By Topic

Security & Privacy, IEEE

Issue 5 • Date Sept.-Oct. 2014

Filter Results

Displaying Results 1 - 21 of 21
  • Table of contents

    Page(s): 1 - 2
    Save to Project icon | Request Permissions | PDF file iconPDF (3475 KB)  
    Freely Available from IEEE
  • Expanding to Meet Readers' Needs

    Page(s): 3 - 4
    Save to Project icon | Request Permissions | PDF file iconPDF (827 KB)  
    Freely Available from IEEE
  • [Masthead]

    Page(s): 5
    Save to Project icon | Request Permissions | PDF file iconPDF (103 KB)  
    Freely Available from IEEE
  • Silver Bullet Talks with Bart Miller

    Page(s): 6 - 8
    Save to Project icon | Request Permissions | PDF file iconPDF (446 KB)  
    Freely Available from IEEE
  • Designed-in Security for Cyber-Physical Systems

    Page(s): 9 - 12
    Save to Project icon | Request Permissions | PDF file iconPDF (1060 KB)  
    Freely Available from IEEE
  • On Computer Security Incident Response Teams

    Page(s): 13 - 15
    Save to Project icon | Request Permissions | PDF file iconPDF (2028 KB)  
    Freely Available from IEEE
  • Computer Security Incident Response Team Development and Evolution

    Page(s): 16 - 26
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2039 KB)  

    When computer security incidents occur, it's critical that organizations be able to handle them in a timely manner. The speed with which an organization can recognize, analyze, and respond to an incident will affect the damage and lower recovery costs. Organized incident management requires defined, repeatable processes and the ability to learn from incidents that threaten the confidentiality, availability, and integrity of critical systems and data. Some organizations assign responsibility for incident management to a defined group of people or a designated unit, such as a computer security incident response team. This article looks at the development, purpose, and evolution of such specialized teams; the evolving nature of attacks they must deal with; and methods to evaluate the performance of such teams as well as the emergence of information sharing as a core service. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Dutch Approach to Cybersecurity through Participation

    Page(s): 27 - 34
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1474 KB)  

    At the end of 2013, the Dutch government published its second National Cyber Security Strategy, a major step in the development of the governmental approach to cybersecurity. This document stresses the importance of increasing cyber resilience through participation. The challenge of securing this entire domain is too large for any one organization. Therefore, the Dutch have chosen to engage the private sector, and foster participation to face the challenge together. In typical Dutch style, the government encourages voluntary, bottom-up participation and, thus, invites public and private parties to the table to discuss common threats and identify areas for collaboration. The recently formed Dutch National Cyber Security Centre plays a crucial role in coordinating, facilitating, encouraging and supporting such participation. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Operational Role of Security Information and Event Management Systems

    Page(s): 35 - 41
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1248 KB)  

    An integral part of an enterprise computer security incident response team (CSIRT), the security operations center (SOC) is a centralized unit tasked with real-time monitoring and identification of security incidents. Security information and event management (SIEM) systems are an important tool used in SOCs; they collect security events from many diverse sources in enterprise networks, normalize the events to a common format, store the normalized events for forensic analysis, and correlate the events to identify malicious activities in real time. In this article, the authors discuss the critical role SIEM systems play SOCs, highlight the current operational challenges in effectively using SIEM systems, and describe future technical challenges that SIEM systems must overcome to remain relevant. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security Automation and Threat Information-Sharing Options

    Page(s): 42 - 51
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1530 KB)  

    Security information sharing isn't a new concept. Various government organizations and security vendors have been creating security collateral that's consumed by their products and services. Given the expansion of security in the IT world, security collateral needs to be interoperable and sharable between organizations to be used efficiently. To achieve this, there have been multiple attempts to standardize security information sharing over the past decade. This article presents the basic features of these schemes, identifies the problems they're trying to solve, and summarizes areas where they overlap and differ. The author addresses the most common questions and concerns raised in the industry when information is shared among vendors and helps organizations develop a common understanding of the options available and adopt those that serve their purpose. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An Anthropological Approach to Studying CSIRTs

    Page(s): 52 - 60
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1476 KB)  

    The ethnographic method of participant observation can help researchers better understand the challenges computer security incident response teams face by illuminating underlying assumptions and tacit practices that shape how tools are actually used in different contexts. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An Organizational Psychology Perspective to Examining Computer Security Incident Response Teams

    Page(s): 61 - 67
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1125 KB)  

    Generally, computer security incident response team (CSIRT) managers and team members focus only on individual-level skills. The field of organizational psychology can contribute to an understanding of the full range of CSIRT job requirements, which include working as a team and within a larger multiteam system. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Off-Path Hacking: The Illusion of Challenge-Response Authentication

    Page(s): 68 - 77
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (580 KB)  

    Everyone is concerned about Internet security, yet most traffic isn't cryptographically protected. The typical justification is that most attackers are off path and can't intercept traffic; hence, intuitively, challenge-response defenses should suffice to ensure authenticity. Often, the challenges reuse existing header fields to protect widely deployed protocols such as TCP and DNS. This practice might give an illusion of security. Recent off-path TCP injection and DNS poisoning attacks enable attackers to circumvent existing challenge-response defenses. Both TCP and DNS attacks are nontrivial, yet practical. The attacks foil widely deployed security mechanisms and allow a wide range of exploits, such as long-term caching of malicious objects and scripts. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Where in the World Is My Information?: Giving People Access to Their Data

    Page(s): 78 - 81
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (724 KB)  

    Willis Ware and his committee developed their principles in a world where business and government information systems were very different from today's interconnected and complex environment. They foresaw that the rise of computer information processing capability would place more strain on individual privacy, but they would have been hard-pressed to see just how far that capability would go. We're living in revolutionary times, but the reason for the principles--particularly the right to access information--is as sound and fundamental as it ever was. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Building Reliable and Secure Virtual Machines Using Architectural Invariants

    Page(s): 82 - 85
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (919 KB)  

    HyperTap is a hypervisor-level monitoring framework for virtual machines (VMs). It uses hardware architectural invariants properties defined and enforced by a hardware platform to establish the root of trust for logging data and events. HyperTap also supports continuous, event-driven VM monitoring, which enables both capturing the system state and responding rapidly to actions of interest. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Can We Afford Privacy from Surveillance?

    Page(s): 86 - 89
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1007 KB)  

    Will the economics of improving IT lead us to more or less personal privacy? View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Beyond Blacklisting: Cyberdefense in the Era of Advanced Persistent Threats

    Page(s): 90 - 93
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (892 KB)  

    Signature-based detection is no longer an effective way to detect and block malware; whitelisting is much more effective. Whitelisting can vastly reduce an organization's attack surface, letting defenders focus on more advanced threats. It also can force attackers to use expensive exploits to execute code remotely and can make it difficult for attackers to maintain persistence. Many organizations already own tools to implement whitelisting, so the only cost is the time and effort to properly implement them. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Intelect [Advertisement]

    Page(s): 94
    Save to Project icon | Request Permissions | PDF file iconPDF (1694 KB)  
    Freely Available from IEEE
  • The Future of Incident Response

    Page(s): 96
    Save to Project icon | Request Permissions | PDF file iconPDF (468 KB)  
    Freely Available from IEEE
  • IEEE Security & Privacy [Advertisement]

    Page(s): c3
    Save to Project icon | Request Permissions | PDF file iconPDF (3321 KB)  
    Freely Available from IEEE
  • Rock Stars of Big Data Analytics [Advertisement]

    Page(s): c4
    Save to Project icon | Request Permissions | PDF file iconPDF (2007 KB)  
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu