Difference between revisions of "Keyword Index and Glossary of Core Ideas"

From Cybersecurity Wiki
Jump to: navigation, search
(Cyber Warfare)
 
(381 intermediate revisions by 6 users not shown)
Line 1: Line 1:
 +
{{Header_Message|message=This page is outdated. The keywords function has been deprecated in recent updates of the wiki. If you choose use this index, be advised that it only contains articles that have been uploaded prior to September 2011. For a comprehensive list of article categories please consult the [[Table of Contents]].}}
 +
 +
 
==Keyword Index and Glossary of Core Ideas==
 
==Keyword Index and Glossary of Core Ideas==
  
Line 13: Line 16:
 
References:
 
References:
 
* [[Security_Engineering | Anderson]]
 
* [[Security_Engineering | Anderson]]
 +
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
 +
* [[2010 Top Cyber Security Risks Report | HP TippingPoint DVLabs]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 +
* [[McAfee Threats Report | McAfee]]
 
* [[Beyond_Fear | Schneier]]
 
* [[Beyond_Fear | Schneier]]
 +
* [[Symantec Global Internet Security Threat Report | Symantec]]
 +
* [[Trend Micro Annual Report | Trend Micro]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 +
 +
===Best Practices===
 +
 +
The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]
 +
 +
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
  
 
===Black Hat===
 
===Black Hat===
Line 24: Line 38:
  
 
References:
 
References:
* [[Why_Information_Security_is_Hard | Anderson]]
+
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 47: Line 61:
 
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
 
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
 
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
 
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]
 +
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
 +
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
 
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
 
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
 
* [[Cyber_War | Clarke]]
 
* [[Cyber_War | Clarke]]
 +
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
 
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
 
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]
 
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
 
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
 +
* [[2010 Top Cyber Security Risks Report | HP TippingPoint DVLabs]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 +
* [[Cyber_Operations | Korns]]
 +
* [[Cyberpower and National Security | Kramer et. al]]
 +
* [[McAfee Threats Report | McAfee]]
 +
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
 +
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
 
* [[Cyber_Power | Nye]]
 
* [[Cyber_Power | Nye]]
 
* [[Estonia_Three_Years_Later | Shackelford]]
 
* [[Estonia_Three_Years_Later | Shackelford]]
* [[Schneier on Security | Schneier]]  
+
* [[Schneier_on_Security | Schneier]]
 +
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
 +
* [[Symantec Global Internet Security Threat Report | Symantec]]
 
* [[The_Underground_Economy | Thomas and Martin]]
 
* [[The_Underground_Economy | Thomas and Martin]]
 +
* [[Trend Micro Annual Report | Trend Micro]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 64: Line 90:
 
References:
 
References:
 
* [[The_Government_and_Cybersecurity | Bellovin]]
 
* [[The_Government_and_Cybersecurity | Bellovin]]
 +
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
 
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
 
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]
 +
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
 +
* [[Cyberpower and National Security | Kramer et. al]]
 +
* [[Wired_Warfare | Schmitt]]
 +
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
 
* [[Armed_Attack_in_Cyberspace | Todd]]
 
* [[Armed_Attack_in_Cyberspace | Todd]]
  
Line 74: Line 105:
 
References:
 
References:
 
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
 
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
 +
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
 
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
 
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
+
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]
 
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
 
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
 
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
 
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]
 +
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
 +
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
 +
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
 +
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
 +
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
 +
* [[Armed_Attack_in_Cyberspace | Todd]]
 
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]
 
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]
  
Line 88: Line 126:
 
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
 
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
 
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
 
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
 +
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
 +
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
 +
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
 +
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
 +
* [[Armed_Attack_in_Cyberspace | Todd]]
 
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]
 
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]
 +
 +
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 +
 +
===Communications Privacy Law===
 +
Laws which regulate access to electronic communications.  In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.
 +
 +
References:
 +
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
 +
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
 +
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]
 +
* [[Cyber_Power | Nye]]
 +
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 110: Line 165:
 
* [[The_Economics_of_Information_Security | Anderson and Moore]]
 
* [[The_Economics_of_Information_Security | Anderson and Moore]]
 
* [[Cyber_War | Clarke]]
 
* [[Cyber_War | Clarke]]
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]  
+
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
 +
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
 +
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
 +
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
 +
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
 
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
 
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
 
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
 
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
 
 
* [[Information_Security | GAO]]
 
* [[Information_Security | GAO]]
 
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
 
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
 +
* [[Cyber_Operations | Korns]]
 +
* [[Cyberpower and National Security | Kramer et. al]]
 +
* [[McAfee Threats Report | McAfee]]
 +
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
 +
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
 +
* [[Trust in Cyberspace | National Research Council]]
 +
* [[Federal Plan for Cyber Security and Information Assurance Research and Development | National Science & Tech. Council]]
 +
* [[Critical_Foundations | PCCIP]]
 +
* [[The Cyber War Threat Has Been Grossly Exaggerated | Rotenberg et. al]]
 +
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
 
* [[Beyond_Fear | Schneier]]
 
* [[Beyond_Fear | Schneier]]
 +
* [[2010 Data Breach Investigations Report | Verizon]]
 
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]
 
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]
 
+
* [[The Comprehensive National Cybersecurity Initiative | White House]]
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
+
 
+
===Communications Privacy Law===
+
Laws which regulate access to electronic communications.  In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.
+
 
+
References:
+
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]
+
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
+
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]
+
* [[Cyber_Power | Nye]]
+
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
+
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 139: Line 197:
 
* [[A Roadmap for Cybersecurity Research | DHS]]
 
* [[A Roadmap for Cybersecurity Research | DHS]]
 
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
 
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
 +
* [[Cyberpower and National Security | Kramer et. al]]
 +
* [[Trust in Cyberspace | National Research Council]]
 +
* [[Cyber Security: A Crisis of Prioritization | PITAC]]
 +
* [[2010 Data Breach Investigations Report | Verizon]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 157: Line 219:
 
