Post on 18-Dec-2015
1
IT Security and IT Security and PrivacyPrivacyEddie Meyer
Scott WibbenmeyerChanchart ChanthananZhijing FangZongJun Zhu
2
IT Security IT Security Information securityInformation security is the is the
process of process of protecting information protecting information systemssystems and and datadata from from
unauthorized access, use, unauthorized access, use, disclosure, destruction, disclosure, destruction,
modification, or disruption. modification, or disruption. Information securityInformation security is is
concernedconcerned with the with the confidentiality, integrity, and confidentiality, integrity, and
availability of availability of datadata regardless of regardless of the form the data may take: the form the data may take:
electronic, print, or other formselectronic, print, or other forms..
http://en.wikipedia.org/wiki/It_security, viewed April 2nd, 2007
3
OverviewOverview
Why is it important?Why is it important? Role of CSORole of CSO Costs of IT SecurityCosts of IT Security Security ThreatsSecurity Threats Practices to mitigate threatsPractices to mitigate threats Case StudyCase Study Case StudyCase Study
4
Why is IT Security Important?Why is IT Security Important?
““Security breachesSecurity breaches are as are as commoncommon in today’s in today’s business landscape as bad coffee and business landscape as bad coffee and briefcases.”briefcases.”
Computer systemsComputer systems are are vulnerablevulnerable to many to many threats that can inflict various types of damage threats that can inflict various types of damage resulting in significant losses. This damage can resulting in significant losses. This damage can range from errors harming database integrity to range from errors harming database integrity to fires destroying entire computer centers. fires destroying entire computer centers.
An Introduction to Computer Security: The NIST Handbook, National Institute of Standards and Technology. U.S. Department of CommerceSpecial Publication 800-12
http://www.cio.com/article/28648/Data_Breaches_Preparation_Damage_Control_and_a_Recent_History, April 2, 2008
5
46% of Respondents said that their organization
had experienced a
security incident in
2007
Why is IT Security Why is IT Security Important?Important?
Gordon, Lawrence, Martin Loeb, William Lucyshn, and Robert Richardson. “Computer Crime and Security Survey”. Computer Security Institute. 2007.
6
Trends in Trends in Information Security Information Security
Breaches Breaches
7
Trends in Information Security Trends in Information Security BreachesBreaches
Security is increasing as a top management concern.
Luftman, J., Kempaiah, R., and Nash, E., Key Issues for IT Executives 2005, MIS Quarterly Executive, Vol. 5, No. 2, June 2006, pp 81-99
8
Trends in Information Security Trends in Information Security BreachesBreaches
The percentage
of companies
with a written security
policy has increased
from 47% in 2004 to 62%
in 2006.
http://http://www.industrialcontroldesignline.com/showArticle.jhtml;jsessionid=XDVFQM3C2DBASQSNDLOSKH0CJUNN2JVN?articleID=204200898&queryText=Written+Security+Policy/, viewed April 2, 2008
9
Trends in Information Security Trends in Information Security BreachesBreaches
Figure 2. Security breaches are getting more serious.
http://http://www.industrialcontroldesignline.com/showArticle.jhtml;jsessionid=XDVFQM3C2DBASQSNDLOSKH0CJUNN2JVN?articleID=204200898&queryText=Written+Security+Policy/, viewed April 2, 2008
Severity Level of Security Breaches
0-10 Scale of Severity
10
Role of Chief Role of Chief Security OfficerSecurity Officer
11
Chief Security OfficerChief Security Officer (CSO) is (CSO) is a corporation's top a corporation's top executive who is responsible for securityexecutive who is responsible for security. The CSO . The CSO serves as the business leader responsible for the serves as the business leader responsible for the development, implementation and management of the development, implementation and management of the organization’s corporate security vision, strategy and organization’s corporate security vision, strategy and programs. programs. They direct staff in identifying, developing, They direct staff in identifying, developing, implementing and maintaining security processes implementing and maintaining security processes across the organization to reduce risks, respond to across the organization to reduce risks, respond to incidents, and limit exposure to liability in all areas of incidents, and limit exposure to liability in all areas of financial, physical, and personal risk;financial, physical, and personal risk; establish establish appropriate standards and risk controls associated with appropriate standards and risk controls associated with intellectual property; and direct the establishment and intellectual property; and direct the establishment and implementation of policies and procedures related to implementation of policies and procedures related to data security.data security.
CSOCSO
http://en.wikipedia.org/wiki/Chief_Security_Officer, view April 2, 2008
12
Most CSOs have an IT Background (63%)Most CSOs have an IT Background (63%) Others: (37%)Others: (37%)
Corporate Security Corporate Security MilitaryMilitary Law Enforcement Law Enforcement Business Operations Business Operations Audit Audit
Background of CSOBackground of CSO
Petersen, Rodney,Petersen, Rodney, The Role of the CSO, The Role of the CSO, Educause, September/October, 2006, pp. 73-82.Educause, September/October, 2006, pp. 73-82.
13
Oversee a network of security directors and Oversee a network of security directors and vendors who safeguard the companies vendors who safeguard the companies assets, intellectual property, and computer assets, intellectual property, and computer systems, along with the physical safety of systems, along with the physical safety of employees and visitorsemployees and visitors
Role of CSORole of CSO
Petersen, Rodney,Petersen, Rodney, The Role of the CSO, The Role of the CSO, Educause, September/October, 2006, pp. 73-82.Educause, September/October, 2006, pp. 73-82.
http://images.google.com/imgres?imgurl=http://www.csointerchange.org/images/cso_interchange_logo.gif&imgrefurl=http://www.csointerchange.org/bios/bios-chicago-05/&h=93&w=303&sz=5&hl=en&start=19&um=1&tbnid=Zu6MFMM7sH-YvM:&tbnh=36&tbnw=116&prev=/images%3Fq%3Dcso%2BSymantec%2BCorporation%2B%26um%3D1%26hl%3Den, viewed April 10, 2008
Identify protection goals, objectives, and Identify protection goals, objectives, and metrics consistentmetrics consistent with corporate strategic with corporate strategic plansplans
ManageManage the development and the development and implementationimplementation of global security policy, of global security policy, standards, guidelines, and procedures to standards, guidelines, and procedures to ensure ongoing maintenance of securityensure ongoing maintenance of security
Role of CSO (Cont’d)Role of CSO (Cont’d)
Petersen, Rodney,Petersen, Rodney, The Role of the CSO, The Role of the CSO, Educause, September/October, 2006, pp. 73-82.Educause, September/October, 2006, pp. 73-82.
15
IT Security CostsIT Security Costs
Between 1995 and 2000 company spending on IT security increased 188%Between 1995 and 2000 company spending on IT security increased 188%
16
IT Security CostsIT Security CostsAverage losses in 2007 were $345,000 per respondent
Gordon, Lawrence, Martin Loeb, William Lucyshn, and Robert Richardson. “Computer Crime and Security Survey”. Computer Security Institute. 2007.
17
IT Security CostsIT Security Costs
The figure above shows the total losses as reported by the 2005 CSI/FBI Annual Computer Crime and Security Survey. http://www.acunetix.com/websitesecurity/web-hacking.htm, viewed March 27, 2008
18
IT Security CostsIT Security Costs
Gordon, Lawrence, Martin Loeb, William Lucyshyn, and Robert Richardson. “Computer Crime and Security Survey”. Computer Security Institute. 2007.
Are Costs equalizing?
19Information Security Magazine July 1999 - "Top Obstacle is Budget: What is the SINGLE greatest obstacle to
achieving adequate infosecurity at your organization?"
What is the SINGLE greatest
obstacle to achieving adequate
infosecurity at your
organization?"
IT Security CostsIT Security Costs
20
IT Security ThreatsIT Security ThreatsOrganizational Organizational
(Individual)(Individual)
21
21
Many types of threats exist.
Gordon, Lawrence, Martin Loeb, William Lucyshyn, and Robert Richardson. “Computer Crime and Security Survey”. Computer Security Institute. 2006. PP 1-25.
22
Types of Attacks or AbuseTypes of Attacks or Abuse
Gordon, Lawrence, Martin Loeb, William Lucyshyn, and Robert Richardson. “Computer Crime and Security Survey”. Computer Security Institute. 2007. PP 1-25.
