P. 1
UMUC Module2 Paper-Darinswan Cybersecurity Vulnerabilities Facing IT Managers Today

UMUC Module2 Paper-Darinswan Cybersecurity Vulnerabilities Facing IT Managers Today

|Views: 25|Likes:
Published by iroko
Cybersecurity Vulnerabilities Facing IT Managers Today
Cybersecurity Vulnerabilities Facing IT Managers Today

More info:

Categories:Types, School Work
Published by: iroko on Feb 20, 2014
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less

10/01/2014

pdf

text

original

CYBERSECURITY VULNERABILITIES FACING IT MANAGERS TODAY

&

Cybersecurity Vulnerabilities Facin IT Mana ers T!"ay Darin S#an Uni$ersity !% Marylan" Uni$ersity C!lle e

CYBERSECURITY VULNERABILITIES FACING IT MANAGERS TODAY

/

Two factors increase the stakes of the cyber struggle. Tactically and operationally, the increasing dependence of modern technologically advanced forces (especially U.S. forces) on networks and information systems create new kinds of exploitable vulnerabilities. Second, as modern societies including the militaries that mirror them have continued to evolve, they have become ever more dependent on a series of interconnected, increasingly vulnerable critical infrastructures! for their effective functioning. These infrastructures not only have significantly increased the day"to"day efficiency of almost every part of our society, but they have also introduced new kinds of vulnerabilities. - Robert A. Miller and Daniel T. Kuehl Connectivity in the Modern World T!"ay' c!()uters c!nnect us t! !ur %inances t*r!u * !nline ban+in ' (utual %un" (ana e(ent' st!c+ tra"in ser$ices' an" a $ariety !% !t*er !nline a))licati!ns t*at )r!$i"e access t! acc!unts t#enty %!ur *!urs a "ay, Bey!n" %inancial ser$ices' #e *a$e t*e ability t! c!nnect t! a #i"e $ariety !% in%!r(ati!n' inclu"in s!cial (e"ia c!ntent suc* as Faceb!!+' Y!uTube' an" T#itter' as #ell as (a a-ines' $i"e! a(es' an" !t*er .eb /,0 c!ntent, T*e interc!nnecti$ity !% suc* syste(s *as n!t !nly )r!$i"e" in"i$i"uals #it* access t! a #i"e $ariety !% "ata' but n!# businesses *a$e t*e ability t! le$era e t*e Internet as a )art !% t*eir "ay1t!1"ay !)erati!ns, .*et*er it be *u(an res!urces (ana e(ent' e(ail an" c!!r"inate" calen"ar syste(s' !r sales trac+in syste(s' t*e cl!u" !%%ers !))!rtunity t! businesses %!r 2uic+er' strea(line" )r!cesses an" )!tential c!st sa$in s, Furt*er(!re' t*e !$ern(ent uses interc!nnecte" c!()uter syste(s t! (ana e )ublic ser$ices suc* as ener y syste(s' c!!r"inate )ublic trans)!rtati!n l! istics' sync*r!ni-e e(er ency ser$ices' run #ater treat(ent %acilities' an" le$era e tec*n!l! y %!r a $ariety !% ser$ices bene%ittin t*e )ublic, 3!#e$er' )ers!nal' business' an" !$ern(ent use !% c!()uter syste(s' because !% t*eir inter1c!nnecte"ness' !)ens t*ese syste(s u) t! a $ariety !% acti$ities t*at t*ey #ere ne$er inten"e" %!r, Instea" !% a )ers!n ainin access t! *is %inancial "ata' a t*ir" )arty c!ul" be interce)tin suc* c!((unicati!n an" usin it t! bil+ s!(e!ne !% t*eir entire sa$in s, Si(ilarly' businesses c!ul" be st!rin t*eir tra"e

CYBERSECURITY VULNERABILITIES FACING IT MANAGERS TODAY secrets !n t*eir internal %ile ser$ers an" a *ac+er c!ul" be "!#nl!a"in t*eir in%!r(ati!n #it* t*e intent !% sellin it t! !ne !% t*eir %!rei n c!()etit!rs. Si(ilarly' t*e Nati!nal Institute !% Stan"ar"s an" Tec*n!l! y 5NIST7 *as )ublis*e" t*e .*at Libic+i is re%errin t! is $ulnerability #it*in a syste( #*ic* a *ac+er c!ul" use t! . &:7 Connectedness and Vulnerability . Libic+i' a n!te" aut*!rity !n in%!r(ati!n #ar%are at t*e RAND )!licy institute' *as #ritten #yberdeterrence and #yberwar 5/0067 a n!table #!r+ c!$erin t*e current an" %uture c*allen es ass!ciate" #it* t*e c!nnecte" #!rl". T*e Unite" States C!()uter E(er ency Rea"iness Tea( 5US1CERT7 *as )r!$i"e" a . T*e "i$er ence bet#een "esi n an" c!"e is a c!nse2uence !% t*e c!()le4ity !% s!%t#are syste(s an" t*e )!tential %!r *u(an err!r. A(!n t*e c!nce)ts #it*in *is b!!+' Libic+i "iscusses security $ulnerabilities ass!ciate" #it* cybers)ace. 5).it*in t*is !$er$ie#' US1CERT inclu"es t*e %!ll!#in $ulnerabilities? #ireless access )!ints' net#!r+ access )!ints' unsecure" S@L "atabases' )!!rly c!n%i ure" %ire#alls' interc!nnecte" )eer net#!r+s #it* #ea+ security' an" se$eral !t*ers. &:7.. T*e (!re c!()le4 t*e syste(9an" t*ey "! et c!ntinually (!re c!()le49t*e (!re )laces t*ere are in #*ic* err!rs can *i"e. Martin C. A $ariety !% $ulnerabilities !ccur #it*in cybers)ace because !% *u(ans' *ar"#are' s!%t#are' an" c!nnecti!n )!ints t*at )r!$i"e access t! suc* syste(s.In t*e!ry' all c!()uter (isc*ie% is ulti(ately t*e %ault !% t*e syste(8s !#ner9i% n!t because !% (isuse !r (isc!n%i urati!n' t*en because !% usin a syste( #it* security bu s in t*e %irst )lace. ain access t! a syste( !r t! et it t! acce)t r! ue instructi!ns <#*ic*= is calle" an exploit> 5). A .Ris+ Mana e(ent Gui"e %!r In%!r(ati!n Tec*n!l! y Syste(s> 5/00/7. T*is . An" #it* res)ect t! !$ern(ent ser$ices' a state1s)!ns!re" attac+ c!ul" !ccur %r!( a %!rei n c!untry t! eit*er "eny certain ser$ices' steal in%!r(ati!n' !r t! ta+e c!ntr!l an" e4)l!it c!((an" an" c!ntr!l syste(s unbe+n!#nst t! lea"ers*i). .*i * le$el !$er$ie#> !% cyber $ulnerabilities %!r c!ntr!l syste(s.. In )ractice' all c!()uter syste(s are susce)tible t! err!rs.

