the pressing issues facing cyber security from both national and global perspectives. Book chapters cover critical topics to include information security standards, information overload, cyber privacy issues, information terrorism, the cyber security black market, threat assessment for enterprise networks, an analysis of critical transportation infrastructures with cyberspace implications, information sharing during catastrophic events, as well as chapters discussing trusted computing, honeypots and server hardening. The underlying premise of the book stresses the global nature of cyber security problems; in doing so, each chapter provides an analysis of specific threats facing society with proposed solutions. Ultimately, we hope this book will facilitate international cooperation to help build a more secure future in cyberspace.

Before continuing, it is worthwhile to review the term security and offer a formal definition to help explain why books such as this are valuable. Security is the condition of being protected, which includes freedom from apprehension and the confidence of safety; hence, assurance. We can think of security as that which makes safe or protects (Webster's Revised Unabridged Dictionary, 2008). Regarding information or cyber security, both practitioners and academics often stress the importance of three desirable aspects of security: Confidentially, Integrity and Availability. This CIA triad serves as a limited, but useful framework for thinking about and understanding security and how data and cyber-based systems need protecting (Whitman & Mattord, 2004). Security becomes especially critical in hazardous environments when the risk of danger and the consequence from damaging incidents are high. This is the reason why cyber security has become so critical in recent times. We have become progressively dependent on cyberspace for daily living yet the cyber environment is full of serious dangers.

Now that we have briefly framed the term security, we may ask, what aspect of security is most important to enhance our understanding and lower risks? In his edited book titled, Information Security Management: Global Challenges in New Millennium, Dhillon argues that the management of information security should be broader in scope than just focusing on the technological means to achieve proper security (2001). This indeed is the case with the current text: fully grasping today’s challenges requires a broad view of cyber security that includes both technical and managerial dimensions. To this end, each chapter offers a valuable perspective of cyber security and information assurance. If read from cover to cover, the reader will gain a holistic understanding and systems view of cyber security challenges. While the book is not encyclopedic in scope, it offers a broad view of security challenges through eighteen chapters, each dedicated to a different but important topic in the cyber security domain. Each chapter was double blind reviewed. Authors went through a process of submitting a proposal, completing a manuscript, and then revising the manuscript while responding to comments from at least three external reviewers. Finally, each author of an accepted manuscript worked with me to produce a publishable chapter. This process has been immensely valuable to me as the editor. I thoroughly enjoyed working with each author and found the publication process to be professionally satisfying. In reviewing each chapter as the editor, I found myself enlightened and better educated about this dynamic, complex and critical field. It is my hope that readers will share a similar experience.

I divided the book into four major sections each containing at least three chapters. Together, the four sections present a broad and global picture of major cyber security challenges. The first section offers chapters on the theme of Risk & Threat Management. The second section focuses on Organizational and Human Security. The third presents topics covering Emergency Response Planning. Finally, the fourth section covers important Security Technologies.

The book begins with a section on Risk and Threat Assessment. I placed this section first because of my belief that understanding risk and the threat environment is a foremost step in addressing security. In Chapter I, Jaziar Radianti & Jose J. Gonzalez discuss their observations of the black market for software vulnerabilities and the factors affecting its spread. They illustrate a system dynamic model and suggest that, without interventions, the number and size of black markets will likely increase. In Chapter II, Somak Bhattacharya, Samresh Malhotra & S.K. Ghosh provide an attack graph approach to network threat identification. The chapter deals with identifying probable attack graph and risk mitigation in order to improve enterprise security. Chapter III introduces the insider threat and methods for preventing, detecting, and responding to this threat. In their work, Robert F. Mills, Gilbert L. Peterson & Michael R. Grimaila define the insider threat and offer best practices for mitigating this serious problem. Chapter IV describes a method for assessing security infrastructure effectiveness utilizing formal mathematical models. Here, Richard T. Gordon & Allison S. Gehrke discuss a novel security measure that organizations can use to evaluate the strength of their security infrastructure. In the final chapter of this section, Chapter V, Ken Webb argues that a heightened risk for management has emerged from a new security environment that is producing asymmetric forms of information warfare. This chapter aims to provide guidance for future thinking to inform readers about Information Terrorism and the security implications for management.