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
 
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]
 
* [[The_Underground_Economy | Thomas and Martin]]
 
* [[The_Underground_Economy | Thomas and Martin]]
 +
* [[Insider_Threat_Study | U.S. Secret Service]]
 
* [[Beyond_Fear | Schneier]]
 
* [[Beyond_Fear | Schneier]]
 
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]
 
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]
Line 172: Line 235:
 
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
 
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]
 
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
 
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
 +
* [[Symantec Global Internet Security Threat Report | Symantec]]
 
* [[Economics_of_Malware | van Eeten and Bauer]]
 
* [[Economics_of_Malware | van Eeten and Bauer]]
  
Line 182: Line 246:
 
* [[Security_Engineering | Anderson]]
 
* [[Security_Engineering | Anderson]]
 
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
 
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
 +
*[[Cyber-Insurance_Revisited | Bohme]]
 +
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
 
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
 
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
 
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
 
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
 +
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
 
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
 
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
 +
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
 +
* [[2010 Top Cyber Security Risks Report | HP TippingPoint DVLabs]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 +
* [[Cyber_Operations | Korns]]
 +
* [[Cyberpower and National Security | Kramer et. al]]
 +
* [[McAfee Threats Report | McAfee]]
 
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
 
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
 
* [[The_Economics_of_Online_Crime | Moore et. al.]]
 
* [[The_Economics_of_Online_Crime | Moore et. al.]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
+
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
 +
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]  
 +
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
 +
* [[Symantec Global Internet Security Threat Report | Symantec]]
 +
* [[Trend Micro Annual Report | Trend Micro]]
 +
* [[Insider_Threat_Study | U.S. Secret Service]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 210: Line 287:
 
* [[Security_Engineering | Anderson]]
 
* [[Security_Engineering | Anderson]]
 
* [[The_Economics_of_Information_Security | Anderson and Moore]]
 
* [[The_Economics_of_Information_Security | Anderson and Moore]]
 +
*[[Cyber-Insurance_Revisited | Bohme]]
 
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]
 
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]
 
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]
 
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]
Line 215: Line 293:
 
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
 
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 +
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
 +
* [[Trust in Cyberspace | National Research Council]]
 
* [[Is_Cybersecurity_a_Public_Good | Powell]]
 
* [[Is_Cybersecurity_a_Public_Good | Powell]]
 
* [[Beyond_Fear | Schneier]]
 
* [[Beyond_Fear | Schneier]]
 
* [[Economics_of_Malware | van Eeten and Bauer]]
 
* [[Economics_of_Malware | van Eeten and Bauer]]
* [[System_Reliability_and_Free_Riding | Varian]]
+
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 227: Line 307:
 
References:
 
References:
 
* [[Security_Engineering | Anderson]]
 
* [[Security_Engineering | Anderson]]
 +
*[[Cyber-Insurance_Revisited | Bohme]]
 
* [[Economics_of_Information_Security | Camp and Wolfram]]
 
* [[Economics_of_Information_Security | Camp and Wolfram]]
 +
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
 
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
 
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
 
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
 
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]
 +
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
 +
* [[Trust in Cyberspace | National Research Council]]
 +
* [[Cyber Security: A Crisis of Prioritization | PITAC]]
 
* [[Is_Cybersecurity_a_Public_Good | Powell]]
 
* [[Is_Cybersecurity_a_Public_Good | Powell]]
 
* [[Beyond_Fear | Schneier]]
 
* [[Beyond_Fear | Schneier]]
* [[System_Reliability_and_Free_Riding | Varian]]
+
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 247: Line 332:
 
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
 
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
 
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
 
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
 +
* [[Cyber_Operations | Korns]]
 +
* [[Cyberpower and National Security | Kramer et. al]]
 +
* [[Critical_Foundations | PCCIP]]
 
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
 
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
 +
* [[The Cyber War Threat Has Been Grossly Exaggerated | Rotenberg et. al]]
 
* [[Beyond_Fear | Schneier]]
 
* [[Beyond_Fear | Schneier]]
 
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]
 
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]
 
* [[Cyber_Terrorism | Stohl]]
 
* [[Cyber_Terrorism | Stohl]]
 +
* [[The Comprehensive National Cybersecurity Initiative | White House]], [[The National Strategy to Secure Cyberspace | [2]]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 259: Line 349:
 
References:
 
References:
 
* [[Security_Engineering | Anderson]]
 
* [[Security_Engineering | Anderson]]
 +
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
 
* [[Cyber_War | Clarke]]
 
* [[Cyber_War | Clarke]]
 
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]
 
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]
 
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
 
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
 
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
 
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
 +
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
 +
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
 +
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
 +
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
 +
* [[Cyberpower and National Security | Kramer et. al]]
 
* [[Global_Cyber_Deterrence | Lan]]
 
* [[Global_Cyber_Deterrence | Lan]]
 +
* [[Critical_Foundations | PCCIP]]
 +
* [[The Cyber War Threat Has Been Grossly Exaggerated | Rotenberg et. al]]
 +
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
 
* [[Estonia_Three_Years_Later | Shackelford]]
 
* [[Estonia_Three_Years_Later | Shackelford]]
 +
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
 
* [[Armed_Attack_in_Cyberspace | Todd]]
 
* [[Armed_Attack_in_Cyberspace | Todd]]
 
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]
 
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]
 +
* [[The Comprehensive National Cybersecurity Initiative | White House]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 288: Line 389:
 
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
 
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
 
* [[Information_Security | GAO]]
 
* [[Information_Security | GAO]]
 +
* [[Cyber_Operations | Korns]]
 +
* [[Cyberpower and National Security | Kramer et. al]]
 
