Skip to main content
SpringerLink
Log in
Book cover

IT Security Management pp 205–230Cite as

Present, Future and Beauty of IT Security

  • Chapter
  • First Online:

  • 1335 Accesses

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 61))

Abstract

Where does IT security head for? Using geographical terms, we provide in this book a helicopter view over the “growing City of IT security”, located at the heart of the “country of information technology (IT)”.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    European Network and Information Security Agency (ENISA). Press release on 27-05-2008. Presentation of their General Report 2007. Available at http://www.enisa.europa.eu/media/press-releases/2008-prs/eu-efforts-called-to-avoid-a-digital-9-11. Last accessed 4-11-2009.

  2. 2.

    Remarks by the US President on securing the nation’s cyber infrastructure on 29-05-2009. Available at http://www.whitehouse.gov/the_press_office/Remarks-by-the-President-on-Securing-Our-Nations-Cyber-Infrastructure. Last accessed 30-10-2009.

  3. 3.

    Piece of news from Cnet.com. Available at http://news.cnet.com/8301-17939_109-10374831-2.html. Last accessed 29-10-2009.

  4. 4.

    See European Parliament article available at http://www.europarl.europa.eu/news/public/story_page/058-54891-124-05-19-909-20090504STO54873-2009-04-05-2009/default_en.htm. Last accessed 29-10-2009.

  5. 5.

    Piece of news from The Washington Post. Available at http://voices.washingtonpost.com/securityfix/2009/10/fbi_cyber_gangs_stole_40mi.html. Last accessed 4-11-2009.

  6. 6.

    Remarks by the US President on security the nation’s cyber infrastructure on 29-5-2009. Available at http://www.whitehouse.gov/the_press_office/Remarks-by-the-President-on-Securing-Our-Nations-Cyber-Infrastructure. Last accessed 30-10-2009.

  7. 7.

    From the Javelin Strategy & Research Survey. February 2007. Summary of survey findings available at http://www.privacyrights.org/ar/idtheftsurveys.htm. Last accessed 4-11-2009.

  8. 8.

    “Botnets-The silent threat”. Report released by ENISA on 7-9-2007. Available at http://www.enisa.europa.eu/act/res/other-areas/botnets/botnets-2013-the-silent-threat/at_download/fullReport. Last accessed 4-11-2009.

  9. 9.

    Remarks by the US President on security the nation’s cyber infrastructure on 29-5-2009. Available at http://www.whitehouse.gov/the_press_office/Remarks-by-the-President-on-Securing-Our-Nations-Cyber-Infrastructure. Last accessed 30-10-2009.

  10. 10.

    European Network and Information Security Agency (ENISA). Press release on 27 May 2008. Presentation of their General Report 2007. Available at http://www.enisa.europa.eu/media/press-releases/2008-prs/eu-efforts-called-to-avoid-a-digital-9-11. Last accessed 4-11-2009.

  11. 11.

    Piece of news from SCmagazine US, available at http://www.scmagazineus.com/House-subcommittee-passes-cybersecurity-RD-bill/article/149714. Last accessed 4-11-2009.

  12. 12.

    Information available at ENISA web site, http://www.enisa.europa.eu/about-enisa/accounting-finance. Last accessed 4-11-2009.

  13. 13.

    For example, the US government will recruit up to 1,000 information security experts. Piece of news extracted from The Washington Post, available at http://voices.washingtonpost.com/securityfix/2009/10/dhs_seeking_1000_cyber_securit.html. Last accessed 31-10-2009.

  14. 14.

    See the Top Cyber Security Risk Report from the SANS Institute. September 2009. Available at http://www.sans.org/top-cyber-security-risks. Last accessed 4-11-2009.

  15. 15.

    For example, The US Air Force Association (AFA) organises cyber defense competition among high schools in the US, South Korea and Japan. See their press release on 20-10-2009. Available at http://www.afa.org/media/press/cyberpat09.asp. Last accessed 4-11-2009.

  16. 16.

    See Section 9.8.

  17. 17.