23
Who is Attacking?Who is Attacking?
http://www.esecurityplanet.com/, Viewed April 2, 2008
24
2 Types of threats that can affect both Individual and
Organizational Security:
1.Natural Threats- Weather, Deterioration, Accidents, etc
2. Man Made Threats - Hacker, Spam, Phishing, Identity
Theft, Terrorism
25
Natural Security ThreatsNatural Security Threats
WeatherWeather
DeterioratiDeteriorationon
AccidentsAccidents
-Do you have backup data stored offsite?
- Do you have a plan?
26
PhishingPhishingIdentity TheftIdentity TheftTerrorismTerrorism
Man Made Security Man Made Security ThreatsThreats
What do you have in place to prevent these things from happening?
27
PhishingPhishing
An attempt to criminally and fraudulently acquire An attempt to criminally and fraudulently acquire sensitive information, such as usernames, sensitive information, such as usernames, passwords and credit card details, by masquerading passwords and credit card details, by masquerading as a trustworthy entity in an electronic as a trustworthy entity in an electronic
communication.communication.
Man Made Security Man Made Security ThreatsThreats
http://en.wikipedia.org/wiki/Phishing, viewed April 2, 2008
28
Risk of Phishing Risk of Phishing
According to the Kaspersky Lab, 45% of the According to the Kaspersky Lab, 45% of the online activity requires users to disclose online activity requires users to disclose personal or financial data.personal or financial data.
The top online activities listed by home PC The top online activities listed by home PC users that require the disclosure of personal users that require the disclosure of personal information were information were bankingbanking(20%), (20%), shoppingshopping(15%), and (15%), and travel bookingtravel booking(10%). (10%).
http://www.lexisnexis.com.ezproxy.umsl.edu, Inter Business News on Jan 9, 2007 View on Mar 3, 2008
29
Risk of Phishing Risk of Phishing
Presently, the risk of phishing is attacking Presently, the risk of phishing is attacking both both businessbusiness and and personal personal transactions.transactions.
The main purpose of phishing is to steal The main purpose of phishing is to steal financial datafinancial data..
There were around 14,156 fake websites in There were around 14,156 fake websites in 2006, increase from 1,713 in 2005. (The Sun) 2006, increase from 1,713 in 2005. (The Sun)
http://www.lexisnexis.com.ezproxy.umsl.edu, The Sun: Still @ IT on Oct 23, 2007 View on Mar 3, 2008
30
Risk of Phishing (Cont)Risk of Phishing (Cont)
According to the Sun poll as of 2007, According to the Sun poll as of 2007, a thirda third of the internet users responded to the email of the internet users responded to the email they did not know. they did not know.
15%15% thought a website was secure if it thought a website was secure if it claimed to belong to a well know company claimed to belong to a well know company but were unable to distinguish a secure but were unable to distinguish a secure website from the fake one.website from the fake one.
http://www.lexisnexis.com.ezproxy.umsl.edu, The Sun: Still @ IT on Oct 23, 2007, Viewed on Mar 3, 2008
Most Targeted Industry Sectors in December 2007
http://www.antiphishing.org, Phishing Activity Trends Report for 2007 by Anti-Phishing Working Group (APWG) viewed March 4, 2008
Financial service is the most targeted industry sector of all attacks record at 91.7%.
Top 10 Phishing Sites Hosting Countries
http://www.antiphishing.org, Phishing Activity Trends Report for 2007 by Anti-Phishing Working Group (APWG) viewed March 4, 2008
The United States is the 1st rank phishing sites hosting.
33
Example of the phishingExample of the phishing
The real example happened to an UMSL The real example happened to an UMSL email several recently.email several recently.