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
 
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
 +
* [[Cyber Security: A Crisis of Prioritization | PITAC]]
 +
* [[The Cyber War Threat Has Been Grossly Exaggerated | Rotenberg et. al]]
 
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]]  
 
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]]  
 
+
* [[The Comprehensive National Cybersecurity Initiative | White House]], [[The National Strategy to Secure Cyberspace | [2]]]
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
+
 
+
===Digital Pearl Harbor===
+
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor.  The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.
+
 
+
References:
+
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
+
* [[Cyber_Terrorism | Stohl]]
+
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 307: Line 404:
 
References:
 
References:
 
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
 
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]
+
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
 +
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
 
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
 
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
 
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
 
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
 +
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
 +
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]
 +
* [[2010 Top Cyber Security Risks Report | HP TippingPoint DVLabs]]
 +
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
 +
* [[National Cyber Leap Year Summit 2009, Co-Chairs' Report | NITRD]]
 
* [[Is_Cybersecurity_a_Public_Good | Powell]]
 
* [[Is_Cybersecurity_a_Public_Good | Powell]]
 +
* [[The Cyber War Threat Has Been Grossly Exaggerated | Rotenberg et. al]]
 +
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
 +
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
 +
* [[The National Strategy to Secure Cyberspace | White House]]
 +
 +
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 +
 +
===Digital Pearl Harbor===
 +
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor.  The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.
 +
 +
AKA: Electronic Pearl Harbor; Cyber Pearl harbor
 +
 +
References:
 +
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
 +
* [[Cyberpower and National Security | Kramer et. al]]
 +
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
 +
* [[The Cyber War Threat Has Been Grossly Exaggerated | Rotenberg et. al]]
 +
* [[Cyber_Terrorism | Stohl]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 320: Line 441:
 
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
 
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
 
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
 
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
 +
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
 +
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
 
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
 
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
Line 330: Line 453:
 
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
 
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
 
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
 
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
 +
* [[Insider_Threat_Study | U.S. Secret Service]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 359: Line 483:
 
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
 
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
 
* [[Introduction_to_Country_Reports | ENISA]]
 
* [[Introduction_to_Country_Reports | ENISA]]
 +
 +
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 +
 +
===Generativity===
 +
Generativity is a system’s capacity to produce unanticipated change through unfiltered contributions from broad and varied audiences.
 +
 +
References:
 +
 +
*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 368: Line 501:
  
 
References:
 
References:
 +
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
 +
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
 +
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
 +
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
 
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]
 
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
 
===Generativity===
 
Generativity is a system’s capacity to produce unanticipated change through unfiltered contributions from broad and varied audiences.
 
 
References:
 
 
*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]
 
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 391: Line 519:
 
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
 
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
 
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
 
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
 +
* [[Cyber_Operations | Korns]]
 +
* [[McAfee Threats Report | McAfee]]
 +
* [[Federal Plan for Cyber Security and Information Assurance Research and Development | National Science & Tech. Council]]
 
* [[Beyond_Fear | Schneier]]
 
* [[Beyond_Fear | Schneier]]
 
* [[The_Underground_Economy | Thomas and Martin]]
 
* [[The_Underground_Economy | Thomas and Martin]]
 +
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
 +
* [[Cyber_Terrorism | Stohl]]
 
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
 
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
 +
* [[Symantec Global Internet Security Threat Report | Symantec]]
 
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
 
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
 +
* [[2010 Data Breach Investigations Report | Verizon]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 403: Line 538:
 
References:
 
References:
 
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
 
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]
 +
* [[Cyberpower and National Security | Kramer et. al]]
 
* [[Cyber_Terrorism | Stohl]]
 
* [[Cyber_Terrorism | Stohl]]
  
Line 414: Line 550:
 
References:
 
References:
 
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
 
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
 +
* [[McAfee Threats Report | McAfee]]
 +
* [[Cyber_Power | Nye]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 423: Line 561:
 
* [[Security_Engineering | Anderson]]
 
* [[Security_Engineering | Anderson]]
 
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
 
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
 +
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
 
* [[A Roadmap for Cybersecurity Research | DHS]]
 
* [[A Roadmap for Cybersecurity Research | DHS]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 +
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
 
* [[Beyond_Fear | Schneier]]
 
* [[Beyond_Fear | Schneier]]
 +
* [[Symantec Global Internet Security Threat Report | Symantec]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 440: Line 581:
 
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
 
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
 
* [[The_Economics_of_Online_Crime | Moore et. al.]]
 
* [[The_Economics_of_Online_Crime | Moore et. al.]]
 +
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
 
* [[The_Underground_Economy | Thomas and Martin]]
 
* [[The_Underground_Economy | Thomas and Martin]]
 
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
 
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
Line 459: Line 601:
 
* [[Economics_of_Information_Security | Camp and Wolfram]]
 
* [[Economics_of_Information_Security | Camp and Wolfram]]
 
* [[Cyber_War | Clarke]]
 
* [[Cyber_War | Clarke]]
 +
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
 +
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
 
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
 
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 +
* [[Cyber_Operations | Korns]]
 +
* [[Federal Plan for Cyber Security and Information Assurance Research and Development | National Science & Tech. Council]]
 
* [[Is_Cybersecurity_a_Public_Good | Powell]]
 
* [[Is_Cybersecurity_a_Public_Good | Powell]]
 +
* [[Wired_Warfare | Schmitt]]
 
* [[Schneier on Security | Schneier]]  
 
* [[Schneier on Security | Schneier]]  
 +
* [[Armed_Attack_in_Cyberspace | Todd]]
 
* [[System_Reliability_and_Free_Riding | Varian]]
 
* [[System_Reliability_and_Free_Riding | Varian]]
  
Line 475: Line 623:
 
* [[Law_and_War_in_the_Virtual_Era | Beard]]
 
* [[Law_and_War_in_the_Virtual_Era | Beard]]
 
