[iwar] Re: infowar papers
From: Vernon Stagg
From: vstagg@deakin.edu.au
To: iwar@egroups.com
Fri, 09 Jun 2000 13:22:23 -0000
fc Fri Jun 9 06:23:14 2000
Received: from 207.222.214.225
by localhost with POP3 (fetchmail-5.1.0)
for fc@localhost (single-drop); Fri, 09 Jun 2000 06:23:14 -0700 (PDT)
Received: by multi33.netcomi.com for fc
(with Netcom Interactive pop3d (v1.21.1 1998/05/07) Fri Jun 9 13:23:08 2000)
X-From_: sentto-279987-400-960556950-fc=all.net@returns.onelist.com Fri Jun 9 08:22:26 2000
Received: from ej.egroups.com (ej.egroups.com [208.50.144.75]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id IAA29328 for ; Fri, 9 Jun 2000 08:22:26 -0500
X-eGroups-Return: sentto-279987-400-960556950-fc=all.net@returns.onelist.com
Received: from [10.1.10.35] by ej.egroups.com with NNFMP; 09 Jun 2000 13:22:31 -0000
Received: (qmail 21113 invoked from network); 9 Jun 2000 13:22:29 -0000
Received: from unknown (10.1.10.27) by m1.onelist.org with QMQP; 9 Jun 2000 13:22:29 -0000
Received: from unknown (HELO jk.egroups.com) (10.1.10.92) by mta2 with SMTP; 9 Jun 2000 13:22:29 -0000
X-eGroups-Return: vstagg@deakin.edu.au
Received: from [10.1.10.67] by jk.egroups.com with NNFMP; 09 Jun 2000 13:22:29 -0000
To: iwar@egroups.com
Message-ID: <8hqr2f+mhhn@eGroups.com>
In-Reply-To: <200006091252.FAA24111@all.net>
User-Agent: eGroups-EW/0.82
X-Mailer: eGroups Message Poster
From: "Vernon Stagg"
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe:
Date: Fri, 09 Jun 2000 13:22:23 -0000
Reply-To: iwar@egroups.com
Subject: [iwar] Re: infowar papers
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
> A cleaver way to get the mailing list members to reveal themselves
to
> you...
>
Only if they want to! I implement NO cookies or java at my site
and ask for no information.
The reason I have put this bib-list together is I know from personal
experience how frustating and time-consuming it is to find and access
all this information (not to mention dead-links!).
My intention is to make it a little easier for those interested in
this area to have access to these papers. When I have time I will try
to make as many as possible available on-line or with working links.
> Here are the short lists - would you post your larger lists to
thislist?
>
> FC
Here we go... (warning - it is fairly long! Also a number of them are
general computer security related)
V
Part 1
******
Abrams, M.D. and Joyce, M.V. New Thinking about Information
Technology Security
Computers & Security, Vol 14, No 1, 1995, p 57-68.
Anderson, J.P. Computer Security Technology Planning Study
Electronic Systems Division, ESD-TR-73-51, Vol II, 1972.
Anderson, J.P. Computer Security Threat Monitoring and Surveillance
James P. Anderson Co, Contract 79F296400, 1980.
Anderson, R.J. Computer Science Tripos part 1b - Security
Lecture paper.
Attaran, M. and VanLaar, I. Privacy and Security on the Internet: How
to Secure your Personal Information and Company Data
Information Management & Computer Security, Vol 7, No 5, 1999, p 241-
246.
Avolio, F.M. Putting it Together: A Multi-Dimensional Approach to
Internet Security
NW, Apr/May 1998, p 15-22.
Backhouse, J. and Dhillon, G. Working Towards Principles for
Information Security Management in the 21st Century
Computer Security Research Centre, London School of Economics and
Political Science, 1999.
Bandyopadhyay, K., Mykytyn, P.P. and Mykytyn, K. A Framework for
Integrated Risk Management in Information Technology
Management Decision, Vol 37, No 5, 1999, p 437-444.
Barnard, L. and von Solms, R. The Evaluation and Certification of
Information Security against BS 7799
Information Management & Computer Security, Vol 6, No 2, 1998, p 72-
77.
Baskerville, R. Information Systems Security Design Methods:
Implications for Information Systems Development
ACM Computing Surveys, Vol 25, No 4, 1993, p 375-414.
Bellovin, S.M. There be Dragons
Proceedings of the Third Usenix UNIX Security Symposium, Baltimore,
Sept 1992.
Benson, G.S., Akyildiz, I.F. and Appelbe, W.F. A Formal Protection
Model of Security in Centralized, Parallel, and Distributed Systems
ACM Transactions on Computer Systems, Vol 8, No 3, Aug 1990, p 183-
213.
Brooks, M.D., Kross, M.S. and Roth, M.A. Re-hosting a Computer
Assisted Wargame Exercise from a Mainframe to a Micro: Database and
User-Interface Issues
Proceedings of the 1987 Winter Simulation Conference, 1987, p 870-
875.
Bush, V. As We May Think
The Atlantic Monthly, July 1945.
Casper, L.E., Halter, I.L., Powers, E.W., Selva, P.J., Steffens, T.W.
and Willis, T.L. Knowledge-Based Warfare: A Security Strategy for the
Next Century
JFQ, 1996, p 81-89.