F!ll!#in t*e US1CERT !$er$ie# an" NIST ui"e can be *el)%ul %r!( an IT (ana e(ent )ers)ecti$e' as b!t* )r!$i"e enter)rise1le$el ui"ance !n structurin net#!r+ syste(s #it* res)ect t! $ulnerabilities an" b!t* a))ly a syste( le$el $ie# !% analy-in $ulnerability.TCBCIB Suite> %r!( t*e $andbook of %nformation Security 5/00D7' )r!$i"es !$er %i%teen ty)es !% security e4)l!its relate" t! t*e TCBCIB suite t*at *ac+ers use t! attac+ syste(s' inclu"in ? sni%%in ' %in er)rintin ' Internet Br!t!c!l 5IB7 a""ress s)!!%in ' an" bu%%er !$er%l!#s 5)). Sniffing. 3!#e$er' b!t* are lac+in s)eci%icity' %r!( t*e sense !% *!# an e4ternal t*reat can tactically e4)l!it a syste(. Fingerprinting Footprinting Fr!( t*e tactical $ie#)!int' #it*in t*e )a es !% $acking &xposed t*e aut*!rs )r!$i"e reci)es %!r e4)l!itin $ulnerabilities' as #ell as instructi!ns !n c!unterin e4)l!itati!ns.it* re ar" t! sni%%in ' t*e te4t c!$ers a $ariety !% security #ea+nesses an" rec!((en"s se$eral . It is #*ere *ar"#are' s!%t#are' an" t*e *u(an ele(ent (eet #it*in a syste( t*at *ac+ers try t! ta+e c!ntr!l an" security s)ecialists )atc* $ulnerabilities t! "eny unaut*!ri-e" access an" t*e cycle a))ears t! be ne$er1en"in ./E1/67. . Cybersecurity and Exploitation: Examples Brab*a+er Mateti' in t*e c*a)ter . T*e NIST ui"e $ie#s $ulnerabilities %r!( t*e )ers)ecti$e !% t*e )!tential c!nse2uence5s7 !% an e4)l!ite" $ulnerability. Stuart McClure' F!el Sca(bray an" Ge!r e Gurt*a$e )r!$i"e" b!t* strate y an" tactics %!r i()le(entin Mateti8s n!table e4)l!itati!ns' a(!n st (any !t*ers' in t*eir se(inal #!r+ $acking &xposed' n!# in its si4t* e"iti!n.CYBERSECURITY VULNERABILITIES FACING IT MANAGERS TODAY H ui"e establis*es a (ulti1ste) syste( analysis #*ic* IT (ana ers can use t! assess t*eir net#!r+ $ulnerabilities' (easure t*e )!tential !% eac* $ulnerability !ccurrin #it* res)ect t! t*e t*reat8s s!urce' (!ti$ati!n' an" acti!ns' #*ilst "e$el!)in rec!((en"ati!ns an" "!cu(entati!n t! c!unteract t*e $ulnerabilities %!un" #it*in t*e assess(ent.

Micr!s!%t )r!$i"es eneral ui"ance !n c!unterin t*is t*reat t*r!u * t*eir !nline e"ucati!n "!cu(entati!n #it*in t*eir "e$el!)(ent .ires*ar+' #*ic* all!# any!ne #it* t*e (eans t! $ie# tra%%ic acr!ss a net#!r+.in"!#s en$ir!n(ent 5McClure et al. T*is can be *el)%ul %!r tryin t! "ebu net#!r+ )r!ble(s' but in t*e #r!n *an"s it can )r!$e t! be in$aluable in %!!t)rintin a syste( 5)). use t*e eneral ter( !% scannin $ersus %in er)rintin 5)). Cain an" GerbSni%% are t#! t!!ls in )articular t*at can be use" %!r ea$es"r!))in !n a net#!r+ )ass#!r" e4c*an e in t*e .Bassi$e %in er)rintin is t*e act !% i"enti%yin syste(s #it*!ut inJectin tra%%ic !r )ac+ets int! t*e net#!r+> an" acti$e %in er)rintin is t*e act !% usin t!!ls t! . . T*e in%!r(ati!n leane" %r!( suc* en"ea$!rs )r!$i"es acti!nable intelli ence !n #*at *ar"#are !r ser$ices are susce)tible t! c!((!n *ac+in atte()ts.:67. 3e "e%ines %!!t)rintin as' .*ereas %in er)rintin can be eit*er acti$e !r )assi$e in nature.CYBERSECURITY VULNERABILITIES FACING IT MANAGERS TODAY E s!%t#are a))licati!ns t*at can be use" t! %in" a net#!r+8s Ac*illes *eel. . /IA1/IH7. By "eter(inin t*e easiest #ay t! ain access an" e4)l!it a syste( #*ile (ini(i-in ris+ !% "etecti!n' t*e *ac+er can ascertain #*ic* $ect!r !% attac+ is #!rt*y !% *is ti(e by usin a si()le c!st1bene%it analysis 5Gs*teri' /00D' )).= Essentially' b!t* %in er)rintin an" %!!t)rintin are use" t! (a) accessible *ar"#are an" s!%t#are ser$ices #it*in a net#!r+.T*e )r!cess !% accu(ulatin "ata re ar"in a s)eci%ic net#!r+ en$ir!n(ent' usually %!r t*e )ur)!se !% %in"in #ays t! intru"e int! t*e en$ir!n(ent> 5). AD1A:7. Furt*er(!re' net#!r+ sni%%in can be acc!()lis*e" by usin a))licati!ns suc* as tc)"u()' Sn!rt' an" .it* re ar" t! ter(in!l! y' Mateti uses t*e ter( %in er)rintin in *is te4t' #*ereas McClure et al re%er t! t*is tec*ni2ue as %!!t)rintin .inJect stran ely cra%te" )ac+ets int! t*e net#!r+ t! (easure *!# syste(s res)!n"> 5Gre ' /00D' ). T*!u * si(ilarities e4ist an" s!(e c!n%use t*e t#! ter(s' Mic*ael Gre )r!$i"es clarity in *is te4t #ertified &thical $acker &xam 'rep( Understanding )ootprinting and Scanning 5/00D7. <N!te? McClure et al. &D61&I07. HH1II7. . :67.' /006' )).

