Abstract
With ever growing and evolving threats and cyber attacks, the management of enterprise security and the security of enterprise management systems are key to business—if not a nation’s—operations and survival. Secur(e/ity) management, the moniker for the intertwined topics of secure management and security management, has evolved trying to keep pace. The history of secur(e/ity) management is traced from its origins in the disjoint silos of telecommunications, internetworking and computer security to today’s recognition as necessary, interdisciplinary, interworking technologies and operations. An overview of threats and attacks upon managed and management systems shows that occurrences of ever more sophisticated, complex and harder to detect cyber misconduct are increasing as are the severity and costs of their consequences. Introduction of new technologies, expansion of the perimeters of an enterprise and trends in collaborative business partnerships compound the number of managed system targets of cyber compromise. Technical and marketplace trends in secur(e/ity) management reveal needs that must be bridged. Research attention should focus on developing axiomatic understanding of the natural laws of security, tools to realize vulnerability-free software, metrics for assessing the efficacy of secur(e/ity) management, tools for default-deny strategies so that signature-based security management can be retired, secur(e/ity) management approaches for virtualized and service-oriented environments, and approaches for composite, holistic, secur(e/ity) management.
Similar content being viewed by others
Notes
The prevailing legal trend is to define “adequate security” as meaning that degree or level of security, which meets or exceeds the requirements established by the Federal Information Security Management Act (FISMA).
The term “Natural Laws of Security” was coined by Mr. Timothy Malcomvetter (malcomvetter@gmail.com), a doctoral student whose future research may be focused in this area.
Albert Einstein. http://quotations.home.worldnet.att.net/alberteinstein.html
References
Chickowski, E.: Gartner: Web security fears cause $2 billion online commerce loss in 2006. SC Magazine. http://haymarket.ec-messenger.com/re?l=1hmb1qIfvmdmdIe (2006). Accessed 28 Nov 2006
Jackson, W.: At last, a move to put the “I” in IT security. Government Computer News. http://www.gcn.com/print/26_05/43226-1.html?topic=security (2007). Accessed 05 Mar 2007
Gaudin, S.: Malware disrupted half of global businesses. InformationWeek. http://www.informationweek.com/story/showArticle.jhtml?articleID=198700793 (2007). Accessed 28 Mar 2007
Gaudin, S.: Companies say security breach could destroy their business. InformationWeek. http://www.informationweek.com/news/showArticle.jhtml?articleID=199201085 (2007). Accessed 24 Apr 2007
Greenemeier, L.: Estonian attacks raise fears of cyber ‘Nuclear Winter’. InformationWeek. http://www.darkreading.com/document.asp?doc_id=124869 (2007). Accessed 24 May 2007
Kamath, J.-P.: Hackers could dent economy, US warned. ComputerWeekly.com. http://www.computerweekly.com/Articles/2007/04/24/223399/hackers-could-dent-economy-us-warned.htm (2007). Accessed 24 Apr 2007
Phillips, J.: Chinese hackers get the drop on fashion houses. The Washington Times. http://washingtontimes.com/world/20070512-105632-6516r.htm (2007). Accessed 13 May 2007
Krebs, B.: Three worked the web to help terrorists—British case reveals how stolen credit card data bought supplies for operatives. Washington Post. http://www.washingtonpost.com/wp-dyn/content/article/2007/07/05/AR2007070501945.html (2007). Accessed 6 July 2007
Shimeall, T.: Phil Williams and Casey Dunlevy, “Countering cyber war. NATO review. http://www.cert.org/archive/pdf/counter_cyberware.pdf (2001/2002). Accessed Winter 2001/2002
Gaudin, S.: China to use computer viruses as cyberwarfare first strike. Information Week. http://www.darkreading.com/document.asp?doc_id=125296 (2007). Accessed 31 May 2007
Traynor, I.: Russia accused of unleashing cyberwar to disable Estonia. The Guardian. http://www.guardian.co.uk/russia/article/0,,2081438,00.html (2007). Accessed 17 May 2007