Cheswick, B. An Evening with Berferd in which a Cracker is Lured,
Endured, and Studied
AT&T Bell Laboratories.
Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J.,
Levitt, K., Rowe, J., Staniford-Chen, S., Yip, R. and Zerkle, D. The
Design of GrIDS: A Graph-Based Intrusion Detection System
Department of Computer Science, University of California at Davis,
1999.
Cholvy, L. and Cuppens, F. Analyzing Consistency of Security Policies
IEEE, 1081-60, Nov 1997, p 103-112.
Chuang, S-C. and Wernick, P. A Credibility-Based Model of Computer
System Security
ACM New Security Paradigm Workshop, 1997, p 53-58.
Criscuolo, P.J. Distributed Denial of Service
Dept of Energy, Computer Incident Advisory Capability, CIAC-2319,
2000.
De Michelis, G., Dubois, E., Jarke, M., Matthes F., Mylopolous, J.,
Schmidt, J.W., Woo, C. and Yu, E. A Three-Faceted View of Information
Systems
Communications of the ACM, Vol 41, No 12, p 64-70, Dec, 1998.
Denning, D.E. and Baugh Jr, W.E. Hiding Crimes in Cyberspace
Information, Communication and Society, Vol 2, No 3, 1999.
Desmedt, Y. Computer Security by Redefining what a Computer is
ACM, 0-89791-635-2, 1993, p 160-166.
D'haeseleer, P. An Immunological Approach to Change Detection:
Theoretical Results
9th IEEE Computer Security Foundations Workshop, Ireland, June 1996.
Dhillon, G. Managing and Controlling Computer Misuse
Information Management & Computer Security, Vol 7, No 4, 1999, p 171-
175.
Dhillon, G. and Backhouse, J. The Use of Information Technology in
Organisations: Dealing with Systemic Opportunities and Risks
The Second SISnet Conference, Barcelona, 1994.
Dinnie, G. The Second Annual Global Information Security Survey
Information Management & Computer Security, Vol 7, No 3, 1999, p 112-
120.
Doddrell, G.R. Security Environment Reviews
Facilities, Vol 14, No 12/13, Dec 1996, p 6-18.
Downs Jr, L.G. Digital Data Warfare: Using Malicious Computer Code as
a Weapon
Air War College, Air University, Research Report, 1995.
Duncan, N.B. and Petryshak, B.M. Hiring Interns at Kent State
University: A Winning Manpower Strategy in a Market Shortage
CPR 98, 1998, p 119-122
Dobson, J. New Security Paradigms: What Other Concepts Do We Need As
Well?
ACM, 0-89791-635-2, 1993, p 7-18.
Durst, R., Champion, T., Witten, B., Miller, E. and Spagnuolo, L.
Testing and Evaluating Computer Intrusion Detection Systems
Communications of the ACM, Vol 42, No 7, July 1999, p 53-61.
Ernst & Young The Ernst & Young International Information Security
Survey 1995
Information Management & Computer Security, Vol 4, No 4, 1996, p 26-
33.
Ferrari, A., Knabe, F., Humphrey, M., Chapin, S. and Grimshaw, A. A
Flexible Security System for Metacomputing Environments
Department of Computer Science, University of Virginia, Technical
Report CS-98-36, 1998.
Ferris, J.M. Using Standards as a Security Policy Tool
StandardView, Vol 2, No 2, June 1994, p 72-77.
Finne, T. Computer Support for Information Security Analysis in a
Small Business Environment
IFIP WG 11.2 of TC11, Small Sytems Security, Greece, 1996.
Fink, D. A Security Framework for Information Systems Outsourcing
Information Management & Computer Security, Vol 2, No 4, 1994, p 3-8.
Fitzgerald, K.J. Establishing Security in a Multi-Platform, Multi-
Vendor, Enterprise-Wide IT Environment
Information Management & Computer Security, Vol 2, No 4, 1994, p 9-
15.
Fitzgerald, K.J. Information Security Baselines
Information Management & Computer Security, Vol 3, No 2, 1995, p 8-
12.
Focardi, R. Comparing Two Information Flow Security Properties
Proceedings of the Ninth IEEE Computer Security Foundations Workshop,
Ireland, 1996.
Focardi, R. and Gorrieri, R. A Classification of Security Properties
Laboratory for Computer Science, University of Bologna, Technical
Report UBLCS-93-21, 1993.
Forcht, K.A. and Pierson, J. New Technologies and Future Trends in
Computer Security
Industrial Management & Data Systems, Vol 94, No 8, 1994, p 30-36.
Ford, W. Standardizing Information Technology Security
StandardView, Vol 2, No 2, June 1994, p 64-71.
Forrest, S., Hofmeyr, S.A. and Somayaji, A. Computer Immunology
Communications of the ACM, Vol 40, No 10, Oct 1997, p 88-96.
Forrest, S., Somayaji, A. and Ackley, D.H. Building Diverse Computer
Systems
Proceedings of the 6th Workshop on Hot Topics in Operating Systems,
IEEE Computer Society Press, 1997, p 67-72.
Foster, I., Kesselman, C., Tsudik, G. and Tuecke, S. A security
Architecture for Computational Grids
5th Conference on Computer & Communication Security, USA, 1998, p 83-
92.
