Skip to main content Accessibility help
×
Home
  • Access
  • Print publication year: 2007
  • Online publication date: September 2009

1 - Introduction to e-security

from I - E-security
    • Send chapter to Kindle

      To send this chapter to your Kindle, first ensure no-reply@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about sending to your Kindle.

      Note you can select to send to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be sent to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

      Find out more about the Kindle Personal Document Service.

      Available formats
      ×

      Send chapter to Dropbox

      To send content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about sending content to Dropbox.

      Available formats
      ×

      Send chapter to Google Drive

      To send content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about sending content to Google Drive.

      Available formats
      ×

Summary

This chapter discusses the importance and role of e-security in business environments and networked systems. It presents some relevant concepts in network security and subscribers protection. It also introduces some basic terminology that is used throughout the book to define service, information, computer security, and network security. This chapter aims at providing self contained features to this book.

Introduction

Every organization, using networked computers and deploying an information system to perform its activity, faces the threat of hacking from individuals within the organization and from its outside. Employees (and former employees) with malicious intent can represent a threat to the organization's information system, its production system, and its communication networks. At the same time, reported attacks start to illustrate how pervasive the threats from outside hackers have become. Without proper and efficient protection, any part of any network can be prone to attacks or unauthorized activity. Routers, switches, and hosts can all be violated by professional hackers, company's competitors, or even internal employees. In fact, according to various studies, more than half of all network attacks are committed internally.

One may consider that the most reliable solution to ensure the protection of organizations' information systems is to refrain from connecting them to communication networks and keep them in secured locations. Such a solution could be an appropriate measure for highly sensitive systems.

Related content

Powered by UNSILO
References
Allen, J. H. (2001). CERT Guide to System and Network Security Practices, The SEI Series in Software Engineering, Addison Wesley Professional.
Australian Computer Emergency Response Team. (2004). 2004 Australian Computer Crime and Security Survey (available at www.auscert.org.au/download.html?f=114).
Gordon, L. A., Loed, M. P., Lucyshin, W., and Richardson, R.. (2004) 2004 CSI/BFI Computer crime and security survey, Computer Security Institute publications (available at www.gosci.com/forms/fbi/pdf.jhtml).
Hare, C. Policy development. In Information Security Management Handbook, volume 3, Tipton, H. F. and Krause, M. (eds.). Auerbach, pp. 353–89.
Holbrook, P. and Reynolds, J.. (1991). Site Security Handbook (available at www.securif.net/misc/Site_Security_Handbook).
Internet Engineering Task Force. (1997). Site Security Handbook, RFC 2196. IETF Network Working Group. Available at www.ietf.org/rfc/rfc2196.txt (date of access: Aug. 24th, 2004).
Obaidat, M. S. (1993b). A methodology for improving computer access security, Computers Security Journal, Vol. 12, No. 7, 657–62.
Obaidat, M. S. and Macchairllo, D.. (1993a). An on-line neural network system for computer access security. IEEE Transactions on Industrial Electronics, Vol. 40, No. 2, 235–42.
Obaidat, M. S. and Macchairllo, D.. (1994). A multilayer neural network system for computer access security, IEEE Transactions on Systems, Man, and Cybernetics, Vol. 24, No. 5, 806–13.
Obaidat, M. S. and Sadoun, B.. (1997). Verification of computer users using keystroke dynamics. IEEE Transactions on Systems, Man and Cybernetics, Part B, Vol. 27, No. 2, 261–9.
Obaidat, M. S. and B. Sadoun. (1999). Keystroke dynamics based identification. In Biometrics: Personal Identification in Networked Society, Anil, Jainet al. (eds.), Kluwer, pp. 213–29.
Stallings, W. (2001). Cryptography and Network Security, 3rd edn. Prentice Hall.
Swanson, M. (1998). Developing Security Plans for Information Technology Systems, NIST Special Publication 800–18.
West-Brown, M. J., Stikvoort, D., and Kossakowski, K. P.. (1998). Handbook for Computer Security Incident Response Teams (CSIRTs) (CMU/SEI-98-HB-001). Software Engineering Institute, Carnegie Mellon University.