Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Report: Punish poor information security setups

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Report: Punish poor information security setups
Date: Thu, 10 Nov 2005 00:24:26 -0600 (CST) 
http://www.washingtontechnology.com/news/1_1/daily_news/27391-1.html

By Alice Lipowicz
Staff Writer
11/08/05

Congress may want to consider penalizing organizations and companies
that have poor information security policies that contribute to a
major loss of sensitive information, according to a new Congressional
Research Service report [1] on cybersecurity.

Other policy questions Congress may choose to consider are whether
computer product vendors should report quickly all serious, newly
discovered vulnerabilities to the Homeland Security Department, and
whether computer service providers and businesses should be required
to report to DHS any "major security vulnerabilities that have been
newly exploited by cybercriminals," the report said.

The CRS report, "Terrorist Capabilities for Cyberattack," states that
security experts disagree about whether global terrorists are capable
of launching a successful cyberattack against U.S. civilian critical
infrastructure, and whether such an attack would seriously disrupt the
U.S. economy.

However, tighter physical security may be encouraging terrorists to
turn to cybersecurity, either by developing new computer skills
themselves or by aligning with cybercriminals, the CRS report said.  
Those new capabilities may be used in an online terrorist attack with
the intent of crippling IT infrastructures, or to finance a more
conventional terrorist attack against facilities or people.

There is evidence that terrorists are gaining understanding of IT and
have expanded their recruitment of people skilled in computer
sciences, engineering and mathematics, the report said. Several recent
terrorist events appear to have been funded partially through online
credit-card fraud.

Whether it is linked with terrorism, cybercrime is increasing
dramatically. The report cites research by IBM Corp. stating that
during the first half of 2005, criminal-driven computer security
attacks increased by 50 percent, most frequently targeting government
agencies and industries in the United States.

Policy issues for Congress include evaluating whether counterrorism
efforts ought to be linked more closely with international efforts to
prevent cybercrime, the CRS report said. Also, there are policy
questions about whether the Defense and Homeland Security departments
ought to collaborate more closely to strengthen the computer security
of civilian agencies and infrastructure.

The report identifies five pieces of legislation before Congress
related to improving national computer security: H.R. 285, 744, 1817
and 3109 and S. 768.

[1] http://www.opencrs.com/rpts/RL33123_20051020.pdf



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Report: Punish poor information security setups, InfoSec News <=
Previous by Date:  [ISN] Antivirus firms target Sony 'rootkit', InfoSec News
Next by Date:  [ISN] Security is executive's chief fear, InfoSec News
Previous by Thread:  [ISN] Antivirus firms target Sony 'rootkit', InfoSec News
Next by Thread:  [ISN] Security is executive's chief fear, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]