The second section covers the important area of Organizational and Human Security. While sometimes described as the ‘soft’ or non-technical side of security, this area is often at the very core of many security problems and incidents. In Chapter VI, Yves Barlette & Vladislav V. Fomin discuss major management standards, particularly ISO/IEC 27001 and 27002. Based on the findings of their literature review, the authors recommend how to successfully implement and diffuse information security standards in organizations. Chapter VII covers the important topic of information overload. Peter R. Marksteiner uses military doctrine to underscore the seriousness of the overload threat. The chapter provides a detailed discussion explaining the problem and suggests improvements concerning organizational communication effectiveness. In Chapter VIII, John W. Bagby posits that personally identifiable information flows along an ‘information supply chain’ and offers a useful conceptual framework for balancing privacy and security. In Chapter IX, Indira R. Guzman, Kathryn Stam, Shaveta Hans & Carole Angolano focus on the role of information security professionals in organizations. They explicitly focus on the specific roles, expectations and skills required by IT security professionals based in part on interviews conducted with security professionals. In Chapter X, the authors Nikolaos Bekatoros, Jack L. Koons III and Mark E. Nissen discuss improving the structural fit of organizations involved in Computer Network Operations (CNO). The authors use contingency theory research to inform leaders and policy makers on how to bring CNO organizations into a better fit in order to improve organizational performance. In Chapter XI, Rodger Jamieson, Stephen Smith, Greg Stephens & Donald Winchester offer a strategy for government and a useful framework for identify fraud management. The authors based this framework on a literature review of related fields and organized the framework into anticipatory, reactionary and remediation phases.

The third section of the book deals with the emerging area of Emergency Response Planning. In light of serious external threats from terrorism and natural disasters, organizations must ensure that proper planning occurs to ensure continuity in the event of a disaster. In Chapter XII, Alanah Davis, Gert-Jan de Vreede & Leah R. Pietron present a repeatable collaboration process as an approach for developing an incident response plan for organizations. The authors use collaboration engineering principles and present a process that consists of codified facilitation practices that can be transferred to and adopted by security managers in various types of organizations. Next, Chapter XIII deals with the possibility of a pandemic influenza, worker absenteeism and its impacts on the critical infrastructure of freight transportation as an illustration of how other infrastructures can be impacted. In this work, Dean A. Jones, Linda K. Nozick, Mark A. Turnquist & William J. Saway then address the relevant question of how does this idea extend to other infrastructures, particularly those that are more information-oriented and less labor-intensive than transportation. Chapter XIV focuses on information sharing and information attributes within a disaster context. The authors Preeti Singh, Pranav Singh, Insu Park, JinKyu Lee & H. Raghav Rao use content analysis to develop a prioritization framework for different disaster response activities. In Chapter XV, Gregory B. White & Mark L. Huson develop the Community Cyber Security Maturity Model to provide a framework for states and communities to help prepare, prevent, detect, respond, and recover from potential cyber attacks. This model has broad applicability and can be adapted to nations and communities.

The fourth and final section offers chapters focusing on three vital security-related technologies. In Chapter XVI, Doug White & Alan Rea present essential server security components and develop a set of logical steps to build hardened servers. This chapter presents a complete model that includes advice on tools, tactics, and techniques that system administrators can use to harden a server against compromise and attack. In Chapter XVII, Jeff Teo provides an overview and direction of trusted computing and the goals of the Trusted Computing Group. This group uses trusted hardware in conjunction with enhanced software to provide better protection against cyber attacks. Chapter XVIII, the final chapter of the book, comes from Miguel Jose Hernandez y Lopez & Carlos Francisco Lerma Resendez. They discuss the basic aspects of Honeypots and how they are implemented in modern computer networks. The authors provide readers with the most important points regarding the characteristics of Honeypots and Honeynets, which are highly useful platforms in supporting security education and forensics.

It is my hope that after reading this book in part or in its entirety, readers will feel more knowledgeable and enlightened about the scope of challenges facing global cyber security. Considering the types of cyber threats facing our world, books such as this can make an important contribution by enhancing our understanding concerning the problems we are facing and solutions we should contemplate. I would enjoy hearing from readers about your opinions and experiences with this book. (kknapp@ut.edu)

With warm regards,
Kenneth Knapp, Editor
United States Air Force Academy, Colorado
November 2008

This Preface appears in Cyber Security and Global Information Assurance: Threat Analysis and Response Solutions edited by Kenneth J. Knapp. Copyright 2009, IGI Global. Posted by permission of the publisher. 2009.

__________________________
References:

Dhillon, G. (2001). Information Security Management: Global Challenges in the New Millennium. Hershey, PA: Idea Group Publishing.

Lewis, J. A. (2008). Cybersecurity Recommendations for the Next Administration Testimony by James A. Lewis, Center for Strategic and International Studies, September 16, 2008. Washington D.C.: Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology.

U. S. Government. (2003, February). National Strategy to Secure Cyberspace. Retrieved May, 2004, from http://www.whitehouse.gov/pcipb

Whitman, M. E., & Mattord, H. J. (2004). Management of Information Security. Cambridge, MA: Course Technology - Thompson Learning.

security. (n.d.). Webster's Revised Unabridged Dictionary. Retrieved September 17, 2008, from Dictionary.com website: http://dictionary.reference.com/browse/security

Note: Opinions, conclusions and recommendations expressed or implied within this book are solely those of the authors and do not necessarily represent the views of US Air Force Academy, USAF, the DoD or any other U. S. government agency.

2008-11-06T13:33:00.000-08:00

Estimated Publication Date: Spring 2009

Editor: Kenneth J. Knapp, USAF Academy, USA

Foreword by Merrill Warkentin, Mississippi State University, USA

Table of Contents

Section I: Risk & Threat Assessment

Chapter I. Dynamic Modeling of the Cyber Security Threat Problem: The Black Market for Vulnerabilities

Jaziar Radianti, University of Agder, Norway
Jose. J. Gonzalez, University of Agder and Gjøvik University College, Norway

Chapter II. An Attack Graph Based Approach for Threat Identification of an Enterprise Network

Somak Bhattacharya, Indian Institute of Technology, India
Samresh Malhotra, Indian Institute of Technology, India
S. K. Ghosh, Indian Institute of Technology, India

Chapter III. Insider Threat Prevention, Detection and Mitigation

Robert F. Mills, Air Force Institute of Technology, USA
Gilbert L. Peterson, Air Force Institute of Technology, USA
Michael R. Grimaila, Air Force Institute of Technology, USA

Chapter IV. An Autocorrelation Methodology for the Assessment of Security Assurance

Richard T. Gordon, Bridging The Gap, Inc., USA
Allison S. Gehrke, University of Colorado, Denver, USA

Chapter V. Security Implications for Management from the Onset of Information Terrorism

Ken Webb, Perth, Australia

Section II: Organizational and Human Security

Chapter VI. The Adoption of Information Security Management Standards: A Literature Review

Yves Barlette, GSCM-Montpellier Business School, France
Vladislav V. Fomin, Vytautas Magnus University, Lithuania and Rotterdam School of Management, The Netherlands

Chapter VII. Data Smog, Techno Creep and the Hobbling of the Cognitive Dimension

Peter R. Marksteiner, U. S. Air Force, USA

Chapter VIII. Balancing the Public Policy Drivers in the Tension between Privacy and Security

John W. Bagby, The Pennsylvania State University, USA

Chapter IX. Human Factors in Security: The Role of Information Security Professionals within Organizations

Indira R. Guzman, TUI University, USA
Kathryn Stam, SUNY Institute of Technology, USA
Shaveta Hans, TUI University, USA
Carole Angolano, TUI University, USA

Chapter X. Diagnosing Misfits, Inducing Requirements, and Delineating Transformations within Computer Network Operations Organizations

Nikolaos Bekatoros, US Naval Postgraduate School, USA
Jack L. Koons III, US Naval Postgraduate School, USA
Mark E. Nissen, US Naval Postgraduate School, USA

Chapter XI. An Approach to Managing Identity Fraud

Rodger Jamieson, The University of New South Wales, Australia
Stephen Smith, The University of New South Wales, Australia
Greg Stephens, The University of New South Wales, Australia
Donald Winchester, The University of New South Wales, Australia

Section III: Emergency Response Planning

Chapter XII. A Repeatable Collaboration Process for Incident Response Planning

Alanah Davis, University of Nebraska at Omaha, USA
Gert-Jan de Vreede, University of Nebraska at Omaha, USA
Leah R. Pietron, University of Nebraska at Omaha, USA

Chapter XIII. Pandemic Influenza, Worker Absenteeism and Impacts on Critical Infrastructures: Freight Transportation as an Illustration