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
 
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
 +
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
 
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
 
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
 +
* [[Cyber_Operations | Korns]]
 +
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
 +
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
 
* [[Cyber_Power | Nye]]
 
* [[Cyber_Power | Nye]]
 
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
 
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
 +
* [[The Cyber War Threat Has Been Grossly Exaggerated | Rotenberg et. al]]
 
* [[Beyond_Fear | Schneier]]
 
* [[Beyond_Fear | Schneier]]
 +
 +
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 +
 +
===Information Operations===
 +
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.
 +
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]
 +
 +
References:
 +
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
 +
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 490: Line 653:
 
* [[The_Economics_of_Information_Security | Anderson and Moore]]
 
* [[The_Economics_of_Information_Security | Anderson and Moore]]
 
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
 
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
 +
* [[Cyber-Insurance_Revisited | Bohme]]
 +
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
 +
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
 +
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
 +
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
 
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
 
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
 +
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
 +
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
 +
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
 +
* [[Trust in Cyberspace | National Research Council]]
 +
* [[National Cyber Leap Year Summit 2009, Co-Chairs' Report | NITRD]]
 
* [[Cybersecurity_and_Economic_Incentives | OECD]]
 
* [[Cybersecurity_and_Economic_Incentives | OECD]]
 +
* [[Critical_Foundations | PCCIP]]
 
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
 
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]
 
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
 
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
 +
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]]
 
* [[Beyond_Fear | Schneier]]
 
* [[Beyond_Fear | Schneier]]
 
* [[Economics_of_Malware | van Eeten and Bauer]]
 
* [[Economics_of_Malware | van Eeten and Bauer]]
Line 506: Line 681:
 
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
 
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
 
* [[Law_and_War_in_the_Virtual_Era | Beard]]
 
* [[Law_and_War_in_the_Virtual_Era | Beard]]
 +
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
 +
* [[Armed_Attack_in_Cyberspace | Todd]]
 +
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
 +
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
 
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]
 
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]
  
Line 526: Line 705:
 
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
 
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 +
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
 +
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
 +
* [[National Cyber Leap Year Summit 2009, Co-Chairs' Report | NITRD]]
 
* [[The_Market_Consequences_of_Cybersecurity | OECD]]
 
* [[The_Market_Consequences_of_Cybersecurity | OECD]]
 
* [[Economics_of_Malware | van Eeten and Bauer]]
 
* [[Economics_of_Malware | van Eeten and Bauer]]
Line 544: Line 726:
 
=== Kinetic Attack===
 
=== Kinetic Attack===
 
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure.  Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.
 
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure.  Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.
 +
 +
References:
 +
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
 +
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
 +
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]
 +
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
 +
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 551: Line 740:
  
 
References:
 
References:
* [[Law_and_War_in_the_Virtual_Era | Beard]]
 
 
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
 
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
*[[Wired_Warfare | Schmitt]]
+
* [[Law_and_War_in_the_Virtual_Era | Beard]]
 +
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
 +
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
 +
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
 +
* [[Armed_Attack_in_Cyberspace | Todd]]
 +
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]  
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 561: Line 754:
  
 
References:
 
References:
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
+
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
 
* [[Law_and_War_in_the_Virtual_Era | Beard]]
 
* [[Law_and_War_in_the_Virtual_Era | Beard]]
 +
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
 +
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
 +
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]
 +
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
 
* [[Cyber-Apocalypse_Now | Gable]]
 
* [[Cyber-Apocalypse_Now | Gable]]
 +
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
 +
* [[Cyberpower and National Security | Kramer et. al]]
 
* [[Cyber_Power | Nye]]
 
* [[Cyber_Power | Nye]]
*[[Wired_Warfare | Schmitt]]
+
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]]
 +
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
 +
* [[Armed_Attack_in_Cyberspace | Todd]]
 
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]
 
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]
  
Line 575: Line 776:
 
References:
 
References:
 
* [[Security_Engineering | Anderson]]
 
* [[Security_Engineering | Anderson]]
 +
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]
 +
* [[2007_Malware_Report | Computer Economics]]
 +
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
 
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
 
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
 
* [[A Roadmap for Cybersecurity Research | DHS]]
 
* [[A Roadmap for Cybersecurity Research | DHS]]
 
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
 
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
* [[2007_Malware_Report | Computer Economics]]
 
 
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
 
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
 +
* [[2010 Top Cyber Security Risks Report | HP TippingPoint DVLabs]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 +
* [[Cyber_Operations | Korns]]
 +
* [[McAfee Threats Report | McAfee]]
 +
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
 +
* [[Federal Plan for Cyber Security and Information Assurance Research and Development | National Science & Tech. Council]]
 +
* [[National Cyber Leap Year Summit 2009, Co-Chairs' Report | NITRD]]
 +
* [[The Cyber War Threat Has Been Grossly Exaggerated | Rotenberg et. al]]
 
* [[Beyond_Fear | Schneier]]
 
* [[Beyond_Fear | Schneier]]
 +
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
 +
* [[Symantec Global Internet Security Threat Report | Symantec]]
 
* [[The_Underground_Economy | Thomas and Martin]]
 
* [[The_Underground_Economy | Thomas and Martin]]
 +
* [[Trend Micro Annual Report | Trend Micro]]
 
* [[Economics_of_Malware | van Eeten and Bauer]]
 
* [[Economics_of_Malware | van Eeten and Bauer]]
 +
* [[2010 Data Breach Investigations Report | Verizon]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 591: Line 805:
  
 
References:
 
References:
 +
* [[Cyberpower and National Security | Kramer et. al]]
 
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]
 
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]
 
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
 
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
 
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
 
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]
 +
* [[Critical_Foundations | PCCIP]]
 +
* [[The National Strategy to Secure Cyberspace | White House]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 604: Line 821:
 
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
 
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
 
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
 
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]
 +
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
 
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
 
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]
 +
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]
 
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
 
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]
 +
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]
 +
* [[Cyber_Operations | Korns]]
 +
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
 
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
 
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]  
+
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]]
 +
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]
 +
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
 +
* [[Armed_Attack_in_Cyberspace | Todd]]
 
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
 
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
 +
* [[The Comprehensive National Cybersecurity Initiative | White House]], [[The National Strategy to Secure Cyberspace | [2]]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 +
 +
===New Normalcy===
 +
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. ["Cyber Operations - The New Balance," Stephen W. Korns]
  
 
===Notice and Take-down===
 
===Notice and Take-down===
Line 631: Line 860:
 
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
 
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]
 
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
 
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]
 +
* [[Cyberpower and National Security | Kramer et. al]]
 
* [[The_Economics_of_Online_Crime | Moore et. al.]]
 
