INFOSEC MANAGEMENT

This section includes papers from a variety of sources that bear on the management of information security.

 
Home Page

Courses

CV

Cyberwatch

Ethics

Security Mgmt

IYIR

Methods

NetworkWorld Archive

Opinion

Ops Mgmt

Overviews

Contact info
 

 

Video Reviews

This section include page-long summaries and evaluations of some excellent awarness and training films available on VHS and DVD.

 

Computer Security Incident Response Team Management.

How to set up and run an effective CSIRT.      HTML    PDF

 

DISA CIRTM CD-ROM:

The Defense Information Systems Agency (DISA) stopped producing the excellent training CD-ROM "Computer Incident Response Team Management" in 2007. In response to my enquiry about providing the CD-ROM to MSIA students enrolled in the CSIRTM Elective, someone from DISA with a bit of gender confusion about me caused by my name responded "Dear Ms Kabay, / Thank you for your interest! However we discontinued that product, CIRT Management, just recently. We do have a few copies may have kept on hand, if you want a copy, then you can make copies of it for your students. There is no charge for our products. . . ." THEREFORE, feel free to download the 358 MB ZIP file and install it to disk. Use the README file for instructions on installation.      ZIP

 

Facilities Security Audit Checklist.

Questions to help you evaluate the security of your building.      PDF

 

Identification, Authentication and Authorization on the World Wide Web.

This white paper appeared in 1997 as part of the ICSA (International Computer Security Association) [previously National Computer Security Association and later TruSecure and then CyberTrust] Web site. This version has a few updates to the identifying information (e.g., removing and old e-mail address) but is otherwise as originally written (and thus now out of date). The HTML version is not usable because of the extensive use of tables and diagrams.      PDF

 

Implementing Computer Security: If Not Now, When?

This little paper reviews key threats to information and urges managers not to wait in developing and implementing security policies.      HTML    PDF

 

Net Present Value of Information Security.

Thoughts about ways of presenting information security as more than just loss-avoidance.    HTML    PDF

 

Personnel Management and INFOSEC.

Hiring, management and firing with an eye to information assurance. Later became a chapter in the Computer Security Handbook, 4th Edition and then in the 5th edition.     HTML    PDF

 

Securing Your Business in the Age of the Internet.

Five pages this time to convince your bosses to pay attention to INFOSEC.    HTML    PDF

 

Security on a Budget.

About 40 minutes of narrated lecture on the key elements of managing information security effectively. Delivered via Vermont Interactive Television to an audience in Germany at a conference sponsored by Network World Deutschland in December 2002. If you would like to hear the lecture as well as see the slides, you can download the MP3 file (~ 8MB) and move through the slideshow as you listen to the sound. The first 7.5 minutes are in German, so you can skip ahead if you want to start with the English section.     PDF    PPT (no narration)   MP3 (narration for lecture)

 

Social Psychology and INFOSEC: Psycho-Social Factors in the Implementation of Information Security Policy.

This paper was first delivered at the 16th National Computer Security Conference in 1993, where it was accorded one of the two Best Paper awards. This version has been updated and was published as Chapter 35 of the Computer Security Handbook, 4th Edition and then updated as Chapter 50 in the 5th Edition.    HTML    PDF    PPT

 

Stopping Chain Letters and Hoaxes on the Internet.

This was originally a response to a friend who kept sending jokes, frightening rumors and virus hoaxes to everyone she knew with instructions to send the jokes, frightening rumors and virus hoaxes to everyone they knew and so on ad nauseam.  Now return to the beginning of this description and read it again.  And again.  And. . . .     HTM    PDF

 

Using E-mail Safely and Well.

Compilation of several short papers published from 1995 through 2005.     HTML   PDF

VA Data Insecurity Saga.

A collection of articles from Network World Security Strategies discussing the loss of control over personally identifiable data at Veterans Affairs.     HTM    PDF

 

Velocihackers and Tyrannosaurus superior.

A 1993 column from Network World (the paper version) that reviews the movie Jurassic Park and draws lessons for security experts from the misadventures of the heroes and villains.    HTML     PDF

 

What's Important for Information Security:  A Manager's Guide.

Yet another attempt to reach managers who are not yet interested in security.     HTML     PDF

 

Wireless LAN Security

Training materials from the Government of Canada Communications Security Establishment (with both English and French versions). May be freely copied and distributed on condidion that there is no charge and that no data are modified in any manner.     ZIP (6 MB)

 


 

Copyright © 2008 M. E. Kabay.  All rights reserved.

The opinions expressed in any of the writings on this Web site represent the author’s opinions and do not necessarily represent the opinions or positions of his employers, associates, colleagues, students, relatives, friends, enemies, cats, dog or plants.

Updated 2008-11-15