Dean A. Jones, Sandia National Laboratories, USA
Linda K. Nozick, Cornell University, USA
Mark A. Turnquist, Cornell University, USA
William J. Sawaya, Texas A&M University, USA

Chapter XIV. Information Sharing: A Study of Information Attributes and their Relative Significance During Catastrophic Events

Preeti Singh, University at Buffalo, the State University of New York, USA
Pranav Singh, University at Buffalo, the State University of New York, USA
Insu Park, University at Buffalo, the State University of New York, USA
JinKyu Lee, Oklahoma State University, USA
H. Raghav Rao, University at Buffalo, the State University of New York, USA

Chapter XV. An Overview of the Community Cyber Security Maturity Model

Greg B. White, University of Texas at San Antonio, USA
Mark L. Huson, University of Texas at San Antonio, USA

Section IV: Security Technologies

Chapter XVI. Server Hardening Model Development: A Methodology-Based Approach to Increased System Security

Doug White, Roger Williams University, USA
Alan Rea, Western Michigan University, USA

Chapter XVII. Trusted Computing: Evolution and Direction

Jeff Teo, Montreat College, USA

Chapter XVIII. Introduction, Classification and Implementation of Honeypots

Miguel Jose Hernandez y Lopez, Universidad de Buenos Aires, Argentina
Carlos Francisco Lerma Resendez, Universidad Autónoma de Tamaulipas, Mexico

Editorial Advisory Board & Reviewers

2008-04-23T06:29:00.000-07:00

Editor: Dr. Kenneth Knapp, USAF Academy, USA

Board Members:
Dr. Rita A Jordan, Brig Gen, USAF, USAF Academy, USA
Hal Tipton, CISSP, (ISC)², USA
Mark Barner, SMSgt, USAF, USAF Academy, USA
Dr. Jeff L. Boleng, Lt Col, USAF Academy, USA
Dr. Steve Chadwick, Intel Corporation, USA
Dr. Andrew Colarik, Information Security Consultant, USA
Dr. John K. Corley II, Appalachian State University, USA
Dr. Kevin Curran, University of Ulster, Magee College, Ireland
Gary Denney, Lt Col, USAF, USAF Academy, USA
Dr. Ronald Dodge, United States Military Academy, USA

Dr. Claudia J. Ferrante, USAF Academy, USA
Dr. Dieter Fink, Edith Cowan University, Australia
Dr. F. Nelson Ford, Auburn University, USA
Dr. Michael R. Grimaila, Air Force Institute of Technology, USA
Dr. Matthew M. Hinkle, The Society of Exploration Geophysicists, USA
Mansoor Khan, CISSP, CISA, CFE, CFSA, Thamesteel Limited, UK
Dr. Gary Klein, University of Colorado, Colorado Springs, USA
Dr. Thomas Marshall, Auburn University, USA
Dr. R. Frank Morris, Jr., The Citadel, USA
Dr. R. Kelly Rainer, Jr., Auburn University, USA
Nancy M. Rower, Lt Col, USAF Academy, USA
Dr. Evelyn Thrasher, University of Massachusetts Dartmouth, USA
Dr. Kassem Saleh, Kuwait University, Kuwait
Dr. Matthew Warren, Deakin University, Australia
Dr. Michael Weeks, University of Tampa, USA

--------

Additional Reviewers:

Dr. Ram Dantu, University of North Texas, USA

Dr. Sharon Heilmann, United States Air Force Academy, USA

Dr. Steven Noel, George Mason University, USA

Dr. David Levy, United States Air Force Academy, USA

Dr. Barry Brewer, United States Air Force, USA

Dr. John Bell, United States Air Force, USA

Bart Hubbs, Hospital Corporation of American, USA

Shane Balfe, Royal Holloway, University of London, UK

Paul Powenski, BT/INS International Network Services, UK

Matt B. Palmer, Michigan State University, USA

Pat P. Rieder, United States Air Force Academy, USA

Doug Patton, United States Air Force Academy, USA

Estimated Timeline for Book Project

2008-04-14T13:56:00.000-07:00

15 April 08: Full chapters due from authors
15 April - 30 May: Double-blind review process, 3+ reviewers per chapter
30 June: Editor provides authors with feedback on submitted chapters
21 July: Revised chapters due from authors
31 Aug: Editor provides authors with final acceptance notifications
21 Sep: Editor receives final accepted chapters from authors
Early 2009: IGI Global publishes book

Chapter Organizational Guidelines

2007-12-18T09:51:00.000-08:00

Chapter Organizational Guidelines -- For authors with accepted chapter proposals:

Full Chapters Due: 15 April 2008.
Chapter length: Between 7,000-12,000 words.

For consistency of publication, it is best that you adhere as much as possible to the following guidelines when preparing your chapter:

Abstract
As a contribution to a scholarly publication, your chapter will need to include an abstract, consisting of approximately 100-150 words, which will provide your readers with an overview of the content of your chapter. It is important that your abstract clearly states the purpose of your chapter and summarizes the content.

Keywords
As IGI Global’s online database is searched by keywords, it’s important that you assign a list of keywords (anywhere from 5 to 20) to your chapter to assist database users in finding your chapter when doing a search on your chapter’s topic. If you need assistance, please feel free to visit http://www.igi-pub.com/assets/keywords.asp, which provides several examples of keywords on a sampling of various topics. Do be sure to include not only keywords that appear in your chapter, but also other related words that you might not have mentioned in your chapter but that you know an individual may use to search for a chapter like yours on IGI Global’s database.

Introduction
In this section, you will want to describe the general perspective of your chapter. Toward the end of the introduction, you should specifically state your chapter’s objectives.

Background
In the background section, you’ll want to provide broad definitions and discussions of the topic and incorporate views of others (literature review) into the discussion to support, refute, or demonstrate your position on the topic.

Main Thrust of the Chapter
(Please note that the title of this section should NOT be “Main Thrust of the Chapter.”)
1. Issues, Controversies, Problems
Here, you’ll want to present your perspective on the issues, controversies, problems, and so forth, as they relate to the theme and arguments supporting your position. Compare and contrast with what has been, or is currently being done, as it relates to your specific topic and the main theme of the book.
2. Solutions and Recommendations
Here, you should discuss solutions and recommendations in dealing with the issues, controversies, or problems presented in the preceding section.

Future Trends
In this section, you’ll want to discuss future and emerging trends. You should provide insight about the future of the book’s theme from the perspective of your topic. Viability of a paradigm, model, implementation issues of proposed programs, and so forth, may be included in this section. If appropriate, you may want to suggest future research opportunities within the domain of the topic.

Conclusion
Here, you should provide a discussion on the overall coverage of the chapter and include your concluding remarks.

References
It is your responsibility to ensure that all information in your chapter that is taken from another source is substantiated with an in-text reference citation. Please also note that your references must strictly follow APA (American Psychological Association) style (The publisher may return your chapter to you for correction if you do not properly format your references. Note that this will delay the production process, and ultimately, the release of the book. ). References should relate only to the material you actually cited within your chapter (this is not a bibliography), and they should be listed in alphabetical order. Please do not include any abbreviations.

While some examples of references in APA style are included in the following pages, it is highly recommended that you reference an actual APA style manual (5th edition). If you do not own an APA style manual, you may either 1) consult your library or 2) visit APA’s Web site to order your own copy: http://www.apastyle.org/pubmanual.html. It may also benefit you to consult the following pages of APA’s Web site for frequently asked questions and other tips:
http://www.apastyle.org/faqs.html html and http://www.apastyle.org/previoustips.html.

Properly formatting sources in your reference list
Book with one author:
Author, A. A. (2005). Title of work. Location/City, State: Publisher.

Book with two authors:
Author, A. A., & Author, B. B. (2005). Title of work. Location/City, State: Publisher.

Book with more than two authors:
Author, A. A., Author, B. B., & Author, C. C. (2005). Title of work. Location/City, State: Publisher.

Journal article:
Sawyer, S., & Tapia, A. (2005). The sociotechnical nature of mobile computing work: Evidence from a study of policing in the United States. International Journal of Technology and Human Interaction, 1(3), 1-14.

A publication in press:
Junho, S. (in press). Roadmap for e-commerce standardization in Korea. International Journal of IT Standards and Standardization Research.

Edited book:
Zhao, F. (Ed.). (2006). Maximize business profits through e-partnerships. Hershey, PA: IRM Press.

Chapter in an edited book:
Jaques, P. A., & Viccari, R. M. (2006). Considering students’ emotions in computer-mediated learning environments. In Z. Ma (Ed.), Web-based intelligent e-learning systems: Technologies and applications (pp. 122-138). Hershey, PA: Information Science Publishing.