!rl"8s F!nat*an 3assell *as )r!$i"e" an aut*!ritati$e $ie# !n #*at c!((!n attac+s are use" t*r!u * IB s)!!%in an" #*at can be "!ne t! )atc* t*e( in *is article . T*is is essentially a %l!!" !% "ata t*at !$er#*el(s a . Blin" s)!!%in c!nsists !% a *ac+er !utsi"e !% t*e net#!r+ )eri(eter #*! is . Micr!s!%t8s ui"ance inclu"es .it* re ar" t! t*e !t*er Mateti re%erence" security e4)l!its' *e )!ints !ut t*at . /D7. N!nblin" s)!!%in !ccurs #*en t*e *ac+er is insi"e !% t*e subnet an" can sni%% !ut e4istin trans(issi!n an" *iJac+ sessi!ns #it*!ut bein blin" t! t*e se2uence nu(bers.%ilter<in = !ut !in )ac+ets t*at a))ear t! !ri inate %r!( an in$ali" l!cal IB a""ress> 5Meier' Mac+(an' Dunner' Vasire""y' Esca(illa' K Muru+an' /00A7. Tanase n!tes t*at t*ere are se$eral $ariati!ns !% IB s)!!%in ' *!#e$er t*ey all *a$e a c!((!n "en!(inat!r L . !" Spoofing .%ilter<in = inc!(in )ac+ets t*at a))ear t! c!(e %r!( an internal IB a""ress> an" .an attac+er ains unaut*!ri-e" access t! a c!()uter !r a net#!r+ by (a+in it a))ear t*at a (alici!us (essa e *as c!(e %r!( a truste" (ac*ine by Ms)!!%in 8 t*e IB a""ress !% t*at (ac*ine. Denial1!%1ser$ice attac+ is #*en .> C!()uter .blin" t! *!# trans(issi!ns ta+e )lace !n t*is net#!r+>' s! *e (ust recei$e se2uence nu(bers %r!( t*e tar et "e$ice an" t*en %alsi%y #*! *e is by .(ulti)le *!sts are sen"in c!nstant strea(s !% )ac+et <sic= t! t*e D!S tar et> 53assell7.inJectin "ata int! t*e strea( !% )ac+ets #it*!ut *a$in t! aut*enticate *i(sel% #*en t*e c!nnecti!n #as %irst establis*e"> 53assell' /00D7. T*e c!((!n attac+s )r!$i"e" by 3assell inclu"e Blin" S)!!%in ' N!nblin" s)!!%in ' Denial1!%1ser$ice 5D!S7 attac+' an" t*e Man1in1t*e1(i""le attac+.CYBERSECURITY VULNERABILITIES FACING IT MANAGERS TODAY net#!r+.T*e t!) %i$e #ays t! )re$ent IB s)!!%in > 5/00D7. Matt*e# Tanase )r!$i"es a )ri(er !n IB s)!!%in at Sy(antec8s #ebsite #*ere *e !es int! t*e *ist!ry !% t*e tec*ni2ue an" *!# t*e D structure !% t*e TCBCIB )r!t!c!l suite an" )ac+et e4c*an es )er(it t*is )articular e4)l!itati!n t! !ccur 5/00A7.IB s)!!%in is an inte ral )art !% (any attac+s> 5).

TCBCIB Suite> $ulnerabilities . EE01EE&7. &he 'uman Element O$erl!!+e" as a security c!ncern by Mateti in *is essay !n . Since (any syste( ser$ices susce)tible t! bu%%er !$er%l!# are runnin at t*e *i *est le$el !% a"(inistrati!n )ri$ile es it is a))r!)riately attribute" as t*e .c!u) "e race !% *ac+in > 5McClure et al.CYBERSECURITY VULNERABILITIES FACING IT MANAGERS TODAY syste( t! t*e )!int its use is una$ailable !r in!)erable. T*is e4tra in%!r(ati!n is "ealt #it* "i%%erently by "i%%erent ser$ices an" can eit*er be i n!re"' cras* t*e ser$ice !r syste(' !r' i% t*e tar et is susce)tible t! t*is ty)e !% $ulnerability' t*e ser$ice (ay use t*e e4tra )ac+et "ata' i% c!nstructe" c!rrectly by t*e *ac+er' t! run a"(inistrat!r1le$el c!"e an" all!# t*e *ac+er t! c!ntr!l s!(e !r all !% t*e tar et syste( 5Mateti' /00D' ) EE:7.' /006' )). EH1EE7.' /006' )). #uffer $verflo%s . Essentially t*e *ac+er sen"s )ac+ets t! t*e tar et ser$ice +n!#in t*at (!re "ata is bein trans(itte" t*an is e4)ecte" by t*e tar et "urin c!((unicati!n. Barticularly tr!ublin is t*e %act t*at neit*er t*e !ri inatin sen"er !r inten"e" recei$er is a#are t*at in%!r(ati!n #as interce)te" "urin transit an" t*ere%!re i% secure in%!r(ati!n #as at*ere"' n! !ne' e4ce)t t*e ea$es"r!))er' +n!#s t*at "ata #as c!()r!(ise" 53assell7.3ist!rically' bu%%er !$er%l!#s *a$e been t*e (!st c!((!n ty)e !% $ulnerability. Finally' t*e (an1in1t*e1(i""le attac+ is an interce)ti!n !% )ac+ets bet#een (ac*ines #*ere t*e )ac+ets are rea" by an aut*!ri-e" user I an" sent !n#ar" unbe+n!#nst t! eit*er )arties c!((unicatin . E$en t*!u * t*e bu%%er !$er%l!# $ulnerability #as "!cu(ente" as a t*e!retical e4)l!it in &66E an" %ully substantiate" in &66D' un)atc*e" ser$ers c!ntinue t! )!)ulate t*e Internet t*at are still susce)tible t! t*is #ea+ness 5McClure et al.als*' /006' )). T*ey *a$e been )!)ular because bu%%er !$er%l!# e4)l!its can !%ten be carrie" !ut re(!tely an" lea" t! c!()lete c!()r!(ise !% a tar et> 5C*en K . EE01EE&7.