* [[The_Economics_of_Online_Crime | Moore et. al.]]
 +
* [[Federal Plan for Cyber Security and Information Assurance Research and Development | National Science & Tech. Council]]
 +
* [[2010 Data Breach Investigations Report | Verizon]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 650: Line 882:
 
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
 
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]
 
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]
 
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]
 +
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
 
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
 
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]
  
Line 660: Line 893:
 
* [[Security_Engineering | Anderson]]
 
* [[Security_Engineering | Anderson]]
 
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
 
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]
 +
* [[2010 Data Breach Investigations Report | Verizon]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 669: Line 903:
 
* [[Security_Engineering | Anderson]]
 
* [[Security_Engineering | Anderson]]
 
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
 
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]
 +
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
 +
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
 +
* [[2010 Top Cyber Security Risks Report | HP TippingPoint DVLabs]]
 +
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 +
* [[National Cyber Leap Year Summit 2009, Co-Chairs' Report | NITRD]]
 +
* [[Cyber Security: A Crisis of Prioritization | PITAC]]
 +
* [[Symantec Global Internet Security Threat Report | Symantec]]
 +
* [[Trend Micro Annual Report | Trend Micro]]
 +
* [[2010 Data Breach Investigations Report | Verizon]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 679: Line 922:
 
* [[Security_Engineering | Anderson]]
 
* [[Security_Engineering | Anderson]]
 
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
 
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]
 +
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
 +
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]],
 
* [[2007_Malware_Report | Computer Economics]]
 
* [[2007_Malware_Report | Computer Economics]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 +
* [[McAfee Threats Report | McAfee]]
 
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
 
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]
 
* [[The_Economics_of_Online_Crime | Moore et. al.]]
 
* [[The_Economics_of_Online_Crime | Moore et. al.]]
 +
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
 
* [[Schneier on Security | Schneier]]  
 
* [[Schneier on Security | Schneier]]  
 +
* [[Symantec Global Internet Security Threat Report | Symantec]]
 +
* [[Trend Micro Annual Report | Trend Micro]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 699: Line 948:
  
 
===Red Team===
 
===Red Team===
Any set of activities that deal with an unannounced assessment of security and readiness by an unfamiliar (to the target) team of operators with no awareness or support from the assessed target. The function of individuals engaged in this activity is to provide a unique understanding from a threat actor's point of view in a less contrived circumstance than through exercises, role playing, or announced assessments. Red Team activities may involve interactions that trigger active controls and countermeasures in effect within a given operational environment. See [http://en.wikipedia.org/wiki/Red_Team Wikipedia]
+
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]
  
 
References:
 
References:
 
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]
 
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]
 +
* [[Federal Plan for Cyber Security and Information Assurance Research and Development | National Science & Tech. Council]]
 +
 +
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 +
 +
===Research & Development===
 +
Research and development (R&D) addressing cyber security and information infrastructure protection.
 +
 +
References:
 +
* [[Pricing_Security | Camp and Wolfram]]
 +
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
 +
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
 +
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
 +
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
 +
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]
 +
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]
 +
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
 +
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
 +
* [[Federal Plan for Cyber Security and Information Assurance Research and Development | National Science & Tech. Council]]
 +
* [[National Cyber Leap Year Summit 2009, Co-Chairs' Report | NITRD]]
 +
* [[Critical_Foundations | PCCIP]]
 +
* [[Cyber Security: A Crisis of Prioritization | PITAC]]
 +
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 710: Line 981:
  
 
References:
 
References:
 +
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
 +
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
 +
* [[Cyber-Insurance_Metrics_and_Impact_on_Cyber-Security | Clinton]]
 
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
 
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
 
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
 
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]
 
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
 
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 +
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
 
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]
 
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]
 +
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
 
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
 
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
 
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
 
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
 
* [[Beyond_Fear | Schneier]]
 
* [[Beyond_Fear | Schneier]]
 
+
* [[Managing_Online_Security_Risks | Varian]]
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
+
 
+
===Research & Development===
+
Research and development (R&D) addressing cyber security and information infrastructure protection.
+
 
+
References:
+
* [[Pricing_Security | Camp and Wolfram]]
+
* [[Toward_a_Safer_and_More_Secure_Cyberspace | Commission on Improving Cybersecurity Research in the U. S.]]
+
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
+
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
+
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]
+
* [[Hard_Problem_List | INFOSEC Research Council]]
+
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]
+
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]
+
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
+
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 741: Line 1,002:
  
 
References:
 
References:
 +
* [[Towards_a_Cyberspace_Legal_Regime_in_the_Twenty-First_Century | Dunlap]]
 +
* [[Cyberpower and National Security | Kramer et. al]]
 +
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
 +
* [[Federal Plan for Cyber Security and Information Assurance Research and Development | National Science & Tech. Council]]
 
* [[Cyber_Power | Nye]]
 
* [[Cyber_Power | Nye]]
 +
* [[Critical_Foundations | PCCIP]]
 +
* [[Cyber Security: A Crisis of Prioritization | PITAC]]
 
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
 
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]
 
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
 
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]
 +
* [[The National Strategy to Secure Cyberspace | White House]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 750: Line 1,018:
 
Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.
 
Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.
  
*[[2007_Malware_Report | Computer Economics]]
+
* [[2007_Malware_Report | Computer Economics]]
*[[The_Economics_of_Online_Crime | Moore et. al.]]
+
* [[McAfee Threats Report | McAfee]]
 +
* [[The_Economics_of_Online_Crime | Moore et. al.]]
 +
* [[Symantec Global Internet Security Threat Report | Symantec]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 765: Line 1,035:
 
References:
 
References:
  
 +
*[[Cyber-Insurance_Revisited | Bohme]]
 +
* [[Cyber_Operations | Korns]]
 
* [[Beyond_Fear | Schneier]]
 
* [[Beyond_Fear | Schneier]]
  
Line 790: Line 1,062:
 
* [[Cyber_Power | Nye]]
 
* [[Cyber_Power | Nye]]
 
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]
 
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]
 +
* [[Symantec Global Internet Security Threat Report | Symantec]]
 +
* [[Trend Micro Annual Report | Trend Micro]]
 +
* [[2010 Data Breach Investigations Report | Verizon]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 805: Line 1,080:
 
* [[Security_Engineering | Anderson]]
 
* [[Security_Engineering | Anderson]]
 
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]
 
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]
 +
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]
 
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]
 
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]
 +
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
 
* [[The Price of Restricting Vulnerability Publications | Granick]]
 
* [[The Price of Restricting Vulnerability Publications | Granick]]
 +
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]
 +
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
 +
* [[National Cyber Leap Year Summit 2009, Co-Chairs' Report | NITRD]]
 +
* [[Cyber Security: A Crisis of Prioritization | PITAC]]
 +
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]
 
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
 
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]
 
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
 
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]
 +
* [[Insider_Threat_Study | U.S. Secret Service]]
 
* [[Economics_of_Malware | van Eeten and Bauer]]
 
* [[Economics_of_Malware | van Eeten and Bauer]]
 +
* [[2010 Data Breach Investigations Report | Verizon]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 818: Line 1,102:
 
References:  
 
References:  
 
* [[Security_Engineering | Anderson]]
 
* [[Security_Engineering | Anderson]]
 +
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
 +
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
 +
* [[2010 Top Cyber Security Risks Report | HP TippingPoint DVLabs]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 +
* [[McAfee Threats Report | McAfee]]
 
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
 
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]
 
* [[The_Economics_of_Online_Crime | Moore et. al.]]
 
* [[The_Economics_of_Online_Crime | Moore et. al.]]
 +
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
 
* [[Schneier on Security | Schneier]]  
 
* [[Schneier on Security | Schneier]]  
 +
* [[Symantec Global Internet Security Threat Report | Symantec]]
 
* [[The_Underground_Economy | Thomas and Martin]]
 
* [[The_Underground_Economy | Thomas and Martin]]
 +
* [[Trend Micro Annual Report | Trend Micro]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 832: Line 1,123:
 
* [[The_Government_and_Cybersecurity | Bellovin]]
 
* [[The_Government_and_Cybersecurity | Bellovin]]
 
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
 
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
 +
* [[Cyber_Operations | Korns]]
 +
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
 
* [[Beyond_Fear | Schneier]]
 
* [[Beyond_Fear | Schneier]]
  
Line 845: Line 1,138:
 
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
 
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 +
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]
 +
* [[Armed_Attack_in_Cyberspace | Todd]]
 +
* [[The Cyber War Threat Has Been Grossly Exaggerated | Rotenberg et. al]]
 +
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
 +
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
 
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]
 
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]
  
Line 865: Line 1,163:
 
References:
 
References:
 
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
 
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]
+
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]
 
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
 
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]
 +
* [[Cyber_Operations | Korns]]
 
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
 
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]
 
* [[Beyond_Fear | Schneier]]
 
* [[Beyond_Fear | Schneier]]
Line 881: Line 1,180:
 
References:
 
References:
 
* [[Security_Engineering | Anderson]]
 
* [[Security_Engineering | Anderson]]
*[[The_Economics_of_Online_Crime | Moore et. al.]]
+
* [[2010 Top Cyber Security Risks Report | HP TippingPoint DVLabs]]
 +
* [[Cyber_Operations | Korns]]
 +
* [[McAfee Threats Report | McAfee]]
 +
* [[The_Economics_of_Online_Crime | Moore et. al.]]
 
* [[Beyond_Fear | Schneier]]
 
* [[Beyond_Fear | Schneier]]
 +
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
 +
* [[Symantec Global Internet Security Threat Report | Symantec]]
 +
* [[Trend Micro Annual Report | Trend Micro]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 892: Line 1,197:
 
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
 
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]
 
* [[Law_and_War_in_the_Virtual_Era | Beard]]
 
* [[Law_and_War_in_the_Virtual_Era | Beard]]
 +
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]
 
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]
 
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]
* [[Wired_Warfare | Schmitt]]
+
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]
 +
* [[Critical_Foundations | PCCIP]]
 +
* [[Armed_Attack_in_Cyberspace | Todd]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 920: Line 1,228:
 
References:
 
References:
 
* [[Security_Engineering | Anderson]]
 
* [[Security_Engineering | Anderson]]
 +
* [[Symantec Global Internet Security Threat Report | Symantec]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
Line 928: Line 1,237:
 
References:
 
References:
 
* [[Security_Engineering | Anderson]]
 
* [[Security_Engineering | Anderson]]
 +
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]
 +
* [[Modeling_Cyber-Insurance | Bohme and Schwartz]]
 
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
 
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
 +
* [[2010 Top Cyber Security Risks Report | HP TippingPoint DVLabs]]
 +
* [[Cyber_Operations | Korns]]
 +
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]
 +
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]
 +
* [[National Cyber Leap Year Summit 2009, Co-Chairs' Report | NITRD]]
 
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]  
 
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]  
 +
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]
 +
* [[Symantec Global Internet Security Threat Report | Symantec]]
 +
* [[Trend Micro Annual Report | Trend Micro]]
 
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]
 
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]
  
Line 942: Line 1,261:
 
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
 
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]
 
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
 
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]
 +
* [[2010 Top Cyber Security Risks Report | HP TippingPoint DVLabs]]
 +
* [[McAfee Threats Report | McAfee]]
 +
* [[Symantec Global Internet Security Threat Report | Symantec]]
 +
* [[Trend Micro Annual Report | Trend Micro]]
  
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''
 
''[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]''

Latest revision as of 14:43, 7 August 2012

This page is outdated. The keywords function has been deprecated in recent updates of the wiki. If you choose use this index, be advised that it only contains articles that have been uploaded prior to September 2011. For a comprehensive list of article categories please consult the Table of Contents.


Contents

Keyword Index and Glossary of Core Ideas

Air-Gapped Network

Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.

See also: Sneakernet

Jump to top of Glossary

Antivirus

Software which attempts to identify and delete or isolate malware. Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware. Usually run as a background service to scan files and email copied to the protected system.

References:

Jump to top of Glossary

Best Practices

The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization's performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. GAO Glossary

Black Hat

A black hat is a computer hacker who works to harm others (e.g., steal identities, spread computer viruses, install bot software).

See also: White Hat

References:

Jump to top of Glossary

Blacklist

A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.

See also: Whitelist

References:

Jump to top of Glossary

Botnet

A portmanteau of "robot" and "network." Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors. A single infected computer may be referred to as a zombie computer. The owners of the computer remotely controlled is often unaware of the infection. The owners of a botnet may use the combined network processing power and bandwidth to send SPAM, install malware and mount DDoS attacks or may rent out the botnet to other malicious actors.

References:

Jump to top of Glossary

Casus Belli

The justification for going to war. From the Latin "casus" meaning "incident" or "event" and "belli" meaning "of war."

References:

Jump to top of Glossary

Civilian Participation

The involvement of non-military persons in warfare. While civilians have often provided support to the military in kinetic wars, in cyber warfare civilians are able to remotely participate in direct attacks against opponents. This raises complicated questions of law when the combatants are not uniformed military personnel.

References:

Jump to top of Glossary

Combatant Status

The legal status of combatants in warfare. Existing law distinguishes between uniformed military and civilian status.

References:

Jump to top of Glossary

Communications Privacy Law

Laws which regulate access to electronic communications. In the United States, the Electronic Communications Privacy Act (ECPA) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.

References:

Jump to top of Glossary

Computer Emergency Response Team

A group of experts brought together to deal with computer security issues. The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008). CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.

References:

Jump to top of Glossary

Computer Network Attack

Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)

References:

Jump to top of Glossary

COTS Software

Commercial Off The Shelf Software. Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. DoD at 18.

References:

Jump to top of Glossary

Credit Card Fraud

Theft of goods or services using false or stolen credit card information.

See Also: Shoulder Surfing

References:

Jump to top of Glossary

Crimeware

Software tools designed to aid criminals in perpetrating online crime. Refers only to programs not generally considered desirable or usable for ordinary tasks. Thus, while a criminal may use Internet Explorer in the commission of a cybercrime, the Internet Explorer application itself would not be considered crimeware.

References:

Jump to top of Glossary

Cyber Crime

In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer. Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. Symantec

References:

Jump to top of Glossary

Cyber Security as an Externality

Economists define externalities as instances where an individual or firm’s actions have economic consequences for others for which there is no compensation. One important distinction is between positive and negative externalities. Instances of the latter are most commonly discussed, such as the environmental pollution caused by a plant, which may have impacts on the value of neighboring homes. Important examples of positive externalities are so common in communications networks that there is a class of "network externalities. For instance, the simple act of installing telephone service to one additional customer creates positive externalities on everyone on the telephone network because they can now each reach one additional person. Several attributes of computer security suggest that it is an externality. Most importantly, the lack of security on one machine can cause adverse effects on another. The most obvious example of this is from electronic commerce, where credit card numbers stolen from machines lacking security are used to commit fraud at other sites.

References:

Jump to top of Glossary

Cyber Security as a Public Good

In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.

References:

Jump to top of Glossary

Cyber Terrorism

A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. FBI

References:

Jump to top of Glossary

Cyber Warfare

Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. Clarke

References:

Jump to top of Glossary

Data Mining

The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.

References:

Jump to top of Glossary

Department of Homeland Security

Cabinet level department of the United States assigned, inter alia, the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.

References:

Jump to top of Glossary

DDoS Attack

The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests. Often mounted by directing an army of zombie computers (see botnet) to connect to the targeted site simultaneously. The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests.

References:

Jump to top of Glossary

Digital Pearl Harbor

A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor. The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.

AKA: Electronic Pearl Harbor; Cyber Pearl harbor

References:

Jump to top of Glossary

Disclosure Policy

A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products.

References:

Jump to top of Glossary

Distributed Denial of Service (DDoS)

See: DDoS Attack

Jump to top of Glossary

Dumpster Diving

A method of obtaining proprietary, confidential or useful information by searching through trash discarded by a target.

Jump to top of Glossary

Einstein

The operational name of the National Cybersecurity Protection System (NCPS). Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.

References:

Jump to top of Glossary

E.U. Cybersecurity

Discussions relating to cybersecurity of the European Union and of European Union states.

References:

Jump to top of Glossary

Generativity

Generativity is a system’s capacity to produce unanticipated change through unfiltered contributions from broad and varied audiences.

References:

Jump to top of Glossary

Geneva Conventions

Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.