The UMSL email sever was attacked from the The UMSL email sever was attacked from the phishing email which claimed that it came phishing email which claimed that it came from the Central Bank from the Central Bank
34
Example of the phishing Example of the phishing (Con’t)(Con’t)
http://www.centralbank.net7idpersonalbanking-secure-survey-id-58274.28secure.net.jikao.com.tw/.https://www.centralbank.net/
35
Some Tips to avoid risk of Some Tips to avoid risk of phishing phishing
Do not complete a form in an e-mail message Do not complete a form in an e-mail message that ask you for personal informationthat ask you for personal information
Enter personal information only at the secure Enter personal information only at the secure website (https)website (https)
Avoid clicking the link in the e-mail messageAvoid clicking the link in the e-mail message Never type PIN or secret data via e-mailNever type PIN or secret data via e-mail
36
Man Made Security Man Made Security ThreatsThreats
Identity TheftIdentity TheftCrimes involving illegal usage of another individual's identity. The most common form of identity theft is credit card fraud. While the term is relatively new, the practice of stealing money or getting other benefits by pretending to be a different person is thousands of years old.
http://en.wikipedia.org/wiki/Identity_Theft, Viewed April 2, 2008
37
Types/ Cost of Identity theftTypes/ Cost of Identity theft
Crimes involving illegal usage of another individual's Crimes involving illegal usage of another individual's identity identity
Types:Types: Financial Identity TheftFinancial Identity Theft (using another's identity to obtain (using another's identity to obtain
goods and services)goods and services) Criminal Identity TheftCriminal Identity Theft (posing as another when (posing as another when
apprehended for a crime) apprehended for a crime) Identity CloningIdentity Cloning (using another's information to assume his or (using another's information to assume his or
her identity in daily life)her identity in daily life) Business/Commercial Identity TheftBusiness/Commercial Identity Theft (using another's (using another's
business name to obtain credit) business name to obtain credit)
38“Identity Theft by Victims Age”. Identity Theft Data Clearinghouse. May 12 2006. PP 2-32.
39
Man Made Security Man Made Security ThreatsThreats
TerrorismTerrorismThose acts which are intended to create fear (terror), are perpetrated for an ideological goal and by a member or members of a group (as opposed to being carried out in a lone attack), and which deliberately target, or else disregard the safety of, non-combatants (civilians).
http://en.wikipedia.org/wiki/Terrorism, Viewed 4/02/2008
40
Threat AssessmentThreat Assessment
You can look at threat assessment two ways:You can look at threat assessment two ways:
QualitativeQualitative – an “educated best guess” based on – an “educated best guess” based on opinions of knowledgeable others gained through opinions of knowledgeable others gained through interviews, history, tests, and personal experienceinterviews, history, tests, and personal experience
QuantitativeQuantitative – uses statistical sampling based on – uses statistical sampling based on mathematical computations determining the mathematical computations determining the probability of an occurrence based on historical probability of an occurrence based on historical datadata
Kovacich, Gerald L., Information Systems Security Officer’s Guide: Butterworth Heinemann, 2003.
41Gordon, Lawrence, Martin Loeb, William Lucyshn, and Robert Richardson. “Computer Crime and Security Survey”. Computer Security Institute. 2007.
Security Audits were 63% useful in evaluating the effectiveness of security technology
42
Insurance PoliciesInsurance Policies
Gordon, Lawrence, Martin Loeb, William Lucyshn, and Robert Richardson. “Computer Crime and Security Survey”. Computer Security Institute. 2007.
43
Practices to Mitigate ThreatsPractices to Mitigate Threats
Biometric SecurityBiometric Security Intrusion Prevention SystemIntrusion Prevention System
44
Biometric SecurityBiometric Security
Use computerized method to identify a Use computerized method to identify a person by their unique physical or behavioral person by their unique physical or behavioral characteristicscharacteristics
Provide extremely accurate and secure Provide extremely accurate and secure access to informationaccess to information
http://news.bbc.co.uk/2/shared/spl/hi/guides/456900/456993/html/default.stm, Biometric Technology. BBC News. March 4, 2008. http://www.technovelgy.com/ct/Technology-Article.asp?ArtNum=10, Biometric Technology Overview. March 4, 2008.
45
Example of BiometricExample of Biometric Fingerprint Identification – the process of Fingerprint Identification – the process of
automatically matching one or unknown automatically matching one or unknown fingerprint against a database of know and fingerprint against a database of know and unknown patternunknown pattern
Iris Scan - provide an analysis of the rings, Iris Scan - provide an analysis of the rings, furrows, and freckles in the colored ring furrows, and freckles in the colored ring which surrounds the pupil of the eyewhich surrounds the pupil of the eye
http://news.bbc.co.uk/2/shared/spl/hi/guides/456900/456993/html/default.stmhttp://www.technovelgy.com/ct/Technology-Article.asp?ArtNum=10http://en.wikipedia.org/wiki/Biometric
46
Intrusion Prevention SystemIntrusion Prevention System
Next Generation FirewallNext Generation Firewall It is a computer security device that monitors It is a computer security device that monitors
network and system activities for malicious or network and system activities for malicious or unwanted behavior and can react in real-timeunwanted behavior and can react in real-time
http://en.wikipedia.org/wiki/Intrusion_Prevention_System
47
Washington Mutual Phishing Case
48
Washington Mutual Overview
Founded in 1889
Retailer of financial services Mortgage Lending Commercial Banking Other Financial Services
CIO - Debora D. Horvath
Prior to joining WaMu, she served as senior vice president and CIO for Richmond, Virginia-based GE Insurance. There, she led a global information technology organization with a $500 million budget.
Assets of 333.62 billion
More than 2,400 Retail Banking
Source:http://www.rsa.com/press_release.aspx?id=6801, viewed April 10, 2008http://www.wamu.com/business/default.asp, viewed April 11 th, 2008
49
Phishing trip: Washington Mutual
http://www.infectionvectors.com/library/phishing_trip_wamu-iv.pdf,, viewed April 10, 2008
50
Current Practice of Online Banking Security
Washington Mutual further protects its online users with multi-factor authentication solution
http://www.wamu.com/business/default.asp
51
RSA Cyota Consumer Solutions
RSA Cyota Consumer Solutions, a division of RSA Security Inc., offers proven solutions for online banking and e-commerce that range from adaptive
Authentication – with risk-based technology, one-time-passwords and transaction-signing – to anti-Phishing services and real-time transaction monitoring that controls fraud and manages risk.
The company’s eFraudNetwork™ community is the world’s most effective cross-bank collaborative online fraud network. Today, many of the world’s top 50 banks, including nine of the top 12 banks in North America and the UK, use RSA Cyota solutions to protect approximately 430 million consumers.
http://www.baselinemag.com/c/a/Projects-Security/Security-Case-Washington-Mutual-Gets-a-Line-on-Phishing/
52
Authentication
"Washington Mutual is once again taking a proactive approach to protecting our customers by securing their accounts and personal information with superior, flexible, cutting-edge technology. By doing so, Washington Mutual customers will continue to benefit from the convenience and ease of online banking with the utmost confidence," said Dave Cullinane, chief information security officer at Washington Mutual and International President of the Information Systems Security Association.
Washington Mutual’s enhanced security will analyze every online login and transaction behind the scenes and score the potential risk based on a broad range of criteria, including the user’s IP address, geographic location, prior transaction behaviors and much more. When a potential risky situation is detected, it can invoke additional authentication methods in real-time. In addition, because online fraud crosses international boundaries, WaMu is further protecting its customers by joining a real-time world-wide fraud detection network.
http://www.baselinemag.com/c/a/Projects-Security/Security-Case-Washington-Mutual-Gets-a-Line-on-Phishing/
Case Study:
What is Ameren?
53
Company Overview Provide energy to approximately
2.4 million electric customers and nearly 1 million gas customers in IL and MO.
Ameren created via mergers. Union Electric (UE) Central IL Public Service Co.
(CIPSCO) Central IL Light Co. (CILCO) Illinois Power (IP)
Headquarters in St. Louis, MO 9,000 employees
http://www.ameren.com/AboutUs/ADC_AU_FactSheet.pdf, viewed March 28, 2008
54
CEO Ameren
CEO Ameren Services Other CEO’s
Other VP’s Sr. VP Admin
VP Info Technology
Manager IT Security and Planning
Ameren Organizational Chart
Other Directors and Managers
Supv IT Financial PlanningSupv IT InfrastructureAccount Consultants
http://scholar/orgchart/ChartApp.aspx?defaultredirect=true&action=viewinorgchart&key=19721, March 20, 2008
Managing Supv IT Security & Plan
IT Security Analyst, Architects, Engineers
55
56
Security IT Background 530 IT employees
5 Full time employees for information security.
IT security budget is 1% of annual IT Budget 600K O&M 400K Capital
1 manager type, 6 supervisors, 3 account consultants
30 technical architects, engineers, analyst.