It is t*e *u(an ele(ent t*at (atters' )er*a)s (!res! t*an any *ar"#are' s!%t#are' !r net#!r+ c!nnecti!n #*en it c!(es t! securin a syste(. It is t*e *u(an t*at sets u) t*e Internet )r!t!c!ls use" "urin #eb c!((unicati!ns' sets t*e security )r!ce"ures t! be a"*ere" t!' c!"es t*e bac+1en" ser$er inte rati!n' creates t*e te()!rary )ass#!r"s t! access sensiti$e in%!r(ati!n' *!l"s resent(ent a ainst e()l!yers' %!r ets t! )atc* a +n!#n #ea+ness in : sen"(ail' an" "esires t! %in" c!n%i"ential' %inancial in%!r(ati!n t! sell t! t*e *i *est bi""er. 3!#e$er' . Acc!r"in t! Valacic* an" Sc*nei"er 5/0&/7' c!((!nalities in c!()uter cri(inals *a$e been re$eale" t*r!u * stu"ies an" t*ese ten" t! be )e!)le t*at are current !r %!r(er e()l!yees' )e!)le #it* tec*nical +n!#le" e #*! use t*eir s+ills ille ally %!r )ers!nal ain' career cri(inals' an" crac+ers #*! c!((it intrusi!ns #it* n! )articular )ur)!se' but are (erely sn!!)in t*r!u * a syste( 5).A (!"ern1"ay c!()uter cri(inal c!ul" be a "is runtle"' (i""le1a e"' #*ite1c!llar #!r+er sittin at a nice "es+ !n t*e %!urteent* %l!!r !% t*e *ea"2uarters buil"in !% a billi!n1"!llar s!%t#are (anu%acturer> 5Valacic* K Sc*nei"er' /0&/' ). It is' a%ter all' t*e *u(an t*at (ana es cybers)ace an" )r!$i"e )*ysical access t! t*e ter(inals an" syste(s t*at are interc!nnecte". H0A7.DDN say t*eir c!1#!r+ers' n!t *ac+ers' )!se t*e reatest ris+ t! c!nsu(er )ri$acy <an"= !nly &0N sai" *ac+ers #ere t*e reatest t*reat> 5). In t*is re)!rt' sur)risin ly' . . H0E7. In C!n ressi!nal testi(!ny by F!se)* Ansanelli' a cybersecurity e4)ert' t! t*e Unite" States 3!use !% Re)resentati$es C!((ittee !n Financial Ser$ices 5/00A7' cite" a 3arris Interacti$e sur$ey i$en t! #!r+ers an" (ana ers t*at *an"le sensiti$e cust!(er in%!r(ati!n at #!r+. T! (any' t*e *ac+er #*! *as ta+en !$er a syste( an" st!len a "atabase !% %inancial in%!r(ati!n %!r (!netary ain is n!r(ally c!nce)tuali-e" as a s!cial )aria*' li$in in *is (!t*er8s base(ent' starin at a (!nit!r all "ay an" ni *t' si))in ca%%einate" be$era es' (aintainin )!!r *y iene an" e4*ibitin antis!cial be*a$i!r.CYBERSECURITY VULNERABILITIES FACING IT MANAGERS TODAY is t*e *u(an ele(ent. E7.

3!#e$er' (any businesses an" !$ern(ent entities s*y a#ay %r!( re)!rtin intrusi!ns %!r %ear !% e4)!sure t! )ublic scrutiny an" because re$eale" e4)l!itati!ns (ay cause clients t! %lee' i()act )!tential ne# sales an" "a(a e t*eir st!c+ )rice.S.i+iLea+s t*at #ere )r!$i"e" by a "is runtle" Ar(y )ri$ate 5Gnic+erb!c+er' /0&/7' t*e cyber attac+ a ainst Iran8s nuclear )r!cessin %acilities t*r!u * a uni2ue )iece !% (al#are calle" STUONET 5Mile$s+i' /0&&7' t*e /00: c!()r!(ise !% t*e (ilitary8s classi%ie" an" unclassi%ie" net#!r+ #*ic* !ccurre" "ue t! (alici!us c!"e %r!( a %las* "ri$e 5Lynn' /0&07' an" C*ina8s *ac+in !% G!! le Mail t*at tar ete" t*e )ers!nal acc!unts !% *i * ran+in U. !$ern(ent !%%icials 5E%rati K G!r(an' /0&&7.cyber security e4)erts say t*at c!r)!rati!ns rarely ac+n!#le" e breac*es' an" !%ten +ee) t*e( secret %r!( la# en%!rce(entP>.CYBERSECURITY VULNERABILITIES FACING IT MANAGERS TODAY Ulti(ately' *u(ans are susce)tible t! "ece)ti!n an" can )r!$i"e access t! syste(s by "iscl!sin 6 sensiti$e in%!r(ati!n t! *ac+ers #it*!ut reali-in t*eir acti!ns brin ab!ut terrible c!nse2uences.i"ely )ublici-e" *ac+in #it*in t*e last "eca"e *as inclu"e" a ressi$e attac+s a ainst (ilitary (e(bers "urin t*e /0&& C*rist(as *!li"ay 5M!ntalban!' /0&&7' *ac+ers usin st!len RSA in%!r(ati!n t! breac* L!c+*ee"1Martin8s net#!r+s 5Mic+' /0&&7' secret U. T*e re%erence" attac+s #ere +n!#n t! t*e )ublic n!t l!n a%ter eac* c!()r!(ise !ccurre" an" *a$e bec!(e case stu"ies %!r (any #it*in t*e in%!r(ati!n tec*n!l! y sect!r. 3!#e$er' t*ere is n!# a %ear !% )r!secuti!n . In t*e a)tly title" article' . Widely "ublici(ed Vulnerabilities . T*e reality is t*at t*e (!re security breac* in%!r(ati!n in t*e )ublic "!(ain is !!" %!r t*e security )r!%essi!nal as it all!#s *i( t! u)"ate syste(s !r )re$ent %uture t*reats base" !n un"erstan"in e(er in attac+ $ect!rs.Security tru()s secrecy in cyber %i *t1)r!secut!r>' )ublis*e" by Reuters in Fanuary !% /0&/' it #as re)!rte" t*at . B!t* )ers)ecti$es are $ali"' but t*e trut* is t*at !r ani-ati!ns si()ly aren8t re)!rtin security breac*es. De)art(ent !% State cables e4)!se" t*r!u * .S.

<N!te? See A))en"ices A an" B' #*ic* are tables )r!$i"e" by Micr!s!%t' t*at illustrate t*reats an" c!unter(easures %!r a $ariety !% +n!#n e4)l!itati!ns. By s*arin in%!r(ati!n it bec!(es a )art !% !)en s!urce c!llecti$e intelli ence' )r!$i"in IT a"(inistrat!r8s #it* t*e in%!r(ati!n necessary t! cl!se *!les #it*in t*eir syste(s t*at t*ey (ay ne$er *a$e been )ri$y t!! #it*!ut %ull "iscl!sure. S!(e c!((!n c!unter(easures inclu"e' but are n!t li(ite" t!' usin str!n aut*enticati!n' a$!i"in st!rin sensiti$e "ata !r )ass#!r"s as )lainte4t' usin ta()er1resistant )r!t!c!ls' creatin secure au"it trails' usin str!n aut*!ri-ati!n' $ali"atin an" %ilterin net#!r+ in)uts' usin t*e )rinci)le !% least )ri$ile es' u)"atin s!%t#are an" %ir(#are as )atc*es bec!(e a$ailable' usin str!n )*ysical security %!r sensiti$e "e$ices an" syste( access )!ints' usin secure )r!t!c!ls "urin sessi!ns' e"ucatin users !n a))r!)riate security )r!t!c!ls' "isablin unnecessary ser$ices' an" )r!)erly installin an" c!n%i urin net#!r+ access )!ints' *ar"#are' an" s!%t#are 5Meier' Mac+(an' Dunner' Vasire""y' Esca(illa' an" Muru+an' /00A7. T*e syste( !% "iscl!sure is c*allen in %!r businesses' as t*ere is n!t incenti$e #it*in t*e (ar+et t! !%%er %ull "iscl!sure' t*ere is !nly "is1incenti$e t! c!(e clean ab!ut breac*es.= Ulti(ately' t*e security )r!%essi!nal (ust "eter(ine' base" !n ti(e' bu" et' an" !t*er $ariables' #*ere e%%!rts s*!ul" be )lace" in .it* re%erence t! c!((!n attac+s t*r!u * t*e TCBCIB suite an" t*r!u * e%%ecti$e s!cial en ineerin ' security )r!%essi!nals nee" t! c!nstantly (aintain $i ilance. One c!()any8s "iscl!sure' c!ul" )re$ent *un"re"s !% %uture attac+s. 3!#e$er' #it* (!re "iscl!sure )r!secuti!ns' t*e culture !% re$ealin c!()r!(ises (ay c*an e !$er ti(e. Common Countermeasures .CYBERSECURITY VULNERABILITIES FACING IT MANAGERS TODAY &0 by t*!se c!()anies t*at re%use t! )ublically "iscl!se security c!()r!(ises i()actin sensiti$e )ers!nal an" %inancial "ata. C!((!n c!unter(easures are )ut in )lace an" t*en are c!nstantly e$!l$in as ne# t*reats are re$eale".

Bers)ecti$es "i%%er by )ers!n' business an" !$ern(ent security e4)ert. One (ust ta+e int! c!nsi"erati!n t*e $ulnerability' t*reat s!urce' an" )!ssible !utc!(e. A""iti!nally' t*e Benta !n8s c!ncerns "i%%er %r!( t*at !% t*e ec!((erce c!()any.*at is t*e bi est IT security c*allen e t!"ayQ8= isP un)atc*e" syste(s. It is t*e si(ilar c!st1bene%it analysis c!nun"ru( t*at %aces t*e IT )r!%essi!nal t*at %aces t*e *ac+er' alt*!u * t*e $ari!us $ariable an" incenti$es "i%%er. F!r a )ers!n #it* a *!(e business' *is )ers)ecti$e !% a D!S attac+ !n *is *!(e c!()uter net#!r+ "i%%ers reatly %r!( a c!()any %!cusin s!lely !n ec!((erce.Strate ies t! Miti ate Tar ete" Cyber Intrusi!ns> 5C"r. 3!#e$er' %r!( an enter)rise le$el )ers)ecti$e' t*e bi est t*reat %acin IT security e4)erts t!"ay is ensurin t*at *ar"#are "e$ices an" s!%t#are are )r!)erly u)"ate" an" )atc*e". Security )r!t!c!ls s*!ul" inclu"e r!utine researc* t! ensure syste(s are u)1t!1"ate #it* t*e (!st recent ser$ice )ac+s. I $ery' $ery *i *ly rec!((en" c*ec+in > !ut t*e Australian De%ence Si nals Direct!rate8s article . C. 3!#e$er' (!st c!((!n attac+ $ect!rs *a$e been +n!#n . Ne$e' USCG Cyber C!((an"' )ers!nal c!((unicati!n' Fanuary A&' /0&/7. Most !mportant Security Vulnerability &oday T*e "ebate !% #*at is t*e sin le reatest t*reat t! cybers)ace is an !%t1"iscusse" t!)ic !nline an" !%%line. As (enti!ne" )ri!r' NIST *as && )r!$i"e" a %ra(e#!r+ %!r t*e c!()uter )r!%essi!nal t! c!nsi"er #*en securin syste(s base" !n $ulnerability' t*reat1s!urce' t*reat acti!n' t*reat li+eli*!!"' an" ris+ le$el 5St!neburner' G! uen' an" Ale4is' /00/7. I% an IT (ana er *as t*!usan"s !% c!()uters t! (!nit!r an" a )atc* because t*ey are n!t u)1t!1"ate' *is syste(s are at ris+ %r!( t*e %irst ti(e a ne# $ulnerability (a+es it t! t*e )ublic.T*e ans#er <t! M. T*is )ers)ecti$e #as ec*!e" "urin a recent inter$ie# #it* C!((an"er Cli%% Ne$e' t*e C*ie% !% Sta%% !% t*e Unite" States C!ast Guar" Cyber C!((an". Many +n!#n $ect!rs !% attac+ are #ell "!cu(ente". .CYBERSECURITY VULNERABILITIES FACING IT MANAGERS TODAY i()le(entin c!unter(easures in )r!tectin c!()uter syste(s.