See also: Laws of War

References:

Jump to top of Glossary

Hacker

Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. DCSINT

References:

Jump to top of Glossary

Hacktivism

The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. Samuel, A.

References:

Jump to top of Glossary

Hacktivist

A portmanteau of "hacker" and "activist." Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.

See also: Hacktivism

References:

Jump to top of Glossary

Honeypot

A computer, network or other information technology resource set as a trap to attract attacks. Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers. A honeypot system may also be used to collect SPAM so it can be added to a blacklist.

References:

Jump to top of Glossary

Identity Fraud/Theft

The exploitation by malevolent third parties of unwarranted access to clients' or consumers' identities. Often the result of lax data security or privacy measures.

References:

Jump to top of Glossary

Information Asymmetries

Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.

The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.

References:

Jump to top of Glossary

Intelligence Infrastructure/Information Infrastructure

The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. Council on Foreign Relations

References:

Jump to top of Glossary

Information Operations

Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare. Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]

References:

Jump to top of Glossary

Interdependencies

The inter-connections between supposedly independent but often interdependent systems.

See also: SCADA Systems

References:

Jump to top of Glossary

International Humanitarian Law

That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict. International law is the body of rules governing relations between States. It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles. ICRC

References:

Jump to top of Glossary

Internet Relay Chat (IRC)

A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information. IRC chatrooms may be open or private.

References:

Jump to top of Glossary

Internet Service Providers

A company that offers access to the Internet. Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.

References:

Jump to top of Glossary

Keylogger

Software or hardware that monitors and logs the keystrokes a user types into a computer. The keylogger may store the key sequences locally for later retrieval or send them to a remote location. A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.

References:

Jump to top of Glossary

Kinetic Attack

Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent's infrastructure. Usually used to distinguish a cyber attack in which destruction of the opponent's resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.

References:

Jump to top of Glossary

Lawfare

The use of international law to damage an opponent in a war without use of arms.

References:

Jump to top of Glossary

Laws of War

The body of law that define the legality of using armed force to resolve a conflict (jus ad bellum) and the laws that define the legality of the actual hostilities and related activities (jus in bello).

References:

Jump to top of Glossary

Malware

A variety of computer software designed to infiltrate a user's computer specifically for malicious purposes. Includes, inter alia, computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.

References:

Jump to top of Glossary

National Cybersecurity Strategy (U.S.)

A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch's Comprehensive National Cybersecurity Initiative. The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.

References:

Jump to top of Glossary

National Security

Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. Wikipedia

References:

Jump to top of Glossary

New Normalcy

New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. ["Cyber Operations - The New Balance," Stephen W. Korns]

Notice and Take-down

Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider's (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.

References:

Jump to top of Glossary

Organized Crime

Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole. FBI

References:

Jump to top of Glossary

Outreach and Collaboration

Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. CRS Report for Congress, at 6 (2009).

References:

Jump to top of Glossary

Password Weakness

Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.

References:

Jump to top of Glossary

Patching

Patching refers to the installation of a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. Wikipedia

References:

Jump to top of Glossary

Phishing

The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

References:

Jump to top of Glossary

Privacy Law

Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional. Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.

References:

Jump to top of Glossary

Red Team

A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See U.S. Army

References:

Jump to top of Glossary

Research & Development

Research and development (R&D) addressing cyber security and information infrastructure protection.

References:

Jump to top of Glossary

Risk Modeling

The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See Soo Hoo, Kevin J.

References:

Jump to top of Glossary

SCADA Systems

SCADA stands for "supervisory control and data acquisition" and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems. The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.

References:

Jump to top of Glossary

Scareware

Software or web site that purports to be security software reporting a threat against a user's computer to convince the user to purchase unneeded software or install malware.

Jump to top of Glossary

Script Kiddie

A derogatory term for a Black Hat who uses canned tools and programs written by more skillful hackers to commit cyber crime without understanding how they work.

Jump to top of Glossary

Security Trade-Offs

There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. Bruce Schneier

References:

Jump to top of Glossary

Shoulder Surfing

The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.

References:

Jump to top of Glossary

Sneakernet

Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another. Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.

See also: Air-Gapped Network

Social Engineering

Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.

References:

Jump to top of Glossary

Social Network

A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.

Jump to top of Glossary

Software Vulnerability

A software vulnerablilty refers to the existence of a flaw -- or "bug" -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. U.S. Air Force Software Protection Initiative

References:

Jump to top of Glossary

SPAM

Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services. Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages. Commonly believed to be named after the Monty Python skit where the breakfast meat Spam overwhelms all other food choices.

References:

Jump to top of Glossary

Computer network attacks commissioned by, supported by or carried out by a state or government.

Reverences:

Jump to top of Glossary

State Affiliation

Under the control or command of a recognized state or government.

References:

Jump to top of Glossary

Tragedy of Commons

A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone's long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.

References:

Jump to top of Glossary

Transparency

A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority. Wikipedia

References:

Jump to top of Glossary

Trojan

Malware which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it. Named for the Ancient Greek legend of the Trojan Horse.

References:

Jump to top of Glossary

Virtual Military Technologies

Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.

References:

Jump to top of Glossary

Virtual Warfare

See: Virtual Military Technologies

Jump to top of Glossary

White Hat

A white hat is a computer hacker who works to find and fix computer security risks. White hat consultants are often hired to attempt to break into their client's network to see if all security holes have been addressed.

See also: Black Hat

References:

Jump to top of Glossary

Whitelist

A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource. Normally combined with a default "no-access" policy.

See also: Blacklist

References:

Jump to top of Glossary

Worm

A type of malware that replicates itself and spreads to other computers through network connections.

References:

Jump to top of Glossary

Zero-Day Exploit

Malware designed to exploit a newly discovered security hole unknown to the software developer. "Zero-day" refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when black hat hackers find out about it and try to use the security hole for nefarious purposes.

References:

Jump to top of Glossary