Froscher, J.N. and Payne Jr, C.N. The Handbook for the Computer
Security Certification of Trusted Systems
Naval Research Laboratory, Presented at MILCOM 92, Oct 1992.
Furnell, S.M., Dowland, P.S. and Sanders, P.W. Dissecting the "Hacker
Manifesto"
Information Management & Computer Security, Vol 7, No 2, 1999, p 69-
75.
Furnell, S.M. and Warren, M.J. Computer Abuse: Vandalizing the
Information Society
Internet Research: Electronic Networking Applications and Policy, Vol
7, No 1, 1997, p 61-66.
Gauch, R.R. Difference Between Public and Private Management
Information Systems
ACM 0-89791-573-9, 1993.
Garigue, R.J. Information Warfare: Developing a Conceptual Framework
Decision Analysis Laboratory, Carleton University, Draft Version 2.1,
2000. On-line
Gladman, B. UK Government Organisations Involved in Communications
and Information Systems Security
Summary, 1999.
Goan, T A Cop on the Beat: Collecting and Appraising Intrusion
Evidence
Communications of the ACM, Vol 42, No 7, July 1999, p 46-52.
Grupe, F.H., Hensley, J.M. and Yamamura, J.H. Watching Systems in
Action: Security at the Periphery
Information Management & Computer Security, Vol 6, No 4, 1998, p 155-
159.
Gumahad II, A.T. Cyber Troops and Netwar: The Profession of Arms in
the Information Age
Air War College, Air University, Research Report, 1996.
Haeni, R.E. Firewall Penetration Testing
George Washington University, Cyberspace Policy Institute, Jan 1997.
Haeni, R.E. Information Warfare an Introduction
George Washington University, Cyberspace Policy Institute, Jan 1997.
Hannaford, C.S. Can Computer Security Really Make a Difference?
Managerial Auditing Journal, Vol 10, No 5, 1995, p 10-15.
Hauser, R.C. Control of Information Distribution and Access
Department of Computer Science, University of Zurich, PhD Thesis,
1995.
Higgins, H.N. Corporate System Security: Towards an Integrated
Management Approach
Information Management & Computer Security, Vol 7, No 5, 1999, p 217-
222.
Hogan, M.D. and Radack, S.M. The Quest for Information Technology
Standards for the Global Information Infrastructure
StandardView, Vol 5, No 1, Mar 1997, p 30-35.
Hosmer, H.H. Security is Fuzzy!
ACM, 0-89791-635-2, 1993, p 175-184.
Humphreys, T. The New BS 7799
XiSEC Consultants, Apr 1999.
Jackson, D. The Monday Morning Syndrome
Joint Network Team, Rutherford Appleton Laboratory, London, 1992.
Jahl, C. The Information Technology Security Evaluation Criteria
IEEE, CH2982-7/91/0000/0306, 1991, p 306-312.
Jajodia, S., Ammann, P. and McCollum, C.D. Surviving Information
Warfare Attacks
IEEE, 0018-9162/99, 1999, p 57-63.
Jajodia, S., McCollum, C.D. and Ammann, P. Trusted Recovery
Communications of the ACM, Vol 42, No 7, July 1999, p 71-75.
Jonsson, E. An Integrated Framework for Security and Dependability
Department of Computer Engineering, Chalmers University of
Technology.
Jordan, E. IT Contingency Planning: Management Roles
Information Management & Computer Security, Vol 7, No 5, 1999, p 232-
238.
Kang, M.H., Froscher, J.N. and Eppinger, B.J. Towards an
Infrastructure for MLS Distributed Computing
Naval Research Laboratory, Information Technology Division, ~1998.
Kearvell-White, B. KPMG's UK Computer Security Review 1994
Information Management & Computer Security, Vol 4, No 2, 1996, p 42-
51.
Kearvell-White, B. National (UK) Computer Security Survey 1996
Information Management & Computer Security, Vol 4, No 3, 1996, p 3-17
Kienzle, D.M. Practical Computer Security Analysis
School of Engineering and Applied Science, University of Virginia,
PhD Thesis, 1998.
Kienzle, D.M. and Wulf, W.A. A Practical Approach to Security
Assessment
New Security Paradigms Workshop, Uk, 1997, p 5-16.
Knight, E. Computer Vulnerabilities
Draft Report Release 4, Security Paradigm, 2000.
Komar, D.M. Information-Based Warfare: A Third Wave Perspective
Air War College, Air University, Research Report, 1995.
Koopman, P. Toward a Scalable Method for Quantifying Aspects of Fault
Tolerance, Software Assurance, and Computer Security
Department of Electrical and Computer Engineering & Institute for
Complex Engineered Systems, Carnegie Mellon University, ~1999.
Kostanoski, J. Managing Security Technology in the Workplace
Facilities, Vol 14, No 7/8, Jul/Aug 1996, p 26-34.
Kozen, D. Language-Based Security
Department of Computer Science, Cornell University, ~1999.
Kwok, L. Hypertext Information Security Model for Organizations
Information Management & Computer Security, Vol 5, No 4, 1997, p 138-
148.
Kwok, L. and Longley, D. Information Security Management and
Modelling
Information Management & Computer Security, Vol 7, No 1, 1999, p 30-
39.