    US States like Delaware, California and New York have joined the US Cyber Challenge. See reference at http://feinstein.senate.gov/public/index.cfm?FuseAction=NewsRoom.PressReleases&ContentRecord_id=16b1f25c-5056-8059-766e-dc4dd89f85dd&Region_id=&Issue_id. Last accessed 4-11-2009.

  18. 18.

    Extracted from press release from the International Information Systems Security Certification Consortium, ISC2, on 4-06-2009. Available at http://www.isc2.org/InnerPage.aspx?id=4590&terms=news+2009-06-04. Last accessed 4-11-2009.

  19. 19.

    See Porter’s 5 forces MBA model at the end of Chapter 4.

  20. 20.

    Photo depicting the sculpture of “The Prophet” by Gargallo (1933).

  21. 21.

    Data from the Bureau of Labor Statistics. Business employment dynamics: Tabulations by employer size. February 2006. Monthly Labour Review. Available at http://www.bls.gov/opub/mlr/2006/02/contents.htm. PDF file available at http://www.bls.gov/opub/mlr/2006/02/art1full.pdf. Table 1 – Page 5. Last accessed 4-11-2009.

  22. 22.

    Data from Bureau of Labor Statistics. Job Creation by Firms of Different Sizes, 1992–2008. Published by New York Times. Available at http://boss.blogs.nytimes.com/2009/08/05/are-medium-sized-businesses-the-job-creators. Last accessed 4-11-2009.

  23. 23.

    Eurostat statistics in focus 31/2008. Enterprises by size class. Overview of SMEs in the EU. Available at http://epp.eurostat.ec.europa.eu/cache/ITY_OFFPUB/KS-SF-08-031/EN/KS-SF-08-031-EN.PDF. Page 1. Author: Manfred SCHMIEMANN. Industry, trade and services. Last accessed 4-11-2009.

  24. 24.

    Data from U.S. Small Business Administration Office of Advocacy. September 2009. Available at http://www.score.org/small_biz_stats.html. Last accessed 4-11-2009.

  25. 25.

    Piece of news from The Washington Post. Available at http://voices.washingtonpost.com/securityfix/2009/10/fbi_cyber_gangs_stole_40mi.html. Last accessed 4-11-2009.

  26. 26.

    See the Top Cyber Security Risk Report from the SANS Institute. Executive Summary. September 2009. Available at http://www.sans.org/top-cyber-security-risks. Last accessed 4-11-2009.

  27. 27.

    In most cases, the administrators of those sites are not aware of it, due to lack of knowledge or simply lack of time.

  28. 28.

    Operating systems continue to have fewer remotely exploitable vulnerabilities. See the Top Cyber Security Risk Report from the SANS Institute. September 2009. Available at http://www.sans.org/top-cyber-security-risks. Last accessed 4-11-2009.

  29. 29.

    Piece of news from Security Focus web site on 29-10-2009. Available at http://www.securityfocus.com/brief/1029. Last accessed 5-11-2009.

  30. 30.

    Together with social-engineering techniques based on the ancient art of deception.

  31. 31.

    Adapted from banksafeonline, an initiative from the UK banking industry. Available at http://www.banksafeonline.org.uk/moneymule_explained.html. Last accessed 13-11-2009.

  32. 32.

    See Porter’s Value Chain MBA model at the end of Chapter 8.

  33. 33.

    Digital fraud offers a high profit to risk ratio (PRR). See Section 1.16.

  34. 34.

    Additional information in the fact sheet from the Australian Bankers’ Association. October 2009. Available at http://www.bankers.asn.au/default.aspx?ArticleID=1403. Last accessed 5-11-2009.

  35. 35.

    Adapted from the Top Cyber Security Risk Report from the SANS Institute. Overview. September 2009. Available at http://www.sans.org/top-cyber-security-risks. Last accessed 4-11-2009.

  36. 36.

    See Section 1.15.

  37. 37.

    Supported by the SANS Institute. See http://isc.sans.org/about.html. Last accessed 5-11-2009.

  38. 38.

    For example, a central tenet of 2008s U.S. Comprehensive National Cybersecurity Initiative (CNCI) is that ‘offense must inform defense’. See Federal Computer Week’s special report. Available at http://fcw.com/microsites/2009-security-directives/sharing-security-information.aspx. Last accessed 5-11-2009.

