Surfing brain waves: fMRI for lie detection

01/08/09

One of the critical steps in incident response is the interview. In previous articles I've looked briefly at the use of polygraph as a tool for identifying lies. Today, I will look at another technology for telling truth from fiction: functional magnetic resonance imaging (fMRI).

Abiding by the law: Blueport vs. U.S.

01/06/09

I've been preparing my annual review of intellectual property law developments for my friend and colleague Prof. Tom Peltier's Peltier Effect, and I ran across a startling case of the U.S. government's assertion of the doctrine of sovereign immunity.

Cornell a LIIder in cyberlaw resources

12/18/08

In the last column, I suggested that information assurance (IA) professionals need to keep abreast of legal developments and provided a list of resources for self-study of cyberlaw. Today I am pointing readers to the single most valuable research tool anyone can find in following developments in law that affect IA (or any kind of law).

Pay attention to cyberlaw

12/16/08

Not being a lawyer does not absolve us from knowing about basics of the law in the jurisdictions where we work. At a minimum, IA professionals need to be familiar with elements of criminal law such as definitions of cybercrimes, proper procedures for collaborating effectively with law enforcement officials, methods of collecting and preserving data as evidence that can successfully be used in criminal trials, and intellectual property law.

Technicalinfo.net has good resources

12/11/08

Technicalinfo.net features a collection of white papers on a number of hot topics in security. It was created by Gunter Ollmann, director of security strategy for IBM Internet Security Systems.

Great expectations for managing cybersecurity resources

12/09/08

There's an exciting new contest that will particularly appeal to students and young experts in information assurance: the Gordon Prize in Managing Cybersecurity Resources.

Visible Ops Security, Phase 4

12/04/08

In the last four columns, I have been pointing out some of the excellent recommendations from the booklet called "Visible Ops Security: Achieving Common Security and IT Operations Objectives in 4 Practical Steps," by Gene Kim, Paul Love and George Spafford. Today I'm reviewing their chapter entitled, "Phase 4: Continual Improvement." But first, a little historical digression.

Visible Ops Security, Phase 3

12/02/08

In the last three columns, I have been highlighting the excellent booklet called "Visible Ops Security: Achieving Common Security and IT Operations Objectives in 4 Practical Steps," by Gene Kim, Paul Love and George Spafford. Today I'm reviewing their chapter entitled, "Phase 3: Implement Development and Release Controls."

Visible Ops Security, Phase 2

11/25/08

In the last two columns, I introduced the excellent booklet called Visible Ops Security: Achieving Common Security and IT Operations Objectives in 4 Practical Steps, by Gene Kim, Paul Love and George Spafford. Today I'm reviewing their chapter entitled, "Phase 2: Find Business Risks and Fix Fragile Artifacts."

Visible Ops Security, Phase 1

11/20/08

In my last column, I introduced the excellent booklet called "Visible Ops Security: Achieving Common Security and IT Operations Objectives in 4 Practical Steps," by Gene Kim, Paul Love and George Spafford. Phase 1 provides a chilling reminder of how badly information assurance implementation can go wrong.

Introducing Visible Ops Security

11/18/08

In my last column, I wrote about the Visible Ops Handbook, which I recommend to everyone involved in system and network operations. Today I continue on the same theme by starting a review of the newer booklet, "Visible Ops Security: Achieving Common Security and IT Operations Objectives in 4 Practical Steps," by Gene Kim, Paul Love and George Spafford.

Visible Ops Handbook

11/13/08

Today I am reviewing a well-known handbook that applies ITIL principles to system and network operations. 'Visible Ops Handbook: Starting ITIL in 4 Practical Steps' by Kevin Behr, Gene Kim and George Spafford (2004) and published by the IT Process Institute, is a superb little booklet available online for $20; a PDF version is also available for download. We use this booklet in the Master of Science in Information Assurance (MSIA) program at Norwich University.

Swiss mix: Useful copyright resource

11/11/08

I was updating one of my lectures on copyright law recently and ran across a useful site from the government of Switzerland's Federal Institute of Intellectual Property. The site, available in German, French, Italian, and English versions, has some stimulating materials about intellectual property that may be useful to readers involved in security-awareness campaigns. Some readers may also want to pass on the information to their children or to teachers in their local communities.

New Web site and files for readers

11/06/08

It's been a while since I wrote about my Web site, so today I'm updating readers about new materials that may be useful to you.

'Zero Day Threat': Deep analysis + fun = excellent read

11/04/08

Today I'm pointing to an excellent book by Pulitzer Prize-winning journalist Byron Acohido and his USA Today colleague Jon Swartz called Zero Day Threat: The Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity. 

Copyright infringement and the CISSP, Part 2

10/30/08

In Part 1 of this series, security-awareness expert K Rudolph of Native Intelligence describes how she discovered that a CISSP-holder whom she is calling "Mud" submitted 11 of her posters to a contest after stripping her printed copyright notices off the images. Today we find out what happened. K continues her story.

Copyright infringement and the CISSP, Part 1

10/28/08

This story deals with lying, theft, social networking, law, mystery, and an uncertain outcome. My longtime friend and colleague, the distinguished security-awareness expert K Rudolph of Native Intelligence tells a tale of horror and mayhem suitable for Hallowe'en reading.

Arrogance or efficiency? Why Microsoft redesigned the Office user interface, Part 4

10/23/08

Following an exemplary correspondence from Microsoft expert Mark Alexieff, senior product manager for Microsoft Office, it seems to me that the arrogance lay in my assumptions rather than in Microsoft's.

Arrogance or efficiency? Why Microsoft redesigned the Office user interface, Part 3

10/21/08

In the preceding two columns, I've been reporting on correspondence with Microsoft expert Mark Alexieff, senior product manager for Microsoft Office concerning the company's decision to change the Office user interface. Today Alexieff provides interesting material about the acceptance of the new Microsoft Office Fluent User Interface by a variety of users.

Arrogance or efficiency? Why Microsoft redesigned the Office user interface, Part 2

10/16/08

In my last column, I introduced a problem I encountered early in my use of Microsoft's Office 2007. Today I continue with interesting correspondence from Mark Alexieff, senior product manager for Microsoft Office.

Arrogance or efficiency? Why Microsoft redesigned the Office user interface, Part 1

10/14/08

Earlier this year, I was writing an e-mail message using Microsoft Office Outlook 2007 and clicked on the button for adding one of my signature blocks. Presto! Most of my message disappeared!

How to react to a fire alarm

10/09/08

We've been conditioned by years of fire drills to assume that alarms are either tests or false alarms, and just mean a 20-minute work break. But if a fire alarm is to serve its function, we need to assume - or at least pretend - that it's the real thing. Most important, we need to assume that we will not be returning to work.

Don't be a Blobmonger

10/07/08

Mudd: Regular people do not want to hear about some vague entity waiting in the shadows to insinuate itself into their computers. That holds true for at-home users as well as business executives. So, borrowing a quote from The Blob's protagonist, Steve Andrews (played by Steve McQueen): "How do you get people to protect themselves from something they don't believe in?"

Securing the eCampus 2008

10/02/08

Dartmouth College will host its second conference on "Securing the eCampus: Building a Culture of Information Security in an Academic Institution" Nov. 11-12, 2008. Focusing on the unique challenges of cyber security in academia, the conference welcomes CIOs, CISOs, and other academic IT leaders to explore what it takes to develop a more secure information environment on college campuses.

The data center from hell, Part 3: Lessons learned

09/30/08

In the previous two columns, security specialist Jan Buitron reported on a horribly non-secure facility at which she worked some years ago. Today she summarizes her conclusions about the state of facilities security at this dreadful site.

More

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.