Lampson, B.W. Computer Security
Chapters from Computers at Risk, National Academy Press, Washington,
1991.
Landwehr, C.E. How Far Can You Trust A Computer?
Proceedings of 12th International conference on Computer Safety,
Reliability and Security, Oct 1993.
Landwehr, C.E., Bull, A.R., McDermott, J.P. and Choi, W.S. A Taxonomy
of Computer Program Security Flaws, with Examples
ACM Computing Surveys, Vol 26, No 3, Sept 1994.
Landwehr, C.E. and Goldschlag, D.M. Security Issues in Networks with
Internet Access
Proceedings of the IEEE, Vol 85, No 12, Dec 1997, p 1034-2051.
Landwehr, C.E., Heitmeyer, C.L. and McLean, J. A Security Model for
Military Message Systems
ACM Transactions on Computer Systems, Vol 9, No 3, Aug 1984, p 198-
222.
LaPadula, L.J. Prospect on Security Paradigms
ACM, 0-89791-635-2, 1993, p 62-68.
Lee, M., Pak, S., Kim, T, Lee, D., Schapiro, A. and Francis, T.
Electronic Commerce, Hackers, and the Search for Legitimacy: A
Regulatory Proposal
Comment, Second-place winner of Berkeley Technology Law Journal
Comment Competition.
Lichtenstein, S. Factors in the Selection of a Risk Assessment Method
Information Management & Computer Security, Vol 4, No 4, 1996, p 20-
25.
Licklider, J.C.R. Man-Computer Symbiosis
IRE Transactions on Human Factors in Electronics, Vol HFE-1, p 4-11,
Mar, 1960.
Licklider, J.C.R., and Taylor, R.W. The Computer as a Communication
Device
Science and Technology, Apr, 1968.
Lindqvist, U. Observations on the Nature of Computer Security
Intrusions
Department of Computer Engineering, Chalmers University of
Technology, Sweden, 1996.
Lindqvist, U. and Jonsson, E. How to Systematically Classify Computer
Security Intrusions
IEEE 1081-6011/97, 1997, p 154-163.
Lipner, S. Twenty Years of Evaluation Criteria and Commercial
Technology
Mitretek Systems, McLean, Va.
Lowman, T. and Mosier, D. Applying the DOD Goal Security Architecture
as a Methodology for the Development of System and Enterprise
Security Architectures
IEEE, 0-8186-8274-4, 1997, p 183-193.
Luiijf, E.A.M. Information Assurance and the Information Society
EICAR Proceedings, 1999.
Luiijf, E.A.M. Information Assurance Under Fire
Information Assurance and Data Security, SMI Conference, London, Feb
2000.
Lukasik, S.J., Greenberg, L.T. and Goodman, S.E. Protecting an
Invaluable and Ever-Widening Infrastructure
Communications of the ACM, Vol 41, No 6, June 1998, p 11-16.
Lunt, T.F. Detecting Intruders in Computer Systems
Conference on Auditing and Computer Technology, 1993.
McDermott, J. Replication Does Survive Information Warfare Attacks
Naval Research Laboratory, USA, ~1997.
McDermott, J. and Goldschlag, D. Storage Jamming
Database Security IX: Status and Prospects, Chapman & Hall, London,
1996, p 365-381.
McLean, J. A Comment on the "Basic Security Theorem" of Bell and
LaPadula
Information Processing Letters 20(2), 1985, p 67-70.
McLean, J. Security Models and Information Flow
Proceedings of the 1990 IEEE Symposium on Research in Security and
Privacy, 1990.
McLean, J. Security Models
~1994
McLean, J. and Meadows, C. The Future of Information Security
Center for High Assurance Computer Systems, Naval Research
Laboratory, ~1999.
McLendon, J.W. Information Warfare: Impact and Concerns
Air War College, Air University, Research Report, 1994.
Meadows, C. The Need for a Failure Model for Security
Center for High Assurance Computer Systems, Naval Research
Laboratory, ~1993.
Meadows, C. The Feasibility of Quantitative Assessment of Security
Center for High Assurance Computer Systems, Naval Research
Laboratory, ~1994.
Meadows, C. Tradeoffs in Secure System Development: An Outline
Center for High Assurance Computer Systems, Naval Research
Laboratory, ~1994.
Meadows, C. Three Paradigms in Computer Security
New Security Paradigms Workshop, UK, 1997, p 34-37.
Meadows, C. A Formal Framework and Evaluation Method for Network
Denial of Service
Naval Research Laboratory, ~1999.
Michener, J. System Insecurity in the Internet Age
IEEE Software, Jul/Aug 1999, p 62-69.
Mitchell, R.C., Marcella, R. and Baxter, G. Corporate Information
Security Management
New Library World, Vol 100, No 1150, 1999, p 213-227.
Molander, R.C., Riddile, A.S. and Wilson, P.A. Strategic Information
Warfare: A New Face of War
National Defense Research Institute, RAND Corporation, USA, MR-661-
OSD, 1996.
Moore, C., Baek, S., Liebowitz, J., Kilmer, R. and Minehart, R.
Intelligent Agent-Based Information Warfare Advisor ("Bob-in-a-box")
Kybernetes, Vol 27, No 1, 1998, p 38-53.
Mounji, A. and Le Charlier, B. Detecting Breaches in Computer
Security: A Pragmatic System with a Logic Programming Flavor
Eighth Benelux Workshop on Logic Programming, Belgium, Sept 1996.
Munro, N. Sketching a National Information Warfare Defense Plan
Communications of the ACM, Vol 39, No 11, Nov 1996, p 15-17.
Munro, N. Infowar: AK-47s, Lies, and Videotape
Communications of the ACM, Vol 42, No 7, July 1999, p 19-22.
Myers, P.A. Subversion: The Neglected Aspect of Computer Security
Naval Postgraduate School, Master's Thesis, 1980.
Neumann, P.G. Architectures and Formal Rperesentations for Secure
Systems
Computer Science Laboratory, SRI International, SRI Project 6401,
1995.
Nibaldi, G.H. Proposed Technical Evaluation Criteria for Trusted
Computer Systems
The Mitre Corporation, M79-225, 1979.
Okello, F., Ayres, R., Bullock, P., Erhili, B., Harding, B. and
Perdigao, A. Information Warfare: Planning the Campaign
Air Command and Staff College, Research Paper, ACSC/DEC/124/96-04,
1996.
Olawsky, D., Payne, C., Sundquist, T., Apostal, D. and Fine, T. Using
Composition to Design Secure, Fault-Tolerant Systems
Secure Computing Corporation, US, ~1996.
Olovsson, T. A Structured Approach to Computer Security
Department of Computer Engineering, Chalmers University of
Technology, Technical Report No 122, 1992.
Orceyre, M.J. and Courtney Jr, R.H. Computer Science and Technology:
Considerations in the Selection of Security Measures for Automatic
Data Processing Systems
National Bureau of Standards, NBS Special Report 500-33, June 1978.
Orlowski, S. Government Initiatives in Information Technology
Security
Information Management & Computer Security, Vol 5, No 3, 1997, p 111-
118.
Ortalo, R. and Deswarte, Y. Quantitative Evaluation of Information
System Security
LAAS-CNRS & INRIA, ~1996.
Payne, C.N., Froscher, J.N. and Landwehr, C.E. Toward a Comprehensive
INFOSEC Certification Methodology
Proceedings of the 16th National Computer Security Conference,
Baltimore, Sept 1993, p 165-172.
Peri, R.V. Specification and Verification of Security Policies
School of Engineering and Applied Science, University of Virginia,
PhD Thesis, 1996.
Petroni, A. Managing Information Systems' Contingencies in Banks: A
Case Study
Disaster Prevention and Management, Vol 8, No 2, 1999, p 101-110.
Rathmell, A., Overill, R. and Valeri, L. Information Warfare Attack
Assessment System (IWAAS)
Kings College, London, 1997, Presented at Information Warfare
Seminar, London, Oct 1997.
Ratnasingham, P. and Swatman, P.A. Security in the EDI context
PAWEC 97, 1997.
Rendell, P. and Cowdale, A. The Exclusion Zone - A Development
Methodology
Proceedings of the 1999 Winter Simulation Conference, 1999, p 1118-
1124.
Salter, C., Saydjari, O.S., Schneier, B. and Wallner, J. Toward a
Secure System Engineering Methodology
Report based on research sponsored by the National Security Agency, ,
~1998.
Satyanarayanan, M. Integrating Security in a Large Distributed System
ACM Transactions on Computer Systems, Vol 7, No 3, Aug 1989, p 247-
280
Schaefer, M. We Need to Think About the Foundations of Computer
Security
ACM, 0-89791-635-2, 1993, p 120-125.
Schechtman, G.M. Manipulating the OODA loop: The Overlooked Role of
Information Resource Management in Information Warfare
School of Logistics and Acquisition Management, Air Force Institute
of Technology, Air University, Master's Thesis, 1996.
Schell, R.R., Downey, P.J. and Popek, G.J. Preliminary Notes on the
Design of Secure Military Computer Systems
Electronic Systems Division, Air Force Systems Command, 1972.
Shearer, J. and Gutmann, P. Government, Cryptography, and the Right
to Privacy
Journal of Universal Computer Science, Vol 2, No 3, Mar 1996, p 113-
136.
Schepers, F. A Framework for Adaptive Security Management Systems
Information Security Project Report, University of London, 1998.
Schneider, F.B. Enforceable Security Policies
Department of Computer Science, Cornell University, Technical Report
TR98-1664, 1998.
Schneier, B. Modeling Security Threats
Schwartau, W. Time-Based Security
Chapters 1 to 3, 1999.
Siponen, M.T. and Kajava, J. The Dimensions and Categories of
Information Security Awareness
Dept of Information Processing, University of Oulu.
Somayaji, A., Hofmeyr, S. and Forrest, S. Principles of a Computer
Immune System
New Security Paradigms Workshop, UK, 1997, p 75-82.
Sommer, P. Intrusion Detection Systems as Evidence
Computer Security Research Centre, London School of Economics &
Political Science.
Spafford, E.H. The Internet Worm: Crisis and Aftermath
Communications of the ACM, Vol 32, No 6, June 1989, p 678-687.
Spafford, E.H. Are Computer Hacker Break-Ins Ethical?
Department of Computer Science, Purdue University, Technical Report
CSD-TR-994, 1991.
Spinellis, D., Kokolakis, S. and Gritzalis, S. Security Requirements,
Risks and Recommendations for Small Enterprise and Home-Office
Environments
Information Management & Computer Security, Vol 7, No 3, 1999, p 121-
128.
Spruit, M.E.M. Competing Against Human Failing
Delft University of Technology, Dept of Information Systems, The
Netherlands.
Spurling, P Promoting Security Awareness and Commitment
Information Management & Computer Security, Vol 3, No 2, 1995, p 20-
26
Steinauer, D., Katzke, S. and Radack, S. Basic Intrusion Protection :
The First Line of Defense
IT Pro, Jan/Feb 1999, p 43-48.
Steinauer, D.D., Radack, S.M. and Katzke, S.W. U.S. Government
Activities to Protect the Information Infrastructure
US National Institute of Standards and Technology, 1997.
Stoll, C. Stalking the Wily Hacker
Communications of the ACM, Vol 31, No 5, May 1988, p 484-497.
Sutton, S. Windows NT Security Guidelines
Trusted Systems Services, Research Study, 1999.
Swanson, M. and Guttman, B. Generally Accepted Principles and
Practices for Securing Information Technology Systems
National Institute of Standards and Technology, Sept 1996.
Thomson, M.E. and von Solms, R. Information Security Awareness:
Educating Your Users Efectively
Information Management & Computer Security, Vol 6, No 4, 1998, p 167-
173.
Thrasher, R.D. Information Warfare: Implications for Forging the
Tools
Naval Postgraduate School, Masters Thesis, June 1996.
Thrasher, R.D. Information Warfare Delphi: Raw Results
Naval Postgraduate School, Masters Thesis, June 1996.
Tinto, M. The Design and Evaluation of INFOSEC Systems: The Computer
Security Contribution to the Composition Discussion
National Computer Security Center, Technical Report, Lib No S239,214,
1992.
Varcoe, B.J. Not Us, Surely? Disaster Recovery Planning for Premises
Facilities, Vol 16, No 7/8, Jul/Aug 1998, p 204-207.
Venema, W. Murphy's Law and Computer Security
Mathematics and Computing Science, Eindhoven University of
Technology, The Netherlands, ~1996.
von Solms, R. Information Security Management : Why Standards are
Important
Information Management & Computer Security, Vol 7, No 1, 1999, p 50-
57.
von Solms, R. Information Security Management (1): Why Information
Security is So Important
Information Management & Computer Security, Vol 6, No 4, 1998, p 174-
177.
von Solms, R. Information Security Management (2): Guidelines to the
Management of Information Technology Security (GMITS)
Information Management & Computer Security, Vol 6, No 5, 1998, p 221-
223.
von Solms, R. Information Security Management (3): The Code of
Practice for Information Security Management (BS 7799) (GMITS)
Information Management & Computer Security, Vol 6, No 5, 1998, p 224-
225.
Waidner, M. Development of a Secure Electronic Marketplace for Europe
Proceedings of ESORICS 96, Rome, Sept 1996
West-Brown, M. and Kossakowski, K-P. International Infrastructure for
Global Security Incident Response
CERT Coordination Center, Carnegie Mellon University, Draft, June
1999.
Whitten, A. and Tygar, J.D. Usability of Security: A Case Study
Carnegie Mellon University, CMU-CS-98-155, 1998.
Williams, J. Just Sick About Security
ACM New Security Paradigms Workshop, 1996.
Williams, J.G. A Shift in Security Modeling Paradigms
ACM, 0-89791-635-2, 1993, p 57-61.
Wing, J.M. A Symbiotic Relationship Between Formal Methods and
Security
Workshops on Computer Security, Fault Tolerance, and Software
Assurance: From Needs to Solutions, 1998.
Zakinthinos, A. and Lee, E.S. A General Theory of Security Properties
IEEE 1081-6011/97, 1997.
Zurko, M.E. and Simon, R.T. User-Centered Security
New Security Paradigms Workshop, USA, 1996, p 27-33.
An Introduction to Computer Security: The NIST Handbook
National Institute of Standards and Technology, NIST Special
Publication 800-12.
BS 7799 Future Revision
Version 6.0, May 1998
Common Criteria 1 Information Technology - Security Techniques -
Evaluation Criteria for IT Security -- Part 1:Introduction and
General Model
ISO/IEC 15408-1:1999(E), 1998.
Common Criteria 2 Information Technology - Security Techniques -
Evaluation Criteria for IT Security -- Part 2:Security Functional
Requirements
ISO/IEC 15408-2:1999(E), 1998.
Common Criteria 3 Information Technology - Security Techniques -
Evaluation Criteria for IT Security -- Part 3:Security Assurance
Requirements
ISO/IEC 15408-3:1999(E), 1998.
Countering the New Terrorism
Project Air Force, RAND Research Project, ~1998.
Executive Guide on Information Security Management
US General Accounting Office, GAO/AIMD-98-68, 1998.
Foundations for the Harmonization of Information Technology Security
Standards
Cooperation on Security of Information Systems, Joint Task 01,
Revised Draft, Version b, 1993.
Generally Accepted System Security Principles
International Information Security Foundation, Version 2.0, June
1999.
Guide to Securing Intranet and Extranet Servers
Verisign, 1999.
Guidelines for Automatic Data Processing Physical Security and Risk
Management
Federal Information Processing Standards Publication 31, June 1974.
Guideline for Computer Security Certification and Accreditation
Federal Information Processing Standards Publication 102, Sept 1983.
Improving Security
Managerial Auditing Journal, Vol 10, No 5, 1995, p 42-48
Information Security Risk Assessment
US General Accounting Office, GAO/AIMD-00-33, 1999.
Information Warfare/Command and Control Warfare (IW/C2W)
Responsibilities
Department of the Navy, OPNAVINST 3430.26, Jan 1995.
ITSEC: Assurance - Correctness
Version 1.2, June 1991.
OECD Workshops on the Economics of the Information Society: A
Synthesis of Policy Implications
Organisation for Economic Co-operation and Development, OECD,
DSTI/ICCP/IE(99)1/Final, 1999.
Offensive Information Warfare: Is a Weak Defense the Best Offense?
Reliable Software Technologies, USA, White Paper, ~1996.
OMG White paper on Security
OMG Security Working Group, Version 1.0, 1994.
Review of the 1992 Guidelines for the Security of Information Systems
Organisation for Economic Co-operation and Development, OECD,
DSTI/ICCP/REG(97)2/Final, 1998.
Safe Use of the Internet for Defence Purposes
The Technical Cooperation Program, Report from the Panel on Secure
Information Systems, STP-11, C3I Group, DOC-C3I-1 1997, 1997.
Security Controls for Computer Systems
Report of Defense Science Board Task Force on Computer Security, The
RAND Corporation, 1970.
Security Guidelines for Australian Government IT Sytems
Defence Signals Directorate, Aus, Australian Communications-
Electronic Security Instructions 33 (ACSI 33), 1998.
Security Protocols Overview
RSA Data Security Brief, 1999.
Security Risk Analysis Report for the ECS Project
Hughes Information Technology Corporation, USA, 215-CD-004-002, 1996.
Serious Weaknesses Continue to Place Defense Operations at Risk
US General Accounting Office, Report GAO/AIMD-99-107, Aug 1999.
Weaknesses at National Finance Center Increase Risk of Fraud, Misuse,
and Improper Dsiclosure
US General Accounting Office, GAO/AIMD-99-227, 1999.
What is Advanced Security Research and Why You Should Care
National Associates Technology Inc, White paper, ~1999.
Why Security Policies Fail
Control Data, White paper, 1999.
Part 2
******
Abrams, M.D. Symbiosis Among IT Security Standards, Policies, and
Criteria
Security and Control of Information Technology in Society, p 145-159,
1994.
Alberts, D. S. Defensive Information Warfare
National Defense University, NDU Press Book, 1996. on-line
Anderson, K. Intelligence-Based Threat Assessments for Information
Networks and Infrastructures
White paper, Global Technology Research, 1998.
Anderson, K. Criminal Threats to Business on the Internet
White paper, Global Technology Research, 1999.
Avolio, F.M. Best Practices in Network Security
Network Computing, March 2000. on-line
Baran, P. On Distributed Communications: IX Security, Secrecy, and
Tamper-Free Considerations
RAND Research Report, RM-3765-PR, Aug 1964.
Baumard, P. From Infowar to Knowledge Warfare: Preparing for the
Paradigm Shift
Fourth International Conference on Information Warfare: Defining the
European Perspective, Belgium, May 1996. on-line
Blatchford, C. Computer Security Controls - Diffusion Into the
Smaller Firm
Computer Fraud & Security, p 13-17, Dec 1998.
Cailliau, R. A Short History of the Web
Text of speech delivered at launching of European branch of the W3
Consortium, Paris, Nov 1995. on-line
Chowdhry, P. Attacked and Hacked!
PC Week, Oct 10, 1999. on-line
Chowdhry, P. The Gibraltar Hack: Anatomy of a Break-In
PC Week, Oct 11, 1999. on-line
Cobb, A. Thinking About the Unthinkable: Australian Vulnerabilities
to High-Tech Risks
Research Paper 18 1997-98. on-line
Cohen, F. Managing Network Security: The Unpredictability Defense
Fred Cohen & Associates on-line
Cohen, F. Managing Network Security: Prevent, Detect, and Respond
Fred Cohen & Associates on-line
Correll, J.T. War in Cyberspace
Airforce Magazine, Vol 81, No 1, Jan 1998. on-line
Cramer, M.L. Economic Espionage: An Information Warfare Perspective
Georgia Tech Research Institute
Cramer, M.L. Measuring the Value of Information
NCSA infoWARcon 97, Sept 1997.
Cramer, M.L. Information Warfare: A Consequence of the Information
Revolution
The Information Revolution: Current and Future Consequences, Ablex
Publishing Corp, 1998.
Cuppens, F. and Saurel, C. Specifying a Security Policy: A Case Study
Denning, D.E. Who's Stealing Your Information?
Information Security on-line
Devost, M.G., Houghton, B.K. and Pollard, N.A. Information Terrorism:
Can You Trust Your Toaster?