Wait, P.: CRS: Terrorists find fertile environment in cyberspace. Government Computer News. http://www.gcn.com/online/vol1_no1/43263-1.html (2007). Accessed 6 Mar 2007
Business Roundtable Security Task Force, Essential steps to strengthen America’s cyber terrorism preparedness. Business Roundtable. http://www.businessroundtable.org/pdf/20060622002CyberReconFinal6106.pdf (2006). Accessed June 2006
Gross, G.: Experts: U.S. vulnerable to major cyberattacks”, IDG News Service. http://www.networkworld.com/news/2007/042507-experts-us-vulnerable-to-major.html?page=1 (2007). Accessed 25 Apr 2007
Dubie, D.: Management and security: still separate but equal?. Network World, Network/Systems Management Newsletter. http://www.file:///private/var/tmp/folders.501/TemporaryItems/1487107+%204.html (2007). Accessed 7 May 2007
Brusil, P., Hale, J.: The shifting sands of secur(e/ity) management. J. Netw. Syst. Manage., Second Special Issue on Security and Management 13(3), Springer, Sept 2005
Hale, J., Brusil, P.: Secur(e/ity) management: two sides of the same coin. J. Netw. Syst. Manage., Special Issue on Security and Management 12(1), Plenum Publishers, Mar 2004
Mr. Art Coviello, President of RSA, as quoted by Jaikumar Vijayan, in IT faces networks without borders. ComputerWorld, http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=282619&pageNumber=1 (2007). Accessed 12 Feb 2007
NWC News Desk: Microsoft integrates security, management lines. Network Computing. http://www.networkcomputing.com/channels/security/showArticle.jhtml?articleID=199300089 (2007). Accessed 7 May 2007
Phifer, L., Piscitello, D.: The sad and increasingly deplorable state of Internet security, revisited. Business Communication Review. http://www.corecom.com/external/bcrmag/bcrmag-revisited-jun07.pdf (2007). Accessed June 2007
Low, L.: New online threats for the new year. Enterprise Syst. J. http://www.esj.com/news/article.aspx?EditorialsID=2444 (2007). Accessed 6 Feb 2007
Low, L.: New year, new threats. RedmondMag, http://redmondmag.com/reports/article.asp?editorialsid=406 (2007). Accessed Jan 2007
Central News Agency: Chinese professor cracks fifth data security algorithm. The Epoch Times International. http://en.epochtimes.com/news/7-1-11/50336.html (2007). Accessed 11 Jan 2007
Higgins, K.J.: Five security flaws in IPv6. Dark Reading. http://www.darkreading.com/document.asp?doc_id=123506 (2007). Accessed 8 May 2007
IBM: IBM report: software security vulnerabilities will continue to rise in 2007. Press Release. http://www-03.ibm.com/press/us/en/pressrelease/20988.wss (2007). Accessed 30 Jan 2007
Gaudin, S.: Study: 70% of web sites are hackable. InformationWeek. http://www.informationweek.com/news/showArticle.jhtml?articleID=197005784
Trend Micro. http://www.trendmicro.com/ (2007). Accessed 13 Feb 2007
2006 Annual Threat Roundup and 2007 Forecast. Trend Micro. http://uk.trendmicro-europe.com/global/products/collaterals/white_papers/2006AnnualThreatRoundup.pdf
Washkuch, F. Jr.: Akonix: Instant messaging attacks up 200 percent in a year. SC Magazine. http://scmagazine.com/us/news/article/647261/akonix-instant-messaging-attacks-200-percent-year/ (2007). Accessed 29 Mar 2007
Chickowski, E.: Webroot: 40% of companies report disruptions due to malware. SC Magazine. http://scmagazine.com/us/news/article/647589/webroot-40-percent-companies-report-disruptions-due-malware/ (2007). Accessed 31 Mar 2007
Unknown: Cyber crime strikes Irish businesses. Siliconrepublic.com News Service. http://www.siliconrepublic.com/news/news.nv?storyid=single7798 (2007). Accessed 21 Feb 2007
Bloor, R.: The extraordinary failure of anti-virus technology. Hurwitz & Assoc. http://viewer.bitpipe.com/viewer/viewDocument.do?accessId=5726883 (2007)
Raisbeck, F.: Key logger use up 500% in three-plus years. SC Magazine. http://scmagazine.com/us/news/article/647265/kaspersky-keylogger-use-500-percent-three-plus-years/ (2007). Accessed 29 Mar 2007
Young, T.: ID fraud taking its toll. Computing. http://www.vnunet.com/computing/news/2172647/id-fraud-taking-toll (2007). Accessed 16 Jan 2007