Report from a university:
Broadhurst, R. G., & Maller, R. A. (1991). Sex offending and recidivism (Tech. Rep. No. 3). Nedlands, Western Australia: University of Western Australia, Crime Research Centre.

Published proceedings:
Deci, E. L., & Ryan, R. M. (1991). A motivational approach to self: Integration in personality. In R. Dienstbier (Ed.), Nebraska Symposium on Motivation: Vol. 38. Perspectives on motivation (pp. 237-288). Lincoln: University of Nebraska Press.

Unpublished doctoral dissertation or master’s thesis:
Wilfley, D. (1989). Interpersonal analyses of bulimia: Normal-weight and obese. Unpublished doctoral dissertation, University of Missouri, Columbia.

A presented paper:
Lanktree, C., & Briere, J. (1991, January). Early data on the Trauma Symptom Checklist for Children (TSC-C). Paper presented at the meeting of the American Professional Society on the Abuse of Children, San Diego, CA.

Web site:
VandenBos, G., Knapp, S., & Doe, J. (2001). Role of reference elements in the selection of resources by psychology undergraduates. Journal of Bibliographic Research, 5, 117-123. Retrieved October 13, 2001, from http://jbr.org/articles.html

Properly formatting in-text citations
When citing a source in your text, you will need to state the authors’ surnames along with the year of publication. Please note the following:

· If you have several references cited within the same parenthesis, the citations should be listed in alphabetical order. You’ll note that 1) each citation is separated by a semicolon, and 2) ampersands (&) are used instead of the word “and.”
Example: In most organizations, data resources are considered to be a major resource (Brown, 2002; Krall & Johnson, 2005; Smith, 2001).

· If an author’s name is mentioned directly within the text of your chapter as part of a sentence, please note that only the year is placed within parenthesis.
Example: Brown (2002) states that the value of data is recognized by most organizations.

· If you directly quote another individual’s work, you must also provide the page of the source from which the quote was taken.
Example: “In most organizations, data resources are considered to be a major organization asset” (Smith, 2001, pp. 35-36) and must be carefully monitored by the senior management.
Example: Brown (2002) states that “the value of data is realized by most organizations” (p. 45).

· Under NO circumstances should in-text citations be numbered.
Incorrect: In most organizations, data resources are considered to be a major resource [15; 30; 84].
Correct: In most organizations, data resources are considered to be a major resource (Brown, 2002; Krall & Johnson, 2005; Smith, 2001).

· If a direct quote that you wish to include in your chapter is more than 40 words long, please be sure to format your quote as a block quote (a block quote uses no quotation marks, and its margins are indented from the left; also, you’ll notice that the period at the end of the sentence comes before the parenthetical in-text citation):
Example: As an ever-growing number of people around the world have gained access to e-mail and Internet facilities, it has become clear that the communicative environment provided by these tools can foster language learning. E-mail facilitates access to speakers of one's target language. (Vinagre & Lera, 2007, p. 35)

NOTE: If you plan on including more than 2 paragraphs of quoted text, you must acquire permission from the copyright holder for use of the quote before IGI Global will agree to publish your chapter.

IMPORTANT Details to Keep in Mind

2007-12-18T09:39:00.000-08:00

IMPORTANT Details to Keep in Mind -- for authors of accepted chapter proposals

Copyright Issues

1. Originality of chapters. Only ORIGINAL chapters will be accepted for publication. Upon acceptance of your chapter, you will be required to sign a warranty that your chapter is original and has NOT been submitted for publication or published elsewhere.

2. Revised chapters. IGI Global will not publish a chapter that is a “revised” version of a chapter that you published elsewhere. While your chapter may certainly be based on the same data and research as another chapter published by you, the chapter you submit to IGI Global must be a completely new and original work—in other words, it must NOT have the same wording or formatting as another chapter previously published by you.

3. Acquiring permission for copyrighted images. It is YOUR responsibility to obtain written permission to include any copyrighted images (this includes screenshots [whether they be of a page from a company’s Web site, a screenshot of a scene from a video game, etc.], figures, tables, graphics, etc.) in your chapter. The copyright holder MUST agree to and sign IGI Global’s permission form before IGI Global will agree to include the image in your chapter. To obtain a copy of this permission form, please contact the book editor or IGI Global (development@igi-global.com).