Linda Nappier, Manager IT Security – Planning, Interview with Scott Wibbenmeyer, April 10, 2008
http://scholar/orgchart/ChartApp.aspx?defaultredirect=true&action=viewinorgchart&key=19721, March 20, 2008
56
5757
Linda Nappier, Manager IT Security – Planning, Interview with Scott Wibbenmeyer, April 10, 2008
58
Top Security Risk
1. Data loss (Customer and Corporate) – Image
2. Viruses
3. External Attacks (firewall attacks)
4. Internal Attacks (email virus, spam, bots)
5. Phishing – Social Engineering
Mark Habrock and Edmond Rogers, Security Analyst, Interviewed in person by Scott J. Wibbenmeyer, April 8, 2008
59
IT Security Technologies
Access Control Systems Physical Security
Enterprise Security Management System Card readers limiting access to hardware rooms and security
personnel.
Data Security Access Policy Network Access Control Software Limiting access to software and networks on an as needed
bases. Disabling Blue tooth capabilities on Ameren equipment (i.e.
cell phones)
Mark Habrock and Edmond Rogers, Security Analyst, Interviewed in person by Scott J. Wibbenmeyer, April 8, 2008
59
60
IT Security Technologies
Firewalls Intrusion Detection System (IDS) Over 1 million attacks against firewall a year 24 hr personnel monitoring of Firewall 6000 firewall rules Monitors IP address of attack
Mark Habrock and Edmond Rogers, Security Analyst, Interviewed in person by Scott J. Wibbenmeyer, April 8, 2008
60
61
IT Security Technologies
Two Factor Authentication – Tokens & Passwords RSA SecurID Token
Anti-Virus Software Symantec
Email is evaluated by Symantec off-site
Network Pattern Software Monitors usage patterns of network
Mark Habrock and Edmond Rogers, Security Analyst, Interviewed in person by Scott J. Wibbenmeyer, April 8, 2008
61
62
IT Security Technologies
Anti-Spam Software Frontbridge – relay service Personnel updating trigger points. Over 4.3 million spam emails blocked a day
Policies Remote Access Internet Usage - Websense Equipment Procurement Communication Policy Disaster Recovery Policy Audit Policy
Mark Habrock and Edmond Rogers, Security Analyst, Interviewed in person by Scott J. Wibbenmeyer, April 8, 2008
62
63
Walk Away Today Safer - Quick Summary
Protect your personal information. It's valuable. Don’t cut Security to save money. Use antivirus and personal firewall software and update both
regularly. Be sure to set up your operating system, Network and Web
browser software properly, and update them regularly. Protect your passwords. Back up important files. Learn who to contact if something goes wrong online.
?? Questions ??
65
References http://en.wikipedia.org/wiki/It_security, viewed April 2nd, 2007 An Introduction to Computer Security: The NIST Handbook, National Institute of Standards and Technology. U.S.
Department of CommerceSpecial Publication 800-12
http://www.cio.com/article/28648/Data_Breaches_Preparation_Damage_Control_and_a_Recent_History, April 2, 2008 Gordon, Lawrence, Martin Loeb, William Lucyshn, and Robert Richardson. “Computer Crime and Security Survey”.