I% an IT )r!%essi!nal "elays !r ne$er installs a ser$ice )ac+' t*e s!%t#are #ill c!ntinue t! *!l" t*e $ulnerabilities built int! it. bu%%er !$er%l!#' IB s)!!%in ' sni%%in ' %in er)rintin ' %!!t)rintin ' etc. s!%t#are #it*!ut t*e ser$ice )ac+ installe"7' t*e (!re li+ely t*at s!%t#are is li+ely t! be e4)l!ite". I% s!(e!ne *as installe" a $irus )r!tecti!n syste(' but "!es n!t c!ntinue t! u)"ate t*e library !% )!tential t*reats' t*ey #ill bec!(e $ulnerable t! any ne# $irus t*at is n!t alrea"y in t*eir library. An" as eac* "ay )asses an" (!re *ac+ers are a#are !% t*e $ulnerability a%%ectin un)atc*e" syste(s 5e. I% a *ac+er bec!(es a#are !% a ne# attac+ $ect!r' a%ter e"ucatin *i(sel%' in a %e# *!urs *e can be %in er)rintin an" %!!t)rintin syste(s t! %in" t*is ne#ly "iscl!se" $ulnerability' an" )er*a)s be insi"e !% a syste( causin *ar( #it*in a (atter !% /H *!urs.e. T*ere is an entire &/ in"ustry !% security )r!%essi!nals t*at )r!$i"e s!%t#are ser$ices t! ensure t*at ne#ly "isc!$ere" $iruses are )ublic +n!#le" e as s!!n as )!ssible L McA%ee' Gas)ers+y' an" Sy(antec are #ell +n!#n s!%t#are )r!$i"ers in t*is in"ustry. It is t*e !l" s!%t#are an" *ar"#are t*at *as been "e)recate"' an" n! l!n er su))!rte"' t*at )uts a net#!r+ at ris+. . Ne# libraries an" )atc*es are )r!$i"e" !n a r!utine basis t*r!u * ser$ice le$el a ree(ents' an" %!r )articularly #ell1)ublici-e" !utbrea+s !r security e4)l!itati!ns' instant u)"ates are s!(eti(es a$ailable. Bey!n" s!%t#are' (any !l"er *ar"#are "e$ices *a$e %ir(#are !n t*e( t*at )r!$i"es . T*ese SBs are n!r(ally release" as an u)"ate %i4in )r! ra( issues t*at (i *t cause it t! cras*. 3!#e$er' t*ere are s!(e s!luti!ns t! )art !% t*is issue.CYBERSECURITY VULNERABILITIES FACING IT MANAGERS TODAY %!r years 5i.7. 3!#e$er' (any ser$ice )ac+s are "istribute" t! )atc* a +n!#n $ulnerability #it*in t*e s!%t#are. A""iti!nally' t*ey can %i4 c!()laints ab!ut t*e user e4)erience' user inter%ace !r )!ssibly a"" ne# %eature sets as a bene%it t! t*e !#ner be%!re an entirely ne# $ersi!n !% t*e s!%t#are is release" t! t*e )ublic. A""iti!nally' ser$ice )ac+s 5SB7 are r!utinely release" %!r !)eratin syste(s' enter)rise1le$el s!%t#are' ser$ers' an" stan"ar" *!(e s!%t#are.

3!#e$er' t*r!u * a c!st1bene%it analysis' ta+in int! c!nsi"erati!n a $ariety !% $ariables' an IT )r!%essi!nal can create security )r!t!c!ls t! *an"le t*e re2uire" u)"ates t*at )atc* $ulnerabilities t*at *ac+er8s (ay e4)l!it. F!r e4a()le' i% a r!uter (a"e in /00H is still !n a net#!r+ in /0&/' t*e "e$ice is n!# : years !l" an" (ay be susce)tible t! an e4)l!it because it *asn8t been )atc*e" since t*e initial %ir(#are #as )lace" !n t*e "e$ice. S!(eti(es net#!r+ "e$ice c!n%i urati!n settin s c!ntribute t! a *ac+ers atte()t at &A %in er)rintin an" %!!t)rintin ' res)!n"in t! e4ternal re2uests an" )r!$i"in in%!r(ati!n t*at is n! l!n er a )art !% net#!r+ best )ractice "ue t! security ris+. Fir(#are u)"ates n!r(ally )atc* +n!#n $ulnerabilities in a "e$ice an" s!(eti(es all!# t*e "e$ice t! )er%!r( (!re e%%iciently.CYBERSECURITY VULNERABILITIES FACING IT MANAGERS TODAY c!n%i urati!n settin s an" s!%t#are %eatures built int! t*e(. By n!t )atc*in +n!#n $ulnerabilities' a net#!r+ is !)en t! c!((!n attac+s t*at (ay cause ra$e "a(a e t! a )ers!n' business !r !$ern(ent instituti!n. Alt*!u * t*e sin le lar est $ulnerability t! IT )r!%essi!nals (ay be +ee)in *ar"#are an" s!%t#are u)1t!1"ate t! ensure e(er in $ulnerabilities are re(!$e"' si()ly )atc*in e$eryt*in !n a "aily basis (ay be t!! (uc* %!r an enter)rise le$el net#!r+ t! ta+e !n. .

CYBERSECURITY VULNERABILITIES FACING IT MANAGERS TODAY Appendix A: Table 1 – Microsoft’s STR D! Threats and "ounter#easures &H Source: Micr!s!%t De$el!)er Net#!r+' I()r!$in .c!(Cen1usClibraryC%%DH:DH&.eb A))licati!n Security' C*a)ter /? T*reats an" C!unter(easures' *tt)?CC(s"n.(icr!s!%t. .as)4 $ote: STRIDE is an acr!ny( use" by Micr!s!%t %!r t*e %!ll!#in $ulnerabilities? • S)!!%in • Ta()erin • Re)u"iati!n • n%!r(ati!n Discl!sure • Denial !% ser$ice • !le$ati!n !% )ri$ile e.

c!(Cen1usClibraryC%%DH:DH&.(icr!s!%t.CYBERSECURITY VULNERABILITIES FACING IT MANAGERS TODAY Appendix %: Table & – Microsoft’s Threats b' Application (ulnerabilit' "ate)or' &E Source: Micr!s!%t De$el!)er Net#!r+' I()r!$in .eb A))licati!n Security' C*a)ter /? T*reats an" C!unter(easures' *tt)?CC(s"n.as)4 .

K . A(ster"a(? Else$ier. .' K S*e)*er"' L.als*' B. 5/0&&' Au ust A&7.. 5/0&07. Vacca #omputer and %nformation Security $andbook. 5/00&' Fuly A7.bama.!r Ct!)1cyber1security1ris+s E%rati' A an" G!r(an' S.as)4 T*e C!()re*ensi$e Nati!nal Cybersecurity Initiati$e.efense Systems. In F. Retrie$e" %r!( *tt)?CC%inancialser$ices.".sy(antec. *tt)?CC###. 5/0&/' Fanuary &A7.sy(antec. Retrie$e" %r!( *tt)?CC###. Testi(!ny !% F!se)* Ansanelli' c*air(an an" CEO !% V!ntu' Inc. 5/0067. R. Retrie$e" %r!( *tt)?CC###. #omputer *eekly.c!(Cc!nnectCbl! sC/0&&1state1security1sur$ey As*%!r"' .c!(Cne#sC//H0&&AI:/CBublic1sect!r1sees1 cybercri(e1as1risin 1t*reat &D Ansanelli' F.7 The *hite $ouse.CYBERSECURITY VULNERABILITIES FACING IT MANAGERS TODAY References /0&& state !% security sur$ey. G!! le (ail *ac+ bla(e" !n C*ina. Di ital C!n%lict.sans. !$C(e"iaC)"%C0D/H0AJa. United States $ouse of +epresentatives. Guar"in A ainst Net#!r+ Intrusi!ns. Cli%%' A.c!()uter#ee+ly. The #ommittee on )inancial Services. Bublic sect!r sees cybercri(e as risin t*reat. %nside cyber warfare. F. Sebast!)!l' Cali%? ORReilly Me"ia' Inc. Symantec. Retrie$e" %r!( *tt)?CC"e%ensesyste(s. 5/0&&' Fune /7. 'resident -arack .*!use. Retrie$e" %r!( *tt)?CC###.#*ite*!use. *all Street . Intrusi!n "etecti!n syste(s ter(in!l! y' )art !ne? A L 3. Retrie$e" %r!( Retrie$e" %r!( *tt)?CC###. 5n.)"% Carr' F.' et al 5/006' Se)te(ber7.c!(Cc!nnectCarticlesCintrusi!n1"etecti!n1syste(s1 ter(in!l! y1)art1!ne1* C!le(an' G. T*e t!) cyber security ris+s. 5/00A' Fune /H7.c!(Cbl! sCcyber1re)!rtC/0&&C0IC*u(an1$ulnerability1c!()uter1 syste(s. C*en' T. !$CcybersecurityCc!()re*ensi$e1 nati!nal1cybersecurity1initiati$e D*a(an+ar' R. 5/0&&' Fuly I7. S/0S. Symantec.