After you obtain permission, you are then responsible to indicate in the caption of the image the original source of the image and that it is being used in your chapter with permission. Your caption should look something like this:

Figure 1. [insert caption here]. (© [insert copyright year here], [insert copyright holder’s name here]. Used with permission.).

Please note that, should you create an image that is loosely based on another copyrighted image, you must indicate in the image caption that your image is adapted from another copyrighted image and then provide the original source:

Figure 1. [insert caption here]. (Adapted from [insert source of copyrighted image here]).

As some publishers require that you obtain permission for use of even an image that you may have adapted from one of their images, it is YOUR responsibility to investigate as to whether or not permission is needed for your adapted image.

IMPORTANT NOTE: Since acquiring permission may take a significant amount of time, it is very important that you begin the process as soon as possible.

4. Permission fees. Subsequent to the previous point, IGI Global will NOT agree to publish any copyrighted image for which a permission fee is required (even if you offer to pay the fee), OR for which permission is required for each subsequent publication of the image.

5. Trademark use. All trademark use within your chapter MUST be credited to its owner, or written permission to use the name must be granted.

6. Interviews. Please note that if any full interviews are included in your chapter, you must have the interviewee sign IGI Global’s “Interview Release and Assignment Agreement” with which you will be provided by the book editor or IGI Global (development@igi-global.com) upon request.

Editorial Issues

1. Chapter basics. Chapters must
- be submitted in Microsoft® Word or rtf format.
- be typewritten in English
- be on white paper, double sided
- be single spaced
- have a one-inch (2.5 cm) margin on all sides
- have text left-justified
- have text set as 12-pt. Times New Roman font
- include the title on the top of the first page
- list the authors and their affiliations and countries directly under the title

2. Proofreading. It is crucial that complete proofreading of your chapter be conducted prior to submission to ensure proper use of the English language, proper grammatical structure, and correct spelling and punctuation. Attention to these details will contribute to clear, concise communication of your ideas and prevent error when your chapter is professionally copy edited by the publisher (without clear sentence structure and correct grammar, there is a good chance that the copy editor may edit your sentences and unintentionally change their meanings).

3. LaTex. Unfortunately, LaTex files are currently NOT accepted by the publisher because these types of files are not compatible with IGI Global’s current typesetting program. As an alternative, it is recommended that you use MathType.

4. Metafiles. If you include equations in your chapter, it is important that you do NOT use metafiles for any mathematical symbols or letters unless absolutely necessary. For example, take into consideration the following equation: (a + b) – (c + d) = e. There is absolutely no need for the use of metafiles here since each of the symbols and letters in this equation appear on your keyboard.

Additionally, it is extremely important that all symbols and letters are consistent in their formatting (i.e., if you italicize “x” in equation number one, please be sure to italicize “x” throughout the rest of your chapter if it is used to represent the same item). Please note that the unnecessary use of metafiles and the inconsistent formatting of symbols and letters will have an adverse effect on the quality of your chapter, as well as significantly slow down the production of the entire book.

5. Subhead divisions. Please note that, as per IGI Global’s house style, the subhead divisions in your chapter should NOT be numbered. All subheadings should be designated simply by title, and the level of each heading should be clearly indicated by font size and the use of italicized, bolded, or underlined words.

6. Images. IGI Global requests that, if possible, your chapter not contain more than five to eight images (as mentioned, images include screenshots, figures, tables, graphics, etc.). Images should be submitted BOTH as:

· Separate tif, jpeg, eps, gif, or bitmap files. (It is important that you CLEARLY indicate in the text where the images should be placed.)
· As a camera-ready paper copy, even though the images already appear in the electronic version of your paper, for the simple reason that, sometimes, when being converted to IGI Global’s page layout program, images become distorted; thus, a camera-ready copy of your images for use by IGI Global’s Production Department is important.

Please note that, currently, images published by IGI Global are black and white only; thus, for images of the best quality, it is important that you submit your images in black and white or gray scale.

Also, please ensure that your images are a conservative size. The members of IGI Global’s Production Department will use their discretion in resizing your images to fit the layout of the book. If your images are too large, re-sizing may cause them to become illegible and unclear. Please be advised that if your images look blurred or unreadable in the Word copy of your chapter, this is how they will look in the final typeset version of the book. Therefore, please be sure to send high-quality images saved between a 180-360 dpi setting. If the images are embedded in the Word document, please also include them as separate tif, jpeg, eps, or gif files.