Carr, J.: URLs with ‘crimeware’ spreading, but war on phishing gains ground. SC Magazine. http://www.scmagazine.com/us/newsletter/dailyupdate/article/20070716/671230/ (2007). Accessed 23 Jul 2007
Gaudin, S.: Nearly 30,000 malicious web sites appear each day. Information Week. http://www.informationweek.com/news/showArticle.jhtml?articleID=200001941 (2007). Accessed 2 July 2007
Drucker, D.: SPAM continues to grow unchecked. Sarbanes-Oxley Compliance Journal. http://www.s-ox.com/dsp_getNewsDetails.cfm?CID=8065 (2007). Accessed 1 Feb 2007
Jackson, W.: Damn spam! There’s more of it than ever. Government Computer News. http://www.gcn.com/online/vol1_no1/43112-1.html?topic=security (2007). Accessed 8 Feb 2007
Messmer, E.: Software vulnerabilities spiked 39% in 2006. Network World. http://www.networkworld.com/news/2007/013007-ibm-security-report.html (2007). Accessed 30 Jan 2007
Greenemeier, L.: Spam is gateway to malware economy, feds say. Information Week. http://www.informationweek.com/news/showArticle.jhtml?articleID=201001378 (2007). Accessed 13 July 2007
Staff: A chronology of data breeches. Privacy Rights Clearinghouse, Originally posted Apr 20, 2005 and updated frequently. http://www.privacyrights.org/ar/ChronDataBreaches.htm (2007). Accessed 24 Feb 2007
Messmer, E.: A third of IT managers report data breaches: survey. Network World. http://www.networkworld.com/news/2007/041107-survey-data-breaches.html?nlhtbug=0409bug2&company=Cisco/Verizon%20 (2007). Accessed 11 Apr 2007
Dubie, D.: Data breaches plague U.S. companies: survey reveals 85% of respondents experience data breech events. Network World. http://www.networkworld.com/news/2007/041107-survey-data-breaches.html?nlhtbug=0409bug2&company=Cisco/Verizon%20 (2007). Accessed 15 May 2007
Zeller, T.: Link by link: an ominous milestone: 100 million data leaks. New York Times, 18 Dec 2006
Wilson, T.: TJX breach skewers customers, banks. Dark Reading. http://www.darkreading.com/document.asp?doc_id=114981 (2007). Accessed 18 Jan 2007
Greenemeier, L.: Massive insider breach at Dupont. InformationWeek. http://www.informationweek.com/news/showArticle.jhtml?articleID=197006474 (2007). Accessed 15 Feb 2007
Gaudin, S.: Report: FBI loses three to four laptops every month. InformationWeek. http://www.darkreading.com/document.asp?doc_id=117286 (2007). Accessed 13 Feb 2007
Hu, S.: Laptop stolen with 22,000 Kaiser patients’ data, CBS5.com News. http://cbs5.com/consumer/local_story_045212622.html (2007). Accessed 14 Feb 2007
Keizer, G.: Johns Hopkins loses 135,000 worker, patient records. Compterworld. http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9010919&taxonomyId=17&intsrc=kc_top (2007). Accessed 8 Feb 2007
Unknown: UM study: hackers attack computers every 39 seconds. PRNewswire. http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/02-06-2007/0004521013&EDATE= (2007). Accessed 6 Feb 2007
TCiIT Compliance Institute. The global authority for IT compliance information and alerts best practices: organizations neglect human factors in security. http://www.itcinstitute.com/display.aspx?id=363
Gaudin, S.: Security breaches cost $90 to $305 per lost record. InformationWeek. http://www.informationweek.com/news/showArticle.jhtml?articleID=199000222 (2007). Accessed 11 Apr 2007
McGillicuddy, S.: Rising cost of data breaches fuels security spending. SMB News. http://searchsmb.techtarget.com/originalContent/0289142sid44_gci123014800.html?track=NL-383&ad=595419&asrc=EM_NLT_1728761&uid=1106199 (2006). Accessed 15 Nov 2006
Jaques, R.: TK Maxx security blunder will cost US$8.3B. ITnews.com.au. http://www.itnews.com.au/newsstory.aspx?CIaNID=52299 (2007). Accessed 18 May 2007
Lamos, R.: Fraud linked to TJX data heist spreads. Security Focus. http://www.securityfocus.com/news/11438 (2007). Accessed 26 Jan 2007
Greenemeier, L.: TJX data shows up in massive credit card fraud at Florida Wal-Mart stores. InformationWeek. http://www.informationweek.com/news/showArticle.jhtml?articleID=198500476 (2007). Accessed 24 Mar 2007