Retrie$e" %r!( *tt)?CC###. S/0S 5Securin t*e 3u(an7.c!.c!()uter#!rl". Retrie$e" %r!( *tt)?CC###. B. #-S 0ews. 5/0&&' Dece(ber /0&&7. 5/0&&' Dece(ber &67. S!cial en ineerin %un"a(entals' )art &? 3ac+er tactics. T*e t!) %i$e #ays t! )re$ent IB s)!!%in . Bears!n IT Certi%icati!n. F.c!(C:A0&1E0E&HAS&D/1EIAHH/:/Csecurity1ti)s1%r!(1a1 le en"ary1*ac+erC Is)it-ner.iley an" S!ns. Social &ngineering( The /rt of $uman $acking. B!!+ re$ie# L S!cial en ineerin . Symantec.c!(CsCarticleC600&0/&CT*eSt!)S%i$eS#aysSt!S)re$entSIBSs) !!%in 3ess' M. Gran er' S.#sJ.CYBERSECURITY VULNERABILITIES FACING IT MANAGERS TODAY 1ournal. 5/00&' Dece(ber &:7. 5/00D' Fune 67. #omputer *orld. Retrie$e" %r!( *tt)?CC###.securin t*e*u(an. Retrie$e" %r!( &I *tt)?CC!nline. cyber strate y.u+Cne#sCtec*n!l! y1&D&EI::A G!ttlieb' B.!r Cbl! C/0&&C0/C0ICb!!+1re$ie#1s!cial1 en ineerin 1/ . Retrie$e" %r!( *tt)?CC###.cbsne#s.c!(Cc!nnectCarticlesCs!cial1en ineerin 1 %un"a(entals1)art1i1*ac+er1tactics Gre ' M. 3assell' F. 5/0&07.c!(CarticleCSB&000&H/H0E/I0/A0ADEIH0HEIDAE6II0/HAE&IED:. 3a"na y' C.sy(antec.' CDR. Cybers)ace $s.*t(l FBI says *ac+ers *it +ey ser$ices in t*ree US cities. #ertified &thical $acker &xam 'rep( Understanding )ootprinting and Scanning. 5/00D' Fune :7. In"iana)!lis' In"iana? F!*n . 5/0&07. Retrie$e" %r!( *tt)?CC###. 5/0&&' February I7. --#.bbc. /merican %ntelligence 1ournal' /: 5/7' &:1/E. Security ti)s %r!( a le en"ary *ac+er.

5/0067.usat!"ay.+r!ll%rau"s!luti!ns. !$tec*.T*e Si()le ec!n!(ics !% cybercri(es.c!(CUSACFusticeC/0&/C0&&ACBra"ley1Mannin 13!#1alle e"1 intelli ence1lea+er1#ill1"e%en"1*i(sel% Gs*etri' Nir 5/00D7' . AA1A6.ran".c!(Cbl! sCl!*r(ann1!n1 cybersecurityC/0&/1Cybersecurity1Tren"s1t!10&0H&/. C. 5/0&/' Fanuary &67.!r Cc!ntentC"a(Cran"C)ubsC(!n! ra)*sC/006CRANDSMG:II. Retrie$e" %r!( *tt)?CCc!ntent.c!(Cc!((unitiesCt*e!$alC)!stC/0&&C0EC!ba(a1tea(1 un$eils1ne#1cybersecurity1)lanC& Gi(' F.CYBERSECURITY VULNERABILITIES FACING IT MANAGERS TODAY Fac+s!n' D. 5/0&&' Dece(ber &H7.)"% Libic+i' M.)"% Gr!ll ann!unces t!) ten cyber security tren"s %!r /0&/. 4roll 5 #yber Security and %nformation /ssurance. Retrie$e" %r!( *tt)?CCsee. Retrie$e" %r!( *tt)?CC###. T*e in%!r(ati!n en$ir!n(ent. US/ Today. %&&& Security and 'rivacy' &: 1anuary3)ebruary.%iercec!()lianceit.c!(Cst!ryC(any1security1breac*es1 !1 unre)!rte"C/0&/10&1&6 Gnic+erb!c+er' B. Retrie$e" %r!( *tt)?CC###. 5/0067.cs(!nit!r. Retrie$e" %r!( *tt)?CC###. 5/0&/' Fanuary &A7.4i"ian. Many security breac*es ! unre)!rte". #hristian Science 2onitor. 5/0&&' May &/7. 5/0&/' Fanuary H7. Fierce C!()liance IT. Cyber"eterrence an" cyber#ar. Retrie$e" %r!( *tt)?CC###.cnC*uJian#eiC)a)ersC06:1T*e N/0Si()leN/0Ec!n!(icsN/0!%N/0Cybercri(es. 6overnment Technology. Retrie$e" %r!( *tt)?CC###. /0&/ Cybersecurity tren"s t! #atc* in !$ern(ent. Bra"ley Mannin ? 3!# alle e" intelli ence lea+er #ill "e%en" *i(sel%. Oba(a tea( un$eils cybersecurity )lan. C. In /merica7s Security +ole in a #hanging .e"u.c!(Cab!ut1usC)ress1releasesC+r!ll1ann!unces1t!)1ten1 cyber1security1tren"s1%!r1/0&/.as)4 L!*r(ann' D.*t(l Libic+i' M.

