Computer Security in the 21st. Century:
Computer Security in the 21st Century shares some of the emerging important research trends reflected in recent advances in computer security, including: security prool design, secure peer-to-peer and ad hoc networks, multimedia security, and intrusion detection, defense and measurement.
Computer Security ESORICS 2010:
This book constitutes the proceedings of the 15th European Symposium on Computer Security held in Athens, Greece in September 2010.The 42 papers included in the book were carefully reviewed and selected from 201 papers. The articles are organized in topical sections on RFID and Privacy, Software Security, Cryptographic Prools, Traffic Analysis, End-User Security, Formal Analysis, E-voting and Broadcast, Authentication, Access Control, Authorization and Attestation, Anonymity and Unlinkability, Network Security and Economics, as well as Secure Update, DOS and Intrustion Detection.
The Myths of Security: What the Computer security Industry Doesn't Want You to know:
If you think computer security has improved in recent years, The Myths of Security will shake you out of your complacency. Longtime security professional John Viega, formerly Chief Security Architect at McAfee, reports on the sorry state of the industry, and offers concrete suggestions for professionals and individuals confronting the issue. Why is security so bad? With many more people online than just a few years ago, there are more attackers -- and they're truly motivated.
Aspects of Computer Security!
The following description relates to, Machine Learning and Data Mining for Computer Security: Methods and Ap, a book authored by Dr. Maloof:
The Internet began as a private network connecting government, military, and academic researchers. As such, there was little need for secure prools, encrypted packets, and hardened servers. When the creation of the World Wide Web unexpectedly ushered in the age of the commercial Internet, the network's size and subsequent rapid expansion made it impossible retroactively to apply secure mechanisms. The Internet's architects never coined terms such as spam, phishing, zombies, and spyware, but they are terms and phenomena we now encounter constantly.
Programming detectors for such threats has proven difficult. Put simply, there is too much information—-too many prools, too many layers, too many applications, and too many uses of these applications—-for anyone to make sufficient sense of it all. Ironically, given this wealth of information, there is also too little information about what is important for detecting attacks.Methods of machine learning and data mining can help build better detectors from massive amounts of complex data.
Such methods can also help discover the information required to build more secure systems. For some problems in computer security, one can directly apply machine learning and data mining techniques. Other problems, both current and future, require new approaches, methods, and algorithms.This book presents research conducted in academia and industry on methods and applications of machine learning and data mining for problems in computer security and will be of interest to researchers and practitioners, as well students.
'Dr. Maloof not only did a masterful job of focusing the book on a critical area that was in dire need of research, but he also strategically picked papers that complemented each other in a productive manner. … This book is a must read for anyone interested in how research can improve computer security.'Dr Eric Cole, Computer Security Expert.
See also, Introduction to Computer Security: The NIST Handbook, which Covers: elements of computer security; roles & responsibilities; common threats; computer security policy; computer security program & risk management; security & planning in the computer system life cycle; assurance; personnel/user issues; preparing for contingencies & disasters; computer security incident handling; awareness, training, & education; physical & environmental security; identification & authentication; logical access control; audit trails; cryptography; & assessing & mitigating the risks to a hypothetical computer system.
Computer Security Techniques To Defeat Hackers:
Computer Security Techniques To Defeat Hackers presents primary hardware-based computer security approaches in an easy-to-read toolbox format Protecting valuable personal information against theft is a mission-critical component of today's electronic business community. In an effort to combat this serious and growing problem, the Intelligence and Defense communities have successfully employed the use of hardware-based security devices. This book provides a road map of the hardware-based security devices that can defeat—and prevent—attacks by hackers.
Elements of Computer Security:
As our society grows ever more reliant on computers, so it also becomes more vulnerable to computer crime. Cyber attacks have been plaguing computer users since the 1980s, and computer security experts are predicting that smart telephones and other mobile devices will also become the targets of cyber security threats in the future. Developed from the author's highly successful Springer text, "Foundations of Computer Security", this accessible, broad-ranging, and versatile textbook has been fully updated and enhanced with resources for students, instructors, and even those motivated to self-study on this topic.
Foundations of Computer security:
All aspects of computer security—from the firewall for a home PC to the most daunting designs for large distributed systems—are becoming increasingly important worldwide. However, the complexities of securing computing systems can often make the topic too intimidating or onerous for people who are relative novices. Foundations of Computer Security provides a succinct, yet authoritative introduction to the underlying theory, history, vocabulary, and concepts that drive this pivotal area of computer science.
Computer Security Ethics and Privacy
Today, many people rely on computers to do homework, work, and create or store useful information. Therefore, it is important for the information on their computers to be stored and kept properly. It is also extremely important for computer users to protect their computers from data loss, misuse, and abuse. For example, it is crucial for businesses to keep information secure so that hackers can’t access that information. Home users also need to establish means with which to make sure that their credit card numbers are secure when they are participating in online transactions.
Computer Security Risks
A computer security risk is any action that could cause loss of information, software or data; create processing incompatibilities, or cause damage to computer hardware. Many of these are designed to do damage. An intentional breach in computer security is known as a computer crime which is slightly different from a cypercrime. A cybercrime is known as an illegal act based on the internet and is one of the FBI’s top priorities. There are several distinct categories of people that cause cybercrimes, and they are refereed as hackers, crackers, cyberterrorists, cyberextortionists, unethical employees, script kiddies and corporate spies.
Computer Security Culprits
The term hacker was once described as something positive, but it now has a very negative connotation. A hacker is defined as someone who accesses a computer or computer network unlawfully. They often claim that they do this to find leaks in the security of a network.
The term cracker has never been associated with something positive this refers to someone who intentionally access a computer or computer network for evil reasons. It’s basically an evil hacker. They access it with the intent of destroying, or stealing information. Both crackers and hackers are very advanced in computer use and internet network skills.
A cyber terrorist is someone who uses a computer network or the internet to destroy computers for political reasons. It’s just like a regular terrorist attack because it requires highly skilled individuals, millions of dollars to implement, and years of planning.
The term cyber extortionist is someone who uses emails as an offensive force. They would usually send a company a very threatening email stating that they will release some confidential information, exploit a security leak, or launch an attack that will harm a company’s network. They will request a paid amount to not proceed, similar to black mailing.
An unethical employee is an employee that illegally accesses their company’s network for numerous reasons. One such reason could be the money they can get from selling top secret information. Another reason could be a simple case of revenge.
The NEWS Technology article, Hackers tackle secure ID tokens - published March 18, 2011 - is further proof that careful attention must be given to protecting your personal and/or business computer network(s). Here's an excerpt from that article:
RSA Security told customers about the "extremely sophisticated cyber attack" in an open letter posted online.
The company is providing "immediate remediation" advice to customers to limit the impact of the theft.
It also recommended customers take steps, such as hardening password policies, to help protect themselves.
What is unclear about this attack is the motivation. Is it "cyber terrorism? cyber extortion? or merely an unethical employee aiding and abetting this cyber crime?
This News Technology article, Play.com warns of customer e-mail security breach - published March 22, 2011 - is the second occurrence of security breach in less than a week and would be something to be concerned about if it wasn't deemed to be an inside job. Here's an excerpt from the article:
Play.com has warned its customers to "be vigilant" after a security breach led to some personal information being compromised. The retailer, which sells music, videos and games, blamed another company that it employs to do marketing.
Another break in down under proves that cybercrimes are not restricted to any particular location; It can happen anywhere on the Globe, Australia PM Julia Gillard's computer 'hacked', was the headline. Here's an excerpt:
Australian Prime Minister Julia Gillard's parliamentary computer and those of at least two senior ministers are suspected of being hacked, according to a newspaper report. The government was alerted to the security breach by a US intelligence tip-off, Sydney's Daily Telegraph said. It is reported that several thousand emails may have been accessed from the computers of at least 10 ministers.
A script kiddie is someone who is like a cracker because he/she may have the intentions of doing harm, but usually lacks the technical skills. They are usually silly teenagers that use prewritten hacking and cracking programs.
A corporate spy has extremely high computer and network skills and is hired to break into a specific computer or computer network to steal or delete data and other sensitive information. Shady companies hire these type people pursuant to a practice known as corporate espionage. They do this to gain an advantage over their competition. It is obviously an illegal practices.
This JOHN MARKOFF NY Times article, SecurID Company Suffers a Breach of Data Security - Published: March 17, 2011 - provides additional relevant information on the subject. Here's an excerpt from that article:
In recent years a number of United States companies and government agencies have been the victim of this type of attack, in which an intruder either exploits an unknown software vulnerability or in some way compromises the trust of an employee to take command of a computer or an entire network within a company.
Business and home computer users must take every precaution to protect and safeguard their computers from security risks.