Computer Security Institute. 2007. Luftman, J., Kempaiah, R., and Nash, E., Key Issues for IT Executives 2005, MIS Quarterly Executive, Vol. 5, No. 2,
June 2006, pp 81-99 http://http://www.industrialcontroldesignline.com/
showArticle.jhtml;jsessionid=XDVFQM3C2DBASQSNDLOSKH0CJUNN2JVN?articleID=204200898&queryText=Written+Security+Policy/, viewed April 2, 2008
http://http://www.industrialcontroldesignline.com/showArticle.jhtml;jsessionid=XDVFQM3C2DBASQSNDLOSKH0CJUNN2JVN?articleID=204200898&queryText=Written+Security+Policy/, viewed April 2, 2008
http://en.wikipedia.org/wiki/Chief_Security_Officer, view April 2, 2008 Petersen, Rodney, The Role of the CSO, Educause, September/October, 2006, pp. 73-82. http://images.google.com/imgres?imgurl=http://www.csointerchange.org/images/
cso_interchange_logo.gif&imgrefurl=http://www.csointerchange.org/bios/bios-chicago-05/&h=93&w=303&sz=5&hl=en&start=19&um=1&tbnid=Zu6MFMM7sH-YvM:&tbnh=36&tbnw=116&prev=/images%3Fq%3Dcso%2BSymantec%2BCorporation%2B%26um%3D1%26hl%3Den, viewed April 10, 2008
Petersen, Rodney, The Role of the CSO, Educause, September/October, 2006, pp. 73-82. http://www.acunetix.com/websitesecurity/web-hacking.htm, viewed March 27, 2008 Information Security Magazine July 1999 - "Top Obstacle is Budget: What is the SINGLE greatest obstacle to achieving
adequate infosecurity at your organization?" Gordon, Lawrence, Martin Loeb, William Lucyshn, and Robert Richardson. “Computer Crime and Security Survey”.
Computer Security Institute. 2007. PP 1-25. http://www.esecurityplanet.com/, Viewed April 2, 2008 http://en.wikipedia.org/wiki/Phishing, viewed April 2, 2008
66
References (Continued) http://www.lexisnexis.com.ezproxy.umsl.edu, Inter Business News on Jan 9, 2007 View on Mar 3, 2008 http://www.lexisnexis.com.ezproxy.umsl.edu, The Sun: Still @ IT on Oct 23, 2007 View on Mar 3, 2008 http://en.wikipedia.org/wiki/Identity_Theft, Viewed 4/02/2008 “Identity Theft by Victims Age”. Identity Theft Data Clearinghouse. May 12 2006. PP 2-32. http://en.wikipedia.org/wiki/Terrorism, Viewed 4/02/2008 Kovacich, Gerald L., Information Systems Security Officer’s Guide: Butterworth Heinemann, 2003. Gordon, Lawrence, Martin Loeb, William Lucyshyn, and Robert Richardson. “Computer Crime and Security
Survey”. Computer Security Institute. 2007. http://news.bbc.co.uk/2/shared/spl/hi/guides/456900/456993/html/default.stm http://en.wikipedia.org/wiki/Biometric, April 2, 2008 http://www.wamu.com/business/default.asp, viewed April 11th, 2008 :http://www.rsa.com/press_release.aspx?id=6801, viewed April 10, 2008 http://www.infectionvectors.com/library/phishing_trip_wamu-iv.pdf,, viewed April 10, 2008 http://www.baselinemag.com/c/a/Projects-Security/Security-Case-Washington-Mutual-Gets-a-Line-on-
Phishing/ http://www.ameren.com/AboutUs/ADC_AU_FactSheet.pdf, viewed March 28, 2008 http://scholar/orgchart/ChartApp.aspx?defaultredirect=true&action=viewinorgchart&key=19721, March 20,
2008 Linda Nappier, Manager IT Security – Planning, Interview with Scott Wibbenmeyer, April 10, 2008 Mark Habrock and Edmond Rogers, Security Analyst, Interviewed in person by Scott J. Wibbenmeyer, April 8,
2008
References (Continued)
http://news.bbc.co.uk/2/shared/spl/hi/guides/456900/456993/html/default.stm, Biometric Technology. BBC News. March 4, 2008.
http://www.technovelgy.com/ct/Technology-Article.asp?ArtNum=10, Biometric Technology Overview. March 4, 2008.
• http://www.antiphishing.org, Phishing Activity Trends Report for 2007. Dec. 2007. Anti-Phishing Working Group (APWG). March 4, 2008.
• http://www.technovelgy.com/ct/Technology-Article.asp?ArtNum=10, Biometric Technology Overview. 4 March 2008.
• http://en.wikipedia.org/wiki/Intrusion_Prevention_System, March 4 2008. • http://www.security-int.com/categories/intrusion-prevention-systems/intrusion-prevention-systems.asp, Intrusion
Prevention Systems on the Security Software Map. March 5, 2008.