Abelson, J.: Class action suit filed against TJX. Boston Globe. http://www.boston.com/business/ticker/2007/01/class_action_su_1.html (2007). Accessed 29 Jan 2007
Massachusetts Bankers Association: Massachusetts, Connecticut Bankers Associations and the Maine Association of Community Banks and Individual Banks file class action lawsuit against TJX companies Inc. https://www.massbankers.org/pdfs/DataBreachSuitNR5.pdf (2007). Accessed 24 Apr 2007
Class Action Suit Files Against Chicago Board of Elections for Data Exposure. Chicago Sun-Times, 23 Jan 2007. http://infosecplace.com/blog/category/data-theft/
“2006 CSI/FBI Computer Crime and Security Survey”. http://i.cmpnet.com/gocsi/db_area/pdfs/fbi/FBI2006.pdf
Staff: Network downtime from attack has companies losing revenue. Access Control & Security Systems, Security Management Weekly. http://securitysolutions.com/news/network-downtime-report/index.html (2007). Accessed 27 Feb 2007
Washkuch F. Jr.: FBI: Web fraud cost more than $200 million in 2006. SC Magazine. http://scmagazine.com/us/news/article/645020/fbi-web-fraud-cost-200-million-2006/ (2007). Accessed 20 Mar 2007
Kennedy, J.: Hanging on the telephone. siliconrepublic.com. http://www.siliconrepublic.com/news/news.nv?storyid=single7916 (2007). Accessed 8 Mar 2007
Young, T.: Cost of ID fraud could reach £3.8bn in four years. Computing. http://www.vnunet.com/computing/news/2168208/cost-id-fraud-reach-8bn-four (2006). Accessed 9 Nov 2006
McAfee, Inc.: Reports on online identity theft trends. http://www.mcafee.com/us/about/press/corporate/2007/20070115_182020_r.html (2007). Accessed 15 Jan 2007
LaPlante, A.: Phishers and rootkits and death threats, oh my!. Editor’s note, InformationWeek Daily Newsletter. http://www.informationweek.com (2007). Accessed 19 Jan 2007
Gaudin, S.: Government busts identity theft ring that targeted Forbes 400 richest. Information Week. http://www.informationweek.com/news/showArticle.jhtml?articleID=201800899&cid=nl_IWK_daily (2007). Accessed 17 Aug 2007
Claburn, T.: Eli Lily recovers confidential documents but loses secrets to the web. InformationWeek. http://www.informationweek.com/news/showArticle.jhtml?articleID=197006245 (2007). Accessed 15 Feb 2007
Chickowski, E.: Gartner: Web security fears cause $2 billion online commerce loss in 2006, SC Magazine. http://haymarket.ec-messenger.com/re?l=1hmb1qIfvmdmdIe (2006). Accessed 28 Nov 2006
eMarketer: Security concerns hinder online buying. http://www.emarketer.com/Article.aspx?id=1004949 (2007). Accessed 23 May 2007
Klein, A.: The new front line in defending against online threats. “E-Commerce Times. http://www.technewsworld.com/rsstory/55686.html (2007). Accessed 12 Feb 2007
Dallaway, E.: Cybercrime unreported due to reputation risks. Infosecurity News, Elsevier, May 2007
Berinato, S.: The bad guys get smarter. Chief Security Officer newsletter. http://www.csoonline.com/read/010107/brf_bank_phishing.html?source=nlt_csoupdate (2007). Accessed Jan 2007
Jackson, W.: Laser targeting by hackers. Government Computer News. http://www.gcn.com/online/vol1_no1/44317-1.html (2007). Accessed 21 May 2007
Gaudin, S.: Most IT managers expect major security hit very year. Information Week. http://www.darkreading.com/document.asp?doc_id=116628 (2007). Accessed 7 Feb 2007
van Grinsven L.: Mobile carriers to make it easy to send money home”, Reuters. http://today.reuters.com/news/articlenews.aspx?type=technologyNews&storyid=2007-02-12T155354Z_01_L09313027_RTRUKOC_0_US-MOBILE-3GSM-REMITTANCES.xml (2007). Accessed 12 Feb 2007
Jackson, W.: Hackers continue to become more professional. Government Computer News. http://www.gcn.com/online/vol1_no1/43339-1.html (2007). Accessed 19 Mar 2007
Gaudin, S.: Symantec: criminals pool resources to beef up online attacks. InformationWeek. http://www.informationweek.com/news/showArticle.jhtml?articleID=198500504 (2007). Accessed 24 Mar 2007
Keizer, G.: Criminals selling stolen identities at bargain basement prices. Computerworld. http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9013538&pageNumber=1 (2007). Accessed 19 Mar 2007
Schwartz, E.: Keeping up with polymorphic worms. Top Tech News. http://www.toptechnews.com/story.xhtml?story_id=020001Y4ZAI8 (2007). Accessed 8 Feb 2007