aily Tech. 5E". F!rei n A%%airs. an" Anan"*a Muru+an. I()r!$in . Re)!rts? 3ac+ers use st!len RSA in%!r(ati!n t! *ac+ L!c+*ee" Martin.T.n"u. Retrie$e" %r!( &6 *tt)?CC###.CYBERSECURITY VULNERABILITIES FACING IT MANAGERS TODAY *orld( 6lobal Strategic /ssessment 899:' EA1EE. Meier' F. =. F.%!rei na%%airs. 5/00A' Fune7.-"net. Retrie$e" %r!( *tt)?CC###.' Dunner' M.efense $ori<ons 5D:7. Retrie$e" %r!( *tt)?CC###.7' $andbook of %nformation Security.auC+e$in1(itnic+1s!cial1en ineerin 1&0&1AA6/60IA6. Retrie$e" %r!( *tt)?CC###.e"uC)ressCstu4net1an"1strate y. Center %!r Tec*n!l! y an" Nati!nal Security B!licy.c!(Cen1usClibraryC%%DH:DH&. In Vacca' F. Cybers)ace an" t*e .*t( .' Mac+(an' A.e"uC)ressClibC)"%C"e%ense1*!ri-!nsCD31D:. Ge$in Mitnic+? S!cial en ineerin &0&. 5/0067. A. Stu4net an" strate y? A s)ace !)erati!n in cybers)ace. *tt)?CC###.*t(l Miller' R.(icr!s!%t. In Bi" !li' 3. .. 5/0&&' Fune &67. 5/0&0' Se)te(berCOct!ber7.D.*t( Mile$s+i' L. Buil"in a secure !r ani-ati!n. 5/006' Se)te(ber7.uarterly 5DA7.eb A))licati!n Security' C*a)ter /? T*reats an" C!unter(easures. Retrie$e" %r!( *tt)?CC(s"n.First Battle> in /&st1 century #ar. 1oint )orce . 5E".0et.ile K S!ns' Inc. 5/00:' Fuly /&7. an" Gue*l' D. Ba+ers%iel"' Cali%!rnia? F!*n .c!(CarticlesCDDEE/C#illia(1J1lynn1iiiC"e%en"in 1a1ne#1"!(ain Mallery' F.' Esca(illa' R. 5/0&&' Oct!ber7. Burlin t!n' MA? Else$ier.c!(CRe)!rtsT3ac+ersTUseTSt!lenTRSATIn%!r(ati!nTt!T3ac+TL !c+*ee"TMartinCarticle/&IEI.R.as)4 Mic+' F. Mateti' B. 5/00D7.c!(."ailytec*. Lynn' III' . . TCBCIB Suite.' Vasire""y' S.n"u. Micr!s!%t De$el!)er Net#!r+. De%en"in a ne# "!(ain? T*e Benta !nRs cyberstrate y.)"% Mills' E.7' C!()uter an" In%!r(ati!n Security 3an"b!!+ 5)) A1//7.

". K Muru+an' A. )ierce 6overnment %T.c!(Cne#sC !$ern(entCsecurityC/A/A0&&0H M!!re' R. 5/00A' Fune7.%ierce !$ern(entit.c!(Cne4t !$Cn S/0&/0&/ASAH6&. 5n. US1CERT 5Unite" State C!()uter E(er ency Rea"iness Tea(7. Retrie$e" %r!( *tt)?CCne#san"insi *t.us1cert. 5/0067.c!(Cen1usClibraryC%%DH:DH&.7.' K Gurt-' G.)*)Q !re%Ut!)st!ry St!neburner' G. Retrie$e" %r!( *tt)?CC(s"n.ne4t !$.as)4 M!ntalban!' E. 5/00E7. Ne# Y!r+? McGra#13ill.' Vasire""y' S.' Dunner' M.(icr!s!%t. .' Mac+(an' A. Retrie$e" %r!( *tt)?CC###. 5/00/' Fuly7. 5/0&/' Fanuary /A7. Matt*e# Ben"er K C!()any. Retrie$e" %r!( *tt)?CC###. 0ext6ov. 5/0&&' Dece(ber /:7. #ybercrime( %nvestigating $igh Technology #omputer #rime. 3ac+ers (ani)ulate" rail#ay c!()uters' TSA (e(! says.t*!(s!nreuters. !$Cc!ntr!lSsyste(sCcs$uls. an" Ale4is Ferin a. Meier' F.' G! uen' A. 5/0&&' May 67.D. A %nformation *eek. A))licati!n $ulnerabilities c*ie% a(!n %e"eral cybersecurity c!ncerns.c!(CLe alCNe#sC/0&/C0&S1 SFanuaryCSecurityStru()sSsecrecySinScyberS%i *t1)r!secut!rC Sternstein' A. 2icrosoft.CYBERSECURITY VULNERABILITIES FACING IT MANAGERS TODAY /0 McClure' S. $acking exposed >( 0etwork security secrets ? solutions. Retrie$e" %r!( *tt)?CC###.' Esca(illa' R. +euters.c!(Cst!ryCa))licati!n1$ulnerabilities1c*ie%1a(!n 1 %e"eral1cybersecurity1c!ncernsC/0&&10E106 Security tru()s secrecy in cyber %i *t1)r!secut!r 5/0&/' Fanuary &/7.*t(l Berera' D. O$er$ie# !% cyber $ulnerabilities. T*reats an" c!unter(easures.' Sca(bray' F.in%!r(ati!n#ee+. Retrie$e" %r!( *tt)?CC###. Ris+ (ana e(ent ui"e %!r ressi$e )*is*in attac+ tar ets (ilitary )ers!nnel.

S/0S 5SysA"(in' Au"it' Net#!r+' Security7 Institute.!r Crea"in Sr!!(C#*ite)a)ersCt*reatsCintr!"ucti!n1i)1s)!!%in S6E6 . !$. Retrie$e" %r!( *tt)?CC###. R.auCin%!secCt!)1 (iti ati!nsCt!)AE(iti ati!nstrate ies1list. K Sc*nei"er' C. A(ster"a(? Else$ier. Valacic*' F. %ntelligence and Security. !$C)ublicati!nsCnist)ubsC:001A0Cs):001A0.". %nformation Systems Today( 2anaging in the . 0ational %nstitute of Standards and Technology 5NIST7.igital *ord.7 /ustralian 6overnment. Retrie$e" %r!( *tt)?CC###.nist.CYBERSECURITY VULNERABILITIES FACING IT MANAGERS TODAY /& in%!r(ati!n tec*n!l! y syste(s. 5n. IB s)!!%in ? An intr!"ucti!n. Velasc!' V."s".*t( Tanase' M. Retrie$e" %r!( *tt)?CCcsrc. 5/0&/7. Retreie$e" %r!( tt)?CC###.sans.sy(antec. 5/0067.efence.c!(Cc!nnectCarticlesCi)1s)!!%in 1intr!"ucti!n E"it!r Vacca' F. B!st!n? Brentice 3all. Symantec.)"% Strate ies t! (iti ate tar ete" cyber intrusi!ns.epartment of . 5/000' N!$e(ber /&7. Intr!"ucti!n t! IB s)!!%in . 5/00A' Marc* &&7. . #omputer and %nformation Security $andbook.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->