7. Endnotes. Please use only endnotes, if needed. If you include endnotes, they will be placed after the references at the end of your chapter. Footnotes at the bottom of a page are not acceptable.

8. APA and IGI Global House Style. Please be advised that due to APA and IGI Global house style rules, changes in regard to, among other things, capitalization, the appearance of block quotes and bulleted and numbered lists, as well as the placement of images on your pages may be adjusted accordingly during the copy editing and typesetting phase.

Call for Chapters

2007-09-17T06:57:00.000-07:00

CALL FOR CHAPTERS PROPOSALS

Proposals Submission Deadline: 12/15/2007
(Full Chapters Due: 4/15/2008)

Cyber Security and Global Information Assurance: Threat Analysis and Response Solutions

A book edited by Kenneth J. Knapp, PhD
United States Air Force Academy, Colorado, USA

Introduction. The increasing societal dependence on information technology has forced cyber security to be one of the most urgent challenges facing the global community. Solutions are necessary to keep vital systems safe from harm -- the security of modern nations depends on it. Modern cyber security challenges cross a range of disciplines and fields to include computing technology, business, organizational studies, risk management, military strategy, policy and law. Solutions require involvement from every type of organization including government, industry, and academia as well as from individuals who live and work in cyberspace.

Overall Objective of the Book. To ensure that the global community can freely and safely operate in cyberspace, critical information, information systems, and networks must be reliably and robustly protected from numerous dangers. The book will be a valuable resource for academics and practitioners alike by addressing the most pressing issues facing cyber security from a national as well as global perceptive. Only by acting together can we best minimize the risks that threaten our systems and then develop effective response solutions to protect them. Thus, the ultimate goal of this book is to facilitate international cooperation to help build a more secure future in cyberspace.

Target Audience. Intended readers come from the range of communities who are concerned with information systems assurance and cyberspace security to include governments, non-government organizations (NGOs), commercial businesses, military, defense organizations, and academia. The book will bring together leading authors to address one of the most pressing challenges facing modern society--global information assurance. Recommended topics include, but are not limited to:

Commercial and corporate aspects of cyber warfare
Protecting critical national and global infrastructures
Cyber policy, law and legislative issues
Case studies (e.g. Estonia event)
Governance and control issues
Human factors in security
Managerial and organizational issues
Security innovation
Cyberspace education, training and human development
National attack, sensing, warning, and response systems
Threat analysis of malicious actors (e.g. crime, terrorism, competitors, nation states)
Critical reviews/reassessments of documents such as the National Strategy to Secure Cyberspace
International security cooperation & information sharing
Roles & relationships among industry, government, NGOs, military, academia
Standards & certification issues
Business continuity planning
Internet & telecommunications infrastructure
Operations and physical security
Developing secure applications and information systems
Open-source products, outsourcing and national security
Small- and medium-sized business concerns
Risk management strategies
Cyber insurance
Perception management in cyberspace
Measures of cyberspace security effectiveness
Access control systems and identity management
Digital forensics
Privacy and ethics
Data confidentiality, integrity, and availability
Cyber security frameworks, architectures and models
Literature reviews & research agendas
Future considerations

SUBMISSION PROCEDURE. Researchers and practitioners are invited to submit on or before December 15, 2007, a 2-4 page manuscript proposal clearly explaining the purpose and anticipated outline of the proposed chapter along with a short bio of each author. Authors of accepted proposals will be notified by December 31, 2007 about the status of their proposals and sent chapter organizational guidelines. Full chapters are expected to be submitted by April 15, 2008. All submitted chapters will be reviewed on a double-blind review basis. The book is scheduled to be published by IGI Global, http://www.igi-global.com/. (Formerly Idea Group Inc.)

Inquiries and submissions can be forwarded electronically (Word document) or by mail to:

Kenneth J. Knapp, Ph.D.

HQ USAFA/DFM

2354 Fairchild Drive, Suite 6H-130

USAF Academy, CO 80840-5099

Phone: 719-333-4189; Fax: 719-333-9715

email: kenneth.knapp@usafa.edu

This book is part of the Advances in Information Security and Privacy (AISP) series: www.igi-global.com/aisp