Staff writers: Organized malware factories threaten Internet users. Haymarket Itnews.com. http://www.itnews.com.au/newsstory.aspx?CIaNID=45136 (2007). Accessed 31 Jan 2007
Messmer, E.: Report says identity thieves working hand in hand with ‘bot herders’. Network World. http://www.networkworld.com/news/2007/031907-identity-thieves-bot-herders.html?netht=031907dailynews2&company=HDI (2007). Accessed 19 Mar 2007
Mason, B.: Experts see proliferation of cyber threats. Contra Costa Times. http://www.topix.net/content/kri/1907616030321338565615687515752740829445 (2007). Accessed 20 Feb 2007
Mello, J.: Mac Malware: slow but steady evolution. MacNewsWorld. http://www.technewsworld.com/story/55765.html (2007). Accessed 15 Feb 2007
Richmond, R.: A new battleground for computer security. Wall Strret Journal. http://online.wsj.com/article/SB117313867582027623.html (2007). Accessed 6 Mar 2007
Riden, J. et al.: Know your enemy: web application threats. Honeynet Projects. http://honeynet.org/papers/webapp/ (2007). Accessed 7 Feb 2007
SANS Institute: SANS Top-20 Internet Security Attack Targets (2006 Annual Update). Summary Press Release. https://www.sans.org/top20/2006/press_release.pdf?portal=5e9cae56b1696a02c3a951273defafb1
Lemon, S.: Average zero-day bug has 348-day lifespan. IDG News Service. http://www.networkworld.com/news/2007/070907-average-zero-day-bug-has-348-day.html (2007). Accessed 9 July 2007
Higgins, K.J.: DNS attack: only a warning shot? DarkReading. http://www.darkreading.com/document.asp?doc_id=116685 (2007). Accessed 7 Feb 2007
Garretson, C.: How secure is your security software? Network World. http://www.networkworld.com/news/2007/060507-qa-pescatore.html?netht=060607dailynews1& (2007). Accessed 5 June 2007
Gaudin, S.: Before attacking Symantec, virus writer also voiced grudge against SANS. InformationWeek. http://www.informationweek.com/news/showArticle.jhtml?articleID=197700889 (2007). Accessed 2 Mar 2007
Vijayan, J.: IT faces networks without borders. ComputerWorld, http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=282619&pageNumber=1 (2007). Accessed 12 Feb 2007
Gaudin, S.: Hackers’ latest attack: malware in disguise. InformationWeek. http://www.informationweek.com/news/showArticle.jhtml?articleID=197700463 (2007). Accessed 1 Mar 2007
Higgins, K.: Attackers hide in fast flux. Dark Reading. http://www.darkreading.com/document.asp?doc_id=129304 (2007). Accessed 17 July 2007
Kirk, J.: Stealthy attack serves malicious code only once. IDG News Service. http://www.networkworld.com/news/2007/060407-stealthy-attack-serves-malicious-code.html?netht=060507dailynews1& (2007). Accessed 4 June 2007
Broersma, M.: Peer-to-peer botnets a new and growing threat. Techworld.com. http://www2.csoonline.com/blog_view.html?CID=32852 (2007). Accessed 17 Apr 2007
Kirk, J.: Hackers build private IM to keep out the law. IDG News Service. http://www.networkworld.com/news/2007/032807-hackers-build-private-im-to.html?nlhtbug=0326bug2&company=Cisco (2007). Accessed 28 Mar 2007
McMillan, R.: Hackers looking forward to iPhone. Computer World. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9008038&intsrc=hm_list (2007). Accessed 13 Jan 2007
Radcliff, D.: The surprising security threat: your printers. ComputerWorld. http://www.computerworld.com/action/article.do?command=printArticleBasic&articleId=277746 (2007). Accessed 15 Jan 2007
Kelley, D.: Security management convergence via SIM (Security Information Management)—a requirements perspective. Reports Column, Special Issue on Security and Management. J. Netw. Syst. Manage. 12(1) Mar 2004
President George W. Bush, Homeland security presidential directive /HSPD-12, The White House. http://www.whitehouse.gov/news/releases/2004/08/20040827-8.html (2004). Accessed 27 Aug 2004
CRN: Security a commodity? Dark Reading. http://www.darkreading.com/document.asp?doc_id=115148 (2007). Accessed 30 Jan 2007
Richter, C.: The evolution of managed security services: a virtual reality. Information Systems Security, Auerbach. http://www.infosectoday.com/Articles/Managed_Services.htm