Sun Tzu Art of War in Information Age on-line
Dhillon, G. and Backhouse, J. Managing for Secure Organisations: A
Critique of Information Systems Security Research Approaches
LSE Computer Security Research Centre on-line
Ehlers, V.J. Information Warfare and International Security
Draft General Report, Science and Technology Committee, Oct 1999.
Fairthorne, B. (editor) OMG White Paper on Security
OMG Security Working Group, Issue 1.0, April 1994.
Farmer, D. and Venema, W. Improving the Security of your Site by
Breaking Into It
Fast, W.R. Knowledge Strategies: Balancing Ends, Ways, and Means in
the Information Age
Sun Tzu Art of War in Information Age on-line
Fogleman, R.R. and Widnall, S.E. Cornerstones of Information Warfare
Air Force Library on-line
Fredericks, B. Information Warfare: The Organizational Dimension
Sun Tzu Art of War in Information Age on-line
Freedman, L. Information Warfare: Will Battle Ever Be Joined
International Centre for Security Analysis (ICSA), Department of War
Studies, King's College, London on-line
Guttman, E., Leong, L. and Malkin, G. Users' Security Handbook
Request for Comment 2504
Hannemyr, G. Technology and Pleasure: Considering Hacking
Constructive
Heinlein, E.B. Computer Security in China
Computers & Security, Vol 15, p 369-375, 1996.
Henry, R. and Peartree, C.E. Military Theory and Information Warfare
Parameters, Autumn 1998, p 121-135. on-line
Jones, F. Exploding the Myth of Computer & Information Security
Codex Data Systems, 2000.
Krause, M. and Tipton, H.F. Handbook of Information Security
Management
CRC Press LLC, 1997.
Kwok, L.F. and Longley, D. A Security Officer's Workbench
Computer & Security, Vol 15, No 8, p 695-705, 1996.
Laszlo, P. The Effects of Information Warfare on Conflict and Society
Research Paper.
Libicki, M. What is Information Warfare?
ACIS Paper 3, Aug 1995. on-line
Lukasik, S.J. Protecting Information-Dependent Infrastructures
Information Impacts Magazine, Sept 1999. on-line
Miller, J.H. Information Warfare: Issues and Perspectives
Sun Tzu Art of War in Information Age on-line
Neuman, B.C. Protection and Security Issues for Future Systems
Workshop on Operating Systems of the 90's and Beyond, Germany, July
1991.
Overill, R.E. Computer Crime - An Historical Survey
International Centre for Security Analysis (ICSA), Department of War
Studies, King's College, London on-line
Perrine, T., Gross, A. and Shimomura, T. Security Researchers Aim to
Foil Vandals
Gather/Scatter, Vol 12, No 2, Spring 1996. on-line
Pfleeger, C.P. and Cooper, D.M. Security and Privacy: Promising
Advances
IEEE Software, p 27-32, Sept/Oct 1997.
Rannenberg, K. Recent Development in Information Technology Security
Evaluation - The Need for Evaluation Criteria for Multilateral
Security
Security and Control of Information Technology in Society, p 113-127,
1994.
Ryan, D.J. and Ryan, J.C.H. Protecting the National Information
Infrastructure Against Infowar
Colloquy, Vol 17, No 1, July 1996. on-line
Ryan, S.D. and Bordoloi, B. Evaluating Security Threats in Mainframe
and Client/Server Environments
Information & Management, Vol 32, p 137-146, 1997.
Saarelainen, M.J. Information Warfare and its Impacts on Commercial
Enterprises
1996. on-line
Singh, A. Information Warfare: Reshaping Traditional Perception
Strategic Analysis, Vol XXI, No 12, Mar 1998. on-line
Smith, G. An Electronic Pearl Harbor? Not Likely
Issues in Science and Technology Online, Fall 1998. on-line
Sobolewski, V. New Dimensions in the Information War
Australian Defence Science News, Autumn 1998. on-line
Stein, G. Information War - Cyberwar - Netwar
Chapter 6 of Battlefield of the Future: 21st Century Warfare Issues.
on-line
Swanson, M. Guide for Developing Security Plans for Information
Technology Systems
NIST Special Publication 800-18, Dec 1998.
von Solms, R. Information Security Management: The Second Generation
Computers & Security, Vol 15, p 281-288, 1996.
Walker, D.M. Bytes Replace Bullets in the New Wired Warfare
Fairfax I.T. on-line
Wilson, M. Hardwar, Softwar, Wetwar Operational Objectives of
Information Warfare
7Pillars Partners, 1995 on-line
Wilson, M. Infrastructural Warfare Threat Model
7Pillars Partners, 1996. on-line
Wilson, M. Waging IWAR
7Pillars Partners, 1997. on-line
Wood, C. The Web is a Hacker's Playground
Pc World Magazine, Feb 2000. on-line
Computer Crime & Information Warfare Timeline
Generally Accepted Principles and Practices for Securing Information
Technology Systems
NIST Special Publication 800-14, Sept 1996.
Maximum Security: A Hacker's Guide to Protecting Your Internet Site
and Network
Macmillan Computer Publishing, 1997. on-line
------------------------------------------------------------------------
IT Professionals: Match your unique skills with the best IT projects at
http://click.egroups.com/1/3381/7/_/595019/_/960556950/
------------------------------------------------------------------------
------------------
http://all.net/