OVERVIEWS: WHITE PAPERS, CHAPTERS, OTHER PUBLICATIONS
These are introductions to or overviews of various topics in information technology and especially information security.
Anonymity and Pseudonymity in Cyberspace PDF
This scholarly paper was presented at the 1998 Annual Conference of EICAR, the European Institute for Computer Antivirus Research and eventually became a chapter in the Computer Security Handbook, 4th, 5th and 6th editions. The abstract begins as follows:
The growth of the Internet has increased the use of anonymity and pseudonymity in electronic communications. How can Internet users preserve the benefits of privacy while fighting the abuses of a few anonymous and pseudonymous people? In the real world, identity resides in the ways that an individual is recognised and held responsible for her actions; in cyberspace, identity is potentially just a user-ID. Social psychologists have found that anonymity can contribute to deindividuation -- a state of loss of self-awareness, lowered social inhibitions, and increased impulsivity.
Careers in Information Security PDF
This paper started as a response to a student who asked me about how to get into security as a profession. See also references from Matt Davis at Computer Science Online:
* Careers in Computer Science: http://www.computerscienceonline.org/careers/
* Career Opportunities in Computer Science - Startups and Who is Hiring: http://www.computerscienceonline.org/cutting-edge/tech-hubs/
Brief History of Computer Crime PDF
A mere 51 pages to introduce computer crime from the late 1960s through the early 2000s to students in IS340, IS342, and CJ341 -- and anyone else interested in the subject. This paper became Chapter 2, "History of Computer Crime," in Bosworth, S., M. E. Kabay, and E. Whyne (2009). Computer Security Handbook, 5th Edition, Volume I. New York: Wiley.
Computer Crime, Introduction to PDF
An easy overview with examples. Some of this material originally appeared in Chapter 2 of the NCSA Guide to Enterprise Security I published in 1996 with McGraw-Hill.
Computer Security Handbook, 6th Edition Link to AMAZON for information and ordering.
Crime, Use of Computers in PDF
An Article from Encyclopedia of Information Systems, Volume 1 (2003: Hossein Bidgoli, Ed.) Academic Press (ISBN 0-12-227240-4 Set of 3 volumes). Reprinted for the Norwich MSIA & MJA programs with permission of the publisher.
Dreams of Security PDF
A discussion of e-voting principles leads to pointers on fundamental principles of security.
Enterprise Security Chapter 1 -- Introduction PDF
This file is the original manuscript used in preparing chapter 1 of the 1996 textbook, NCSA Guide to Enterprise Security I published in 1996 with McGraw-Hill. This chapter reviews history of information security and discusses some fundamental concepts such as the Parkerian Hexad, notions of risk analysis, and Winn Schwartau's framework for discussing information warfare.
Eternity in Cyberspace PDF
This paper reviews some of the practical measures to take to ensure that archived digital information will continue to be available despite rapid technological changes in information technology.
Glossary of Computer-Crime Terms PDF
A simple list of terms often used in discussing computer crimes.
Handbook of Information Security PDF
This scanned copy of the front-matter of the 2006 Handbook of Information Security edited by Prof Hossein Bidgoli includes the table of contents and list of contributors.
Handbook of Computer Networks PDF
This scanned copy of the front-matter of the 2007Handbook of Computer Networks edited by Prof Hossein Bidgoli includes the table of contents, list of contributors, preface, and Guide.
As the global economy tanks in 2009, young adults and seasoned professionals have hard choices to make about where to put their time and money for career advancement. Everyone interested in information assurance (IA) as a career path must be wondering about the wisdom of investing in baccalaureate and graduate education in the field; those of us managing IA education programs are asking ourselves whether we are in for a period of retrenchment or of growth. Established IA professionals must balance the costs and benefits of additional certification and of additional advanced degrees....
IA Specialists Need to Communicate: Guide and Checklist for Expository Writing PDF
In explaining to our information assurance (IA) graduate students why they end up writing around 100,000 words of expository writing by the time they finish our 18-month masterís program,< http://infoassurance.norwich.edu/ > we (instructors and staff) always insist on the practical value of fluent writing. Being able to respond quickly and effectively to requests from colleagues and supervisors asking for clarification of new policies or of requests for additional resources obviously makes obvious sense; in addition, being able to respond succinctly and diplomatically to angry customers (we teach our students to think of everyone depending on them as customers) can have long-term benefits to the organization and to the individual.
Industrial Espionage PDF
This paper reviews current problems of industrial espionage, including summaries of surveys and studies from US government agencies and a discussion of the Titan Rain espionage case. Updated January 2008.
Information Security Resources for Professional Development PDFThis paper answers questions from readers, students and educators and provides extensive hyperlinks to information security resources online as well as lists of suggested readings for beginners and more advanced learners.
Information Warfare (1995) PDF
This is a chapter from my 1996 textbook, The NCSA Guide to Enterprise Security. The chapter is dated but still useful as an overview of the issues surrounding the use and targeting of information systems and telecommunications in warfare.
Logical Fallacies: A Beginner's Guide PDF
I modified a document circulating on the 'Net that illustrates how propagandists and others use bad reasoning to trick people into making bad decisions.
Mastering a Master's Degree PDF
Reminiscences about graduate work in 1970-1976 and lessons for new students.
Medical Informatics Security PDF
Information assurance in the health-care field has particular problems. This overview discusses some of the issues and possible solutions.
This narrated PowerPoint file (PPT) from the MSIA program introduces the concepts of the Parkerian Hexad -- the six fundamental atomic, non-overlapping attributes of information that we protect in information assurance. The Hexad is replacing the Classic Triad (Confidentiality - Integrity - Availability) as the foundation of IA theory, or at least, Prof Kabay would dearly like it to do so! Also available as a PowerPoint Show (PPSX) that starts by itself in PowerPoint. Updated April 2009.
Programming for Security (2004) PDF
This article reviews some simple principles for avoiding obvious security blunders when designing and writing programs.
Public Key Infrastructure, A Primer on (2004) PDF
A brief look at the public key cryptosystem and the infrastructure that allows public keys to be bound with confidence to particular people (or organizations or machines). Particularly helpful for people who are new to PGP or other digital signature systems and who are a bit fuzzy on just why people are refusing to sign their public key through e-mail communications alone.
Dr Peter Neumann's RISKS DIGEST based on discussions in the ACM Risk Forum. One PDF file per volume + PDX index files + global ZIP file with Volumes 1-25.
SECURITY IN CYBERSPACE PDF
Hearings before the Permanent Subcommittee on Investigations of the Committee on Governmental Affairs, United States Senate, One Hundred Fourth Congress, second session, May 22, June 5, June 25, and July 16, 1996. 616 pp. (Public Domain)
US DoD Annual Estimates of Information Warfare Capabilities and Commitment of the PRC 2002-2011 PDF
The Annual Report to Congress on the Military Power of the People's Republic of China from the US Department of Defense has been issued every year since 2002. Reading through all the reports from 2002 through 2011 provides valuable perspective on the DoD view of Chinese information warfare capabilities. The following is a simple compilation of extracts from the Annual Reports bearing on information warfare capabilities and commitment of the PRC and the PLA, including specific commentary about industrial espionage sponsored by agencies in the PRC.
Using PGP PPT
This narrated PowerPoint presentation is an extract from a lecture in the MSIA course. It reviews how PGP is used for digital signatures and encryption and also walks through creating a PGP keypair. Once you download and open the file, press function key 5 (F5) to start the narrated show.
Verizon Data Breach Investigations Report (2008) PDF
Praise for a security report written -- at last! -- by people who know something about statistical methods! A good object lesson for anyone designing and analyzing security data.
Warriors of the Internet (2002) MPG (70 MB movie file)
This charming computer animation by Gunilla Elam, Tomas Sephanson, and Niklas Hanberger explains how TCP/IP works in simple terms. 12 minutes of good instructional fun. Made available with permission of the authors. For more information see their Web site at http://www.warriorsofthe.net where versions in many languages are available.
Why Study Crimes? PDF
What are the issues raised by virus-writing and hacking courses? This essay, based on columns I wrote for Network World Security Strategies, was used in the MSIA program.
Copyright © 2017 M. E. Kabay. All rights reserved.
The opinions expressed in any of the writings on this Web site represent the authorís opinions and do not necessarily represent the opinions or positions of his employers, associates, colleagues, students, relatives, friends, enemies, cats, dog or plants. Materials copyrighted by M. E. Kabay from this Website may be freely used for non-commercial teaching (i.e., specifically in any courses for academic credit or in free industry training at workshops or within organizations) but may not be re-posted on any Website or used in commercial training (where participants must pay fees for participation in the conference or workshop or where the instructor is paid) without express written permission. Any unauthorized sale of these copyrighted materials will be prosecuted to the full extent of the law.