Brodkin, J.: Security tops managed service investment priorities, Network World. http://www.networkworld.com/news/2007/022107-security-managed-service-investment.html?netht=022207dailynews1&company=Cisco%20 (2007). Accessed 21 Feb 2007
Dubie, D.: Organized, financially-driven online criminals a main corporate threat. Network World. http://www.networkworld.com/news/2007/070307-internet-security-systems.html?page=1 (2007). Accessed 3 July 2007
Greenemeier, L.: Virtualization’s next frontier: security. InformationWeek. http://www.informationweek.com/story/showArticle.jhtml?articleID=198001538 (2007). Accessed 17 Mar 2007
Messmer, E.: Virtualization security risks being overlooked, Gartner warns. Network World. http://www.networkworld.com/news/2007/040607-virtualization-security.html?nlhtbug=0409bug1&company=Cisco/Verizon%20 (2007). Accessed 6 Apr 2007
Antonopoulos, A.: Securing virtualized infrastructure: from static security to virtual shields. Nenertes Research, http://www.bluelane.com/lib/pdfs/SecuringVirtualizedInfrastructure.pdf
Dubie, D.: Virtualization invites management nightmare, says Yankee Group analyst. http://www.networkworld.com/news/2007/032707-qa-virtualization-nightmare.html?page=1 (2007). Accessed 27 Mar 2007
Miller, J.: Lawmakers to DHS: spend more on cybersecurity. Federal Computer Week. http://www.fcw.com/article103126-07-03-07-Web&newsletter=yes (2007). Accessed 3 July 2007
Wilson, T.: Experts: US not prepared for cyber attack—multibillion dollar investment recommended to mitigate threats. Dark Reading. http://www.darkreading.com/document.asp?doc_id=122732 (2007). Accessed 26 Apr 2007
Congressional testimony of the Computing Research Association on cyber security research and development. http://www.cra.org/govaffairs/pitac_cyber_testimony.php (2004). Accessed 29 July 2004
Hale, J., Brusil, P.: Secur(e/ity) management: two sides of the same coin. Special Issue on Security and Management. J. Netw. Syst. Manage. 12(1), Plenum Publishers, Mar 2004
Brusil, P., Hale, J.: The shifting sands of secur(e/ity) management. Second Special Issue on Security and Management. J. Netw. Syst. Manage. 13(3), Springer, Sept 2005
Congressional testimony of the Computing Research Association on cyber security research and development. http://www.cra.org/govaffairs/pitac_cyber_testimony.php (2004). Accessed 29 July 2004
Computer Science and Telecommunications Board: Toward a safer and more secure cyberspace. The National Academic Press. http://books.nap.edu/catalog.php?record_id=11925 (2007)
Swanson, M., et al.: Security metrics guide for information technology systems, NIST Special Pub 800-55, http://csrc.nist.gov/publications/nistpubs/800-55/sp800-55.pdf (2003). Accessed July 2003
Berinato, S.: A Few Good Metrics. CSO Magazine. http://www.csoonline.com/read/070105/metrics.html (2005). Accessed July 2005
Franklin, C.: Hey, hacker, get offa my cloud. Dark Reading. http://www.darkreading.com/blog.asp?blog_sectionid=415&doc_id=130144 (2007). Accessed 27 July 2007
Lemos, R.: Stormy weather for malware defenses. SecurityFocus. http://www.securityfocus.com/news/11446?ref=rss (2007). Accessed 5 Mar 2007
Bloor, R.: The extraordinary failure of anti-virus technology. Hurwitz & Assoc., TechTarget. http://go.techtarget.com/r/1001945/5424368>http://go.techtarget.com/r/1001945/5424368 (2007)
Dubie, D.: The business of network behavior analysis. Network World, Sept 26, 2006. http://www.networkworld.com/news/2006/100206-specialfocus.html?rlh=0423nsm1&company= (2006)
Klein, A.: The new front line in defending against online threats. “E-Commerce Times. http://www.technewsworld.com/rsstory/55686.html (2007). Accessed 12 Feb 2007
Author information
Authors and Affiliations
Corresponding author
Additional information
“We often give our enemies the means of our own destruction.”—Aesop.
Rights and permissions
About this article
Cite this article
Hale, J., Brusil, P. Secur(e/ity) Management: A Continuing Uphill Climb. J Netw Syst Manage 15, 525–553 (2007). https://doi.org/10.1007/s10922-007-9079-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10922-007-9079-4