  39. 39.

    See Section 3.19.

  40. 40.

    Attackers organise themselves in an industry. See Section 10.3.

  41. 41.

    MS Windows figures adapted from http://en.wikipedia.org/wiki/Lines_of_code. Last accessed 5-11-2009.

  42. 42.

    Debian Linux figures adapted from http://en.wikipedia.org/wiki/Lines_of_code. Last accessed 5–11–2009.

  43. 43.

    Sometimes, IT savvy users find difficulties as well.

  44. 44.

    To provide total confidence or complete suspicion to the network flow.

  45. 45.

    This means that the protocol will provide digital signing and encryption services.

  46. 46.

    More information on this scheme at http://pages.ebay.com/topratedsellers/index.html. Last accessed 5-11-2009.

  47. 47.

    According to a MessageLabs Intelligence Special Report, the global spam rate for September 2009 was 86.4%. Global Analysis Section. Available at http://www.messagelabs.co.uk/mlireport/MLI_2009Sep_Spam_US_FINAL.pdf. Last accessed 5-11-2009.

  48. 48.

    Definition from wordreference.com. Available at http://www.wordreference.com/definition/privacy. Last accessed 5-11-2009.

  49. 49.

    Second definition from Merriam-Webster dictionary. Available at

    http://www.merriam-webster.com/dictionary/privacy. Last accessed 5-11-2009.

  50. 50.

    We recommend to regularly search one’s name and family name in Internet to check what others can learn from one’s life.

  51. 51.

    It is already possible to make basic image and video searches.

  52. 52.

    The first one is a preventive measure and the second one is a detective measure.

  53. 53.

    See Section 4.2.

  54. 54.

    See Porter’s Value Chain MBA model at the end of Chapter 8.

  55. 55.

    IT boundaries among organisations are disappearing. This constitutes a new challenge for IT security.

  56. 56.

    Conclusion extracted from listening to pauldotcom podcasts. Available at http://pauldotcom.com.

    Last accessed 6-11-2009.

  57. 57.

    See http://www.vmware.com. Last accessed 3-11-2009.

  58. 58.

    See http://www.microsoft.com/virtualization/en/us/default.aspx. Last accessed 3-11-2009.

  59. 59.

    See http://www.sun.com/software/products/virtualbox. Last accessed 6-11-2009.

  60. 60.

    More information on hypervisors at http://en.wikipedia.org/wiki/Hypervisor. Last accessed 6-11-2009.

  61. 61.

    See some references at:

    http://www.microsoft.com/systemcenter/appv/default.mspx

    http://www.vmware.com/products/thinapp

    Last accessed 3-11-2009.

  62. 62.

    Virtual machine escaping is an IT attack that consists of directly reaching the hypervisor from the virtual machine, with the objective to obtain access to the host operating system.

  63. 63.

    Salesforce and Peoplesoft (the last one, now Oracle) are two examples of ASPs. See http://www.salesforce.com. Last accessed 6-11-2009.

  64. 64.

    For example, see http://www.microsoft.com/online/products.mspx. Last accessed 6-11-2009.

  65. 65.

    More on this term at http://en.wikipedia.org/wiki/Cloud_computing. Last accessed 3-11-2009.

  66. 66.

    See Section 1.6.

  67. 67.

    Netbooks are small-sized laptops, still with reduced features but with networking capabilities.

  68. 68.

    As it already happened with wireless IT security.

  69. 69.

    See Section 4.2.

  70. 70.

    See Section 2.2.

  71. 71.

    See Section 10.3.

  72. 72.

    Including guidelines about the chain of custody.

  73. 73.

    See Section 2.5.

  74. 74.

    This reaction could be in the form of an alert, a warning or a simple message.

  75. 75.

    Adapted from an interview in Spanish security magazine SIC to Santiago Moral, available at http://www.revistasic.com/revista62/entrevista00_62.htm. Last accessed 31-10-2009.

  76. 76.

    See Section 1.7.

  77. 77.

    Adapted from an interview in Spanish security magazine SIC to Santiago Moral, available at http://www.revistasic.com/revista62/entrevista00_62.htm. Last accessed 31-10-2009.

  78. 78.

    See, for example, Section 4.7.

  79. 79.

    The intersection between passion, skills and the market is the right place to be.

  80. 80.

    Toynbee (1987), pp. 366–370. See summarized information at http://en.wikipedia.org/wiki/Arnold_J._Toynbee. Last accessed 8-11-2009.

  81. 81.

    Social engineering is the act of manipulating people into performing actions or divulging confidential information. Definition available at http://en.wikipedia.org/wiki/Social_engineering_(security). Last accessed 8-11-2009.

  82. 82.

    See also Section 7.8.

  83. 83.

    Lindstrom (2008), p. 8.

  84. 84.

    For example, security awareness campaigns.

  85. 85.

    Lindstrom (2008), p. 54.

  86. 86.

    Adapted from Parkinson et al. (2008), Chapter 1.

  87. 87.

    Adapted from Lindstrom (2008), p. 2.

  88. 88.

    Lindstrom (2008), p. 84.

  89. 89.

    Lindstrom (2008), p. 15.

  90. 90.

    Kroemer and Grandjean (1997), p. 219.

  91. 91.

    See Section 6.9.

  92. 92.

    Kroemer and Grandjean (1997), p. 233.

  93. 93.

    As an example, the North Atlantic Treaty Organisation (NATO) has opened a centre of excellence on cyber defense in Estonia. News available at http://www.nato.int/docu/update/2008/05-may/e0514a.html. Last accessed 8-11-2009.

  94. 94.

    See news in Discovery Channel site, available at http://dsc.discovery.com/news/2009/10/28/digital-ants-computer.html. Last accessed 8-11-2009.

  95. 95.

    Ants are social insects. They are highly organised and work collectively for their colony. See more information at http://en.wikipedia.org/wiki/Ant. Last accessed 8-11-2009.

References

  • Harding, S., Long, T.: MBA Management Models. Gover, England, pp. 84, 181 and 187 for Chapter 1, pp. 105–108 and 109–112 for Chapter 2, pp. 161–163, 197–199, 59–63 and 73–76 for Chapter 4, pp. 17–20 and 21–24 for Chapter 5, pp. 101–103 and 121–124 for Chapter 6, pp. and 191–194 and 95–98 for Chapter 8, pp. 149–153 and 169–172 for Chapter 9 and pp. 211–214 and 173–176 for Chapter 10 (1998)

    Google Scholar 

  • Lindstrom, M.: Buyology: Truth and Lies About Why We Buy, Foreword by Underhill P. Broadway Books (2008)

    Google Scholar 

  • Parkinson, B., Marinetti, C., Moore, P., dos Anjos, P.L.: Chapter 1: Emotions in social interactions: unfolding emotional experience. Emotions in Social Interactions: Construction of Emotion Experience. Available at http://cfpm.org/~pablo/anjos,humaine_chapter.pdf (2008)

  • Toynbee, A.J.: A Study of History, vol. 1: Abridgement of Volumes I–VI, pp. 366–370. Oxford University Press, New York (1987)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Technical University of Madrid Universidad Politécnica de Madrid (UPM), Madrid, Spain

    Alberto Partida GIAC, CEH, CISSP, CISA, CGEIT, MBA (Information Security Expert)

  2. Grupo de Automatización en Señal y Comunicaciones, Technical University of Madrid Universidad Politécnica de Madrid (UPM), Madrid, Spain

    Diego Andina

Authors
  1. Alberto Partida GIAC, CEH, CISSP, CISA, CGEIT, MBA
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Diego Andina
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alberto Partida GIAC, CEH, CISSP, CISA, CGEIT, MBA .

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer Netherlands

About this chapter

Cite this chapter

Partida, A., Andina, D. (2010). Present, Future and Beauty of IT Security. In: IT Security Management. Lecture Notes in Electrical Engineering, vol 61. Springer, Dordrecht. https://doi.org/10.1007/978-90-481-8882-6_10

Download citation

  • DOI: https://doi.org/10.1007/978-90-481-8882-6_10

  • Published:

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-90-481-8881-9

  • Online ISBN: 978-90-481-8882-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation