<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
	<id>https://cyber.harvard.edu/cybersecurity/api.php?action=feedcontributions&amp;feedformat=atom&amp;user=Jalbert</id>
	<title>Cybersecurity Wiki - User contributions [en]</title>
	<link rel="self" type="application/atom+xml" href="https://cyber.harvard.edu/cybersecurity/api.php?action=feedcontributions&amp;feedformat=atom&amp;user=Jalbert"/>
	<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/Special:Contributions/Jalbert"/>
	<updated>2026-07-16T19:58:24Z</updated>
	<subtitle>User contributions</subtitle>
	<generator>MediaWiki 1.43.6</generator>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Law_and_War_in_the_Virtual_Era&amp;diff=6343</id>
		<title>Law and War in the Virtual Era</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Law_and_War_in_the_Virtual_Era&amp;diff=6343"/>
		<updated>2011-01-31T21:03:57Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Lawfare, jus in bello, and violations of humanitarian law */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Law and War in the Virtual Era&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Jack M. Beard, &#039;&#039;Law and War in the Virtual Era&#039;&#039;, 103 Am. J. Int&#039;l. L. 409 (2009).  [http://www.asil.org/ajil/July2009_1selectedpiece.pdf  &#039;&#039;Web&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/Special:Bibliography?f=wikibiblio.bib&amp;amp;title=Special:Bibliography&amp;amp;view=detailed&amp;amp;action=&amp;amp;keyword=Bear_J:2009 BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
&lt;br /&gt;
* Issues: [[Cyberwar]]&lt;br /&gt;
&lt;br /&gt;
* Approaches: [[International Law (including Laws of War)]]&lt;br /&gt;
&lt;br /&gt;
==Key Words==&lt;br /&gt;
&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Intelligence_Infrastructure.2FInformation_Infrastructure | Intelligence Infrastructure/Information Infrastructure]], &lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#International_Humanitarian_Law | International Humanitarian Law]],&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Lawfare | Lawfare]],&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Laws_of_War | Laws of War]],&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Virtual_Military_Technologies | Virtual Military Technologies]],&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Virtual_Warfare | Virtual Warfare]]&lt;br /&gt;
&lt;br /&gt;
==Synopsis and Key Themes==&lt;br /&gt;
&lt;br /&gt;
===Thesis===&lt;br /&gt;
&lt;br /&gt;
The article traces the changing role and growing strategic importance of law in warfare. Whereas for most of its existence, and since the first attempts by states to use law to regulate armed conflict, jus in bello, or the law of war (also referred to in the article as “international humanitarian law”), often failed to protect civilians from the adverse effects of war, the article’s author suggests that the advent of automated, or “virtual” military technologies (specifically, Beard looks at the place of unmanned aerial vehicles, or UAVs, in modern warfare), though originally designed and implemented to expand military capabilities, also expand military informational resources, and therefore unintentionally reinforce the importance of jus in bello, and by association, the role of lawyers in modern military operations. Whereas advances in military technology historically have made law more distant and less relevant to the suffering of civilians (Beard uses both World Wars as examples of this phenomenon), the rise of UAVs has created unprecedented amounts of transparency, a new expectation of accountability, and given more control than ever before to affect military decisions. &lt;br /&gt;
Beard opens his article with an anecdote about the aborted killing of the Taliban leader Mullah Omar at the start of the Afghanistan War, on the first night of the war, in 2001. Fleeing Kabul, Mullah Omar was targeted by a Predator, the unmanned aerial vehicle most frequently employed by the U.S. military. Although the UAV held its target throughout a portion of his flight, the legal office at the U.S. Central Command raised concerns about the likelihood that the air strike would cause excessive civilian casualties, and called off the mission.&lt;br /&gt;
&lt;br /&gt;
===The unintended consequences of technology===&lt;br /&gt;
&lt;br /&gt;
Technological advances can occur with little deliberation about their long-term consequences, and the implications of all the potential applications of a new weapons system (this article dwells on “virtual” military technologies, and in particular, on UAVs) may therefore be largely unforeseen. While the US has been driven to more accurate bombing out of strategy, monetary and practical objectives (leading to an increase in the use of Precision-Guided Missiles, or PGMs, during the Gulf War), and not predominantly humanitarian concerns, the use of such technologies often have large ramifications for the humanitarian element of warfare. &lt;br /&gt;
&lt;br /&gt;
===The rise of UAVs===&lt;br /&gt;
&lt;br /&gt;
Before 9/11, UAVs were only of limited use. With the U.S. wars in Afghanistan and Iraq, UAVs became integral to U.S. military operations once their enormous potential in the area of ISR (Intelligence, Surveillance, Reconnaissance) was recognized; thereafter, UAVs were produced and deployed pervasively throughout combat zones in the Middle East. &lt;br /&gt;
In 2001, the US Congress mandated that a full third of essential U.S. military aircraft and ground vehicles be unmanned by 2015, signifying the influence and importance of UAVs in modern warfare, and the scope of the change they effect on military and combat operations.  &lt;br /&gt;
The success of UAVs in American military operations derives from their capacity to do dirty, dull or dangerous work that would otherwise be performed at a greater cost by human beings, but it also takes root in the virtual distance and virtual extrahuman surveillance capabilities effected by their use. With expanded attack capabilities, continuous presence, the ability to simultaneously follow greater numbers of targets, and offering a more continuous, pervasive presence, UAVs transform the modern military landscape. Likewise, the use of UAVs suggests problematic legal and humanitarian implications, because their use expands the potential list of targets that can be attacked. Allowing the military to strike a much more comprehensive list of targets, the deployment of UAVs raises similar questions to those brought up by the use of PGMs during the Gulf War, which is the blurring of the line between target and victim, between combatant and noncombatant. The pervasive presence and targeting and attack potential offered by UAVs suggests that war can now exist everywhere, all the time. &lt;br /&gt;
&lt;br /&gt;
===UAVs and intelligence consequences  -- challenges to the U.S. military intelligence infrastructure===&lt;br /&gt;
&lt;br /&gt;
UAVs allow the U.S. military to engage in persistent surveillance around distant areas of the globe, to accumulate more recorded, real-time information than was ever thought possible to collect.  But the vast quantities and new types of ISR data have little value if they do not reach the right decision makers or commanders in time. Beard suggests that the linear organizational schemes or vertical bureaucracies that characterize the command structure of the U.S. military are ill-suited to take advantage of the large amounts of new intelligence and ISR information. The rather obsolete hierarchical structure of the U.S. intelligence dissemination network is a traditional linear structure that makes far too little information available to the subordinate unites that need it, on the ground, while producing informational and data overload at the top levels of the command structure. The U.S. military is not an adaptive, decentralized, network-centric intelligence system (as are, for instance, terrorist networks), and network-oriented reforms must be implemented so that commanders at all levels can access real time information and surveillance results. &lt;br /&gt;
&lt;br /&gt;
===Lawyers, UAVs, and modern warfare===&lt;br /&gt;
&lt;br /&gt;
Major technological changes such as the use of UAVs pose personnel challenges to the vast, complex bureaucracies that manage modern warfare. In particular, it greatly enhances the role of lawyers in military operations. The unblinking eye of UAVs and the intensified surveillance capabilities of UAVs have increased public scrutiny of military actions and augmented the demand for military transparency. Rising public expectations of transparency are causing attack planners and military commanders to grapple with new legal responsibilities, and causing lawyers involved with the military to often take a broad view of potential humanitarian considerations that go beyond the more permissive rules of engagement. Prior to authorizing an attack, lawyers, planners, and commanders nowadays must consider the unprecedented new video record that may be created, especially if an attack risks harm to civilians and is likely to be scrutinized later. Laws, rules, and regulations pervade all aspects of military operations and the military social system, and are expected more than ever by the public eye to be respected and adhered. Empowered by diminished need for on-the-ground decision making, and enabled to overcome physical distance thanks to unmanned virtual technologies, lawyers are more linked than ever to the command structure and more involved in targeting decisions. The expanding contours of legal oversight, and the availability of continuous streams of information changes the meaning of what constitutes appropriate legal review. In place of limited sporadic information issued by satellites and manned aircraft, the unblinking eyes of UAVs capture not just the target but the presence of civilians that might be endangered by an attack. &lt;br /&gt;
The NATO military effort in Kosovo in 1999 relied almost exclusively on air power. The relative absence of human troops on the ground marked the increasing prominence of lawyers in armed conflict; effectively, NATO’s lawyers, given greater legal review than ever before, became its de facto tactical commanders. The direct involvement of lawyers in military operations has further expanded since Kosovo, reflecting emerging trends in the legalization of war and the rising utility of legal support in modern military operations. &lt;br /&gt;
&lt;br /&gt;
===Lawfare, jus in bello, and violations of humanitarian law===&lt;br /&gt;
&lt;br /&gt;
U.S. COIN doctrine provides new opportunities for international law to serve as a basis for U.S. forces to engage with the civilian population. The new relevance of international law has not been lost on terrorist groups and rogue states, even if they do not observe it: such groups and governments use new informational technologies to exploit images of dead civilians and other evidence of alleged law-of-war violations as part of a growing practice that &lt;br /&gt;
some describe as “lawfare.” Although most military theorists once viewed law as largely irrelevant to war, the political and moral legitimacy of military operations is increasingly linked to the observance of legal obligations, particularly those related to protection of the civilian population. American ofﬁcials have learned that the single most important indicator of compliance with the law of war is the perceived respect for rules protecting the civilian population.&lt;br /&gt;
One of the central tenets of the Geneva Conventions, which lay down much of the foundation for modern jus in bello (law of war) is proportionality, the idea that an attack on a military target may be illegal if it implies too much collateral damage. The new “virtual” distance enabled by UAVs is giving proportionality requirements new significance by eliminating some of the key excuses that states have long used to escape responsibility for attacks that appear to cause excessive civilian casualties. Even as virtual technologies enhance the surveillance capabilities of military personnel, they also make the military’s own activities more perceptible before, during, and after attacks. Those who plan or decide upon an attack will increasingly do so with the knowledge that a much more complete record is being created of both their actions and the basis for their decisions.&lt;br /&gt;
&lt;br /&gt;
===Conclusions===&lt;br /&gt;
&lt;br /&gt;
The irony of new virtual military technologies is that, though intended to enhance military and attack capabilities, in fact, they do much to hamper military action. As risk assessment has become so much more reliable and accurate, more precise estimates of how many civilians are likely to die from a given attack means that civilian deaths are now incidental, and no longer accidental to military attacks. &lt;br /&gt;
The increasing fusion of humans and machines in war does not diminish accidental civilian casualties, but terms like “technical malfunctions” are used nonetheless to describe seemingly unavoidable causes of many unintended civilian casualties, blurring the distinction between human error and technological malfunction. &lt;br /&gt;
The absence of humans as the actual combatants in armed conﬂicts seems to be steadily achieving acceptance and entering society’s collective consciousness with relatively little reﬂection. Remotely controlled machines are paving the way for armed conﬂicts in which humans will increasingly be absent from the battleﬁeld and many dangerous war-ﬁghting missions.&lt;br /&gt;
Inasmuch as technological developments reduce the political costs of going to war by eliminating the risk that human operators will be killed or captured, some commentators fear that those developments will make it easier and more attractive for states to become involved in armed conﬂicts. The demand for UAVs, for example, is soaring as more and more countries, including many in the developing world, are obtaining and becoming familiar with virtual technologies and their ISR capabilities, in part because UAV systems cost much less than their manned counterparts.&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
Expertise Required: Law - Low&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;About the author:&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
A Lecturer at UCLA School of Law, Jack Beard was formerly Associate Deputy General Counsel for International Affairs in the Department of Defense. Beard also served in the International and Operational Law Division as a Lieutenant Colonel, in the U.S. Army Reserve.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;See Also:&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
[http://www.nytimes.com/2010/06/08/technology/08homefront.html?src=busln Christopher Drew,&#039;&#039;Military Chatrooms from California to Afghanistan&#039;&#039;, N.Y. Times, June 7, 2010, at B1.] Discussing social media, virtual technologies and the changing informational landscape of modern warfare.&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Cyberspace_Policy_Review&amp;diff=5059</id>
		<title>Cyberspace Policy Review</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Cyberspace_Policy_Review&amp;diff=5059"/>
		<updated>2010-07-30T16:24:51Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Key Words */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
National Cyber Defense Financial Services Workshop Report&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Executive Office of the President of The U.S.  &#039;&#039;Cyberspace Policy Review. Assuring a Trusted and Resilient Information and Communications Infrastructure&#039;&#039; (2009).  [http://www.cyber.st.dhs.gov/docs/Cyberspace_Policy_Review_final.pdf  &#039;&#039;Web&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=White_House:2009A&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
* Issues: [[Usability/Human Factors]]; [[Public-Private Cooperation]]; [[Identity Management]]&lt;br /&gt;
* Approaches : [[Regulation/Liability]]; [[Private Efforts/Organizations]]; [[Government Organizations]]; [[International Cooperation]]&lt;br /&gt;
&lt;br /&gt;
==Key Words==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;insert key words here&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Selection from the Executive Summary:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The Nation is at a crossroads. The globally-interconnected digital information and communications infrastructure known as “cyberspace”underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety, and national security. This technology has transformed the global economy and connected people in ways never imagined. Yet, cybersecurity risks pose some of the most serious economic and national security challenges of the 21st Century. The digital infrastructure’s architecture was driven more by considerations of interoperability and efficiency than of security. Consequently, a growing array of state and non-state actors are compromising, stealing, changing, or destroying information and could cause critical disruptions to U.S. systems. At the same time, traditional telecommunications and Internet networks continue to converge, and other infrastructure sectors are adopting the Internet as a primary means of interconnectivity. The United States faces the dual challenge of maintaining an environment that promotes efficiency, innovation, economic prosperity, and free trade while also promoting safety, security, civil liberties, and privacy rights. It is the fundamental responsibility of our government to address strategic vulnerabilities in cyberspace and ensure that the United States and the world realize the full potential of the information technology revolution.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Synopsis from Ascension Risk Management [http://www.ascensionriskmanagement.com/], a risk management consulting firm specializing in Infosec:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
“The nation’s approach to cybersecurity over the past 15 years has failed to keep pace with the threat.  We need to demonstrate abroad and at home that the United States takes cybersecurity related issues, policies, and activities seriously.  This requires White House leadership that draws upon the strength, advice, and ideas of the entire Nation.” ~ A quote from the Executive Summary &lt;br /&gt;
&lt;br /&gt;
The report declares that cybersecurity risks rank up there with the most important economic and national security challenges of the 21st Century.  In order to meet this challenge the report declares that: “It is the fundamental responsibility of our government to address strategic vulnerabilities in cyberspace and ensure that the United States and the world realize the full potential of the information technology revolution” (from the Executive Summary). &lt;br /&gt;
&lt;br /&gt;
To support this declaration the report mentions a few malicious activities have already disrupted critical infrastructure elements in other countries (the disruption of electric power grids); the exploited financial services (any number of data breaches and fraud cases); and the systematic loss of US intellectual property (estimated to have a loss of economic value as high as $1 trillion dollars). In order to address these issues the report breaks down its findings and recommendations into five areas:&lt;br /&gt;
&lt;br /&gt;
*Leading from the top;&lt;br /&gt;
*Building the capacity of a digital nation;&lt;br /&gt;
*Sharing responsibility for cybersecurity;&lt;br /&gt;
*Improving information sharing and incident response; and&lt;br /&gt;
*Building the architecture of the future.&lt;br /&gt;
&lt;br /&gt;
The report calls for the US to be a world leader in addressing the challenges of cyberspace.  In order to realize this goal, leadership must come directly from the White House.  The rationale for this is the fact that within the US government, only the White House has the authority to coordinate the wide array of capabilities and authorities required to respond to cyber incidents.  In order to support and facilitate this authority the report recommends that a cybersecurity policy official be appointed to coordinate the nation&#039;s cybersecurity related policies and activities.  This individual would be part of the National Security Council (NSC).  Additionally it is suggested that this new official should participate in economic, counterterrorism, and science and technology policy discussion in order to provide the cybersecurity perspective; a move that would go a long way to integrate cybersecurity concerns into all sorts of decision making processes.  At a high level, the duties of the cybersecurity policy official would revolve around reviewing laws and policies, proposing new legislation, strengthening federal leadership and accountability for cybersecurity, and increasing the interaction between the federal government and state, local, and tribal leadership with regard to cybersecurity.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Building Capacity for a Digital Nation&amp;quot;&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
In this section, the report likens the cybersecurity challenge to the space race after the Sputnik launch in 1957. The report calls for an emphasis on math and science skills in order to develop a workforce of US citizens to compete on a global level and sustain the leadership role of the United States. In order to meet these challenges the report calls for the need to build public awareness into the nature and risks involved in the use of cyberspace.  In this vein, the report suggests an effort to enhance our education system by integrating cybersecurity into the education curriculum and by promoting scientific, engineering, and market leadership in the IT sector.  The report also calls for the need to expand and train the federal information technology workforce.  The language here seems to indicate a desire to recapture many of the IT positions that have been lost through outsourcing to the private sector.  &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Sharing Responsibility for Cybersecurity&amp;quot;&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
In this section, the report acknowledges the fact that the federal government cannot succeed without engaging the private sector. A national dialogue is needed between the concerns of the private sector and the needs of the public sector. Input from the private sector is sorely needed to craft legislation and regulations to support businesses that prioritize security. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;International Cooperation&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
The report recognizes that international norms are critical to supporting cyberspace and therefore any national cybersecurity strategy needs to foster international cooperation and collaboration.  Some of the items mentioned were the development of uniform technical standards and a standardization of legal practices. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Creating Effective Information Sharing and Incident Response&amp;quot;&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
The report calls for a nationwide incident response capability to include Federal, State, local and tribal governments working together with the private sector and international allies, given that cyber incidents are likely to affect networks and systems across both the public and private sector.  This section also leverages the Cybersecurity Coordinator named in the &amp;quot;Leadership from the Top&amp;quot; section of the report and calls for the development of a national incident response framework.  This framework would go a long way to avoid the confusion surrounding roles, responsibilities and authority that always comes up when multiple departments and agencies respond to an incident. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Encouraging Innovation&amp;quot;&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The report acknowledges that there has been a convergence of technologies where data, voice, and video are now sharing a common infrastructure.  This decentralizes the nature of the technology and allows for innovation.  It also presents a common vulnerability -- namely the susceptibility of the common infrastructure to disruption.  Understandably there are huge national security implications surrounding the vulnerability of this common infrastructure. The report calls for the government to find ways to incentivize the market to innovate and make more secure products.  It even hints that legal changes in the form of liability considerations could be in the works for companies that come on board.  Conversely increased liability consequences would exist for those who have poor security. &lt;br /&gt;
&lt;br /&gt;
The report then calls for an increase in the research and development efforts of the federal government that would focus on “game-changing” technologies in the effort to enhance the United States’ competitiveness.  These efforts would be in conjunction with industry and academia in order to avoid duplication and leverage complementary capabilities. &lt;br /&gt;
&lt;br /&gt;
Another suggestion put forth is the establishment of some sort of federal level identity management system.  There are many pros and cons to this option.  The report acknowledges that people may be uncomfortable with this idea and in what I read to be a preemptive move calls for cooperation with the civil liberties and privacy communities. &lt;br /&gt;
 &lt;br /&gt;
The report concludes with two forms of action plans, a near-term plan and a mid-term plan. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;The Near-Term Plan:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*1 Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities; establish a strong NSC directorate, under the direction of the cybersecurity policy official dual-hatted to the NSC and the NEC, to coordinate interagency development of cybersecurity-related strategy and policy.&lt;br /&gt;
*2 Prepare for the President’s approval an updated national strategy to secure the information and communications infrastructure. This strategy should include continued evaluation of CNCI activities and, where appropriate, build on its successes.&lt;br /&gt;
*3 Designate cybersecurity as one of the President’s key management priorities and establish performance metrics.&lt;br /&gt;
*4 Designate a privacy and civil liberties official to the NSC cybersecurity directorate.&lt;br /&gt;
*5 Convene appropriate interagency mechanisms to conduct interagency-cleared legal analyses of priority cybersecurity-related issues identified during the policy-development process and formulate coherent unified policy guidance that clarifies roles, responsibilities, and the application of agency authorities for cybersecurity-related activities across the Federal government.&lt;br /&gt;
*6 Initiate a national public awareness and education campaign to promote cybersecurity.&lt;br /&gt;
*7 Develop U.S. Government positions for an international cybersecurity policy framework and strengthen our international partnerships to create initiatives that address the full range of activities, policies, and opportunities associated with cybersecurity.&lt;br /&gt;
*8 Prepare a cybersecurity incident response plan; initiate a dialog to enhance public-private partnerships with an eye toward streamlining, aligning, and providing resources to optimize their contribution and engagement&lt;br /&gt;
*9 In collaboration with other EOP entities, develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure; provide the research community access to event data to facilitate developing tools, testing theories, and identifying workable solutions.&lt;br /&gt;
*10 Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.  &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;The Mid-Term Plan&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*1 Improve the process for resolution of interagency disagreements regarding interpretations of law and application of policy and authorities for cyber operations.&lt;br /&gt;
*2 Use the OMB program assessment framework to ensure departments and agencies use performance-based budgeting in pursuing cybersecurity goals.&lt;br /&gt;
*3 Expand support for key education programs and research and development to ensure the Nation’s continued ability to compete in the information age economy.&lt;br /&gt;
*4 Develop a strategy to expand and train the workforce, including attracting and retaining cybersecurity expertise in the Federal government.&lt;br /&gt;
*5 Determine the most efficient and effective mechanism to obtain strategic warning, maintain situational awareness, and inform incident response capabilities.&lt;br /&gt;
*6 Develop a set of threat scenarios and metrics that can be used for risk management decisions, recovery planning, and prioritization of R&amp;amp;D.&lt;br /&gt;
*7 Develop a process between the government and the private sector to assist in preventing, detecting, and responding to cyber incidents.&lt;br /&gt;
*8 Develop mechanisms for cybersecurity-related information sharing that address concerns about privacy and proprietary information and make information sharing mutually beneficial.&lt;br /&gt;
*9 Develop solutions for emergency communications capabilities during a time of natural disaster, crisis, or conflict while ensuring network neutrality.&lt;br /&gt;
*10 Expand sharing of information about network incidents and vulnerabilities with key allies and seek bilateral and multilateral arrangements that will improve economic and security interests while protecting civil liberties and privacy rights.&lt;br /&gt;
*11 Encourage collaboration between academic and industrial laboratories to develop migration paths and incentives for the rapid adoption of research and technology development innovations.&lt;br /&gt;
*12 Use the infrastructure objectives and the research and development framework to define goals for national and international standards bodies.&lt;br /&gt;
*13 Implement, for high-value activities (e.g., the Smart Grid), an opt-in array of interoperable identity management systems to build trust for online transactions and to enhance privacy.&lt;br /&gt;
*14 Refine government procurement strategies and improve the market incentives for secure and resilient hardware and software products, new security innovation, and secure managed services.&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
&lt;br /&gt;
[http://global.bsa.org/cybersecuritydashboard/ Cyberspace Policy Review Dashboard]&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=International_Cooperation&amp;diff=5058</id>
		<title>International Cooperation</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=International_Cooperation&amp;diff=5058"/>
		<updated>2010-07-30T16:24:36Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Approaches | Approaches-&amp;gt;]][[International Cooperation]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]] &lt;br /&gt;
&lt;br /&gt;
Center for Strategic and International Studies (2008) [[Securing Cyberspace for the 44th Presidency]]&lt;br /&gt;
&lt;br /&gt;
Clarke, Richard A. and Knake, Robert (2010) [[Cyber War]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N. (2002) [[Wired Warfare]] &lt;br /&gt;
&lt;br /&gt;
White House (2009) [[Cyberspace Policy Review]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Government_Organizations&amp;diff=5057</id>
		<title>Government Organizations</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Government_Organizations&amp;diff=5057"/>
		<updated>2010-07-30T16:24:26Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Approaches | Approaches-&amp;gt;]][[Government Organizations]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]] &lt;br /&gt;
&lt;br /&gt;
Department of Commerce (2010) [[Defense Industrial Base Assessment]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2005) [[Strategy for Homeland Defense and Civil Support]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2009) [[A Roadmap for Cybersecurity Research]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2008) [[Schneier on Security]]&lt;br /&gt;
&lt;br /&gt;
White House (2009) [[Cyberspace Policy Review]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Private_Efforts/Organizations&amp;diff=5056</id>
		<title>Private Efforts/Organizations</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Private_Efforts/Organizations&amp;diff=5056"/>
		<updated>2010-07-30T16:24:12Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Approaches | Approaches-&amp;gt;]][[Private Efforts/Organizations]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer and Kataria, Gaurav (2006) [[Models and Measures for Correlation in Cyber-Insurance]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
White House (2009) [[Cyberspace Policy Review]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Regulation/Liability&amp;diff=5055</id>
		<title>Regulation/Liability</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Regulation/Liability&amp;diff=5055"/>
		<updated>2010-07-30T16:23:51Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Approaches | Approaches-&amp;gt;]][[Regulation/Liability]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross (2001) [[Why Information Security is Hard]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross and Moore, Tyler (2006)  [[The Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross, et. al (2008) [[Security Economics and the Internal Market]]&lt;br /&gt;
&lt;br /&gt;
Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]&lt;br /&gt;
&lt;br /&gt;
Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]] &lt;br /&gt;
&lt;br /&gt;
Camp, L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Center for Strategic and International Studies (2008) [[Securing Cyberspace for the 44th Presidency]]&lt;br /&gt;
&lt;br /&gt;
Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Granick, Jennifer Stisa (2005) [[The Price of Restricting Vulnerability Publications]]&lt;br /&gt;
&lt;br /&gt;
Institute for Information Infrastructure Protection (2003) [[Cyber Security Research and Development Agenda]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]&lt;br /&gt;
&lt;br /&gt;
Korns, Stephen W.  (2009) [[Cyber Operations]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2006) [[Much Ado About Notification]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin  (2005)  [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
Romanosky et al. (2008) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]&lt;br /&gt;
&lt;br /&gt;
Todd, Graham H. (2009) [[Armed Attack in Cyberspace]] &lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N., et. al (2004) [[Computers and War]] &lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N. (2002) [[Wired Warfare]] &lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2008) [[Schneier on Security]]&lt;br /&gt;
&lt;br /&gt;
Schwartz, Paul and Janger, Edward (2007) [[Notification of Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Sklerov, Matthew J. (2009) [[Solving the Dilemma of State Responses to Cyberattacks]] &lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2004) [[A Model for When Disclosure Helps Security]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2006) [[A Theory of Disclosure for Security and Competitive Reasons]]&lt;br /&gt;
&lt;br /&gt;
White House (2009) [[Cyberspace Policy Review]]&lt;br /&gt;
&lt;br /&gt;
Zittrain, Jonathan L. (2008) [[The Future of the Internet and How To Stop It]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Identity_Management&amp;diff=5054</id>
		<title>Identity Management</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Identity_Management&amp;diff=5054"/>
		<updated>2010-07-30T16:23:39Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Issues | Issues-&amp;gt;]][[Identity Management]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Computing Research Association (2003) [[Four Grand Challenges in Trustworthy Computing]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
White House (2009) [[Cyberspace Policy Review]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents| Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Public-Private_Cooperation&amp;diff=5053</id>
		<title>Public-Private Cooperation</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Public-Private_Cooperation&amp;diff=5053"/>
		<updated>2010-07-30T16:23:25Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Issues | Issues-&amp;gt;]][[Public-Private Cooperation]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]&lt;br /&gt;
&lt;br /&gt;
Center for Strategic and International Studies (2008) [[Securing Cyberspace for the 44th Presidency]]&lt;br /&gt;
&lt;br /&gt;
Department of Commerce (2010) [[Defense Industrial Base Assessment]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2005) [[Strategy for Homeland Defense and Civil Support]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2009) [[A Roadmap for Cybersecurity Research]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Energetics Inc. (2006) [[Roadmap to Secure Control Systems in the Energy Sector]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Korns, Stephen W.  (2009) [[Cyber Operations]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin  (2005)  [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
White House (2009) [[Cyberspace Policy Review]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents| Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Usability/Human_Factors&amp;diff=5052</id>
		<title>Usability/Human Factors</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Usability/Human_Factors&amp;diff=5052"/>
		<updated>2010-07-30T16:23:10Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Issues | Issues-&amp;gt;]][[Usability/Human Factors]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Computing Research Association (2003) [[Four Grand Challenges in Trustworthy Computing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2007) [[Examining the Impact of Website Take-down on Phishing]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2008) [[Schneier on Security]]&lt;br /&gt;
&lt;br /&gt;
United States Secret Service (2004) [[Insider Threat Study]]&lt;br /&gt;
&lt;br /&gt;
White House (2009) [[Cyberspace Policy Review]]&lt;br /&gt;
&lt;br /&gt;
Zittrain, Jonathan L. (2008) [[The Future of the Internet and How To Stop It]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents| Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=US_Government_Reports_and_Documents&amp;diff=5051</id>
		<title>US Government Reports and Documents</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=US_Government_Reports_and_Documents&amp;diff=5051"/>
		<updated>2010-07-30T16:20:23Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Resource by Type | Resource by Type-&amp;gt;]][[Government Reports and Documents | Government Reports and Documents-&amp;gt;]][[US Government Reports and Documents]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Department of Commerce (2010) [[Defense Industrial Base Assessment]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2005) [[Strategy for Homeland Defense and Civil Support]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2009) [[A Roadmap for Cybersecurity Research]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
National Infrastructure Advisory Council &#039;&#039;(2004)&#039;&#039; [[Hardening The Internet]]&lt;br /&gt;
&lt;br /&gt;
National Institute of Standards and Technology &#039;&#039;(2006)&#039;&#039; [[SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security]]&lt;br /&gt;
&lt;br /&gt;
National Science and Technology Council &#039;&#039;(2006)&#039;&#039; [[Federal Plan for Cyber Security and Information Assurance Research and Development]]&lt;br /&gt;
&lt;br /&gt;
Networking and Information Technology Research and Development &#039;&#039;(2009)&#039;&#039; [[National Cyber Leap Year Summit 2009, Co-Chairs&#039; Report]]&lt;br /&gt;
&lt;br /&gt;
President&#039;s Commission on Critical Infrastructure Protection &#039;&#039;(1997)&#039;&#039; [[Critical Foundations]]&lt;br /&gt;
&lt;br /&gt;
President&#039;s Information Technology Advisory Council &#039;&#039;(2005)&#039;&#039; [[Cyber Security: A Crisis of Prioritization]]&lt;br /&gt;
&lt;br /&gt;
United States Secret Service (2004) [[Insider Threat Study]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2003)&#039;&#039; [[The National Strategy to Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
White House (2009) [[Cyberspace Policy Review]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2010)&#039;&#039; [[The Comprehensive National Cybersecurity Initiative]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Cyberspace_Policy_Review&amp;diff=5050</id>
		<title>Cyberspace Policy Review</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Cyberspace_Policy_Review&amp;diff=5050"/>
		<updated>2010-07-30T16:20:06Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Categorization */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
National Cyber Defense Financial Services Workshop Report&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Executive Office of the President of The U.S.  &#039;&#039;Cyberspace Policy Review. Assuring a Trusted and Resilient Information and Communications Infrastructure&#039;&#039; (2009).  [http://www.cyber.st.dhs.gov/docs/Cyberspace_Policy_Review_final.pdf  &#039;&#039;Web&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=White_House:2009A&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
* Issues: [[Usability/Human Factors]]; [[Public-Private Cooperation]]; [[Identity Management]]&lt;br /&gt;
* Approaches : [[Regulation/Liability]]; [[Private Efforts/Organizations]]; [[Government Organizations]]; [[International Cooperation]]&lt;br /&gt;
&lt;br /&gt;
==Key Words== &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Selection from the Executive Summary:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The Nation is at a crossroads. The globally-interconnected digital information and communications infrastructure known as “cyberspace”underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety, and national security. This technology has transformed the global economy and connected people in ways never imagined. Yet, cybersecurity risks pose some of the most serious economic and national security challenges of the 21st Century. The digital infrastructure’s architecture was driven more by considerations of interoperability and efficiency than of security. Consequently, a growing array of state and non-state actors are compromising, stealing, changing, or destroying information and could cause critical disruptions to U.S. systems. At the same time, traditional telecommunications and Internet networks continue to converge, and other infrastructure sectors are adopting the Internet as a primary means of interconnectivity. The United States faces the dual challenge of maintaining an environment that promotes efficiency, innovation, economic prosperity, and free trade while also promoting safety, security, civil liberties, and privacy rights. It is the fundamental responsibility of our government to address strategic vulnerabilities in cyberspace and ensure that the United States and the world realize the full potential of the information technology revolution.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Synopsis from Ascension Risk Management [http://www.ascensionriskmanagement.com/], a risk management consulting firm specializing in Infosec:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
“The nation’s approach to cybersecurity over the past 15 years has failed to keep pace with the threat.  We need to demonstrate abroad and at home that the United States takes cybersecurity related issues, policies, and activities seriously.  This requires White House leadership that draws upon the strength, advice, and ideas of the entire Nation.” ~ A quote from the Executive Summary &lt;br /&gt;
&lt;br /&gt;
The report declares that cybersecurity risks rank up there with the most important economic and national security challenges of the 21st Century.  In order to meet this challenge the report declares that: “It is the fundamental responsibility of our government to address strategic vulnerabilities in cyberspace and ensure that the United States and the world realize the full potential of the information technology revolution” (from the Executive Summary). &lt;br /&gt;
&lt;br /&gt;
To support this declaration the report mentions a few malicious activities have already disrupted critical infrastructure elements in other countries (the disruption of electric power grids); the exploited financial services (any number of data breaches and fraud cases); and the systematic loss of US intellectual property (estimated to have a loss of economic value as high as $1 trillion dollars). In order to address these issues the report breaks down its findings and recommendations into five areas:&lt;br /&gt;
&lt;br /&gt;
*Leading from the top;&lt;br /&gt;
*Building the capacity of a digital nation;&lt;br /&gt;
*Sharing responsibility for cybersecurity;&lt;br /&gt;
*Improving information sharing and incident response; and&lt;br /&gt;
*Building the architecture of the future.&lt;br /&gt;
&lt;br /&gt;
The report calls for the US to be a world leader in addressing the challenges of cyberspace.  In order to realize this goal, leadership must come directly from the White House.  The rationale for this is the fact that within the US government, only the White House has the authority to coordinate the wide array of capabilities and authorities required to respond to cyber incidents.  In order to support and facilitate this authority the report recommends that a cybersecurity policy official be appointed to coordinate the nation&#039;s cybersecurity related policies and activities.  This individual would be part of the National Security Council (NSC).  Additionally it is suggested that this new official should participate in economic, counterterrorism, and science and technology policy discussion in order to provide the cybersecurity perspective; a move that would go a long way to integrate cybersecurity concerns into all sorts of decision making processes.  At a high level, the duties of the cybersecurity policy official would revolve around reviewing laws and policies, proposing new legislation, strengthening federal leadership and accountability for cybersecurity, and increasing the interaction between the federal government and state, local, and tribal leadership with regard to cybersecurity.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Building Capacity for a Digital Nation&amp;quot;&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
In this section, the report likens the cybersecurity challenge to the space race after the Sputnik launch in 1957. The report calls for an emphasis on math and science skills in order to develop a workforce of US citizens to compete on a global level and sustain the leadership role of the United States. In order to meet these challenges the report calls for the need to build public awareness into the nature and risks involved in the use of cyberspace.  In this vein, the report suggests an effort to enhance our education system by integrating cybersecurity into the education curriculum and by promoting scientific, engineering, and market leadership in the IT sector.  The report also calls for the need to expand and train the federal information technology workforce.  The language here seems to indicate a desire to recapture many of the IT positions that have been lost through outsourcing to the private sector.  &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Sharing Responsibility for Cybersecurity&amp;quot;&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
In this section, the report acknowledges the fact that the federal government cannot succeed without engaging the private sector. A national dialogue is needed between the concerns of the private sector and the needs of the public sector. Input from the private sector is sorely needed to craft legislation and regulations to support businesses that prioritize security. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;International Cooperation&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
The report recognizes that international norms are critical to supporting cyberspace and therefore any national cybersecurity strategy needs to foster international cooperation and collaboration.  Some of the items mentioned were the development of uniform technical standards and a standardization of legal practices. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Creating Effective Information Sharing and Incident Response&amp;quot;&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
The report calls for a nationwide incident response capability to include Federal, State, local and tribal governments working together with the private sector and international allies, given that cyber incidents are likely to affect networks and systems across both the public and private sector.  This section also leverages the Cybersecurity Coordinator named in the &amp;quot;Leadership from the Top&amp;quot; section of the report and calls for the development of a national incident response framework.  This framework would go a long way to avoid the confusion surrounding roles, responsibilities and authority that always comes up when multiple departments and agencies respond to an incident. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Encouraging Innovation&amp;quot;&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The report acknowledges that there has been a convergence of technologies where data, voice, and video are now sharing a common infrastructure.  This decentralizes the nature of the technology and allows for innovation.  It also presents a common vulnerability -- namely the susceptibility of the common infrastructure to disruption.  Understandably there are huge national security implications surrounding the vulnerability of this common infrastructure. The report calls for the government to find ways to incentivize the market to innovate and make more secure products.  It even hints that legal changes in the form of liability considerations could be in the works for companies that come on board.  Conversely increased liability consequences would exist for those who have poor security. &lt;br /&gt;
&lt;br /&gt;
The report then calls for an increase in the research and development efforts of the federal government that would focus on “game-changing” technologies in the effort to enhance the United States’ competitiveness.  These efforts would be in conjunction with industry and academia in order to avoid duplication and leverage complementary capabilities. &lt;br /&gt;
&lt;br /&gt;
Another suggestion put forth is the establishment of some sort of federal level identity management system.  There are many pros and cons to this option.  The report acknowledges that people may be uncomfortable with this idea and in what I read to be a preemptive move calls for cooperation with the civil liberties and privacy communities. &lt;br /&gt;
 &lt;br /&gt;
The report concludes with two forms of action plans, a near-term plan and a mid-term plan. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;The Near-Term Plan:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*1 Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities; establish a strong NSC directorate, under the direction of the cybersecurity policy official dual-hatted to the NSC and the NEC, to coordinate interagency development of cybersecurity-related strategy and policy.&lt;br /&gt;
*2 Prepare for the President’s approval an updated national strategy to secure the information and communications infrastructure. This strategy should include continued evaluation of CNCI activities and, where appropriate, build on its successes.&lt;br /&gt;
*3 Designate cybersecurity as one of the President’s key management priorities and establish performance metrics.&lt;br /&gt;
*4 Designate a privacy and civil liberties official to the NSC cybersecurity directorate.&lt;br /&gt;
*5 Convene appropriate interagency mechanisms to conduct interagency-cleared legal analyses of priority cybersecurity-related issues identified during the policy-development process and formulate coherent unified policy guidance that clarifies roles, responsibilities, and the application of agency authorities for cybersecurity-related activities across the Federal government.&lt;br /&gt;
*6 Initiate a national public awareness and education campaign to promote cybersecurity.&lt;br /&gt;
*7 Develop U.S. Government positions for an international cybersecurity policy framework and strengthen our international partnerships to create initiatives that address the full range of activities, policies, and opportunities associated with cybersecurity.&lt;br /&gt;
*8 Prepare a cybersecurity incident response plan; initiate a dialog to enhance public-private partnerships with an eye toward streamlining, aligning, and providing resources to optimize their contribution and engagement&lt;br /&gt;
*9 In collaboration with other EOP entities, develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure; provide the research community access to event data to facilitate developing tools, testing theories, and identifying workable solutions.&lt;br /&gt;
*10 Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.  &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;The Mid-Term Plan&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*1 Improve the process for resolution of interagency disagreements regarding interpretations of law and application of policy and authorities for cyber operations.&lt;br /&gt;
*2 Use the OMB program assessment framework to ensure departments and agencies use performance-based budgeting in pursuing cybersecurity goals.&lt;br /&gt;
*3 Expand support for key education programs and research and development to ensure the Nation’s continued ability to compete in the information age economy.&lt;br /&gt;
*4 Develop a strategy to expand and train the workforce, including attracting and retaining cybersecurity expertise in the Federal government.&lt;br /&gt;
*5 Determine the most efficient and effective mechanism to obtain strategic warning, maintain situational awareness, and inform incident response capabilities.&lt;br /&gt;
*6 Develop a set of threat scenarios and metrics that can be used for risk management decisions, recovery planning, and prioritization of R&amp;amp;D.&lt;br /&gt;
*7 Develop a process between the government and the private sector to assist in preventing, detecting, and responding to cyber incidents.&lt;br /&gt;
*8 Develop mechanisms for cybersecurity-related information sharing that address concerns about privacy and proprietary information and make information sharing mutually beneficial.&lt;br /&gt;
*9 Develop solutions for emergency communications capabilities during a time of natural disaster, crisis, or conflict while ensuring network neutrality.&lt;br /&gt;
*10 Expand sharing of information about network incidents and vulnerabilities with key allies and seek bilateral and multilateral arrangements that will improve economic and security interests while protecting civil liberties and privacy rights.&lt;br /&gt;
*11 Encourage collaboration between academic and industrial laboratories to develop migration paths and incentives for the rapid adoption of research and technology development innovations.&lt;br /&gt;
*12 Use the infrastructure objectives and the research and development framework to define goals for national and international standards bodies.&lt;br /&gt;
*13 Implement, for high-value activities (e.g., the Smart Grid), an opt-in array of interoperable identity management systems to build trust for online transactions and to enhance privacy.&lt;br /&gt;
*14 Refine government procurement strategies and improve the market incentives for secure and resilient hardware and software products, new security innovation, and secure managed services.&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
&lt;br /&gt;
[http://global.bsa.org/cybersecuritydashboard/ Cyberspace Policy Review Dashboard]&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Cyberspace_Policy_Review&amp;diff=5049</id>
		<title>Cyberspace Policy Review</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Cyberspace_Policy_Review&amp;diff=5049"/>
		<updated>2010-07-30T16:19:56Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Categorization */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
National Cyber Defense Financial Services Workshop Report&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Executive Office of the President of The U.S.  &#039;&#039;Cyberspace Policy Review. Assuring a Trusted and Resilient Information and Communications Infrastructure&#039;&#039; (2009).  [http://www.cyber.st.dhs.gov/docs/Cyberspace_Policy_Review_final.pdf  &#039;&#039;Web&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=White_House:2009A&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
* Issues: [[Usability/Human Factors]]; [[Public-Private Cooperation]]; [[Identity Management]]&lt;br /&gt;
* Approaches : [[Regulation/Liability]]; [[Private Efforts/Organizations]]; [[Government Organizations]]; [[Government Cooperation]]&lt;br /&gt;
&lt;br /&gt;
==Key Words== &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Selection from the Executive Summary:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The Nation is at a crossroads. The globally-interconnected digital information and communications infrastructure known as “cyberspace”underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety, and national security. This technology has transformed the global economy and connected people in ways never imagined. Yet, cybersecurity risks pose some of the most serious economic and national security challenges of the 21st Century. The digital infrastructure’s architecture was driven more by considerations of interoperability and efficiency than of security. Consequently, a growing array of state and non-state actors are compromising, stealing, changing, or destroying information and could cause critical disruptions to U.S. systems. At the same time, traditional telecommunications and Internet networks continue to converge, and other infrastructure sectors are adopting the Internet as a primary means of interconnectivity. The United States faces the dual challenge of maintaining an environment that promotes efficiency, innovation, economic prosperity, and free trade while also promoting safety, security, civil liberties, and privacy rights. It is the fundamental responsibility of our government to address strategic vulnerabilities in cyberspace and ensure that the United States and the world realize the full potential of the information technology revolution.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Synopsis from Ascension Risk Management [http://www.ascensionriskmanagement.com/], a risk management consulting firm specializing in Infosec:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
“The nation’s approach to cybersecurity over the past 15 years has failed to keep pace with the threat.  We need to demonstrate abroad and at home that the United States takes cybersecurity related issues, policies, and activities seriously.  This requires White House leadership that draws upon the strength, advice, and ideas of the entire Nation.” ~ A quote from the Executive Summary &lt;br /&gt;
&lt;br /&gt;
The report declares that cybersecurity risks rank up there with the most important economic and national security challenges of the 21st Century.  In order to meet this challenge the report declares that: “It is the fundamental responsibility of our government to address strategic vulnerabilities in cyberspace and ensure that the United States and the world realize the full potential of the information technology revolution” (from the Executive Summary). &lt;br /&gt;
&lt;br /&gt;
To support this declaration the report mentions a few malicious activities have already disrupted critical infrastructure elements in other countries (the disruption of electric power grids); the exploited financial services (any number of data breaches and fraud cases); and the systematic loss of US intellectual property (estimated to have a loss of economic value as high as $1 trillion dollars). In order to address these issues the report breaks down its findings and recommendations into five areas:&lt;br /&gt;
&lt;br /&gt;
*Leading from the top;&lt;br /&gt;
*Building the capacity of a digital nation;&lt;br /&gt;
*Sharing responsibility for cybersecurity;&lt;br /&gt;
*Improving information sharing and incident response; and&lt;br /&gt;
*Building the architecture of the future.&lt;br /&gt;
&lt;br /&gt;
The report calls for the US to be a world leader in addressing the challenges of cyberspace.  In order to realize this goal, leadership must come directly from the White House.  The rationale for this is the fact that within the US government, only the White House has the authority to coordinate the wide array of capabilities and authorities required to respond to cyber incidents.  In order to support and facilitate this authority the report recommends that a cybersecurity policy official be appointed to coordinate the nation&#039;s cybersecurity related policies and activities.  This individual would be part of the National Security Council (NSC).  Additionally it is suggested that this new official should participate in economic, counterterrorism, and science and technology policy discussion in order to provide the cybersecurity perspective; a move that would go a long way to integrate cybersecurity concerns into all sorts of decision making processes.  At a high level, the duties of the cybersecurity policy official would revolve around reviewing laws and policies, proposing new legislation, strengthening federal leadership and accountability for cybersecurity, and increasing the interaction between the federal government and state, local, and tribal leadership with regard to cybersecurity.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Building Capacity for a Digital Nation&amp;quot;&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
In this section, the report likens the cybersecurity challenge to the space race after the Sputnik launch in 1957. The report calls for an emphasis on math and science skills in order to develop a workforce of US citizens to compete on a global level and sustain the leadership role of the United States. In order to meet these challenges the report calls for the need to build public awareness into the nature and risks involved in the use of cyberspace.  In this vein, the report suggests an effort to enhance our education system by integrating cybersecurity into the education curriculum and by promoting scientific, engineering, and market leadership in the IT sector.  The report also calls for the need to expand and train the federal information technology workforce.  The language here seems to indicate a desire to recapture many of the IT positions that have been lost through outsourcing to the private sector.  &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Sharing Responsibility for Cybersecurity&amp;quot;&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
In this section, the report acknowledges the fact that the federal government cannot succeed without engaging the private sector. A national dialogue is needed between the concerns of the private sector and the needs of the public sector. Input from the private sector is sorely needed to craft legislation and regulations to support businesses that prioritize security. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;International Cooperation&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
The report recognizes that international norms are critical to supporting cyberspace and therefore any national cybersecurity strategy needs to foster international cooperation and collaboration.  Some of the items mentioned were the development of uniform technical standards and a standardization of legal practices. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Creating Effective Information Sharing and Incident Response&amp;quot;&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
The report calls for a nationwide incident response capability to include Federal, State, local and tribal governments working together with the private sector and international allies, given that cyber incidents are likely to affect networks and systems across both the public and private sector.  This section also leverages the Cybersecurity Coordinator named in the &amp;quot;Leadership from the Top&amp;quot; section of the report and calls for the development of a national incident response framework.  This framework would go a long way to avoid the confusion surrounding roles, responsibilities and authority that always comes up when multiple departments and agencies respond to an incident. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Encouraging Innovation&amp;quot;&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The report acknowledges that there has been a convergence of technologies where data, voice, and video are now sharing a common infrastructure.  This decentralizes the nature of the technology and allows for innovation.  It also presents a common vulnerability -- namely the susceptibility of the common infrastructure to disruption.  Understandably there are huge national security implications surrounding the vulnerability of this common infrastructure. The report calls for the government to find ways to incentivize the market to innovate and make more secure products.  It even hints that legal changes in the form of liability considerations could be in the works for companies that come on board.  Conversely increased liability consequences would exist for those who have poor security. &lt;br /&gt;
&lt;br /&gt;
The report then calls for an increase in the research and development efforts of the federal government that would focus on “game-changing” technologies in the effort to enhance the United States’ competitiveness.  These efforts would be in conjunction with industry and academia in order to avoid duplication and leverage complementary capabilities. &lt;br /&gt;
&lt;br /&gt;
Another suggestion put forth is the establishment of some sort of federal level identity management system.  There are many pros and cons to this option.  The report acknowledges that people may be uncomfortable with this idea and in what I read to be a preemptive move calls for cooperation with the civil liberties and privacy communities. &lt;br /&gt;
 &lt;br /&gt;
The report concludes with two forms of action plans, a near-term plan and a mid-term plan. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;The Near-Term Plan:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*1 Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities; establish a strong NSC directorate, under the direction of the cybersecurity policy official dual-hatted to the NSC and the NEC, to coordinate interagency development of cybersecurity-related strategy and policy.&lt;br /&gt;
*2 Prepare for the President’s approval an updated national strategy to secure the information and communications infrastructure. This strategy should include continued evaluation of CNCI activities and, where appropriate, build on its successes.&lt;br /&gt;
*3 Designate cybersecurity as one of the President’s key management priorities and establish performance metrics.&lt;br /&gt;
*4 Designate a privacy and civil liberties official to the NSC cybersecurity directorate.&lt;br /&gt;
*5 Convene appropriate interagency mechanisms to conduct interagency-cleared legal analyses of priority cybersecurity-related issues identified during the policy-development process and formulate coherent unified policy guidance that clarifies roles, responsibilities, and the application of agency authorities for cybersecurity-related activities across the Federal government.&lt;br /&gt;
*6 Initiate a national public awareness and education campaign to promote cybersecurity.&lt;br /&gt;
*7 Develop U.S. Government positions for an international cybersecurity policy framework and strengthen our international partnerships to create initiatives that address the full range of activities, policies, and opportunities associated with cybersecurity.&lt;br /&gt;
*8 Prepare a cybersecurity incident response plan; initiate a dialog to enhance public-private partnerships with an eye toward streamlining, aligning, and providing resources to optimize their contribution and engagement&lt;br /&gt;
*9 In collaboration with other EOP entities, develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure; provide the research community access to event data to facilitate developing tools, testing theories, and identifying workable solutions.&lt;br /&gt;
*10 Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.  &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;The Mid-Term Plan&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*1 Improve the process for resolution of interagency disagreements regarding interpretations of law and application of policy and authorities for cyber operations.&lt;br /&gt;
*2 Use the OMB program assessment framework to ensure departments and agencies use performance-based budgeting in pursuing cybersecurity goals.&lt;br /&gt;
*3 Expand support for key education programs and research and development to ensure the Nation’s continued ability to compete in the information age economy.&lt;br /&gt;
*4 Develop a strategy to expand and train the workforce, including attracting and retaining cybersecurity expertise in the Federal government.&lt;br /&gt;
*5 Determine the most efficient and effective mechanism to obtain strategic warning, maintain situational awareness, and inform incident response capabilities.&lt;br /&gt;
*6 Develop a set of threat scenarios and metrics that can be used for risk management decisions, recovery planning, and prioritization of R&amp;amp;D.&lt;br /&gt;
*7 Develop a process between the government and the private sector to assist in preventing, detecting, and responding to cyber incidents.&lt;br /&gt;
*8 Develop mechanisms for cybersecurity-related information sharing that address concerns about privacy and proprietary information and make information sharing mutually beneficial.&lt;br /&gt;
*9 Develop solutions for emergency communications capabilities during a time of natural disaster, crisis, or conflict while ensuring network neutrality.&lt;br /&gt;
*10 Expand sharing of information about network incidents and vulnerabilities with key allies and seek bilateral and multilateral arrangements that will improve economic and security interests while protecting civil liberties and privacy rights.&lt;br /&gt;
*11 Encourage collaboration between academic and industrial laboratories to develop migration paths and incentives for the rapid adoption of research and technology development innovations.&lt;br /&gt;
*12 Use the infrastructure objectives and the research and development framework to define goals for national and international standards bodies.&lt;br /&gt;
*13 Implement, for high-value activities (e.g., the Smart Grid), an opt-in array of interoperable identity management systems to build trust for online transactions and to enhance privacy.&lt;br /&gt;
*14 Refine government procurement strategies and improve the market incentives for secure and resilient hardware and software products, new security innovation, and secure managed services.&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
&lt;br /&gt;
[http://global.bsa.org/cybersecuritydashboard/ Cyberspace Policy Review Dashboard]&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Cyberspace_Policy_Review&amp;diff=5048</id>
		<title>Cyberspace Policy Review</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Cyberspace_Policy_Review&amp;diff=5048"/>
		<updated>2010-07-30T16:17:18Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Synopsis */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
National Cyber Defense Financial Services Workshop Report&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Executive Office of the President of The U.S.  &#039;&#039;Cyberspace Policy Review. Assuring a Trusted and Resilient Information and Communications Infrastructure&#039;&#039; (2009).  [http://www.cyber.st.dhs.gov/docs/Cyberspace_Policy_Review_final.pdf  &#039;&#039;Web&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=White_House:2009A&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
==Key Words== &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Selection from the Executive Summary:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The Nation is at a crossroads. The globally-interconnected digital information and communications infrastructure known as “cyberspace”underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety, and national security. This technology has transformed the global economy and connected people in ways never imagined. Yet, cybersecurity risks pose some of the most serious economic and national security challenges of the 21st Century. The digital infrastructure’s architecture was driven more by considerations of interoperability and efficiency than of security. Consequently, a growing array of state and non-state actors are compromising, stealing, changing, or destroying information and could cause critical disruptions to U.S. systems. At the same time, traditional telecommunications and Internet networks continue to converge, and other infrastructure sectors are adopting the Internet as a primary means of interconnectivity. The United States faces the dual challenge of maintaining an environment that promotes efficiency, innovation, economic prosperity, and free trade while also promoting safety, security, civil liberties, and privacy rights. It is the fundamental responsibility of our government to address strategic vulnerabilities in cyberspace and ensure that the United States and the world realize the full potential of the information technology revolution.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Synopsis from Ascension Risk Management [http://www.ascensionriskmanagement.com/], a risk management consulting firm specializing in Infosec:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
“The nation’s approach to cybersecurity over the past 15 years has failed to keep pace with the threat.  We need to demonstrate abroad and at home that the United States takes cybersecurity related issues, policies, and activities seriously.  This requires White House leadership that draws upon the strength, advice, and ideas of the entire Nation.” ~ A quote from the Executive Summary &lt;br /&gt;
&lt;br /&gt;
The report declares that cybersecurity risks rank up there with the most important economic and national security challenges of the 21st Century.  In order to meet this challenge the report declares that: “It is the fundamental responsibility of our government to address strategic vulnerabilities in cyberspace and ensure that the United States and the world realize the full potential of the information technology revolution” (from the Executive Summary). &lt;br /&gt;
&lt;br /&gt;
To support this declaration the report mentions a few malicious activities have already disrupted critical infrastructure elements in other countries (the disruption of electric power grids); the exploited financial services (any number of data breaches and fraud cases); and the systematic loss of US intellectual property (estimated to have a loss of economic value as high as $1 trillion dollars). In order to address these issues the report breaks down its findings and recommendations into five areas:&lt;br /&gt;
&lt;br /&gt;
*Leading from the top;&lt;br /&gt;
*Building the capacity of a digital nation;&lt;br /&gt;
*Sharing responsibility for cybersecurity;&lt;br /&gt;
*Improving information sharing and incident response; and&lt;br /&gt;
*Building the architecture of the future.&lt;br /&gt;
&lt;br /&gt;
The report calls for the US to be a world leader in addressing the challenges of cyberspace.  In order to realize this goal, leadership must come directly from the White House.  The rationale for this is the fact that within the US government, only the White House has the authority to coordinate the wide array of capabilities and authorities required to respond to cyber incidents.  In order to support and facilitate this authority the report recommends that a cybersecurity policy official be appointed to coordinate the nation&#039;s cybersecurity related policies and activities.  This individual would be part of the National Security Council (NSC).  Additionally it is suggested that this new official should participate in economic, counterterrorism, and science and technology policy discussion in order to provide the cybersecurity perspective; a move that would go a long way to integrate cybersecurity concerns into all sorts of decision making processes.  At a high level, the duties of the cybersecurity policy official would revolve around reviewing laws and policies, proposing new legislation, strengthening federal leadership and accountability for cybersecurity, and increasing the interaction between the federal government and state, local, and tribal leadership with regard to cybersecurity.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Building Capacity for a Digital Nation&amp;quot;&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
In this section, the report likens the cybersecurity challenge to the space race after the Sputnik launch in 1957. The report calls for an emphasis on math and science skills in order to develop a workforce of US citizens to compete on a global level and sustain the leadership role of the United States. In order to meet these challenges the report calls for the need to build public awareness into the nature and risks involved in the use of cyberspace.  In this vein, the report suggests an effort to enhance our education system by integrating cybersecurity into the education curriculum and by promoting scientific, engineering, and market leadership in the IT sector.  The report also calls for the need to expand and train the federal information technology workforce.  The language here seems to indicate a desire to recapture many of the IT positions that have been lost through outsourcing to the private sector.  &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Sharing Responsibility for Cybersecurity&amp;quot;&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
In this section, the report acknowledges the fact that the federal government cannot succeed without engaging the private sector. A national dialogue is needed between the concerns of the private sector and the needs of the public sector. Input from the private sector is sorely needed to craft legislation and regulations to support businesses that prioritize security. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;International Cooperation&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
The report recognizes that international norms are critical to supporting cyberspace and therefore any national cybersecurity strategy needs to foster international cooperation and collaboration.  Some of the items mentioned were the development of uniform technical standards and a standardization of legal practices. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Creating Effective Information Sharing and Incident Response&amp;quot;&#039;&#039;&#039; &lt;br /&gt;
&lt;br /&gt;
The report calls for a nationwide incident response capability to include Federal, State, local and tribal governments working together with the private sector and international allies, given that cyber incidents are likely to affect networks and systems across both the public and private sector.  This section also leverages the Cybersecurity Coordinator named in the &amp;quot;Leadership from the Top&amp;quot; section of the report and calls for the development of a national incident response framework.  This framework would go a long way to avoid the confusion surrounding roles, responsibilities and authority that always comes up when multiple departments and agencies respond to an incident. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Encouraging Innovation&amp;quot;&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The report acknowledges that there has been a convergence of technologies where data, voice, and video are now sharing a common infrastructure.  This decentralizes the nature of the technology and allows for innovation.  It also presents a common vulnerability -- namely the susceptibility of the common infrastructure to disruption.  Understandably there are huge national security implications surrounding the vulnerability of this common infrastructure. The report calls for the government to find ways to incentivize the market to innovate and make more secure products.  It even hints that legal changes in the form of liability considerations could be in the works for companies that come on board.  Conversely increased liability consequences would exist for those who have poor security. &lt;br /&gt;
&lt;br /&gt;
The report then calls for an increase in the research and development efforts of the federal government that would focus on “game-changing” technologies in the effort to enhance the United States’ competitiveness.  These efforts would be in conjunction with industry and academia in order to avoid duplication and leverage complementary capabilities. &lt;br /&gt;
&lt;br /&gt;
Another suggestion put forth is the establishment of some sort of federal level identity management system.  There are many pros and cons to this option.  The report acknowledges that people may be uncomfortable with this idea and in what I read to be a preemptive move calls for cooperation with the civil liberties and privacy communities. &lt;br /&gt;
 &lt;br /&gt;
The report concludes with two forms of action plans, a near-term plan and a mid-term plan. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;The Near-Term Plan:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*1 Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities; establish a strong NSC directorate, under the direction of the cybersecurity policy official dual-hatted to the NSC and the NEC, to coordinate interagency development of cybersecurity-related strategy and policy.&lt;br /&gt;
*2 Prepare for the President’s approval an updated national strategy to secure the information and communications infrastructure. This strategy should include continued evaluation of CNCI activities and, where appropriate, build on its successes.&lt;br /&gt;
*3 Designate cybersecurity as one of the President’s key management priorities and establish performance metrics.&lt;br /&gt;
*4 Designate a privacy and civil liberties official to the NSC cybersecurity directorate.&lt;br /&gt;
*5 Convene appropriate interagency mechanisms to conduct interagency-cleared legal analyses of priority cybersecurity-related issues identified during the policy-development process and formulate coherent unified policy guidance that clarifies roles, responsibilities, and the application of agency authorities for cybersecurity-related activities across the Federal government.&lt;br /&gt;
*6 Initiate a national public awareness and education campaign to promote cybersecurity.&lt;br /&gt;
*7 Develop U.S. Government positions for an international cybersecurity policy framework and strengthen our international partnerships to create initiatives that address the full range of activities, policies, and opportunities associated with cybersecurity.&lt;br /&gt;
*8 Prepare a cybersecurity incident response plan; initiate a dialog to enhance public-private partnerships with an eye toward streamlining, aligning, and providing resources to optimize their contribution and engagement&lt;br /&gt;
*9 In collaboration with other EOP entities, develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure; provide the research community access to event data to facilitate developing tools, testing theories, and identifying workable solutions.&lt;br /&gt;
*10 Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.  &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;The Mid-Term Plan&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*1 Improve the process for resolution of interagency disagreements regarding interpretations of law and application of policy and authorities for cyber operations.&lt;br /&gt;
*2 Use the OMB program assessment framework to ensure departments and agencies use performance-based budgeting in pursuing cybersecurity goals.&lt;br /&gt;
*3 Expand support for key education programs and research and development to ensure the Nation’s continued ability to compete in the information age economy.&lt;br /&gt;
*4 Develop a strategy to expand and train the workforce, including attracting and retaining cybersecurity expertise in the Federal government.&lt;br /&gt;
*5 Determine the most efficient and effective mechanism to obtain strategic warning, maintain situational awareness, and inform incident response capabilities.&lt;br /&gt;
*6 Develop a set of threat scenarios and metrics that can be used for risk management decisions, recovery planning, and prioritization of R&amp;amp;D.&lt;br /&gt;
*7 Develop a process between the government and the private sector to assist in preventing, detecting, and responding to cyber incidents.&lt;br /&gt;
*8 Develop mechanisms for cybersecurity-related information sharing that address concerns about privacy and proprietary information and make information sharing mutually beneficial.&lt;br /&gt;
*9 Develop solutions for emergency communications capabilities during a time of natural disaster, crisis, or conflict while ensuring network neutrality.&lt;br /&gt;
*10 Expand sharing of information about network incidents and vulnerabilities with key allies and seek bilateral and multilateral arrangements that will improve economic and security interests while protecting civil liberties and privacy rights.&lt;br /&gt;
*11 Encourage collaboration between academic and industrial laboratories to develop migration paths and incentives for the rapid adoption of research and technology development innovations.&lt;br /&gt;
*12 Use the infrastructure objectives and the research and development framework to define goals for national and international standards bodies.&lt;br /&gt;
*13 Implement, for high-value activities (e.g., the Smart Grid), an opt-in array of interoperable identity management systems to build trust for online transactions and to enhance privacy.&lt;br /&gt;
*14 Refine government procurement strategies and improve the market incentives for secure and resilient hardware and software products, new security innovation, and secure managed services.&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
&lt;br /&gt;
[http://global.bsa.org/cybersecuritydashboard/ Cyberspace Policy Review Dashboard]&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Cyberspace_Policy_Review&amp;diff=5047</id>
		<title>Cyberspace Policy Review</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Cyberspace_Policy_Review&amp;diff=5047"/>
		<updated>2010-07-30T16:16:26Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Synopsis */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
National Cyber Defense Financial Services Workshop Report&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Executive Office of the President of The U.S.  &#039;&#039;Cyberspace Policy Review. Assuring a Trusted and Resilient Information and Communications Infrastructure&#039;&#039; (2009).  [http://www.cyber.st.dhs.gov/docs/Cyberspace_Policy_Review_final.pdf  &#039;&#039;Web&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=White_House:2009A&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
==Key Words== &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Selection from the Executive Summary:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The Nation is at a crossroads. The globally-interconnected digital information and communications infrastructure known as “cyberspace”underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety, and national security. This technology has transformed the global economy and connected people in ways never imagined. Yet, cybersecurity risks pose some of the most serious economic and national security challenges of the 21st Century. The digital infrastructure’s architecture was driven more by considerations of interoperability and efficiency than of security. Consequently, a growing array of state and non-state actors are compromising, stealing, changing, or destroying information and could cause critical disruptions to U.S. systems. At the same time, traditional telecommunications and Internet networks continue to converge, and other infrastructure sectors are adopting the Internet as a primary means of interconnectivity. The United States faces the dual challenge of maintaining an environment that promotes efficiency, innovation, economic prosperity, and free trade while also promoting safety, security, civil liberties, and privacy rights. It is the fundamental responsibility of our government to address strategic vulnerabilities in cyberspace and ensure that the United States and the world realize the full potential of the information technology revolution.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Synopsis from Ascension Risk Management [http://www.ascensionriskmanagement.com/], a risk management consulting firm specializing in Infosec:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
“The nation’s approach to cybersecurity over the past 15 years has failed to keep pace with the threat.  We need to demonstrate abroad and at home that the United States takes cybersecurity related issues, policies, and activities seriously.  This requires White House leadership that draws upon the strength, advice, and ideas of the entire Nation.” ~ A quote from the Executive Summary &lt;br /&gt;
&lt;br /&gt;
The report declares that cybersecurity risks rank up there with the most important economic and national security challenges of the 21st Century.  In order to meet this challenge the report declares that: “It is the fundamental responsibility of our government to address strategic vulnerabilities in cyberspace and ensure that the United States and the world realize the full potential of the information technology revolution” (from the Executive Summary). &lt;br /&gt;
&lt;br /&gt;
To support this declaration the report mentions a few malicious activities have already disrupted critical infrastructure elements in other countries (the disruption of electric power grids); the exploited financial services (any number of data breaches and fraud cases); and the systematic loss of US intellectual property (estimated to have a loss of economic value as high as $1 trillion dollars). In order to address these issues the report breaks down its findings and recommendations into five areas:&lt;br /&gt;
&lt;br /&gt;
*Leading from the top;&lt;br /&gt;
*Building the capacity of a digital nation;&lt;br /&gt;
*Sharing responsibility for cybersecurity;&lt;br /&gt;
*Improving information sharing and incident response; and&lt;br /&gt;
*Building the architecture of the future.&lt;br /&gt;
&lt;br /&gt;
The report calls for the US to be a world leader in addressing the challenges of cyberspace.  In order to realize this goal, leadership must come directly from the White House.  The rationale for this is the fact that within the US government, only the White House has the authority to coordinate the wide array of capabilities and authorities required to respond to cyber incidents.  In order to support and facilitate this authority the report recommends that a cybersecurity policy official be appointed to coordinate the nation&#039;s cybersecurity related policies and activities.  This individual would be part of the National Security Council (NSC).  Additionally it is suggested that this new official should participate in economic, counterterrorism, and science and technology policy discussion in order to provide the cybersecurity perspective; a move that would go a long way to integrate cybersecurity concerns into all sorts of decision making processes.  At a high level, the duties of the cybersecurity policy official would revolve around reviewing laws and policies, proposing new legislation, strengthening federal leadership and accountability for cybersecurity, and increasing the interaction between the federal government and state, local, and tribal leadership with regard to cybersecurity.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Building Capacity for a Digital Nation&amp;quot;&#039;&#039;&#039; &lt;br /&gt;
In this section, the report likens the cybersecurity challenge to the space race after the Sputnik launch in 1957. The report calls for an emphasis on math and science skills in order to develop a workforce of US citizens to compete on a global level and sustain the leadership role of the United States. In order to meet these challenges the report calls for the need to build public awareness into the nature and risks involved in the use of cyberspace.  In this vein, the report suggests an effort to enhance our education system by integrating cybersecurity into the education curriculum and by promoting scientific, engineering, and market leadership in the IT sector.  The report also calls for the need to expand and train the federal information technology workforce.  The language here seems to indicate a desire to recapture many of the IT positions that have been lost through outsourcing to the private sector.  &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Sharing Responsibility for Cybersecurity&amp;quot;&#039;&#039;&#039; &lt;br /&gt;
In this section, the report acknowledges the fact that the federal government cannot succeed without engaging the private sector. A national dialogue is needed between the concerns of the private sector and the needs of the public sector. Input from the private sector is sorely needed to craft legislation and regulations to support businesses that prioritize security. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;International Cooperation&#039;&#039;&#039; &lt;br /&gt;
The report recognizes that international norms are critical to supporting cyberspace and therefore any national cybersecurity strategy needs to foster international cooperation and collaboration.  Some of the items mentioned were the development of uniform technical standards and a standardization of legal practices. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Creating Effective Information Sharing and Incident Response&amp;quot;&#039;&#039;&#039; &lt;br /&gt;
The report calls for a nationwide incident response capability to include Federal, State, local and tribal governments working together with the private sector and international allies, given that cyber incidents are likely to affect networks and systems across both the public and private sector.  This section also leverages the Cybersecurity Coordinator named in the &amp;quot;Leadership from the Top&amp;quot; section of the report and calls for the development of a national incident response framework.  This framework would go a long way to avoid the confusion surrounding roles, responsibilities and authority that always comes up when multiple departments and agencies respond to an incident. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Encouraging Innovation&amp;quot;&#039;&#039;&#039;&lt;br /&gt;
The report acknowledges that there has been a convergence of technologies where data, voice, and video are now sharing a common infrastructure.  This decentralizes the nature of the technology and allows for innovation.  It also presents a common vulnerability -- namely the susceptibility of the common infrastructure to disruption.  Understandably there are huge national security implications surrounding the vulnerability of this common infrastructure. The report calls for the government to find ways to incentivize the market to innovate and make more secure products.  It even hints that legal changes in the form of liability considerations could be in the works for companies that come on board.  Conversely increased liability consequences would exist for those who have poor security. &lt;br /&gt;
&lt;br /&gt;
The report then calls for an increase in the research and development efforts of the federal government that would focus on “game-changing” technologies in the effort to enhance the United States’ competitiveness.  These efforts would be in conjunction with industry and academia in order to avoid duplication and leverage complementary capabilities. &lt;br /&gt;
&lt;br /&gt;
Another suggestion put forth is the establishment of some sort of federal level identity management system.  There are many pros and cons to this option.  The report acknowledges that people may be uncomfortable with this idea and in what I read to be a preemptive move calls for cooperation with the civil liberties and privacy communities. &lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
The report concludes with two forms of action plans, a near-term plan and a mid-term plan. &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;The Near-Term Plan:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*1 Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities; establish a strong NSC directorate, under the direction of the cybersecurity policy official dual-hatted to the NSC and the NEC, to coordinate interagency development of cybersecurity-related strategy and policy.&lt;br /&gt;
*2 Prepare for the President’s approval an updated national strategy to secure the information and communications infrastructure. This strategy should include continued evaluation of CNCI activities and, where appropriate, build on its successes.&lt;br /&gt;
*3 Designate cybersecurity as one of the President’s key management priorities and establish performance metrics.&lt;br /&gt;
*4 Designate a privacy and civil liberties official to the NSC cybersecurity directorate.&lt;br /&gt;
*5 Convene appropriate interagency mechanisms to conduct interagency-cleared legal analyses of priority cybersecurity-related issues identified during the policy-development process and formulate coherent unified policy guidance that clarifies roles, responsibilities, and the application of agency authorities for cybersecurity-related activities across the Federal government.&lt;br /&gt;
*6 Initiate a national public awareness and education campaign to promote cybersecurity.&lt;br /&gt;
*7 Develop U.S. Government positions for an international cybersecurity policy framework and strengthen our international partnerships to create initiatives that address the full range of activities, policies, and opportunities associated with cybersecurity.&lt;br /&gt;
*8 Prepare a cybersecurity incident response plan; initiate a dialog to enhance public-private partnerships with an eye toward streamlining, aligning, and providing resources to optimize their contribution and engagement&lt;br /&gt;
*9 In collaboration with other EOP entities, develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure; provide the research community access to event data to facilitate developing tools, testing theories, and identifying workable solutions.&lt;br /&gt;
*10 Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.  &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;The Mid-Term Plan&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*1 Improve the process for resolution of interagency disagreements regarding interpretations of law and application of policy and authorities for cyber operations.&lt;br /&gt;
*2 Use the OMB program assessment framework to ensure departments and agencies use performance-based budgeting in pursuing cybersecurity goals.&lt;br /&gt;
*3 Expand support for key education programs and research and development to ensure the Nation’s continued ability to compete in the information age economy.&lt;br /&gt;
*4 Develop a strategy to expand and train the workforce, including attracting and retaining cybersecurity expertise in the Federal government.&lt;br /&gt;
*5 Determine the most efficient and effective mechanism to obtain strategic warning, maintain situational awareness, and inform incident response capabilities.&lt;br /&gt;
*6 Develop a set of threat scenarios and metrics that can be used for risk management decisions, recovery planning, and prioritization of R&amp;amp;D.&lt;br /&gt;
*7 Develop a process between the government and the private sector to assist in preventing, detecting, and responding to cyber incidents.&lt;br /&gt;
*8 Develop mechanisms for cybersecurity-related information sharing that address concerns about privacy and proprietary information and make information sharing mutually beneficial.&lt;br /&gt;
*9 Develop solutions for emergency communications capabilities during a time of natural disaster, crisis, or conflict while ensuring network neutrality.&lt;br /&gt;
*10 Expand sharing of information about network incidents and vulnerabilities with key allies and seek bilateral and multilateral arrangements that will improve economic and security interests while protecting civil liberties and privacy rights.&lt;br /&gt;
*11 Encourage collaboration between academic and industrial laboratories to develop migration paths and incentives for the rapid adoption of research and technology development innovations.&lt;br /&gt;
*12 Use the infrastructure objectives and the research and development framework to define goals for national and international standards bodies.&lt;br /&gt;
*13 Implement, for high-value activities (e.g., the Smart Grid), an opt-in array of interoperable identity management systems to build trust for online transactions and to enhance privacy.&lt;br /&gt;
*14 Refine government procurement strategies and improve the market incentives for secure and resilient hardware and software products, new security innovation, and secure managed services.&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
&lt;br /&gt;
[http://global.bsa.org/cybersecuritydashboard/ Cyberspace Policy Review Dashboard]&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Cyberspace_Policy_Review&amp;diff=5046</id>
		<title>Cyberspace Policy Review</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Cyberspace_Policy_Review&amp;diff=5046"/>
		<updated>2010-07-30T16:15:58Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Synopsis */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
National Cyber Defense Financial Services Workshop Report&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Executive Office of the President of The U.S.  &#039;&#039;Cyberspace Policy Review. Assuring a Trusted and Resilient Information and Communications Infrastructure&#039;&#039; (2009).  [http://www.cyber.st.dhs.gov/docs/Cyberspace_Policy_Review_final.pdf  &#039;&#039;Web&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=White_House:2009A&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
==Key Words== &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Selection from the Executive Summary:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The Nation is at a crossroads. The globally-interconnected digital information and communications infrastructure known as “cyberspace”underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety, and national security. This technology has transformed the global economy and connected people in ways never imagined. Yet, cybersecurity risks pose some of the most serious economic and national security challenges of the 21st Century. The digital infrastructure’s architecture was driven more by considerations of interoperability and efficiency than of security. Consequently, a growing array of state and non-state actors are compromising, stealing, changing, or destroying information and could cause critical disruptions to U.S. systems. At the same time, traditional telecommunications and Internet networks continue to converge, and other infrastructure sectors are adopting the Internet as a primary means of interconnectivity. The United States faces the dual challenge of maintaining an environment that promotes efficiency, innovation, economic prosperity, and free trade while also promoting safety, security, civil liberties, and privacy rights. It is the fundamental responsibility of our government to address strategic vulnerabilities in cyberspace and ensure that the United States and the world realize the full potential of the information technology revolution.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Synopsis from Ascension Risk Management [http://www.ascensionriskmanagement.com/], a risk management consulting firm specializing in Infosec:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
“The nation’s approach to cybersecurity over the past 15 years has failed to keep pace with the threat.  We need to demonstrate abroad and at home that the United States takes cybersecurity related issues, policies, and activities seriously.  This requires White House leadership that draws upon the strength, advice, and ideas of the entire Nation.” ~ A quote from the Executive Summary &lt;br /&gt;
&lt;br /&gt;
The report declares that cybersecurity risks rank up there with the most important economic and national security challenges of the 21st Century.  In order to meet this challenge the report declares that: “It is the fundamental responsibility of our government to address strategic vulnerabilities in cyberspace and ensure that the United States and the world realize the full potential of the information technology revolution” (from the Executive Summary). &lt;br /&gt;
&lt;br /&gt;
To support this declaration the report mentions a few malicious activities have already disrupted critical infrastructure elements in other countries (the disruption of electric power grids); the exploited financial services (any number of data breaches and fraud cases); and the systematic loss of US intellectual property (estimated to have a loss of economic value as high as $1 trillion dollars). In order to address these issues the report breaks down its findings and recommendations into five areas:&lt;br /&gt;
&lt;br /&gt;
*Leading from the top;&lt;br /&gt;
*Building the capacity of a digital nation;&lt;br /&gt;
*Sharing responsibility for cybersecurity;&lt;br /&gt;
*Improving information sharing and incident response; and&lt;br /&gt;
*Building the architecture of the future.&lt;br /&gt;
&lt;br /&gt;
The report calls for the US to be a world leader in addressing the challenges of cyberspace.  In order to realize this goal, leadership must come directly from the White House.  The rationale for this is the fact that within the US government, only the White House has the authority to coordinate the wide array of capabilities and authorities required to respond to cyber incidents.  In order to support and facilitate this authority the report recommends that a cybersecurity policy official be appointed to coordinate the nation&#039;s cybersecurity related policies and activities.  This individual would be part of the National Security Council (NSC).  Additionally it is suggested that this new official should participate in economic, counterterrorism, and science and technology policy discussion in order to provide the cybersecurity perspective; a move that would go a long way to integrate cybersecurity concerns into all sorts of decision making processes.  At a high level, the duties of the cybersecurity policy official would revolve around reviewing laws and policies, proposing new legislation, strengthening federal leadership and accountability for cybersecurity, and increasing the interaction between the federal government and state, local, and tribal leadership with regard to cybersecurity.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Building Capacity for a Digital Nation&amp;quot;&#039;&#039;&#039; &lt;br /&gt;
In this section, the report likens the cybersecurity challenge to the space race after the Sputnik launch in 1957. The report calls for an emphasis on math and science skills in order to develop a workforce of US citizens to compete on a global level and sustain the leadership role of the United States. In order to meet these challenges the report calls for the need to build public awareness into the nature and risks involved in the use of cyberspace.  In this vein, the report suggests an effort to enhance our education system by integrating cybersecurity into the education curriculum and by promoting scientific, engineering, and market leadership in the IT sector.  The report also calls for the need to expand and train the federal information technology workforce.  The language here seems to indicate a desire to recapture many of the IT positions that have been lost through outsourcing to the private sector.  &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Sharing Responsibility for Cybersecurity&amp;quot;&#039;&#039;&#039; &lt;br /&gt;
In this section, the report acknowledges the fact that the federal government cannot succeed without engaging the private sector. A national dialogue is needed between the concerns of the private sector and the needs of the public sector. Input from the private sector is sorely needed to craft legislation and regulations to support businesses that prioritize security. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;International Cooperation&#039;&#039;&#039; &lt;br /&gt;
The report recognizes that international norms are critical to supporting cyberspace and therefore any national cybersecurity strategy needs to foster international cooperation and collaboration.  Some of the items mentioned were the development of uniform technical standards and a standardization of legal practices. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Creating Effective Information Sharing and Incident Response&amp;quot;&#039;&#039;&#039; &lt;br /&gt;
The report calls for a nationwide incident response capability to include Federal, State, local and tribal governments working together with the private sector and international allies, given that cyber incidents are likely to affect networks and systems across both the public and private sector.  This section also leverages the Cybersecurity Coordinator named in the &amp;quot;Leadership from the Top&amp;quot; section of the report and calls for the development of a national incident response framework.  This framework would go a long way to avoid the confusion surrounding roles, responsibilities and authority that always comes up when multiple departments and agencies respond to an incident. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&amp;quot;Encouraging Innovation&amp;quot;&#039;&#039;&#039;&lt;br /&gt;
The report acknowledges that there has been a convergence of technologies where data, voice, and video are now sharing a common infrastructure.  This decentralizes the nature of the technology and allows for innovation.  It also presents a common vulnerability -- namely the susceptibility of the common infrastructure to disruption.  Understandably there are huge national security implications surrounding the vulnerability of this common infrastructure. The report calls for the government to find ways to incentivize the market to innovate and make more secure products.  It even hints that legal changes in the form of liability considerations could be in the works for companies that come on board.  Conversely increased liability consequences would exist for those who have poor security. &lt;br /&gt;
&lt;br /&gt;
The report then calls for an increase in the research and development efforts of the federal government that would focus on “game-changing” technologies in the effort to enhance the United States’ competitiveness.  These efforts would be in conjunction with industry and academia in order to avoid duplication and leverage complementary capabilities. &lt;br /&gt;
&lt;br /&gt;
Another suggestion put forth is the establishment of some sort of federal level identity management system.  There are many pros and cons to this option.  The report acknowledges that people may be uncomfortable with this idea and in what I read to be a preemptive move calls for cooperation with the civil liberties and privacy communities. &lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
The report concludes with two forms of action plans, a near-term plan and a mid-term plan. &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;The Near-Term Plan:&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
 &lt;br /&gt;
&lt;br /&gt;
*1 Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities; establish a strong NSC directorate, under the direction of the cybersecurity policy official dual-hatted to the NSC and the NEC, to coordinate interagency development of cybersecurity-related strategy and policy.&lt;br /&gt;
*2 Prepare for the President’s approval an updated national strategy to secure the information and communications infrastructure. This strategy should include continued evaluation of CNCI activities and, where appropriate, build on its successes.&lt;br /&gt;
*3 Designate cybersecurity as one of the President’s key management priorities and establish performance metrics.&lt;br /&gt;
*4 Designate a privacy and civil liberties official to the NSC cybersecurity directorate.&lt;br /&gt;
*5 Convene appropriate interagency mechanisms to conduct interagency-cleared legal analyses of priority cybersecurity-related issues identified during the policy-development process and formulate coherent unified policy guidance that clarifies roles, responsibilities, and the application of agency authorities for cybersecurity-related activities across the Federal government.&lt;br /&gt;
*6 Initiate a national public awareness and education campaign to promote cybersecurity.&lt;br /&gt;
*7 Develop U.S. Government positions for an international cybersecurity policy framework and strengthen our international partnerships to create initiatives that address the full range of activities, policies, and opportunities associated with cybersecurity.&lt;br /&gt;
*8 Prepare a cybersecurity incident response plan; initiate a dialog to enhance public-private partnerships with an eye toward streamlining, aligning, and providing resources to optimize their contribution and engagement&lt;br /&gt;
*9 In collaboration with other EOP entities, develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure; provide the research community access to event data to facilitate developing tools, testing theories, and identifying workable solutions.&lt;br /&gt;
*10 Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.  &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;The Mid-Term Plan&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
*1 Improve the process for resolution of interagency disagreements regarding interpretations of law and application of policy and authorities for cyber operations.&lt;br /&gt;
*2 Use the OMB program assessment framework to ensure departments and agencies use performance-based budgeting in pursuing cybersecurity goals.&lt;br /&gt;
*3 Expand support for key education programs and research and development to ensure the Nation’s continued ability to compete in the information age economy.&lt;br /&gt;
*4 Develop a strategy to expand and train the workforce, including attracting and retaining cybersecurity expertise in the Federal government.&lt;br /&gt;
*5 Determine the most efficient and effective mechanism to obtain strategic warning, maintain situational awareness, and inform incident response capabilities.&lt;br /&gt;
*6 Develop a set of threat scenarios and metrics that can be used for risk management decisions, recovery planning, and prioritization of R&amp;amp;D.&lt;br /&gt;
*7 Develop a process between the government and the private sector to assist in preventing, detecting, and responding to cyber incidents.&lt;br /&gt;
*8 Develop mechanisms for cybersecurity-related information sharing that address concerns about privacy and proprietary information and make information sharing mutually beneficial.&lt;br /&gt;
*9 Develop solutions for emergency communications capabilities during a time of natural disaster, crisis, or conflict while ensuring network neutrality.&lt;br /&gt;
*10 Expand sharing of information about network incidents and vulnerabilities with key allies and seek bilateral and multilateral arrangements that will improve economic and security interests while protecting civil liberties and privacy rights.&lt;br /&gt;
*11 Encourage collaboration between academic and industrial laboratories to develop migration paths and incentives for the rapid adoption of research and technology development innovations.&lt;br /&gt;
*12 Use the infrastructure objectives and the research and development framework to define goals for national and international standards bodies.&lt;br /&gt;
*13 Implement, for high-value activities (e.g., the Smart Grid), an opt-in array of interoperable identity management systems to build trust for online transactions and to enhance privacy.&lt;br /&gt;
*14 Refine government procurement strategies and improve the market incentives for secure and resilient hardware and software products, new security innovation, and secure managed services.&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
&lt;br /&gt;
[http://global.bsa.org/cybersecuritydashboard/ Cyberspace Policy Review Dashboard]&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Cyberspace_Policy_Review&amp;diff=5045</id>
		<title>Cyberspace Policy Review</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Cyberspace_Policy_Review&amp;diff=5045"/>
		<updated>2010-07-30T15:35:00Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Additional Notes and Highlights */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
National Cyber Defense Financial Services Workshop Report&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Executive Office of the President of The U.S.  &#039;&#039;Cyberspace Policy Review. Assuring a Trusted and Resilient Information and Communications Infrastructure&#039;&#039; (2009).  [http://www.cyber.st.dhs.gov/docs/Cyberspace_Policy_Review_final.pdf  &#039;&#039;Web&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=White_House:2009A&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
==Key Words== &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
Selection from the Executive Summary:&lt;br /&gt;
The Nation is at a crossroads. The globally-interconnected digital information and communications infrastructure known as “cyberspace”underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety, and national security. This technology has transformed the global economy and connected people in ways never imagined. Yet, cybersecurity risks pose some of the most serious economic and national security challenges of the 21st Century. The digital infrastructure’s architecture was driven more by considerations of interoperability and efficiency than of security. Consequently, a growing array of state and non-state actors are compromising, stealing, changing, or destroying information and could cause critical disruptions&lt;br /&gt;
to U.S. systems. At the same time, traditional telecommunications and Internet networks continue to converge, and other infrastructure sectors are adopting the Internet as a primary means of interconnectivity. The United States faces the dual challenge of maintaining an environment that promotes efficiency, innovation, economic prosperity, and free trade while also promoting safety, security, civil liberties, and privacy rights. It is the fundamental responsibility of our government to address strategic vulnerabilities in cyberspace and ensure that the United States and the world realize the full potential of the information technology revolution.&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
&lt;br /&gt;
[http://global.bsa.org/cybersecuritydashboard/ Cyberspace Policy Review Dashboard]&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Cyberspace_Policy_Review&amp;diff=5044</id>
		<title>Cyberspace Policy Review</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Cyberspace_Policy_Review&amp;diff=5044"/>
		<updated>2010-07-30T15:34:39Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
National Cyber Defense Financial Services Workshop Report&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Executive Office of the President of The U.S.  &#039;&#039;Cyberspace Policy Review. Assuring a Trusted and Resilient Information and Communications Infrastructure&#039;&#039; (2009).  [http://www.cyber.st.dhs.gov/docs/Cyberspace_Policy_Review_final.pdf  &#039;&#039;Web&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=White_House:2009A&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
==Key Words== &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
Selection from the Executive Summary:&lt;br /&gt;
The Nation is at a crossroads. The globally-interconnected digital information and communications infrastructure known as “cyberspace”underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety, and national security. This technology has transformed the global economy and connected people in ways never imagined. Yet, cybersecurity risks pose some of the most serious economic and national security challenges of the 21st Century. The digital infrastructure’s architecture was driven more by considerations of interoperability and efficiency than of security. Consequently, a growing array of state and non-state actors are compromising, stealing, changing, or destroying information and could cause critical disruptions&lt;br /&gt;
to U.S. systems. At the same time, traditional telecommunications and Internet networks continue to converge, and other infrastructure sectors are adopting the Internet as a primary means of interconnectivity. The United States faces the dual challenge of maintaining an environment that promotes efficiency, innovation, economic prosperity, and free trade while also promoting safety, security, civil liberties, and privacy rights. It is the fundamental responsibility of our government to address strategic vulnerabilities in cyberspace and ensure that the United States and the world realize the full potential of the information technology revolution.&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
&lt;br /&gt;
[http://global.bsa.org/cybersecuritydashboard/ | Cyberspace Policy Review Dashboard]&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Cybersecurity_Annotated_Bibliography&amp;diff=5043</id>
		<title>Cybersecurity Annotated Bibliography</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Cybersecurity_Annotated_Bibliography&amp;diff=5043"/>
		<updated>2010-07-30T15:27:23Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Anderson, Ross (2001) [[Why Information Security is Hard]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross and Moore, Tyler (2006)  [[The Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross, et. al (2008) [[Security Economics and the Internal Market]]&lt;br /&gt;
&lt;br /&gt;
Arora et al. (2006) [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure]]&lt;br /&gt;
&lt;br /&gt;
Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]&lt;br /&gt;
&lt;br /&gt;
Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]] &lt;br /&gt;
&lt;br /&gt;
Beard, Jack M. (2009) [[Law and War in the Virtual Era]] &lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer &#039;&#039;(2005)&#039;&#039; [[Cyber-Insurance Revisited]]&lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer and Kataria, Gaurav &#039;&#039;(2006)&#039;&#039; [[Models and Measures for Correlation in Cyber-Insurance]]&lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer and Schwartz, Galina &#039;&#039;(2010)&#039;&#039; [[Modeling Cyber-Insurance]]&lt;br /&gt;
&lt;br /&gt;
Brown, Davis  (2006) [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]] &lt;br /&gt;
&lt;br /&gt;
Camp, and L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Camp, L. Jean and Wolfram, Catherine  (2004) [[Pricing Security]]&lt;br /&gt;
&lt;br /&gt;
Center for Strategic and International Studies (2008) [[Securing Cyberspace for the 44th Presidency]]&lt;br /&gt;
&lt;br /&gt;
Clarke, Richard A. and Knake, Robert (2010) [[Cyber War]]&lt;br /&gt;
&lt;br /&gt;
Clinton, Larry &#039;&#039;(Undated)&#039;&#039; [[Cyber-Insurance Metrics and Impact on Cyber-Security]]&lt;br /&gt;
&lt;br /&gt;
Computer Economics, Inc. (2007) [[2007 Malware Report]]&lt;br /&gt;
&lt;br /&gt;
Computing Research Association (2003) [[Four Grand Challenges in Trustworthy Computing]]&lt;br /&gt;
&lt;br /&gt;
Department of Commerce (2010) [[Defense Industrial Base Assessment]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2005) [[Strategy for Homeland Defense and Civil Support]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense Office of General Counsel &#039;&#039;(1999)&#039;&#039; [[An Assessment of International Legal Issues in Information Operations]] &lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2009) [[A Roadmap for Cybersecurity Research]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Dörmann, Knut  (2004) [[Applicability of the Additional Protocols to Computer Network Attacks]] &lt;br /&gt;
&lt;br /&gt;
Dunlap, Charles J. Jr. &#039;&#039;(2009)&#039;&#039; [[Towards a Cyberspace Legal Regime in the Twenty-First Century]] &lt;br /&gt;
&lt;br /&gt;
Energetics Inc. (2006) [[Roadmap to Secure Control Systems in the Energy Sector]]&lt;br /&gt;
&lt;br /&gt;
Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]&lt;br /&gt;
&lt;br /&gt;
Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]&lt;br /&gt;
&lt;br /&gt;
Franklin, Jason, et. al (2007) [[An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants]]&lt;br /&gt;
&lt;br /&gt;
Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark and Parisi, Francesco (&#039;&#039;2006&#039;&#039;) [[The Law and Economics of Cybersecurity: An Introduction]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Granick, Jennifer Stisa (2005) [[The Price of Restricting Vulnerability Publications]]&lt;br /&gt;
&lt;br /&gt;
Hollis, Duncan B. (2007) [[Why States Need an International Law for Information Operations]] &lt;br /&gt;
&lt;br /&gt;
Institute for Information Infrastructure Protection (2003) [[Cyber Security Research and Development Agenda]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]&lt;br /&gt;
&lt;br /&gt;
Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]&lt;br /&gt;
&lt;br /&gt;
Korns, Stephen W.  (2009) [[Cyber Operations]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2006) [[Much Ado About Notification]]&lt;br /&gt;
&lt;br /&gt;
McAfee, Inc. (2010) [[McAfee Threats Report]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2007) [[Examining the Impact of Website Take-down on Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2009)  [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force &#039;&#039;(2004)&#039;&#039; [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
National Infrastructure Advisory Council &#039;&#039;(2004)&#039;&#039; [[Hardening The Internet]]&lt;br /&gt;
&lt;br /&gt;
National Institute of Standards and Technology &#039;&#039;(2006)&#039;&#039; [[SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Science and Technology Council &#039;&#039;(2006)&#039;&#039; [[Federal Plan for Cyber Security and Information Assurance Research and Development]]&lt;br /&gt;
&lt;br /&gt;
Networking and Information Technology Research and Development &#039;&#039;(2009)&#039;&#039; [[National Cyber Leap Year Summit 2009, Co-Chairs&#039; Report]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin &#039;&#039;(2005)&#039;&#039; [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
President&#039;s Commission on Critical Infrastructure Protection &#039;&#039;(1997)&#039;&#039; [[Critical Foundations]]&lt;br /&gt;
&lt;br /&gt;
President&#039;s Information Technology Advisory Council &#039;&#039;(2005)&#039;&#039; [[Cyber Security: A Crisis of Prioritization]]&lt;br /&gt;
&lt;br /&gt;
Romanosky et al. (&#039;&#039;2008&#039;&#039;) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]&lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N., et. al (2004) [[Computers and War]] &lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N. (1999) [[Computer Network Attack and the Use of Force in International Law]] &lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N. (2002) [[Wired Warfare]] &lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2008) [[Schneier on Security]]&lt;br /&gt;
&lt;br /&gt;
Schwartz, Paul and Janger, Edward (2007) [[Notification of Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Sklerov, Matthew J. (2009) [[Solving the Dilemma of State Responses to Cyberattacks]] &lt;br /&gt;
&lt;br /&gt;
Stohl, Michael (2006) [[Cyber Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2004) [[A Model for When Disclosure Helps Security]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2006) [[A Theory of Disclosure for Security and Competitive Reasons]]&lt;br /&gt;
&lt;br /&gt;
Symantec Corporation (2010) [[Symantec Global Internet Security Threat Report]]&lt;br /&gt;
&lt;br /&gt;
Telang, Rahul and Wattal, Sunil (&#039;&#039;2007&#039;&#039;) [[Impact of Software Vulnerability Announcements on the Market Value of Software Vendors]]&lt;br /&gt;
&lt;br /&gt;
Thomas, Rob and Martin, Jerry (2006) [[The Underground Economy]]&lt;br /&gt;
&lt;br /&gt;
Todd, Graham H. (2009) [[Armed Attack in Cyberspace]] &lt;br /&gt;
&lt;br /&gt;
Trend Micro Incorporated (2010) [[Trend Micro Annual Report]]&lt;br /&gt;
&lt;br /&gt;
United States Secret Service (2004) [[Insider Threat Study]]&lt;br /&gt;
&lt;br /&gt;
van Eeten, Michel J. G. and  Bauer, Johannes M. (2008) [[Economics of Malware]]&lt;br /&gt;
&lt;br /&gt;
Varian, Hal (2000) [[Managing Online Security Risks]]&lt;br /&gt;
&lt;br /&gt;
Varian, Hal (2004) [[System Reliability and Free Riding]]&lt;br /&gt;
&lt;br /&gt;
Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2003)&#039;&#039; [[The National Strategy to Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2009)&#039;&#039; [[Cyberspace Policy Review]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2010)&#039;&#039; [[The Comprehensive National Cybersecurity Initiative]]&lt;br /&gt;
&lt;br /&gt;
Zittrain, Jonathan L. (2008) [[The Future of the Internet and How To Stop It]]&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Keyword_Index_and_Glossary_of_Core_Ideas&amp;diff=5010</id>
		<title>Keyword Index and Glossary of Core Ideas</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Keyword_Index_and_Glossary_of_Core_Ideas&amp;diff=5010"/>
		<updated>2010-07-29T16:28:05Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Software Vulnerability */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Keyword Index and Glossary of Core Ideas==&lt;br /&gt;
&lt;br /&gt;
===Air-Gapped Network===&lt;br /&gt;
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.  &lt;br /&gt;
&lt;br /&gt;
See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Antivirus===&lt;br /&gt;
Software which attempts to identify and delete or isolate [[#Malware |malware]].  Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware.  Usually run as a background service to scan files and email copied to the protected system.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Best Practices===&lt;br /&gt;
&lt;br /&gt;
The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization&#039;s performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]&lt;br /&gt;
&lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
&lt;br /&gt;
===Black Hat===&lt;br /&gt;
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).&lt;br /&gt;
&lt;br /&gt;
See also: [[#White_Hat | White Hat]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Blacklist===&lt;br /&gt;
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Whitelist | Whitelist]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Botnet===&lt;br /&gt;
A portmanteau of &amp;quot;robot&amp;quot; and &amp;quot;network.&amp;quot;  Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors.  A single infected computer may be referred to as a zombie computer.  The owners of the computer remotely controlled is often unaware of the infection.  The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]] &lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Estonia_Three_Years_Later | Shackelford]]&lt;br /&gt;
* [[Schneier_on_Security | Schneier]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===&#039;&#039;Casus Belli&#039;&#039;===&lt;br /&gt;
The justification for going to war.  From the Latin &amp;quot;&#039;&#039;casus&#039;&#039;&amp;quot; meaning &amp;quot;incident&amp;quot; or &amp;quot;event&amp;quot; and &amp;quot;&#039;&#039;belli&#039;&#039;&amp;quot; meaning &amp;quot;of war.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Government_and_Cybersecurity | Bellovin]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Civilian Participation===&lt;br /&gt;
The involvement of non-military persons in warfare.  While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents.    This raises complicated questions of law when the combatants are not uniformed military personnel. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Combatant Status===&lt;br /&gt;
The legal status of combatants in warfare.  Existing law distinguishes between uniformed military and civilian status.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Computer Emergency Response Team===&lt;br /&gt;
A group of experts brought together to deal with computer security issues.  The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008).  CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Computer Network Attack===&lt;br /&gt;
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf  Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]] &lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Communications Privacy Law===&lt;br /&gt;
Laws which regulate access to electronic communications.  In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===COTS Software===&lt;br /&gt;
Commercial Off The Shelf Software.  Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Credit Card Fraud===&lt;br /&gt;
Theft of goods or services using false or stolen credit card information.&lt;br /&gt;
&lt;br /&gt;
See Also: [[#Shoulder_Surfing | Shoulder Surfing]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Insider_Threat_Study | U.S. Secret Service]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Crimeware===&lt;br /&gt;
Software tools designed to aid criminals in perpetrating online crime.  Refers only to programs not generally considered desirable or usable for ordinary tasks.  Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[2007_Malware_Report  |Computer Economics]]&lt;br /&gt;
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Crime===&lt;br /&gt;
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer.  Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
* [[Insider_Threat_Study | U.S. Secret Service]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Security as an Externality===&lt;br /&gt;
Economists define externalities as instances where an individual or firm’s actions have &lt;br /&gt;
economic consequences for others for which there is no compensation. One important &lt;br /&gt;
distinction is between positive and negative externalities. Instances of the latter are most &lt;br /&gt;
commonly discussed, such as the environmental pollution caused by a plant, which may &lt;br /&gt;
have impacts on the value of neighboring homes. Important examples of positive &lt;br /&gt;
externalities are so common in communications networks that there is a class of &amp;quot;network &lt;br /&gt;
externalities. For instance, the simple act of installing telephone service to one additional &lt;br /&gt;
customer creates positive externalities on everyone on the telephone network because &lt;br /&gt;
they can now each reach one additional person.&lt;br /&gt;
Several attributes of computer security suggest that it is an externality. Most importantly, &lt;br /&gt;
the lack of security on one machine can cause adverse effects on another. The most &lt;br /&gt;
obvious example of this is from electronic commerce, where credit card numbers stolen &lt;br /&gt;
from machines lacking security are used to commit fraud at other sites.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Security as a Public Good===&lt;br /&gt;
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Terrorism===&lt;br /&gt;
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&amp;amp;wit_id=2995 FBI]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]&lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Warfare===&lt;br /&gt;
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Global_Cyber_Deterrence | Lan]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]] &lt;br /&gt;
* [[Estonia_Three_Years_Later | Shackelford]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Data Mining===&lt;br /&gt;
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Department of Homeland Security===&lt;br /&gt;
Cabinet level department of the United States assigned, &#039;&#039;inter alia&#039;&#039;, the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===DDoS Attack===&lt;br /&gt;
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests.  Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously.  The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Digital Pearl Harbor===&lt;br /&gt;
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor.  The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Disclosure Policy===&lt;br /&gt;
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
* [[Insider_Threat_Study | U.S. Secret Service]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Distributed Denial of Service (DDoS)===&lt;br /&gt;
See: [[#DDoS_Attack | DDoS Attack]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Dumpster Diving===&lt;br /&gt;
A method of obtaining  proprietary, confidential or useful information by searching through trash discarded by a target.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Einstein===&lt;br /&gt;
The operational name of the National Cybersecurity Protection System (NCPS).  Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected &lt;br /&gt;
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===E.U. Cybersecurity===&lt;br /&gt;
Discussions relating to cybersecurity of the European Union and of European Union states.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Introduction_to_Country_Reports | ENISA]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Generativity===&lt;br /&gt;
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Geneva Conventions===&lt;br /&gt;
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Laws_of_War | Laws of War]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacker===&lt;br /&gt;
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacktivism===&lt;br /&gt;
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development.  [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacktivist===&lt;br /&gt;
A portmanteau of [[#Hacker | &amp;quot;hacker&amp;quot;]] and &amp;quot;activist.&amp;quot; Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Hacktivism | Hacktivism]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Honeypot===&lt;br /&gt;
A computer, network or other information technology resource set as a trap to attract attacks.  Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers.  A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Identity Fraud/Theft===&lt;br /&gt;
The exploitation by malevolent third parties of unwarranted access to clients&#039; or consumers&#039; identities.  Often the result of lax data security or privacy measures.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Information Asymmetries===&lt;br /&gt;
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.&lt;br /&gt;
&lt;br /&gt;
The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Intelligence Infrastructure/Information Infrastructure===&lt;br /&gt;
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nuclear_Security | Aloise]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Information Operations===&lt;br /&gt;
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.&lt;br /&gt;
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Interdependencies===&lt;br /&gt;
The inter-connections between supposedly independent but often interdependent systems.&lt;br /&gt;
&lt;br /&gt;
See also: [[#SCADA_Systems | SCADA Systems]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Cyber-Insurance_Revisited | Bohme]] &lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Cybersecurity_and_Economic_Incentives | OECD]]&lt;br /&gt;
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]] &lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===International Humanitarian Law===&lt;br /&gt;
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict.  International law is the body of rules governing relations between States.  It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles.  [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Internet Relay Chat (IRC)===&lt;br /&gt;
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information.  IRC chatrooms may be open or private.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Internet Service Providers===&lt;br /&gt;
A company that offers access to the Internet.  Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Market_Consequences_of_Cybersecurity | OECD]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Keylogger===&lt;br /&gt;
Software or hardware that monitors and logs the keystrokes a user types into a computer.  The keylogger may store the key sequences locally for later retrieval or send them to a remote location.  A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
=== Kinetic Attack===&lt;br /&gt;
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent&#039;s infrastructure.  Usually used to distinguish a cyber attack in which destruction of the opponent&#039;s resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Lawfare===&lt;br /&gt;
The use of international law to damage an opponent in a war without use of arms.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Laws of War===&lt;br /&gt;
The body of law that define the legality of using armed force to resolve a conflict (&#039;&#039;jus ad bellum&#039;&#039;) and the laws that define the legality of the actual hostilities and related activities (&#039;&#039;jus in bello&#039;&#039;).&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now | Gable]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Malware===&lt;br /&gt;
A variety of computer software designed to infiltrate a user&#039;s computer specifically for malicious purposes.  Includes, &#039;&#039;inter alia&#039;&#039;, computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===National Cybersecurity Strategy (U.S.)===&lt;br /&gt;
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch&#039;s [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative].  The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===National Security===&lt;br /&gt;
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nuclear_Security | Aloise]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]] &lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===New Normalcy===&lt;br /&gt;
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. [&amp;quot;Cyber Operations - The New Balance,&amp;quot; Stephen W. Korns]&lt;br /&gt;
&lt;br /&gt;
===Notice and Take-down===&lt;br /&gt;
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider&#039;s (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Organized Crime===&lt;br /&gt;
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole.  [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Outreach and Collaboration===&lt;br /&gt;
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Introduction_to_Country_Reports | ENISA]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]&lt;br /&gt;
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Password Weakness===&lt;br /&gt;
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Patching===&lt;br /&gt;
Patching refers to the installation of a piece of software designed to fix problems  with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability  or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Phishing===&lt;br /&gt;
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.&lt;br /&gt;
&lt;br /&gt;
References: &lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Privacy Law===&lt;br /&gt;
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional.  Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Red Team===&lt;br /&gt;
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Research &amp;amp; Development===&lt;br /&gt;
Research and development (R&amp;amp;D) addressing cyber security and information infrastructure protection.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]&lt;br /&gt;
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]&lt;br /&gt;
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Risk Modeling===&lt;br /&gt;
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Managing_Online_Security_Risks | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===SCADA Systems===&lt;br /&gt;
SCADA stands for &amp;quot;supervisory control and data acquisition&amp;quot; and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems.  The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Scareware===&lt;br /&gt;
Software or web site that purports to be security software reporting a threat against a user&#039;s computer to convince the user to purchase unneeded software or install malware.&lt;br /&gt;
&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Script Kiddie===&lt;br /&gt;
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Security Trade-Offs===&lt;br /&gt;
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Shoulder Surfing===&lt;br /&gt;
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Sneakernet===&lt;br /&gt;
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another.  Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Air-Gapped_Network | Air-Gapped Network]]&lt;br /&gt;
&lt;br /&gt;
===Social Engineering===&lt;br /&gt;
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Social Network===&lt;br /&gt;
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Software Vulnerability===&lt;br /&gt;
&lt;br /&gt;
A software vulnerablilty refers to the existence of a flaw -- or &amp;quot;bug&amp;quot; -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[The Price of Restricting Vulnerability Publications | Granick]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
* [[Insider_Threat_Study | U.S. Secret Service]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===SPAM===&lt;br /&gt;
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services.  Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages.  Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.&lt;br /&gt;
&lt;br /&gt;
References: &lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Sponsored Attacks===&lt;br /&gt;
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.&lt;br /&gt;
&lt;br /&gt;
Reverences:&lt;br /&gt;
* [[The_Government_and_Cybersecurity | Bellovin]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===State Affiliation===&lt;br /&gt;
Under the control or command of a recognized state or government.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Tragedy of Commons===&lt;br /&gt;
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone&#039;s long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Transparency===&lt;br /&gt;
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority.  [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Trojan===&lt;br /&gt;
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it.  Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
*[[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Virtual Military Technologies===&lt;br /&gt;
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Virtual Warfare===&lt;br /&gt;
&lt;br /&gt;
See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===White Hat===&lt;br /&gt;
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks.  White hat consultants are often hired to attempt to break into their client&#039;s network to see if all security holes have been addressed.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Black_Hat | Black Hat]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Whitelist===&lt;br /&gt;
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource.  Normally combined with a default &amp;quot;no-access&amp;quot; policy.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Blacklist | Blacklist]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Worm===&lt;br /&gt;
A type of malware that replicates itself and spreads to other computers through network connections.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Zero-Day Exploit===&lt;br /&gt;
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer.  &amp;quot;Zero-day&amp;quot; refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Keyword_Index_and_Glossary_of_Core_Ideas&amp;diff=5009</id>
		<title>Keyword Index and Glossary of Core Ideas</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Keyword_Index_and_Glossary_of_Core_Ideas&amp;diff=5009"/>
		<updated>2010-07-29T16:27:48Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Disclosure Policy */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Keyword Index and Glossary of Core Ideas==&lt;br /&gt;
&lt;br /&gt;
===Air-Gapped Network===&lt;br /&gt;
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.  &lt;br /&gt;
&lt;br /&gt;
See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Antivirus===&lt;br /&gt;
Software which attempts to identify and delete or isolate [[#Malware |malware]].  Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware.  Usually run as a background service to scan files and email copied to the protected system.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Best Practices===&lt;br /&gt;
&lt;br /&gt;
The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization&#039;s performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]&lt;br /&gt;
&lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
&lt;br /&gt;
===Black Hat===&lt;br /&gt;
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).&lt;br /&gt;
&lt;br /&gt;
See also: [[#White_Hat | White Hat]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Blacklist===&lt;br /&gt;
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Whitelist | Whitelist]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Botnet===&lt;br /&gt;
A portmanteau of &amp;quot;robot&amp;quot; and &amp;quot;network.&amp;quot;  Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors.  A single infected computer may be referred to as a zombie computer.  The owners of the computer remotely controlled is often unaware of the infection.  The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]] &lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Estonia_Three_Years_Later | Shackelford]]&lt;br /&gt;
* [[Schneier_on_Security | Schneier]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===&#039;&#039;Casus Belli&#039;&#039;===&lt;br /&gt;
The justification for going to war.  From the Latin &amp;quot;&#039;&#039;casus&#039;&#039;&amp;quot; meaning &amp;quot;incident&amp;quot; or &amp;quot;event&amp;quot; and &amp;quot;&#039;&#039;belli&#039;&#039;&amp;quot; meaning &amp;quot;of war.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Government_and_Cybersecurity | Bellovin]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Civilian Participation===&lt;br /&gt;
The involvement of non-military persons in warfare.  While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents.    This raises complicated questions of law when the combatants are not uniformed military personnel. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Combatant Status===&lt;br /&gt;
The legal status of combatants in warfare.  Existing law distinguishes between uniformed military and civilian status.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Computer Emergency Response Team===&lt;br /&gt;
A group of experts brought together to deal with computer security issues.  The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008).  CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Computer Network Attack===&lt;br /&gt;
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf  Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]] &lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Communications Privacy Law===&lt;br /&gt;
Laws which regulate access to electronic communications.  In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===COTS Software===&lt;br /&gt;
Commercial Off The Shelf Software.  Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Credit Card Fraud===&lt;br /&gt;
Theft of goods or services using false or stolen credit card information.&lt;br /&gt;
&lt;br /&gt;
See Also: [[#Shoulder_Surfing | Shoulder Surfing]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Insider_Threat_Study | U.S. Secret Service]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Crimeware===&lt;br /&gt;
Software tools designed to aid criminals in perpetrating online crime.  Refers only to programs not generally considered desirable or usable for ordinary tasks.  Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[2007_Malware_Report  |Computer Economics]]&lt;br /&gt;
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Crime===&lt;br /&gt;
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer.  Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
* [[Insider_Threat_Study | U.S. Secret Service]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Security as an Externality===&lt;br /&gt;
Economists define externalities as instances where an individual or firm’s actions have &lt;br /&gt;
economic consequences for others for which there is no compensation. One important &lt;br /&gt;
distinction is between positive and negative externalities. Instances of the latter are most &lt;br /&gt;
commonly discussed, such as the environmental pollution caused by a plant, which may &lt;br /&gt;
have impacts on the value of neighboring homes. Important examples of positive &lt;br /&gt;
externalities are so common in communications networks that there is a class of &amp;quot;network &lt;br /&gt;
externalities. For instance, the simple act of installing telephone service to one additional &lt;br /&gt;
customer creates positive externalities on everyone on the telephone network because &lt;br /&gt;
they can now each reach one additional person.&lt;br /&gt;
Several attributes of computer security suggest that it is an externality. Most importantly, &lt;br /&gt;
the lack of security on one machine can cause adverse effects on another. The most &lt;br /&gt;
obvious example of this is from electronic commerce, where credit card numbers stolen &lt;br /&gt;
from machines lacking security are used to commit fraud at other sites.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Security as a Public Good===&lt;br /&gt;
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Terrorism===&lt;br /&gt;
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&amp;amp;wit_id=2995 FBI]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]&lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Warfare===&lt;br /&gt;
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Global_Cyber_Deterrence | Lan]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]] &lt;br /&gt;
* [[Estonia_Three_Years_Later | Shackelford]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Data Mining===&lt;br /&gt;
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Department of Homeland Security===&lt;br /&gt;
Cabinet level department of the United States assigned, &#039;&#039;inter alia&#039;&#039;, the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===DDoS Attack===&lt;br /&gt;
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests.  Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously.  The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Digital Pearl Harbor===&lt;br /&gt;
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor.  The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Disclosure Policy===&lt;br /&gt;
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
* [[Insider_Threat_Study | U.S. Secret Service]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Distributed Denial of Service (DDoS)===&lt;br /&gt;
See: [[#DDoS_Attack | DDoS Attack]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Dumpster Diving===&lt;br /&gt;
A method of obtaining  proprietary, confidential or useful information by searching through trash discarded by a target.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Einstein===&lt;br /&gt;
The operational name of the National Cybersecurity Protection System (NCPS).  Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected &lt;br /&gt;
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===E.U. Cybersecurity===&lt;br /&gt;
Discussions relating to cybersecurity of the European Union and of European Union states.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Introduction_to_Country_Reports | ENISA]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Generativity===&lt;br /&gt;
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Geneva Conventions===&lt;br /&gt;
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Laws_of_War | Laws of War]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacker===&lt;br /&gt;
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacktivism===&lt;br /&gt;
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development.  [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacktivist===&lt;br /&gt;
A portmanteau of [[#Hacker | &amp;quot;hacker&amp;quot;]] and &amp;quot;activist.&amp;quot; Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Hacktivism | Hacktivism]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Honeypot===&lt;br /&gt;
A computer, network or other information technology resource set as a trap to attract attacks.  Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers.  A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Identity Fraud/Theft===&lt;br /&gt;
The exploitation by malevolent third parties of unwarranted access to clients&#039; or consumers&#039; identities.  Often the result of lax data security or privacy measures.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Information Asymmetries===&lt;br /&gt;
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.&lt;br /&gt;
&lt;br /&gt;
The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Intelligence Infrastructure/Information Infrastructure===&lt;br /&gt;
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nuclear_Security | Aloise]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Information Operations===&lt;br /&gt;
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.&lt;br /&gt;
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Interdependencies===&lt;br /&gt;
The inter-connections between supposedly independent but often interdependent systems.&lt;br /&gt;
&lt;br /&gt;
See also: [[#SCADA_Systems | SCADA Systems]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Cyber-Insurance_Revisited | Bohme]] &lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Cybersecurity_and_Economic_Incentives | OECD]]&lt;br /&gt;
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]] &lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===International Humanitarian Law===&lt;br /&gt;
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict.  International law is the body of rules governing relations between States.  It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles.  [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Internet Relay Chat (IRC)===&lt;br /&gt;
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information.  IRC chatrooms may be open or private.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Internet Service Providers===&lt;br /&gt;
A company that offers access to the Internet.  Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Market_Consequences_of_Cybersecurity | OECD]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Keylogger===&lt;br /&gt;
Software or hardware that monitors and logs the keystrokes a user types into a computer.  The keylogger may store the key sequences locally for later retrieval or send them to a remote location.  A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
=== Kinetic Attack===&lt;br /&gt;
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent&#039;s infrastructure.  Usually used to distinguish a cyber attack in which destruction of the opponent&#039;s resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Lawfare===&lt;br /&gt;
The use of international law to damage an opponent in a war without use of arms.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Laws of War===&lt;br /&gt;
The body of law that define the legality of using armed force to resolve a conflict (&#039;&#039;jus ad bellum&#039;&#039;) and the laws that define the legality of the actual hostilities and related activities (&#039;&#039;jus in bello&#039;&#039;).&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now | Gable]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Malware===&lt;br /&gt;
A variety of computer software designed to infiltrate a user&#039;s computer specifically for malicious purposes.  Includes, &#039;&#039;inter alia&#039;&#039;, computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===National Cybersecurity Strategy (U.S.)===&lt;br /&gt;
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch&#039;s [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative].  The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===National Security===&lt;br /&gt;
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nuclear_Security | Aloise]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]] &lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===New Normalcy===&lt;br /&gt;
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. [&amp;quot;Cyber Operations - The New Balance,&amp;quot; Stephen W. Korns]&lt;br /&gt;
&lt;br /&gt;
===Notice and Take-down===&lt;br /&gt;
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider&#039;s (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Organized Crime===&lt;br /&gt;
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole.  [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Outreach and Collaboration===&lt;br /&gt;
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Introduction_to_Country_Reports | ENISA]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]&lt;br /&gt;
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Password Weakness===&lt;br /&gt;
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Patching===&lt;br /&gt;
Patching refers to the installation of a piece of software designed to fix problems  with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability  or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Phishing===&lt;br /&gt;
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.&lt;br /&gt;
&lt;br /&gt;
References: &lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Privacy Law===&lt;br /&gt;
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional.  Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Red Team===&lt;br /&gt;
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Research &amp;amp; Development===&lt;br /&gt;
Research and development (R&amp;amp;D) addressing cyber security and information infrastructure protection.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]&lt;br /&gt;
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]&lt;br /&gt;
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Risk Modeling===&lt;br /&gt;
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Managing_Online_Security_Risks | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===SCADA Systems===&lt;br /&gt;
SCADA stands for &amp;quot;supervisory control and data acquisition&amp;quot; and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems.  The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Scareware===&lt;br /&gt;
Software or web site that purports to be security software reporting a threat against a user&#039;s computer to convince the user to purchase unneeded software or install malware.&lt;br /&gt;
&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Script Kiddie===&lt;br /&gt;
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Security Trade-Offs===&lt;br /&gt;
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Shoulder Surfing===&lt;br /&gt;
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Sneakernet===&lt;br /&gt;
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another.  Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Air-Gapped_Network | Air-Gapped Network]]&lt;br /&gt;
&lt;br /&gt;
===Social Engineering===&lt;br /&gt;
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Social Network===&lt;br /&gt;
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Software Vulnerability===&lt;br /&gt;
&lt;br /&gt;
A software vulnerablilty refers to the existence of a flaw -- or &amp;quot;bug&amp;quot; -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[The Price of Restricting Vulnerability Publications | Granick]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===SPAM===&lt;br /&gt;
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services.  Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages.  Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.&lt;br /&gt;
&lt;br /&gt;
References: &lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Sponsored Attacks===&lt;br /&gt;
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.&lt;br /&gt;
&lt;br /&gt;
Reverences:&lt;br /&gt;
* [[The_Government_and_Cybersecurity | Bellovin]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===State Affiliation===&lt;br /&gt;
Under the control or command of a recognized state or government.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Tragedy of Commons===&lt;br /&gt;
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone&#039;s long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Transparency===&lt;br /&gt;
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority.  [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Trojan===&lt;br /&gt;
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it.  Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
*[[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Virtual Military Technologies===&lt;br /&gt;
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Virtual Warfare===&lt;br /&gt;
&lt;br /&gt;
See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===White Hat===&lt;br /&gt;
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks.  White hat consultants are often hired to attempt to break into their client&#039;s network to see if all security holes have been addressed.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Black_Hat | Black Hat]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Whitelist===&lt;br /&gt;
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource.  Normally combined with a default &amp;quot;no-access&amp;quot; policy.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Blacklist | Blacklist]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Worm===&lt;br /&gt;
A type of malware that replicates itself and spreads to other computers through network connections.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Zero-Day Exploit===&lt;br /&gt;
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer.  &amp;quot;Zero-day&amp;quot; refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Keyword_Index_and_Glossary_of_Core_Ideas&amp;diff=5008</id>
		<title>Keyword Index and Glossary of Core Ideas</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Keyword_Index_and_Glossary_of_Core_Ideas&amp;diff=5008"/>
		<updated>2010-07-29T16:27:31Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Cyber Crime */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Keyword Index and Glossary of Core Ideas==&lt;br /&gt;
&lt;br /&gt;
===Air-Gapped Network===&lt;br /&gt;
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.  &lt;br /&gt;
&lt;br /&gt;
See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Antivirus===&lt;br /&gt;
Software which attempts to identify and delete or isolate [[#Malware |malware]].  Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware.  Usually run as a background service to scan files and email copied to the protected system.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Best Practices===&lt;br /&gt;
&lt;br /&gt;
The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization&#039;s performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]&lt;br /&gt;
&lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
&lt;br /&gt;
===Black Hat===&lt;br /&gt;
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).&lt;br /&gt;
&lt;br /&gt;
See also: [[#White_Hat | White Hat]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Blacklist===&lt;br /&gt;
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Whitelist | Whitelist]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Botnet===&lt;br /&gt;
A portmanteau of &amp;quot;robot&amp;quot; and &amp;quot;network.&amp;quot;  Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors.  A single infected computer may be referred to as a zombie computer.  The owners of the computer remotely controlled is often unaware of the infection.  The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]] &lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Estonia_Three_Years_Later | Shackelford]]&lt;br /&gt;
* [[Schneier_on_Security | Schneier]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===&#039;&#039;Casus Belli&#039;&#039;===&lt;br /&gt;
The justification for going to war.  From the Latin &amp;quot;&#039;&#039;casus&#039;&#039;&amp;quot; meaning &amp;quot;incident&amp;quot; or &amp;quot;event&amp;quot; and &amp;quot;&#039;&#039;belli&#039;&#039;&amp;quot; meaning &amp;quot;of war.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Government_and_Cybersecurity | Bellovin]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Civilian Participation===&lt;br /&gt;
The involvement of non-military persons in warfare.  While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents.    This raises complicated questions of law when the combatants are not uniformed military personnel. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Combatant Status===&lt;br /&gt;
The legal status of combatants in warfare.  Existing law distinguishes between uniformed military and civilian status.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Computer Emergency Response Team===&lt;br /&gt;
A group of experts brought together to deal with computer security issues.  The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008).  CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Computer Network Attack===&lt;br /&gt;
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf  Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]] &lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Communications Privacy Law===&lt;br /&gt;
Laws which regulate access to electronic communications.  In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===COTS Software===&lt;br /&gt;
Commercial Off The Shelf Software.  Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Credit Card Fraud===&lt;br /&gt;
Theft of goods or services using false or stolen credit card information.&lt;br /&gt;
&lt;br /&gt;
See Also: [[#Shoulder_Surfing | Shoulder Surfing]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Insider_Threat_Study | U.S. Secret Service]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Crimeware===&lt;br /&gt;
Software tools designed to aid criminals in perpetrating online crime.  Refers only to programs not generally considered desirable or usable for ordinary tasks.  Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[2007_Malware_Report  |Computer Economics]]&lt;br /&gt;
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Crime===&lt;br /&gt;
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer.  Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
* [[Insider_Threat_Study | U.S. Secret Service]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Security as an Externality===&lt;br /&gt;
Economists define externalities as instances where an individual or firm’s actions have &lt;br /&gt;
economic consequences for others for which there is no compensation. One important &lt;br /&gt;
distinction is between positive and negative externalities. Instances of the latter are most &lt;br /&gt;
commonly discussed, such as the environmental pollution caused by a plant, which may &lt;br /&gt;
have impacts on the value of neighboring homes. Important examples of positive &lt;br /&gt;
externalities are so common in communications networks that there is a class of &amp;quot;network &lt;br /&gt;
externalities. For instance, the simple act of installing telephone service to one additional &lt;br /&gt;
customer creates positive externalities on everyone on the telephone network because &lt;br /&gt;
they can now each reach one additional person.&lt;br /&gt;
Several attributes of computer security suggest that it is an externality. Most importantly, &lt;br /&gt;
the lack of security on one machine can cause adverse effects on another. The most &lt;br /&gt;
obvious example of this is from electronic commerce, where credit card numbers stolen &lt;br /&gt;
from machines lacking security are used to commit fraud at other sites.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Security as a Public Good===&lt;br /&gt;
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Terrorism===&lt;br /&gt;
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&amp;amp;wit_id=2995 FBI]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]&lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Warfare===&lt;br /&gt;
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Global_Cyber_Deterrence | Lan]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]] &lt;br /&gt;
* [[Estonia_Three_Years_Later | Shackelford]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Data Mining===&lt;br /&gt;
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Department of Homeland Security===&lt;br /&gt;
Cabinet level department of the United States assigned, &#039;&#039;inter alia&#039;&#039;, the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===DDoS Attack===&lt;br /&gt;
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests.  Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously.  The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Digital Pearl Harbor===&lt;br /&gt;
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor.  The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Disclosure Policy===&lt;br /&gt;
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Distributed Denial of Service (DDoS)===&lt;br /&gt;
See: [[#DDoS_Attack | DDoS Attack]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Dumpster Diving===&lt;br /&gt;
A method of obtaining  proprietary, confidential or useful information by searching through trash discarded by a target.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Einstein===&lt;br /&gt;
The operational name of the National Cybersecurity Protection System (NCPS).  Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected &lt;br /&gt;
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===E.U. Cybersecurity===&lt;br /&gt;
Discussions relating to cybersecurity of the European Union and of European Union states.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Introduction_to_Country_Reports | ENISA]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Generativity===&lt;br /&gt;
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Geneva Conventions===&lt;br /&gt;
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Laws_of_War | Laws of War]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacker===&lt;br /&gt;
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacktivism===&lt;br /&gt;
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development.  [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacktivist===&lt;br /&gt;
A portmanteau of [[#Hacker | &amp;quot;hacker&amp;quot;]] and &amp;quot;activist.&amp;quot; Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Hacktivism | Hacktivism]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Honeypot===&lt;br /&gt;
A computer, network or other information technology resource set as a trap to attract attacks.  Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers.  A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Identity Fraud/Theft===&lt;br /&gt;
The exploitation by malevolent third parties of unwarranted access to clients&#039; or consumers&#039; identities.  Often the result of lax data security or privacy measures.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Information Asymmetries===&lt;br /&gt;
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.&lt;br /&gt;
&lt;br /&gt;
The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Intelligence Infrastructure/Information Infrastructure===&lt;br /&gt;
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nuclear_Security | Aloise]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Information Operations===&lt;br /&gt;
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.&lt;br /&gt;
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Interdependencies===&lt;br /&gt;
The inter-connections between supposedly independent but often interdependent systems.&lt;br /&gt;
&lt;br /&gt;
See also: [[#SCADA_Systems | SCADA Systems]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Cyber-Insurance_Revisited | Bohme]] &lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Cybersecurity_and_Economic_Incentives | OECD]]&lt;br /&gt;
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]] &lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===International Humanitarian Law===&lt;br /&gt;
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict.  International law is the body of rules governing relations between States.  It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles.  [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Internet Relay Chat (IRC)===&lt;br /&gt;
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information.  IRC chatrooms may be open or private.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Internet Service Providers===&lt;br /&gt;
A company that offers access to the Internet.  Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Market_Consequences_of_Cybersecurity | OECD]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Keylogger===&lt;br /&gt;
Software or hardware that monitors and logs the keystrokes a user types into a computer.  The keylogger may store the key sequences locally for later retrieval or send them to a remote location.  A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
=== Kinetic Attack===&lt;br /&gt;
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent&#039;s infrastructure.  Usually used to distinguish a cyber attack in which destruction of the opponent&#039;s resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Lawfare===&lt;br /&gt;
The use of international law to damage an opponent in a war without use of arms.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Laws of War===&lt;br /&gt;
The body of law that define the legality of using armed force to resolve a conflict (&#039;&#039;jus ad bellum&#039;&#039;) and the laws that define the legality of the actual hostilities and related activities (&#039;&#039;jus in bello&#039;&#039;).&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now | Gable]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Malware===&lt;br /&gt;
A variety of computer software designed to infiltrate a user&#039;s computer specifically for malicious purposes.  Includes, &#039;&#039;inter alia&#039;&#039;, computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===National Cybersecurity Strategy (U.S.)===&lt;br /&gt;
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch&#039;s [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative].  The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===National Security===&lt;br /&gt;
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nuclear_Security | Aloise]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]] &lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===New Normalcy===&lt;br /&gt;
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. [&amp;quot;Cyber Operations - The New Balance,&amp;quot; Stephen W. Korns]&lt;br /&gt;
&lt;br /&gt;
===Notice and Take-down===&lt;br /&gt;
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider&#039;s (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Organized Crime===&lt;br /&gt;
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole.  [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Outreach and Collaboration===&lt;br /&gt;
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Introduction_to_Country_Reports | ENISA]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]&lt;br /&gt;
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Password Weakness===&lt;br /&gt;
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Patching===&lt;br /&gt;
Patching refers to the installation of a piece of software designed to fix problems  with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability  or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Phishing===&lt;br /&gt;
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.&lt;br /&gt;
&lt;br /&gt;
References: &lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Privacy Law===&lt;br /&gt;
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional.  Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Red Team===&lt;br /&gt;
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Research &amp;amp; Development===&lt;br /&gt;
Research and development (R&amp;amp;D) addressing cyber security and information infrastructure protection.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]&lt;br /&gt;
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]&lt;br /&gt;
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Risk Modeling===&lt;br /&gt;
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Managing_Online_Security_Risks | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===SCADA Systems===&lt;br /&gt;
SCADA stands for &amp;quot;supervisory control and data acquisition&amp;quot; and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems.  The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Scareware===&lt;br /&gt;
Software or web site that purports to be security software reporting a threat against a user&#039;s computer to convince the user to purchase unneeded software or install malware.&lt;br /&gt;
&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Script Kiddie===&lt;br /&gt;
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Security Trade-Offs===&lt;br /&gt;
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Shoulder Surfing===&lt;br /&gt;
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Sneakernet===&lt;br /&gt;
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another.  Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Air-Gapped_Network | Air-Gapped Network]]&lt;br /&gt;
&lt;br /&gt;
===Social Engineering===&lt;br /&gt;
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Social Network===&lt;br /&gt;
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Software Vulnerability===&lt;br /&gt;
&lt;br /&gt;
A software vulnerablilty refers to the existence of a flaw -- or &amp;quot;bug&amp;quot; -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[The Price of Restricting Vulnerability Publications | Granick]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===SPAM===&lt;br /&gt;
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services.  Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages.  Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.&lt;br /&gt;
&lt;br /&gt;
References: &lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Sponsored Attacks===&lt;br /&gt;
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.&lt;br /&gt;
&lt;br /&gt;
Reverences:&lt;br /&gt;
* [[The_Government_and_Cybersecurity | Bellovin]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===State Affiliation===&lt;br /&gt;
Under the control or command of a recognized state or government.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Tragedy of Commons===&lt;br /&gt;
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone&#039;s long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Transparency===&lt;br /&gt;
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority.  [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Trojan===&lt;br /&gt;
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it.  Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
*[[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Virtual Military Technologies===&lt;br /&gt;
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Virtual Warfare===&lt;br /&gt;
&lt;br /&gt;
See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===White Hat===&lt;br /&gt;
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks.  White hat consultants are often hired to attempt to break into their client&#039;s network to see if all security holes have been addressed.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Black_Hat | Black Hat]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Whitelist===&lt;br /&gt;
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource.  Normally combined with a default &amp;quot;no-access&amp;quot; policy.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Blacklist | Blacklist]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Worm===&lt;br /&gt;
A type of malware that replicates itself and spreads to other computers through network connections.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Zero-Day Exploit===&lt;br /&gt;
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer.  &amp;quot;Zero-day&amp;quot; refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Keyword_Index_and_Glossary_of_Core_Ideas&amp;diff=5007</id>
		<title>Keyword Index and Glossary of Core Ideas</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Keyword_Index_and_Glossary_of_Core_Ideas&amp;diff=5007"/>
		<updated>2010-07-29T16:27:11Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Credit Card Fraud */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Keyword Index and Glossary of Core Ideas==&lt;br /&gt;
&lt;br /&gt;
===Air-Gapped Network===&lt;br /&gt;
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.  &lt;br /&gt;
&lt;br /&gt;
See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Antivirus===&lt;br /&gt;
Software which attempts to identify and delete or isolate [[#Malware |malware]].  Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware.  Usually run as a background service to scan files and email copied to the protected system.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Best Practices===&lt;br /&gt;
&lt;br /&gt;
The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization&#039;s performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]&lt;br /&gt;
&lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
&lt;br /&gt;
===Black Hat===&lt;br /&gt;
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).&lt;br /&gt;
&lt;br /&gt;
See also: [[#White_Hat | White Hat]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Blacklist===&lt;br /&gt;
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Whitelist | Whitelist]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Botnet===&lt;br /&gt;
A portmanteau of &amp;quot;robot&amp;quot; and &amp;quot;network.&amp;quot;  Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors.  A single infected computer may be referred to as a zombie computer.  The owners of the computer remotely controlled is often unaware of the infection.  The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]] &lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Estonia_Three_Years_Later | Shackelford]]&lt;br /&gt;
* [[Schneier_on_Security | Schneier]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===&#039;&#039;Casus Belli&#039;&#039;===&lt;br /&gt;
The justification for going to war.  From the Latin &amp;quot;&#039;&#039;casus&#039;&#039;&amp;quot; meaning &amp;quot;incident&amp;quot; or &amp;quot;event&amp;quot; and &amp;quot;&#039;&#039;belli&#039;&#039;&amp;quot; meaning &amp;quot;of war.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Government_and_Cybersecurity | Bellovin]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Civilian Participation===&lt;br /&gt;
The involvement of non-military persons in warfare.  While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents.    This raises complicated questions of law when the combatants are not uniformed military personnel. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Combatant Status===&lt;br /&gt;
The legal status of combatants in warfare.  Existing law distinguishes between uniformed military and civilian status.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Computer Emergency Response Team===&lt;br /&gt;
A group of experts brought together to deal with computer security issues.  The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008).  CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Computer Network Attack===&lt;br /&gt;
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf  Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Computers_and_War | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]] &lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Communications Privacy Law===&lt;br /&gt;
Laws which regulate access to electronic communications.  In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===COTS Software===&lt;br /&gt;
Commercial Off The Shelf Software.  Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Credit Card Fraud===&lt;br /&gt;
Theft of goods or services using false or stolen credit card information.&lt;br /&gt;
&lt;br /&gt;
See Also: [[#Shoulder_Surfing | Shoulder Surfing]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Insider_Threat_Study | U.S. Secret Service]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Crimeware===&lt;br /&gt;
Software tools designed to aid criminals in perpetrating online crime.  Refers only to programs not generally considered desirable or usable for ordinary tasks.  Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[2007_Malware_Report  |Computer Economics]]&lt;br /&gt;
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Crime===&lt;br /&gt;
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer.  Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Security as an Externality===&lt;br /&gt;
Economists define externalities as instances where an individual or firm’s actions have &lt;br /&gt;
economic consequences for others for which there is no compensation. One important &lt;br /&gt;
distinction is between positive and negative externalities. Instances of the latter are most &lt;br /&gt;
commonly discussed, such as the environmental pollution caused by a plant, which may &lt;br /&gt;
have impacts on the value of neighboring homes. Important examples of positive &lt;br /&gt;
externalities are so common in communications networks that there is a class of &amp;quot;network &lt;br /&gt;
externalities. For instance, the simple act of installing telephone service to one additional &lt;br /&gt;
customer creates positive externalities on everyone on the telephone network because &lt;br /&gt;
they can now each reach one additional person.&lt;br /&gt;
Several attributes of computer security suggest that it is an externality. Most importantly, &lt;br /&gt;
the lack of security on one machine can cause adverse effects on another. The most &lt;br /&gt;
obvious example of this is from electronic commerce, where credit card numbers stolen &lt;br /&gt;
from machines lacking security are used to commit fraud at other sites.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Security as a Public Good===&lt;br /&gt;
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Terrorism===&lt;br /&gt;
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&amp;amp;wit_id=2995 FBI]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]&lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Warfare===&lt;br /&gt;
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Global_Cyber_Deterrence | Lan]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]] &lt;br /&gt;
* [[Estonia_Three_Years_Later | Shackelford]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Data Mining===&lt;br /&gt;
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Department of Homeland Security===&lt;br /&gt;
Cabinet level department of the United States assigned, &#039;&#039;inter alia&#039;&#039;, the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===DDoS Attack===&lt;br /&gt;
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests.  Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously.  The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Digital Pearl Harbor===&lt;br /&gt;
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor.  The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Disclosure Policy===&lt;br /&gt;
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Distributed Denial of Service (DDoS)===&lt;br /&gt;
See: [[#DDoS_Attack | DDoS Attack]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Dumpster Diving===&lt;br /&gt;
A method of obtaining  proprietary, confidential or useful information by searching through trash discarded by a target.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Einstein===&lt;br /&gt;
The operational name of the National Cybersecurity Protection System (NCPS).  Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected &lt;br /&gt;
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===E.U. Cybersecurity===&lt;br /&gt;
Discussions relating to cybersecurity of the European Union and of European Union states.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Introduction_to_Country_Reports | ENISA]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Generativity===&lt;br /&gt;
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Geneva Conventions===&lt;br /&gt;
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Laws_of_War | Laws of War]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacker===&lt;br /&gt;
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacktivism===&lt;br /&gt;
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development.  [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacktivist===&lt;br /&gt;
A portmanteau of [[#Hacker | &amp;quot;hacker&amp;quot;]] and &amp;quot;activist.&amp;quot; Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Hacktivism | Hacktivism]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Honeypot===&lt;br /&gt;
A computer, network or other information technology resource set as a trap to attract attacks.  Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers.  A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Identity Fraud/Theft===&lt;br /&gt;
The exploitation by malevolent third parties of unwarranted access to clients&#039; or consumers&#039; identities.  Often the result of lax data security or privacy measures.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Information Asymmetries===&lt;br /&gt;
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.&lt;br /&gt;
&lt;br /&gt;
The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Intelligence Infrastructure/Information Infrastructure===&lt;br /&gt;
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nuclear_Security | Aloise]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Information Operations===&lt;br /&gt;
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.&lt;br /&gt;
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Interdependencies===&lt;br /&gt;
The inter-connections between supposedly independent but often interdependent systems.&lt;br /&gt;
&lt;br /&gt;
See also: [[#SCADA_Systems | SCADA Systems]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Cyber-Insurance_Revisited | Bohme]] &lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Cybersecurity_and_Economic_Incentives | OECD]]&lt;br /&gt;
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | Schmitt]] &lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===International Humanitarian Law===&lt;br /&gt;
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict.  International law is the body of rules governing relations between States.  It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles.  [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Internet Relay Chat (IRC)===&lt;br /&gt;
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information.  IRC chatrooms may be open or private.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Internet Service Providers===&lt;br /&gt;
A company that offers access to the Internet.  Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Market_Consequences_of_Cybersecurity | OECD]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Keylogger===&lt;br /&gt;
Software or hardware that monitors and logs the keystrokes a user types into a computer.  The keylogger may store the key sequences locally for later retrieval or send them to a remote location.  A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
=== Kinetic Attack===&lt;br /&gt;
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent&#039;s infrastructure.  Usually used to distinguish a cyber attack in which destruction of the opponent&#039;s resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Lawfare===&lt;br /&gt;
The use of international law to damage an opponent in a war without use of arms.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Laws of War===&lt;br /&gt;
The body of law that define the legality of using armed force to resolve a conflict (&#039;&#039;jus ad bellum&#039;&#039;) and the laws that define the legality of the actual hostilities and related activities (&#039;&#039;jus in bello&#039;&#039;).&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now | Gable]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | [2]]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [3]]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Malware===&lt;br /&gt;
A variety of computer software designed to infiltrate a user&#039;s computer specifically for malicious purposes.  Includes, &#039;&#039;inter alia&#039;&#039;, computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===National Cybersecurity Strategy (U.S.)===&lt;br /&gt;
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch&#039;s [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative].  The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===National Security===&lt;br /&gt;
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nuclear_Security | Aloise]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computer_Network_Attack_and_the_Use_of_Force_in_International_Law | [2]]] &lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===New Normalcy===&lt;br /&gt;
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. [&amp;quot;Cyber Operations - The New Balance,&amp;quot; Stephen W. Korns]&lt;br /&gt;
&lt;br /&gt;
===Notice and Take-down===&lt;br /&gt;
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider&#039;s (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Organized Crime===&lt;br /&gt;
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole.  [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Outreach and Collaboration===&lt;br /&gt;
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Introduction_to_Country_Reports | ENISA]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]&lt;br /&gt;
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Password Weakness===&lt;br /&gt;
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Patching===&lt;br /&gt;
Patching refers to the installation of a piece of software designed to fix problems  with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability  or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Phishing===&lt;br /&gt;
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.&lt;br /&gt;
&lt;br /&gt;
References: &lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Privacy Law===&lt;br /&gt;
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional.  Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Red Team===&lt;br /&gt;
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Research &amp;amp; Development===&lt;br /&gt;
Research and development (R&amp;amp;D) addressing cyber security and information infrastructure protection.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]&lt;br /&gt;
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]&lt;br /&gt;
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Risk Modeling===&lt;br /&gt;
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Managing_Online_Security_Risks | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===SCADA Systems===&lt;br /&gt;
SCADA stands for &amp;quot;supervisory control and data acquisition&amp;quot; and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems.  The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Scareware===&lt;br /&gt;
Software or web site that purports to be security software reporting a threat against a user&#039;s computer to convince the user to purchase unneeded software or install malware.&lt;br /&gt;
&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Script Kiddie===&lt;br /&gt;
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Security Trade-Offs===&lt;br /&gt;
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Shoulder Surfing===&lt;br /&gt;
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Sneakernet===&lt;br /&gt;
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another.  Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Air-Gapped_Network | Air-Gapped Network]]&lt;br /&gt;
&lt;br /&gt;
===Social Engineering===&lt;br /&gt;
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Social Network===&lt;br /&gt;
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Software Vulnerability===&lt;br /&gt;
&lt;br /&gt;
A software vulnerablilty refers to the existence of a flaw -- or &amp;quot;bug&amp;quot; -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[The Price of Restricting Vulnerability Publications | Granick]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===SPAM===&lt;br /&gt;
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services.  Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages.  Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.&lt;br /&gt;
&lt;br /&gt;
References: &lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Sponsored Attacks===&lt;br /&gt;
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.&lt;br /&gt;
&lt;br /&gt;
Reverences:&lt;br /&gt;
* [[The_Government_and_Cybersecurity | Bellovin]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===State Affiliation===&lt;br /&gt;
Under the control or command of a recognized state or government.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Tragedy of Commons===&lt;br /&gt;
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone&#039;s long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Transparency===&lt;br /&gt;
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority.  [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Trojan===&lt;br /&gt;
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it.  Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
*[[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Virtual Military Technologies===&lt;br /&gt;
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Virtual Warfare===&lt;br /&gt;
&lt;br /&gt;
See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===White Hat===&lt;br /&gt;
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks.  White hat consultants are often hired to attempt to break into their client&#039;s network to see if all security holes have been addressed.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Black_Hat | Black Hat]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Whitelist===&lt;br /&gt;
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource.  Normally combined with a default &amp;quot;no-access&amp;quot; policy.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Blacklist | Blacklist]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Worm===&lt;br /&gt;
A type of malware that replicates itself and spreads to other computers through network connections.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Models_and_Measures_for_Correlation_in_Cyber-Insurance | Bohme and Kataria]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Zero-Day Exploit===&lt;br /&gt;
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer.  &amp;quot;Zero-day&amp;quot; refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Usability/Human_Factors&amp;diff=5006</id>
		<title>Usability/Human Factors</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Usability/Human_Factors&amp;diff=5006"/>
		<updated>2010-07-29T16:26:40Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Issues | Issues-&amp;gt;]][[Usability/Human Factors]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Computing Research Association (2003) [[Four Grand Challenges in Trustworthy Computing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2007) [[Examining the Impact of Website Take-down on Phishing]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2008) [[Schneier on Security]]&lt;br /&gt;
&lt;br /&gt;
United States Secret Service (2004) [[Insider Threat Study]]&lt;br /&gt;
&lt;br /&gt;
Zittrain, Jonathan L. (2008) [[The Future of the Internet and How To Stop It]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents| Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Incentives&amp;diff=5005</id>
		<title>Incentives</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Incentives&amp;diff=5005"/>
		<updated>2010-07-29T16:26:23Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Issues | Issues-&amp;gt;]][[Economics of Cybersecurity | Economics of Cybersecurity-&amp;gt;]][[Incentives]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross (2001) [[Why Information Security is Hard]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross and Moore, Tyler (2006)  [[The Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer (2005) [[Cyber-Insurance Revisited]]&lt;br /&gt;
&lt;br /&gt;
Camp, L. Jean and Wolfram, Catherine  (2004) [[Pricing Security]]&lt;br /&gt;
&lt;br /&gt;
Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]&lt;br /&gt;
&lt;br /&gt;
Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2009)  [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin  (2005)  [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
Romanosky et al. (2008) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]&lt;br /&gt;
&lt;br /&gt;
Schwartz, Paul and Janger, Edward (2007) [[Notification of Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2004) [[A Model for When Disclosure Helps Security]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2006) [[A Theory of Disclosure for Security and Competitive Reasons]]&lt;br /&gt;
&lt;br /&gt;
Telang, Rahul and Wattal, Sunil (2007) [[Impact of Software Vulnerability Announcements on the Market Value of Software Vendors]]&lt;br /&gt;
&lt;br /&gt;
United States Secret Service (2004) [[Insider Threat Study]]&lt;br /&gt;
&lt;br /&gt;
van Eeten, Michel J. G.  and  Bauer, Johannes M. (2008) [[Economics of Malware]]&lt;br /&gt;
&lt;br /&gt;
Varian, Hal (2000) [[Managing Online Security Risks]]&lt;br /&gt;
&lt;br /&gt;
Varian, Hal (2004) [[System Reliability and Free Riding]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents| Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Financial_Institutions_and_Networks&amp;diff=5004</id>
		<title>Financial Institutions and Networks</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Financial_Institutions_and_Networks&amp;diff=5004"/>
		<updated>2010-07-29T16:26:02Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets | Security Targets-&amp;gt;]][[Private Critical Infrastructure | Private Critical Infrastructure-&amp;gt;]][[Financial Institutions and Networks]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
McAfee, Inc. (2010) [[McAfee Threats Report]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin  (2005)  [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
Symantec Corporation (2010) [[Symantec Global Internet Security Threat Report]]&lt;br /&gt;
&lt;br /&gt;
Thomas, Rob and Martin, Jerry (2006) [[The Underground Economy]]&lt;br /&gt;
&lt;br /&gt;
United States Secret Service (2004) [[Insider Threat Study]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=US_Government_Reports_and_Documents&amp;diff=5003</id>
		<title>US Government Reports and Documents</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=US_Government_Reports_and_Documents&amp;diff=5003"/>
		<updated>2010-07-29T16:25:45Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Resource by Type | Resource by Type-&amp;gt;]][[Government Reports and Documents | Government Reports and Documents-&amp;gt;]][[US Government Reports and Documents]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Department of Commerce (2010) [[Defense Industrial Base Assessment]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2005) [[Strategy for Homeland Defense and Civil Support]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2009) [[A Roadmap for Cybersecurity Research]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
National Infrastructure Advisory Council &#039;&#039;(2004)&#039;&#039; [[Hardening The Internet]]&lt;br /&gt;
&lt;br /&gt;
National Institute of Standards and Technology &#039;&#039;(2006)&#039;&#039; [[SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security]]&lt;br /&gt;
&lt;br /&gt;
National Science and Technology Council &#039;&#039;(2006)&#039;&#039; [[Federal Plan for Cyber Security and Information Assurance Research and Development]]&lt;br /&gt;
&lt;br /&gt;
Networking and Information Technology Research and Development &#039;&#039;(2009)&#039;&#039; [[National Cyber Leap Year Summit 2009, Co-Chairs&#039; Report]]&lt;br /&gt;
&lt;br /&gt;
President&#039;s Commission on Critical Infrastructure Protection &#039;&#039;(1997)&#039;&#039; [[Critical Foundations]]&lt;br /&gt;
&lt;br /&gt;
President&#039;s Information Technology Advisory Council &#039;&#039;(2005)&#039;&#039; [[Cyber Security: A Crisis of Prioritization]]&lt;br /&gt;
&lt;br /&gt;
United States Secret Service (2004) [[Insider Threat Study]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2003)&#039;&#039; [[The National Strategy to Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2009)&#039;&#039; [[Cyberspace Policy Review]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2010)&#039;&#039; [[The Comprehensive National Cybersecurity Initiative]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Insider_Threat_Study&amp;diff=5002</id>
		<title>Insider Threat Study</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Insider_Threat_Study&amp;diff=5002"/>
		<updated>2010-07-29T16:25:05Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Key Words */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
United States Secret Service, Computer Emergency Response Team (2004): Insider Threat Study. Illicit Cyber Activity in the Banking and Finance Sector. U.S. Government. Online Paper. [http://www.cyber.st.dhs.gov/docs/its_report_040820.pdf  &#039;&#039;Web&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=USSS:2004&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
* Threats and Actors: [[Financial Institutions and Networks]]&lt;br /&gt;
* Issues: [[Incentives]]; [[Usability/Human Factors]]&lt;br /&gt;
&lt;br /&gt;
==Key Words==&lt;br /&gt;
&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Credit_Card_Fraud | Credit Card Fraud]],&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Crime | Cybercrime]],&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Disclosure_Policy | Disclosure Policy]],&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Software_Vulnerability | Software Vulnerability]]&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
&lt;br /&gt;
In the past, most incidents of fraud against the banking or financial services industry were committed by insiders. It is difficult to estimate how often and to what degree companies face attacks from within; insider attacks are probably under-reported, out of fear for the negative publicity or increased liability that may arise as a consequence.&lt;br /&gt;
&lt;br /&gt;
The Insider Threat Study examines a series of unique insider incidents from a behavioral and technical perspective.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Scope and Procedure of the Insider Threat Study&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The report examines 23 incidents carried out by 26 insiders in the banking and &lt;br /&gt;
finance sector between 1996 and 2002. Organizations affected by insider activity &lt;br /&gt;
in this sector include credit unions, banks, investment firms, credit bureaus, and &lt;br /&gt;
other companies whose activities fall within this sector.  Of the 23 incidents, 15 &lt;br /&gt;
involved fraud, four involved theft of intellectual property, and four involved &lt;br /&gt;
sabotage to the information system/network.&lt;br /&gt;
&lt;br /&gt;
The study consists of an aggregated case-study analysis that provides an in-depth look at insider incidents that have occurred in critical infrastructure sectors between 1996 and 2002, a review of the prevalence of insider activity across critical infrastructure &lt;br /&gt;
sectors over a 10-year time frame, and a survey of recent insider activity experienced by a sample of public- and private-sector organizations.&lt;br /&gt;
&lt;br /&gt;
Cases were identified through public reporting or as a computer fraud case &lt;br /&gt;
investigated by the Secret Service.&lt;br /&gt;
&lt;br /&gt;
The ITS adapted methods used in previous research performed by the Secret &lt;br /&gt;
Service and CERT/CC to conduct in-depth examinations of network, system, and &lt;br /&gt;
data compromises and other insider activity. Researchers focused primarily on &lt;br /&gt;
tracing insider incidents from the initial harm backward in time to when the idea &lt;br /&gt;
of committing the incident first occurred to the insider. In tracing the incidents &lt;br /&gt;
backward, researchers tried to identify the behaviors and communications in &lt;br /&gt;
which the insiders engaged – both online and offline – prior to and including the &lt;br /&gt;
insiders’ harmful activities. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Insider Fraud Requires Little Technical Sophistication&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Most of the incidents examined in the banking and finance sector were not &lt;br /&gt;
technically sophisticated or complex. That is, they typically involved exploitation &lt;br /&gt;
of non-technical vulnerabilities such as business rules or organization policies &lt;br /&gt;
(rather than vulnerabilities in an information system or network) and were carried &lt;br /&gt;
out by individuals who had little or no technical expertise.&lt;br /&gt;
&lt;br /&gt;
This suggests it is important for organizations to secure their networks from the full range of users, from persons responsible for data entry to management to system administrators. Proactive practices, such as mandatory password protection and change &lt;br /&gt;
policies, and use of password-protected screen savers, can minimize the &lt;br /&gt;
possibility of insiders using another employee’s computer and/or account to carry &lt;br /&gt;
out the attack. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Perpetrators Planned Their Actions&#039;&#039;&#039;&lt;br /&gt;
Most of the incidents were thought out and planned in advance. In most cases, &lt;br /&gt;
others had knowledge of the insider’s intentions, plans, and/or activities. Those &lt;br /&gt;
who knew were often directly involved in the planning or stood to benefit from the &lt;br /&gt;
activity. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Financial Gain Motivated Most Perpetrators&#039;&#039;&#039;&lt;br /&gt;
Most insiders were motivated by financial gain (81%), rather than a desire to harm the &lt;br /&gt;
company or information system. Other motives included revenge, dissatisfaction &lt;br /&gt;
with company management, culture or polices, and a desire for respect.&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Insider_Threat_Study&amp;diff=5001</id>
		<title>Insider Threat Study</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Insider_Threat_Study&amp;diff=5001"/>
		<updated>2010-07-29T16:21:52Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Categorization */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
United States Secret Service, Computer Emergency Response Team (2004): Insider Threat Study. Illicit Cyber Activity in the Banking and Finance Sector. U.S. Government. Online Paper. [http://www.cyber.st.dhs.gov/docs/its_report_040820.pdf  &#039;&#039;Web&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=USSS:2004&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
* Threats and Actors: [[Financial Institutions and Networks]]&lt;br /&gt;
* Issues: [[Incentives]]; [[Usability/Human Factors]]&lt;br /&gt;
&lt;br /&gt;
==Key Words== &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
&lt;br /&gt;
In the past, most incidents of fraud against the banking or financial services industry were committed by insiders. It is difficult to estimate how often and to what degree companies face attacks from within; insider attacks are probably under-reported, out of fear for the negative publicity or increased liability that may arise as a consequence.&lt;br /&gt;
&lt;br /&gt;
The Insider Threat Study examines a series of unique insider incidents from a behavioral and technical perspective.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Scope and Procedure of the Insider Threat Study&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The report examines 23 incidents carried out by 26 insiders in the banking and &lt;br /&gt;
finance sector between 1996 and 2002. Organizations affected by insider activity &lt;br /&gt;
in this sector include credit unions, banks, investment firms, credit bureaus, and &lt;br /&gt;
other companies whose activities fall within this sector.  Of the 23 incidents, 15 &lt;br /&gt;
involved fraud, four involved theft of intellectual property, and four involved &lt;br /&gt;
sabotage to the information system/network.&lt;br /&gt;
&lt;br /&gt;
The study consists of an aggregated case-study analysis that provides an in-depth look at insider incidents that have occurred in critical infrastructure sectors between 1996 and 2002, a review of the prevalence of insider activity across critical infrastructure &lt;br /&gt;
sectors over a 10-year time frame, and a survey of recent insider activity experienced by a sample of public- and private-sector organizations.&lt;br /&gt;
&lt;br /&gt;
Cases were identified through public reporting or as a computer fraud case &lt;br /&gt;
investigated by the Secret Service.&lt;br /&gt;
&lt;br /&gt;
The ITS adapted methods used in previous research performed by the Secret &lt;br /&gt;
Service and CERT/CC to conduct in-depth examinations of network, system, and &lt;br /&gt;
data compromises and other insider activity. Researchers focused primarily on &lt;br /&gt;
tracing insider incidents from the initial harm backward in time to when the idea &lt;br /&gt;
of committing the incident first occurred to the insider. In tracing the incidents &lt;br /&gt;
backward, researchers tried to identify the behaviors and communications in &lt;br /&gt;
which the insiders engaged – both online and offline – prior to and including the &lt;br /&gt;
insiders’ harmful activities. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Insider Fraud Requires Little Technical Sophistication&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Most of the incidents examined in the banking and finance sector were not &lt;br /&gt;
technically sophisticated or complex. That is, they typically involved exploitation &lt;br /&gt;
of non-technical vulnerabilities such as business rules or organization policies &lt;br /&gt;
(rather than vulnerabilities in an information system or network) and were carried &lt;br /&gt;
out by individuals who had little or no technical expertise.&lt;br /&gt;
&lt;br /&gt;
This suggests it is important for organizations to secure their networks from the full range of users, from persons responsible for data entry to management to system administrators. Proactive practices, such as mandatory password protection and change &lt;br /&gt;
policies, and use of password-protected screen savers, can minimize the &lt;br /&gt;
possibility of insiders using another employee’s computer and/or account to carry &lt;br /&gt;
out the attack. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Perpetrators Planned Their Actions&#039;&#039;&#039;&lt;br /&gt;
Most of the incidents were thought out and planned in advance. In most cases, &lt;br /&gt;
others had knowledge of the insider’s intentions, plans, and/or activities. Those &lt;br /&gt;
who knew were often directly involved in the planning or stood to benefit from the &lt;br /&gt;
activity. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Financial Gain Motivated Most Perpetrators&#039;&#039;&#039;&lt;br /&gt;
Most insiders were motivated by financial gain (81%), rather than a desire to harm the &lt;br /&gt;
company or information system. Other motives included revenge, dissatisfaction &lt;br /&gt;
with company management, culture or polices, and a desire for respect.&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Insider_Threat_Study&amp;diff=5000</id>
		<title>Insider Threat Study</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Insider_Threat_Study&amp;diff=5000"/>
		<updated>2010-07-29T16:21:34Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Categorization */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
United States Secret Service, Computer Emergency Response Team (2004): Insider Threat Study. Illicit Cyber Activity in the Banking and Finance Sector. U.S. Government. Online Paper. [http://www.cyber.st.dhs.gov/docs/its_report_040820.pdf  &#039;&#039;Web&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=USSS:2004&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
* Threats and Actors: [[Financial Institutions and networks]]&lt;br /&gt;
* Issues: [[Incentives]]; [[Usability/Human Factors]]&lt;br /&gt;
&lt;br /&gt;
==Key Words== &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
&lt;br /&gt;
In the past, most incidents of fraud against the banking or financial services industry were committed by insiders. It is difficult to estimate how often and to what degree companies face attacks from within; insider attacks are probably under-reported, out of fear for the negative publicity or increased liability that may arise as a consequence.&lt;br /&gt;
&lt;br /&gt;
The Insider Threat Study examines a series of unique insider incidents from a behavioral and technical perspective.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Scope and Procedure of the Insider Threat Study&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The report examines 23 incidents carried out by 26 insiders in the banking and &lt;br /&gt;
finance sector between 1996 and 2002. Organizations affected by insider activity &lt;br /&gt;
in this sector include credit unions, banks, investment firms, credit bureaus, and &lt;br /&gt;
other companies whose activities fall within this sector.  Of the 23 incidents, 15 &lt;br /&gt;
involved fraud, four involved theft of intellectual property, and four involved &lt;br /&gt;
sabotage to the information system/network.&lt;br /&gt;
&lt;br /&gt;
The study consists of an aggregated case-study analysis that provides an in-depth look at insider incidents that have occurred in critical infrastructure sectors between 1996 and 2002, a review of the prevalence of insider activity across critical infrastructure &lt;br /&gt;
sectors over a 10-year time frame, and a survey of recent insider activity experienced by a sample of public- and private-sector organizations.&lt;br /&gt;
&lt;br /&gt;
Cases were identified through public reporting or as a computer fraud case &lt;br /&gt;
investigated by the Secret Service.&lt;br /&gt;
&lt;br /&gt;
The ITS adapted methods used in previous research performed by the Secret &lt;br /&gt;
Service and CERT/CC to conduct in-depth examinations of network, system, and &lt;br /&gt;
data compromises and other insider activity. Researchers focused primarily on &lt;br /&gt;
tracing insider incidents from the initial harm backward in time to when the idea &lt;br /&gt;
of committing the incident first occurred to the insider. In tracing the incidents &lt;br /&gt;
backward, researchers tried to identify the behaviors and communications in &lt;br /&gt;
which the insiders engaged – both online and offline – prior to and including the &lt;br /&gt;
insiders’ harmful activities. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Insider Fraud Requires Little Technical Sophistication&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Most of the incidents examined in the banking and finance sector were not &lt;br /&gt;
technically sophisticated or complex. That is, they typically involved exploitation &lt;br /&gt;
of non-technical vulnerabilities such as business rules or organization policies &lt;br /&gt;
(rather than vulnerabilities in an information system or network) and were carried &lt;br /&gt;
out by individuals who had little or no technical expertise.&lt;br /&gt;
&lt;br /&gt;
This suggests it is important for organizations to secure their networks from the full range of users, from persons responsible for data entry to management to system administrators. Proactive practices, such as mandatory password protection and change &lt;br /&gt;
policies, and use of password-protected screen savers, can minimize the &lt;br /&gt;
possibility of insiders using another employee’s computer and/or account to carry &lt;br /&gt;
out the attack. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Perpetrators Planned Their Actions&#039;&#039;&#039;&lt;br /&gt;
Most of the incidents were thought out and planned in advance. In most cases, &lt;br /&gt;
others had knowledge of the insider’s intentions, plans, and/or activities. Those &lt;br /&gt;
who knew were often directly involved in the planning or stood to benefit from the &lt;br /&gt;
activity. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Financial Gain Motivated Most Perpetrators&#039;&#039;&#039;&lt;br /&gt;
Most insiders were motivated by financial gain (81%), rather than a desire to harm the &lt;br /&gt;
company or information system. Other motives included revenge, dissatisfaction &lt;br /&gt;
with company management, culture or polices, and a desire for respect.&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Insider_Threat_Study&amp;diff=4999</id>
		<title>Insider Threat Study</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Insider_Threat_Study&amp;diff=4999"/>
		<updated>2010-07-29T16:19:00Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Synopsis */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
United States Secret Service, Computer Emergency Response Team (2004): Insider Threat Study. Illicit Cyber Activity in the Banking and Finance Sector. U.S. Government. Online Paper. [http://www.cyber.st.dhs.gov/docs/its_report_040820.pdf  &#039;&#039;Web&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=USSS:2004&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
==Key Words== &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
&lt;br /&gt;
In the past, most incidents of fraud against the banking or financial services industry were committed by insiders. It is difficult to estimate how often and to what degree companies face attacks from within; insider attacks are probably under-reported, out of fear for the negative publicity or increased liability that may arise as a consequence.&lt;br /&gt;
&lt;br /&gt;
The Insider Threat Study examines a series of unique insider incidents from a behavioral and technical perspective.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Scope and Procedure of the Insider Threat Study&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
The report examines 23 incidents carried out by 26 insiders in the banking and &lt;br /&gt;
finance sector between 1996 and 2002. Organizations affected by insider activity &lt;br /&gt;
in this sector include credit unions, banks, investment firms, credit bureaus, and &lt;br /&gt;
other companies whose activities fall within this sector.  Of the 23 incidents, 15 &lt;br /&gt;
involved fraud, four involved theft of intellectual property, and four involved &lt;br /&gt;
sabotage to the information system/network.&lt;br /&gt;
&lt;br /&gt;
The study consists of an aggregated case-study analysis that provides an in-depth look at insider incidents that have occurred in critical infrastructure sectors between 1996 and 2002, a review of the prevalence of insider activity across critical infrastructure &lt;br /&gt;
sectors over a 10-year time frame, and a survey of recent insider activity experienced by a sample of public- and private-sector organizations.&lt;br /&gt;
&lt;br /&gt;
Cases were identified through public reporting or as a computer fraud case &lt;br /&gt;
investigated by the Secret Service.&lt;br /&gt;
&lt;br /&gt;
The ITS adapted methods used in previous research performed by the Secret &lt;br /&gt;
Service and CERT/CC to conduct in-depth examinations of network, system, and &lt;br /&gt;
data compromises and other insider activity. Researchers focused primarily on &lt;br /&gt;
tracing insider incidents from the initial harm backward in time to when the idea &lt;br /&gt;
of committing the incident first occurred to the insider. In tracing the incidents &lt;br /&gt;
backward, researchers tried to identify the behaviors and communications in &lt;br /&gt;
which the insiders engaged – both online and offline – prior to and including the &lt;br /&gt;
insiders’ harmful activities. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Insider Fraud Requires Little Technical Sophistication&#039;&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Most of the incidents examined in the banking and finance sector were not &lt;br /&gt;
technically sophisticated or complex. That is, they typically involved exploitation &lt;br /&gt;
of non-technical vulnerabilities such as business rules or organization policies &lt;br /&gt;
(rather than vulnerabilities in an information system or network) and were carried &lt;br /&gt;
out by individuals who had little or no technical expertise.&lt;br /&gt;
&lt;br /&gt;
This suggests it is important for organizations to secure their networks from the full range of users, from persons responsible for data entry to management to system administrators. Proactive practices, such as mandatory password protection and change &lt;br /&gt;
policies, and use of password-protected screen savers, can minimize the &lt;br /&gt;
possibility of insiders using another employee’s computer and/or account to carry &lt;br /&gt;
out the attack. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Perpetrators Planned Their Actions&#039;&#039;&#039;&lt;br /&gt;
Most of the incidents were thought out and planned in advance. In most cases, &lt;br /&gt;
others had knowledge of the insider’s intentions, plans, and/or activities. Those &lt;br /&gt;
who knew were often directly involved in the planning or stood to benefit from the &lt;br /&gt;
activity. &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Financial Gain Motivated Most Perpetrators&#039;&#039;&#039;&lt;br /&gt;
Most insiders were motivated by financial gain (81%), rather than a desire to harm the &lt;br /&gt;
company or information system. Other motives included revenge, dissatisfaction &lt;br /&gt;
with company management, culture or polices, and a desire for respect.&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Models_and_Measures_for_Correlation_in_Cyber-Insurance&amp;diff=4967</id>
		<title>Models and Measures for Correlation in Cyber-Insurance</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Models_and_Measures_for_Correlation_in_Cyber-Insurance&amp;diff=4967"/>
		<updated>2010-07-29T15:23:48Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Synopsis */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Models and Measures for Correlation in Cyber-Insurance&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Rainer Bohme, &#039;&#039;Models and Measures for Correlation in Cyber-Insurance&#039;&#039;, Workshop on the Economics of Information Security (2006).&lt;br /&gt;
[http://weis2006.econinfosec.org/docs/16.pdf  &#039;&#039;Web&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/Special:Bibliography?f=wikibiblio.bib&amp;amp;title=Special:Bibliography&amp;amp;view=detailed&amp;amp;action=&amp;amp;keyword=Bohme_Kataria:2006 &#039;&#039;BibTeX&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
&lt;br /&gt;
* Issues: [[Economics of Cyber Security]]; [[Insurance]] &lt;br /&gt;
&lt;br /&gt;
==Key Words==&lt;br /&gt;
Insurance&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
&lt;br /&gt;
THIS BOY&#039;S MINE (j.albert)&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Abstract:&#039;&#039;&lt;br /&gt;
High correlation in failure of information systems due to worms and viruses has been cited as major impediment to cyber-insurance. However, of the many cyber-risk classes that inﬂuence failure of information systems, not all exhibit similar correlation properties. In this paper, we introduce a new classiﬁcation of correlation properties of cyber-risks based on a twin-tier approach. At the ﬁrst tier, is the correlation of cyber-risks within a ﬁrm i.e. correlated failure of multiple systems on its internal network. At second tier, is the correlation in risk at a global level i.e. correlation across independent ﬁrms in an insurer’s portfolio. Various classes of cyber-risks exhibit diﬀerent level of correlation at two tiers, for instance, insider attacks &lt;br /&gt;
exhibit high internal but low global correlation. While internal risk correlation within a ﬁrm inﬂuences its decision to seek insurance, the global correlation inﬂuences insurers’ decision in setting the premium. Citing real data we study the combined dynamics of the two-step risk arrival process to determine conditions conducive to the existence of cyber-insurance market.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;Major themes:&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Correlation in IT risks&#039;&#039;&#039;&lt;br /&gt;
It is impossible to eliminate security risks in today&#039;s IT environment. Most security is intended to deter risk, such as firewall, antivirus, encryption. The residual risk, hopefully, is manageable by the firm protecting itself. If not, security must be outsourced and insurance, purchased.&lt;br /&gt;
&lt;br /&gt;
Though this approach seems appropriate, it creates a widening rift between security experts &lt;br /&gt;
who would employ standardized best practices and deploy homogeneous software to enhance system manageability and redue vulnerabilities, versus those who propose using cyber-insurance as a means of transferring risks associated with system vulnerabilities. This is because insurance relies on the principle of independent risks while standardized system environments by themselves create a global monolithic risk manifested in virtually every standardized system. Unlike in physical world where risks are geographically dispersed, in information world, network exploits, worms and viruses span all boundaries. All systems that run standardized software and processes are vulnerable, because bugs in them, once discovered, are common knowledge and can be exploited anywhere. This potentially creates a situation where not only all systems within an organization could fail by virtue of their being identical and vulnerable to same exploits, but all similar systems worldwide could fail affecting many organizations simultaneously as seen in case of worms like SQL Slammer, Code Red etc. The existence of high correlation in breach or failure of information systems adds a new dimension to risk management that has rarely been looked at in the context of information security.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;Correlated risk and insurance&#039;&#039;&#039;&lt;br /&gt;
While global risk correlation inﬂuences insurers’ decision in setting the premium, the internal &lt;br /&gt;
correlation within a single ﬁrm inﬂuences its individual decision to seek insurance. A risk-averse &lt;br /&gt;
ﬁrm prefers low variance of loss and hence low correlation of failure amongst its internal systems.&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Keyword_Index_and_Glossary_of_Core_Ideas&amp;diff=4949</id>
		<title>Keyword Index and Glossary of Core Ideas</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Keyword_Index_and_Glossary_of_Core_Ideas&amp;diff=4949"/>
		<updated>2010-07-28T20:19:32Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Risk Modeling */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Keyword Index and Glossary of Core Ideas==&lt;br /&gt;
&lt;br /&gt;
===Air-Gapped Network===&lt;br /&gt;
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.  &lt;br /&gt;
&lt;br /&gt;
See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Antivirus===&lt;br /&gt;
Software which attempts to identify and delete or isolate [[#Malware |malware]].  Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware.  Usually run as a background service to scan files and email copied to the protected system.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Best Practices===&lt;br /&gt;
&lt;br /&gt;
The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization&#039;s performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]&lt;br /&gt;
&lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
&lt;br /&gt;
===Black Hat===&lt;br /&gt;
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).&lt;br /&gt;
&lt;br /&gt;
See also: [[#White_Hat | White Hat]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Blacklist===&lt;br /&gt;
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Whitelist | Whitelist]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Botnet===&lt;br /&gt;
A portmanteau of &amp;quot;robot&amp;quot; and &amp;quot;network.&amp;quot;  Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors.  A single infected computer may be referred to as a zombie computer.  The owners of the computer remotely controlled is often unaware of the infection.  The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]] &lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Estonia_Three_Years_Later | Shackelford]]&lt;br /&gt;
* [[Schneier_on_Security | Schneier]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===&#039;&#039;Casus Belli&#039;&#039;===&lt;br /&gt;
The justification for going to war.  From the Latin &amp;quot;&#039;&#039;casus&#039;&#039;&amp;quot; meaning &amp;quot;incident&amp;quot; or &amp;quot;event&amp;quot; and &amp;quot;&#039;&#039;belli&#039;&#039;&amp;quot; meaning &amp;quot;of war.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Government_and_Cybersecurity | Bellovin]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Civilian Participation===&lt;br /&gt;
The involvement of non-military persons in warfare.  While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents.    This raises complicated questions of law when the combatants are not uniformed military personnel. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Combatant Status===&lt;br /&gt;
The legal status of combatants in warfare.  Existing law distinguishes between uniformed military and civilian status.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Computer Emergency Response Team===&lt;br /&gt;
A group of experts brought together to deal with computer security issues.  The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008).  CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Computer Network Attack===&lt;br /&gt;
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf  Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Computers_and_War | Schmitt]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Communications Privacy Law===&lt;br /&gt;
Laws which regulate access to electronic communications.  In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===COTS Software===&lt;br /&gt;
Commercial Off The Shelf Software.  Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Credit Card Fraud===&lt;br /&gt;
Theft of goods or services using false or stolen credit card information.&lt;br /&gt;
&lt;br /&gt;
See Also: [[#Shoulder_Surfing | Shoulder Surfing]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Crimeware===&lt;br /&gt;
Software tools designed to aid criminals in perpetrating online crime.  Refers only to programs not generally considered desirable or usable for ordinary tasks.  Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[2007_Malware_Report  |Computer Economics]]&lt;br /&gt;
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Crime===&lt;br /&gt;
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer.  Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Security as an Externality===&lt;br /&gt;
Economists define externalities as instances where an individual or firm’s actions have &lt;br /&gt;
economic consequences for others for which there is no compensation. One important &lt;br /&gt;
distinction is between positive and negative externalities. Instances of the latter are most &lt;br /&gt;
commonly discussed, such as the environmental pollution caused by a plant, which may &lt;br /&gt;
have impacts on the value of neighboring homes. Important examples of positive &lt;br /&gt;
externalities are so common in communications networks that there is a class of &amp;quot;network &lt;br /&gt;
externalities. For instance, the simple act of installing telephone service to one additional &lt;br /&gt;
customer creates positive externalities on everyone on the telephone network because &lt;br /&gt;
they can now each reach one additional person.&lt;br /&gt;
Several attributes of computer security suggest that it is an externality. Most importantly, &lt;br /&gt;
the lack of security on one machine can cause adverse effects on another. The most &lt;br /&gt;
obvious example of this is from electronic commerce, where credit card numbers stolen &lt;br /&gt;
from machines lacking security are used to commit fraud at other sites.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Security as a Public Good===&lt;br /&gt;
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Terrorism===&lt;br /&gt;
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&amp;amp;wit_id=2995 FBI]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]&lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Warfare===&lt;br /&gt;
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Global_Cyber_Deterrence | Lan]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Estonia_Three_Years_Later | Shackelford]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Data Mining===&lt;br /&gt;
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Department of Homeland Security===&lt;br /&gt;
Cabinet level department of the United States assigned, &#039;&#039;inter alia&#039;&#039;, the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===DDoS Attack===&lt;br /&gt;
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests.  Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously.  The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Digital Pearl Harbor===&lt;br /&gt;
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor.  The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Disclosure Policy===&lt;br /&gt;
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Distributed Denial of Service (DDoS)===&lt;br /&gt;
See: [[#DDoS_Attack | DDoS Attack]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Dumpster Diving===&lt;br /&gt;
A method of obtaining  proprietary, confidential or useful information by searching through trash discarded by a target.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Einstein===&lt;br /&gt;
The operational name of the National Cybersecurity Protection System (NCPS).  Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected &lt;br /&gt;
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===E.U. Cybersecurity===&lt;br /&gt;
Discussions relating to cybersecurity of the European Union and of European Union states.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Introduction_to_Country_Reports | ENISA]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Generativity===&lt;br /&gt;
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Geneva Conventions===&lt;br /&gt;
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Laws_of_War | Laws of War]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacker===&lt;br /&gt;
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacktivism===&lt;br /&gt;
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development.  [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacktivist===&lt;br /&gt;
A portmanteau of [[#Hacker | &amp;quot;hacker&amp;quot;]] and &amp;quot;activist.&amp;quot; Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Hacktivism | Hacktivism]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Honeypot===&lt;br /&gt;
A computer, network or other information technology resource set as a trap to attract attacks.  Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers.  A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Identity Fraud/Theft===&lt;br /&gt;
The exploitation by malevolent third parties of unwarranted access to clients&#039; or consumers&#039; identities.  Often the result of lax data security or privacy measures.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Information Asymmetries===&lt;br /&gt;
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.&lt;br /&gt;
&lt;br /&gt;
The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Intelligence Infrastructure/Information Infrastructure===&lt;br /&gt;
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nuclear_Security | Aloise]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Information Operations===&lt;br /&gt;
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.&lt;br /&gt;
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Interdependencies===&lt;br /&gt;
The inter-connections between supposedly independent but often interdependent systems.&lt;br /&gt;
&lt;br /&gt;
See also: [[#SCADA_Systems | SCADA Systems]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Cybersecurity_and_Economic_Incentives | OECD]]&lt;br /&gt;
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===International Humanitarian Law===&lt;br /&gt;
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict.  International law is the body of rules governing relations between States.  It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles.  [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Internet Relay Chat (IRC)===&lt;br /&gt;
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information.  IRC chatrooms may be open or private.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Internet Service Providers===&lt;br /&gt;
A company that offers access to the Internet.  Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Market_Consequences_of_Cybersecurity | OECD]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Keylogger===&lt;br /&gt;
Software or hardware that monitors and logs the keystrokes a user types into a computer.  The keylogger may store the key sequences locally for later retrieval or send them to a remote location.  A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
=== Kinetic Attack===&lt;br /&gt;
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent&#039;s infrastructure.  Usually used to distinguish a cyber attack in which destruction of the opponent&#039;s resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Lawfare===&lt;br /&gt;
The use of international law to damage an opponent in a war without use of arms.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
*[[Wired_Warfare | Schmitt]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Laws of War===&lt;br /&gt;
The body of law that define the legality of using armed force to resolve a conflict (&#039;&#039;jus ad bellum&#039;&#039;) and the laws that define the legality of the actual hostilities and related activities (&#039;&#039;jus in bello&#039;&#039;).&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now | Gable]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Malware===&lt;br /&gt;
A variety of computer software designed to infiltrate a user&#039;s computer specifically for malicious purposes.  Includes, &#039;&#039;inter alia&#039;&#039;, computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===National Cybersecurity Strategy (U.S.)===&lt;br /&gt;
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch&#039;s [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative].  The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===National Security===&lt;br /&gt;
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nuclear_Security | Aloise]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===New Normalcy===&lt;br /&gt;
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. [&amp;quot;Cyber Operations - The New Balance,&amp;quot; Stephen W. Korns]&lt;br /&gt;
&lt;br /&gt;
References :&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
===Notice and Take-down===&lt;br /&gt;
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider&#039;s (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Organized Crime===&lt;br /&gt;
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole.  [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Outreach and Collaboration===&lt;br /&gt;
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Introduction_to_Country_Reports | ENISA]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]&lt;br /&gt;
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Password Weakness===&lt;br /&gt;
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Patching===&lt;br /&gt;
Patching refers to the installation of a piece of software designed to fix problems  with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability  or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Phishing===&lt;br /&gt;
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.&lt;br /&gt;
&lt;br /&gt;
References: &lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Privacy Law===&lt;br /&gt;
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional.  Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Red Team===&lt;br /&gt;
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Research &amp;amp; Development===&lt;br /&gt;
Research and development (R&amp;amp;D) addressing cyber security and information infrastructure protection.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]&lt;br /&gt;
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]&lt;br /&gt;
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Risk Modeling===&lt;br /&gt;
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Managing_Online_Security_Risks | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===SCADA Systems===&lt;br /&gt;
SCADA stands for &amp;quot;supervisory control and data acquisition&amp;quot; and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems.  The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Scareware===&lt;br /&gt;
Software or web site that purports to be security software reporting a threat against a user&#039;s computer to convince the user to purchase unneeded software or install malware.&lt;br /&gt;
&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Script Kiddie===&lt;br /&gt;
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Security Trade-Offs===&lt;br /&gt;
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Shoulder Surfing===&lt;br /&gt;
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Sneakernet===&lt;br /&gt;
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another.  Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Air-Gapped_Network | Air-Gapped Network]]&lt;br /&gt;
&lt;br /&gt;
===Social Engineering===&lt;br /&gt;
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Social Network===&lt;br /&gt;
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Software Vulnerability===&lt;br /&gt;
&lt;br /&gt;
A software vulnerablilty refers to the existence of a flaw -- or &amp;quot;bug&amp;quot; -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[The Price of Restricting Vulnerability Publications | Granick]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===SPAM===&lt;br /&gt;
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services.  Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages.  Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.&lt;br /&gt;
&lt;br /&gt;
References: &lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Sponsored Attacks===&lt;br /&gt;
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.&lt;br /&gt;
&lt;br /&gt;
Reverences:&lt;br /&gt;
* [[The_Government_and_Cybersecurity | Bellovin]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===State Affiliation===&lt;br /&gt;
Under the control or command of a recognized state or government.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Tragedy of Commons===&lt;br /&gt;
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone&#039;s long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Transparency===&lt;br /&gt;
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority.  [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Trojan===&lt;br /&gt;
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it.  Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
*[[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Virtual Military Technologies===&lt;br /&gt;
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Virtual Warfare===&lt;br /&gt;
&lt;br /&gt;
See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===White Hat===&lt;br /&gt;
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks.  White hat consultants are often hired to attempt to break into their client&#039;s network to see if all security holes have been addressed.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Black_Hat | Black Hat]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Whitelist===&lt;br /&gt;
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource.  Normally combined with a default &amp;quot;no-access&amp;quot; policy.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Blacklist | Blacklist]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Worm===&lt;br /&gt;
A type of malware that replicates itself and spreads to other computers through network connections.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Zero-Day Exploit===&lt;br /&gt;
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer.  &amp;quot;Zero-day&amp;quot; refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Keyword_Index_and_Glossary_of_Core_Ideas&amp;diff=4948</id>
		<title>Keyword Index and Glossary of Core Ideas</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Keyword_Index_and_Glossary_of_Core_Ideas&amp;diff=4948"/>
		<updated>2010-07-28T20:19:12Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Cyber Security as a Public Good */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Keyword Index and Glossary of Core Ideas==&lt;br /&gt;
&lt;br /&gt;
===Air-Gapped Network===&lt;br /&gt;
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.  &lt;br /&gt;
&lt;br /&gt;
See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Antivirus===&lt;br /&gt;
Software which attempts to identify and delete or isolate [[#Malware |malware]].  Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware.  Usually run as a background service to scan files and email copied to the protected system.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Best Practices===&lt;br /&gt;
&lt;br /&gt;
The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization&#039;s performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]&lt;br /&gt;
&lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
&lt;br /&gt;
===Black Hat===&lt;br /&gt;
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).&lt;br /&gt;
&lt;br /&gt;
See also: [[#White_Hat | White Hat]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Blacklist===&lt;br /&gt;
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Whitelist | Whitelist]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Botnet===&lt;br /&gt;
A portmanteau of &amp;quot;robot&amp;quot; and &amp;quot;network.&amp;quot;  Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors.  A single infected computer may be referred to as a zombie computer.  The owners of the computer remotely controlled is often unaware of the infection.  The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]] &lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Estonia_Three_Years_Later | Shackelford]]&lt;br /&gt;
* [[Schneier_on_Security | Schneier]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===&#039;&#039;Casus Belli&#039;&#039;===&lt;br /&gt;
The justification for going to war.  From the Latin &amp;quot;&#039;&#039;casus&#039;&#039;&amp;quot; meaning &amp;quot;incident&amp;quot; or &amp;quot;event&amp;quot; and &amp;quot;&#039;&#039;belli&#039;&#039;&amp;quot; meaning &amp;quot;of war.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Government_and_Cybersecurity | Bellovin]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Civilian Participation===&lt;br /&gt;
The involvement of non-military persons in warfare.  While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents.    This raises complicated questions of law when the combatants are not uniformed military personnel. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Combatant Status===&lt;br /&gt;
The legal status of combatants in warfare.  Existing law distinguishes between uniformed military and civilian status.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Computer Emergency Response Team===&lt;br /&gt;
A group of experts brought together to deal with computer security issues.  The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008).  CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Computer Network Attack===&lt;br /&gt;
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf  Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Computers_and_War | Schmitt]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Communications Privacy Law===&lt;br /&gt;
Laws which regulate access to electronic communications.  In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===COTS Software===&lt;br /&gt;
Commercial Off The Shelf Software.  Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Credit Card Fraud===&lt;br /&gt;
Theft of goods or services using false or stolen credit card information.&lt;br /&gt;
&lt;br /&gt;
See Also: [[#Shoulder_Surfing | Shoulder Surfing]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Crimeware===&lt;br /&gt;
Software tools designed to aid criminals in perpetrating online crime.  Refers only to programs not generally considered desirable or usable for ordinary tasks.  Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[2007_Malware_Report  |Computer Economics]]&lt;br /&gt;
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Crime===&lt;br /&gt;
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer.  Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Security as an Externality===&lt;br /&gt;
Economists define externalities as instances where an individual or firm’s actions have &lt;br /&gt;
economic consequences for others for which there is no compensation. One important &lt;br /&gt;
distinction is between positive and negative externalities. Instances of the latter are most &lt;br /&gt;
commonly discussed, such as the environmental pollution caused by a plant, which may &lt;br /&gt;
have impacts on the value of neighboring homes. Important examples of positive &lt;br /&gt;
externalities are so common in communications networks that there is a class of &amp;quot;network &lt;br /&gt;
externalities. For instance, the simple act of installing telephone service to one additional &lt;br /&gt;
customer creates positive externalities on everyone on the telephone network because &lt;br /&gt;
they can now each reach one additional person.&lt;br /&gt;
Several attributes of computer security suggest that it is an externality. Most importantly, &lt;br /&gt;
the lack of security on one machine can cause adverse effects on another. The most &lt;br /&gt;
obvious example of this is from electronic commerce, where credit card numbers stolen &lt;br /&gt;
from machines lacking security are used to commit fraud at other sites.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Security as a Public Good===&lt;br /&gt;
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Terrorism===&lt;br /&gt;
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&amp;amp;wit_id=2995 FBI]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]&lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Warfare===&lt;br /&gt;
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Global_Cyber_Deterrence | Lan]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Estonia_Three_Years_Later | Shackelford]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Data Mining===&lt;br /&gt;
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Department of Homeland Security===&lt;br /&gt;
Cabinet level department of the United States assigned, &#039;&#039;inter alia&#039;&#039;, the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===DDoS Attack===&lt;br /&gt;
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests.  Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously.  The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Digital Pearl Harbor===&lt;br /&gt;
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor.  The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Disclosure Policy===&lt;br /&gt;
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Distributed Denial of Service (DDoS)===&lt;br /&gt;
See: [[#DDoS_Attack | DDoS Attack]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Dumpster Diving===&lt;br /&gt;
A method of obtaining  proprietary, confidential or useful information by searching through trash discarded by a target.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Einstein===&lt;br /&gt;
The operational name of the National Cybersecurity Protection System (NCPS).  Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected &lt;br /&gt;
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===E.U. Cybersecurity===&lt;br /&gt;
Discussions relating to cybersecurity of the European Union and of European Union states.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Introduction_to_Country_Reports | ENISA]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Generativity===&lt;br /&gt;
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Geneva Conventions===&lt;br /&gt;
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Laws_of_War | Laws of War]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacker===&lt;br /&gt;
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacktivism===&lt;br /&gt;
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development.  [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacktivist===&lt;br /&gt;
A portmanteau of [[#Hacker | &amp;quot;hacker&amp;quot;]] and &amp;quot;activist.&amp;quot; Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Hacktivism | Hacktivism]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Honeypot===&lt;br /&gt;
A computer, network or other information technology resource set as a trap to attract attacks.  Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers.  A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Identity Fraud/Theft===&lt;br /&gt;
The exploitation by malevolent third parties of unwarranted access to clients&#039; or consumers&#039; identities.  Often the result of lax data security or privacy measures.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Information Asymmetries===&lt;br /&gt;
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.&lt;br /&gt;
&lt;br /&gt;
The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Intelligence Infrastructure/Information Infrastructure===&lt;br /&gt;
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nuclear_Security | Aloise]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Information Operations===&lt;br /&gt;
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.&lt;br /&gt;
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Interdependencies===&lt;br /&gt;
The inter-connections between supposedly independent but often interdependent systems.&lt;br /&gt;
&lt;br /&gt;
See also: [[#SCADA_Systems | SCADA Systems]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Cybersecurity_and_Economic_Incentives | OECD]]&lt;br /&gt;
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===International Humanitarian Law===&lt;br /&gt;
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict.  International law is the body of rules governing relations between States.  It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles.  [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Internet Relay Chat (IRC)===&lt;br /&gt;
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information.  IRC chatrooms may be open or private.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Internet Service Providers===&lt;br /&gt;
A company that offers access to the Internet.  Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Market_Consequences_of_Cybersecurity | OECD]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Keylogger===&lt;br /&gt;
Software or hardware that monitors and logs the keystrokes a user types into a computer.  The keylogger may store the key sequences locally for later retrieval or send them to a remote location.  A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
=== Kinetic Attack===&lt;br /&gt;
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent&#039;s infrastructure.  Usually used to distinguish a cyber attack in which destruction of the opponent&#039;s resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Lawfare===&lt;br /&gt;
The use of international law to damage an opponent in a war without use of arms.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
*[[Wired_Warfare | Schmitt]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Laws of War===&lt;br /&gt;
The body of law that define the legality of using armed force to resolve a conflict (&#039;&#039;jus ad bellum&#039;&#039;) and the laws that define the legality of the actual hostilities and related activities (&#039;&#039;jus in bello&#039;&#039;).&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now | Gable]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Malware===&lt;br /&gt;
A variety of computer software designed to infiltrate a user&#039;s computer specifically for malicious purposes.  Includes, &#039;&#039;inter alia&#039;&#039;, computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===National Cybersecurity Strategy (U.S.)===&lt;br /&gt;
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch&#039;s [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative].  The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===National Security===&lt;br /&gt;
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nuclear_Security | Aloise]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===New Normalcy===&lt;br /&gt;
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. [&amp;quot;Cyber Operations - The New Balance,&amp;quot; Stephen W. Korns]&lt;br /&gt;
&lt;br /&gt;
References :&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
===Notice and Take-down===&lt;br /&gt;
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider&#039;s (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Organized Crime===&lt;br /&gt;
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole.  [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Outreach and Collaboration===&lt;br /&gt;
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Introduction_to_Country_Reports | ENISA]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]&lt;br /&gt;
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Password Weakness===&lt;br /&gt;
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Patching===&lt;br /&gt;
Patching refers to the installation of a piece of software designed to fix problems  with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability  or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Phishing===&lt;br /&gt;
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.&lt;br /&gt;
&lt;br /&gt;
References: &lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Privacy Law===&lt;br /&gt;
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional.  Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Red Team===&lt;br /&gt;
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Research &amp;amp; Development===&lt;br /&gt;
Research and development (R&amp;amp;D) addressing cyber security and information infrastructure protection.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]&lt;br /&gt;
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]&lt;br /&gt;
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Risk Modeling===&lt;br /&gt;
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===SCADA Systems===&lt;br /&gt;
SCADA stands for &amp;quot;supervisory control and data acquisition&amp;quot; and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems.  The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Scareware===&lt;br /&gt;
Software or web site that purports to be security software reporting a threat against a user&#039;s computer to convince the user to purchase unneeded software or install malware.&lt;br /&gt;
&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Script Kiddie===&lt;br /&gt;
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Security Trade-Offs===&lt;br /&gt;
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Shoulder Surfing===&lt;br /&gt;
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Sneakernet===&lt;br /&gt;
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another.  Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Air-Gapped_Network | Air-Gapped Network]]&lt;br /&gt;
&lt;br /&gt;
===Social Engineering===&lt;br /&gt;
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Social Network===&lt;br /&gt;
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Software Vulnerability===&lt;br /&gt;
&lt;br /&gt;
A software vulnerablilty refers to the existence of a flaw -- or &amp;quot;bug&amp;quot; -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[The Price of Restricting Vulnerability Publications | Granick]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===SPAM===&lt;br /&gt;
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services.  Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages.  Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.&lt;br /&gt;
&lt;br /&gt;
References: &lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Sponsored Attacks===&lt;br /&gt;
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.&lt;br /&gt;
&lt;br /&gt;
Reverences:&lt;br /&gt;
* [[The_Government_and_Cybersecurity | Bellovin]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===State Affiliation===&lt;br /&gt;
Under the control or command of a recognized state or government.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Tragedy of Commons===&lt;br /&gt;
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone&#039;s long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Transparency===&lt;br /&gt;
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority.  [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Trojan===&lt;br /&gt;
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it.  Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
*[[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Virtual Military Technologies===&lt;br /&gt;
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Virtual Warfare===&lt;br /&gt;
&lt;br /&gt;
See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===White Hat===&lt;br /&gt;
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks.  White hat consultants are often hired to attempt to break into their client&#039;s network to see if all security holes have been addressed.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Black_Hat | Black Hat]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Whitelist===&lt;br /&gt;
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource.  Normally combined with a default &amp;quot;no-access&amp;quot; policy.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Blacklist | Blacklist]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Worm===&lt;br /&gt;
A type of malware that replicates itself and spreads to other computers through network connections.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Zero-Day Exploit===&lt;br /&gt;
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer.  &amp;quot;Zero-day&amp;quot; refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Keyword_Index_and_Glossary_of_Core_Ideas&amp;diff=4947</id>
		<title>Keyword Index and Glossary of Core Ideas</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Keyword_Index_and_Glossary_of_Core_Ideas&amp;diff=4947"/>
		<updated>2010-07-28T20:18:13Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Cyber Security as an Externality */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Keyword Index and Glossary of Core Ideas==&lt;br /&gt;
&lt;br /&gt;
===Air-Gapped Network===&lt;br /&gt;
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.  &lt;br /&gt;
&lt;br /&gt;
See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Antivirus===&lt;br /&gt;
Software which attempts to identify and delete or isolate [[#Malware |malware]].  Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware.  Usually run as a background service to scan files and email copied to the protected system.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Best Practices===&lt;br /&gt;
&lt;br /&gt;
The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization&#039;s performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]&lt;br /&gt;
&lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
&lt;br /&gt;
===Black Hat===&lt;br /&gt;
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).&lt;br /&gt;
&lt;br /&gt;
See also: [[#White_Hat | White Hat]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Blacklist===&lt;br /&gt;
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Whitelist | Whitelist]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Botnet===&lt;br /&gt;
A portmanteau of &amp;quot;robot&amp;quot; and &amp;quot;network.&amp;quot;  Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors.  A single infected computer may be referred to as a zombie computer.  The owners of the computer remotely controlled is often unaware of the infection.  The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]] &lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Estonia_Three_Years_Later | Shackelford]]&lt;br /&gt;
* [[Schneier_on_Security | Schneier]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===&#039;&#039;Casus Belli&#039;&#039;===&lt;br /&gt;
The justification for going to war.  From the Latin &amp;quot;&#039;&#039;casus&#039;&#039;&amp;quot; meaning &amp;quot;incident&amp;quot; or &amp;quot;event&amp;quot; and &amp;quot;&#039;&#039;belli&#039;&#039;&amp;quot; meaning &amp;quot;of war.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Government_and_Cybersecurity | Bellovin]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Civilian Participation===&lt;br /&gt;
The involvement of non-military persons in warfare.  While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents.    This raises complicated questions of law when the combatants are not uniformed military personnel. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Combatant Status===&lt;br /&gt;
The legal status of combatants in warfare.  Existing law distinguishes between uniformed military and civilian status.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Computer Emergency Response Team===&lt;br /&gt;
A group of experts brought together to deal with computer security issues.  The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008).  CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Computer Network Attack===&lt;br /&gt;
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf  Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Computers_and_War | Schmitt]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Communications Privacy Law===&lt;br /&gt;
Laws which regulate access to electronic communications.  In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===COTS Software===&lt;br /&gt;
Commercial Off The Shelf Software.  Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Credit Card Fraud===&lt;br /&gt;
Theft of goods or services using false or stolen credit card information.&lt;br /&gt;
&lt;br /&gt;
See Also: [[#Shoulder_Surfing | Shoulder Surfing]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Crimeware===&lt;br /&gt;
Software tools designed to aid criminals in perpetrating online crime.  Refers only to programs not generally considered desirable or usable for ordinary tasks.  Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[2007_Malware_Report  |Computer Economics]]&lt;br /&gt;
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Crime===&lt;br /&gt;
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer.  Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Security as an Externality===&lt;br /&gt;
Economists define externalities as instances where an individual or firm’s actions have &lt;br /&gt;
economic consequences for others for which there is no compensation. One important &lt;br /&gt;
distinction is between positive and negative externalities. Instances of the latter are most &lt;br /&gt;
commonly discussed, such as the environmental pollution caused by a plant, which may &lt;br /&gt;
have impacts on the value of neighboring homes. Important examples of positive &lt;br /&gt;
externalities are so common in communications networks that there is a class of &amp;quot;network &lt;br /&gt;
externalities. For instance, the simple act of installing telephone service to one additional &lt;br /&gt;
customer creates positive externalities on everyone on the telephone network because &lt;br /&gt;
they can now each reach one additional person.&lt;br /&gt;
Several attributes of computer security suggest that it is an externality. Most importantly, &lt;br /&gt;
the lack of security on one machine can cause adverse effects on another. The most &lt;br /&gt;
obvious example of this is from electronic commerce, where credit card numbers stolen &lt;br /&gt;
from machines lacking security are used to commit fraud at other sites.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]], [[Managing_Online_Security_Risks | 2]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Security as a Public Good===&lt;br /&gt;
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Terrorism===&lt;br /&gt;
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&amp;amp;wit_id=2995 FBI]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]&lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Warfare===&lt;br /&gt;
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Global_Cyber_Deterrence | Lan]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Estonia_Three_Years_Later | Shackelford]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Data Mining===&lt;br /&gt;
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Department of Homeland Security===&lt;br /&gt;
Cabinet level department of the United States assigned, &#039;&#039;inter alia&#039;&#039;, the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===DDoS Attack===&lt;br /&gt;
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests.  Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously.  The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Digital Pearl Harbor===&lt;br /&gt;
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor.  The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Disclosure Policy===&lt;br /&gt;
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Distributed Denial of Service (DDoS)===&lt;br /&gt;
See: [[#DDoS_Attack | DDoS Attack]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Dumpster Diving===&lt;br /&gt;
A method of obtaining  proprietary, confidential or useful information by searching through trash discarded by a target.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Einstein===&lt;br /&gt;
The operational name of the National Cybersecurity Protection System (NCPS).  Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected &lt;br /&gt;
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===E.U. Cybersecurity===&lt;br /&gt;
Discussions relating to cybersecurity of the European Union and of European Union states.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Introduction_to_Country_Reports | ENISA]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Generativity===&lt;br /&gt;
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Geneva Conventions===&lt;br /&gt;
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Laws_of_War | Laws of War]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacker===&lt;br /&gt;
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacktivism===&lt;br /&gt;
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development.  [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacktivist===&lt;br /&gt;
A portmanteau of [[#Hacker | &amp;quot;hacker&amp;quot;]] and &amp;quot;activist.&amp;quot; Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Hacktivism | Hacktivism]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Honeypot===&lt;br /&gt;
A computer, network or other information technology resource set as a trap to attract attacks.  Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers.  A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Identity Fraud/Theft===&lt;br /&gt;
The exploitation by malevolent third parties of unwarranted access to clients&#039; or consumers&#039; identities.  Often the result of lax data security or privacy measures.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Information Asymmetries===&lt;br /&gt;
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.&lt;br /&gt;
&lt;br /&gt;
The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Intelligence Infrastructure/Information Infrastructure===&lt;br /&gt;
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nuclear_Security | Aloise]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Information Operations===&lt;br /&gt;
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.&lt;br /&gt;
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Interdependencies===&lt;br /&gt;
The inter-connections between supposedly independent but often interdependent systems.&lt;br /&gt;
&lt;br /&gt;
See also: [[#SCADA_Systems | SCADA Systems]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Cybersecurity_and_Economic_Incentives | OECD]]&lt;br /&gt;
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===International Humanitarian Law===&lt;br /&gt;
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict.  International law is the body of rules governing relations between States.  It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles.  [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Internet Relay Chat (IRC)===&lt;br /&gt;
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information.  IRC chatrooms may be open or private.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Internet Service Providers===&lt;br /&gt;
A company that offers access to the Internet.  Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Market_Consequences_of_Cybersecurity | OECD]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Keylogger===&lt;br /&gt;
Software or hardware that monitors and logs the keystrokes a user types into a computer.  The keylogger may store the key sequences locally for later retrieval or send them to a remote location.  A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
=== Kinetic Attack===&lt;br /&gt;
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent&#039;s infrastructure.  Usually used to distinguish a cyber attack in which destruction of the opponent&#039;s resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Lawfare===&lt;br /&gt;
The use of international law to damage an opponent in a war without use of arms.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
*[[Wired_Warfare | Schmitt]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Laws of War===&lt;br /&gt;
The body of law that define the legality of using armed force to resolve a conflict (&#039;&#039;jus ad bellum&#039;&#039;) and the laws that define the legality of the actual hostilities and related activities (&#039;&#039;jus in bello&#039;&#039;).&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now | Gable]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Malware===&lt;br /&gt;
A variety of computer software designed to infiltrate a user&#039;s computer specifically for malicious purposes.  Includes, &#039;&#039;inter alia&#039;&#039;, computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===National Cybersecurity Strategy (U.S.)===&lt;br /&gt;
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch&#039;s [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative].  The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===National Security===&lt;br /&gt;
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nuclear_Security | Aloise]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Why_States_Need_an_International_Law_for_Information_Operations | Hollis]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===New Normalcy===&lt;br /&gt;
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. [&amp;quot;Cyber Operations - The New Balance,&amp;quot; Stephen W. Korns]&lt;br /&gt;
&lt;br /&gt;
References :&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
===Notice and Take-down===&lt;br /&gt;
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider&#039;s (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Organized Crime===&lt;br /&gt;
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole.  [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Outreach and Collaboration===&lt;br /&gt;
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Introduction_to_Country_Reports | ENISA]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]&lt;br /&gt;
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Password Weakness===&lt;br /&gt;
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Patching===&lt;br /&gt;
Patching refers to the installation of a piece of software designed to fix problems  with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability  or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Phishing===&lt;br /&gt;
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.&lt;br /&gt;
&lt;br /&gt;
References: &lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Privacy Law===&lt;br /&gt;
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional.  Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Red Team===&lt;br /&gt;
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Research &amp;amp; Development===&lt;br /&gt;
Research and development (R&amp;amp;D) addressing cyber security and information infrastructure protection.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]&lt;br /&gt;
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]&lt;br /&gt;
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Risk Modeling===&lt;br /&gt;
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===SCADA Systems===&lt;br /&gt;
SCADA stands for &amp;quot;supervisory control and data acquisition&amp;quot; and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems.  The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Scareware===&lt;br /&gt;
Software or web site that purports to be security software reporting a threat against a user&#039;s computer to convince the user to purchase unneeded software or install malware.&lt;br /&gt;
&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Script Kiddie===&lt;br /&gt;
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Security Trade-Offs===&lt;br /&gt;
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Shoulder Surfing===&lt;br /&gt;
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Sneakernet===&lt;br /&gt;
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another.  Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Air-Gapped_Network | Air-Gapped Network]]&lt;br /&gt;
&lt;br /&gt;
===Social Engineering===&lt;br /&gt;
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Social Network===&lt;br /&gt;
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Software Vulnerability===&lt;br /&gt;
&lt;br /&gt;
A software vulnerablilty refers to the existence of a flaw -- or &amp;quot;bug&amp;quot; -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[The Price of Restricting Vulnerability Publications | Granick]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===SPAM===&lt;br /&gt;
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services.  Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages.  Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.&lt;br /&gt;
&lt;br /&gt;
References: &lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Sponsored Attacks===&lt;br /&gt;
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.&lt;br /&gt;
&lt;br /&gt;
Reverences:&lt;br /&gt;
* [[The_Government_and_Cybersecurity | Bellovin]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===State Affiliation===&lt;br /&gt;
Under the control or command of a recognized state or government.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Tragedy of Commons===&lt;br /&gt;
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone&#039;s long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Transparency===&lt;br /&gt;
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority.  [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Trojan===&lt;br /&gt;
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it.  Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
*[[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Virtual Military Technologies===&lt;br /&gt;
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Virtual Warfare===&lt;br /&gt;
&lt;br /&gt;
See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===White Hat===&lt;br /&gt;
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks.  White hat consultants are often hired to attempt to break into their client&#039;s network to see if all security holes have been addressed.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Black_Hat | Black Hat]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Whitelist===&lt;br /&gt;
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource.  Normally combined with a default &amp;quot;no-access&amp;quot; policy.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Blacklist | Blacklist]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Worm===&lt;br /&gt;
A type of malware that replicates itself and spreads to other computers through network connections.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Zero-Day Exploit===&lt;br /&gt;
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer.  &amp;quot;Zero-day&amp;quot; refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Behavioral_Economics&amp;diff=4945</id>
		<title>Behavioral Economics</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Behavioral_Economics&amp;diff=4945"/>
		<updated>2010-07-28T20:17:38Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Issues | Issues-&amp;gt;]][[Economics of Cybersecurity | Economics of Cybersecurity-&amp;gt;]][[Behavioral Economics]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Varian, Hal (2000) [[Managing Online Security Risks]]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents| Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Incentives&amp;diff=4944</id>
		<title>Incentives</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Incentives&amp;diff=4944"/>
		<updated>2010-07-28T20:17:25Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Issues | Issues-&amp;gt;]][[Economics of Cybersecurity | Economics of Cybersecurity-&amp;gt;]][[Incentives]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross (2001) [[Why Information Security is Hard]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross and Moore, Tyler (2006)  [[The Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer (2005) [[Cyber-Insurance Revisited]]&lt;br /&gt;
&lt;br /&gt;
Camp, L. Jean and Wolfram, Catherine  (2004) [[Pricing Security]]&lt;br /&gt;
&lt;br /&gt;
Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]&lt;br /&gt;
&lt;br /&gt;
Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2009)  [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin  (2005)  [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
Romanosky et al. (2008) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]&lt;br /&gt;
&lt;br /&gt;
Schwartz, Paul and Janger, Edward (2007) [[Notification of Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2004) [[A Model for When Disclosure Helps Security]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2006) [[A Theory of Disclosure for Security and Competitive Reasons]]&lt;br /&gt;
&lt;br /&gt;
Telang, Rahul and Wattal, Sunil (2007) [[Impact of Software Vulnerability Announcements on the Market Value of Software Vendors]]&lt;br /&gt;
&lt;br /&gt;
van Eeten, Michel J. G.  and  Bauer, Johannes M. (2008) [[Economics of Malware]]&lt;br /&gt;
&lt;br /&gt;
Varian, Hal (2000) [[Managing Online Security Risks]]&lt;br /&gt;
&lt;br /&gt;
Varian, Hal (2004) [[System Reliability and Free Riding]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents| Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Risk_Management_and_Investment&amp;diff=4942</id>
		<title>Risk Management and Investment</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Risk_Management_and_Investment&amp;diff=4942"/>
		<updated>2010-07-28T20:17:08Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Issues | Issues-&amp;gt;]][[Economics of Cybersecurity | Economics of Cybersecurity-&amp;gt;]][[Risk Management and Investment]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross (2001) [[Why Information Security is Hard]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross and Moore, Tyler (2006)  [[The Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Arora et al. (2006) [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure]]&lt;br /&gt;
&lt;br /&gt;
Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]&lt;br /&gt;
&lt;br /&gt;
Camp, and L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Camp, L. Jean and Wolfram, Catherine  (2004) [[Pricing Security]]&lt;br /&gt;
&lt;br /&gt;
Computing Research Association (2003) [[Four Grand Challenges in Trustworthy Computing]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]&lt;br /&gt;
&lt;br /&gt;
Franklin, Jason, et. al (2007) [[An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Institute for Information Infrastructure Protection (2003) [[Cyber Security Research and Development Agenda]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2008) [[Schneier on Security]]&lt;br /&gt;
&lt;br /&gt;
van Eeten, Michel J. G.  and  Bauer, Johannes M. (2008) [[Economics of Malware]]&lt;br /&gt;
&lt;br /&gt;
Varian, Hal (2000) [[Managing Online Security Risks]]&lt;br /&gt;
&lt;br /&gt;
Varian, Hal (2004) [[System Reliability and Free Riding]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents| Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Economics_of_Cybersecurity&amp;diff=4941</id>
		<title>Economics of Cybersecurity</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Economics_of_Cybersecurity&amp;diff=4941"/>
		<updated>2010-07-28T20:16:44Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Issues | Issues-&amp;gt;]][[Economics of Cybersecurity]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross (2001) [[Why Information Security is Hard]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross and Moore, Tyler (2006)  [[The Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Arora et al. (2006) [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure]]&lt;br /&gt;
&lt;br /&gt;
Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]&lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer (2005) [[Cyber-Insurance Revisited]]&lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer and Kataria, Gaurav &#039;&#039;(2006)&#039;&#039; [[Models and Measures for Correlation in Cyber-Insurance]]&lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer and Schwartz, Galina &#039;&#039;(2010)&#039;&#039; [[Modeling Cyber-Insurance]]&lt;br /&gt;
&lt;br /&gt;
Camp, and L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Camp, L. Jean and Wolfram, Catherine  (2004) [[Pricing Security]]&lt;br /&gt;
&lt;br /&gt;
Clinton, Larry &#039;&#039;(Undated)&#039;&#039; [[Cyber-Insurance Metrics and Impact on Cyber-Security]]&lt;br /&gt;
&lt;br /&gt;
Computing Research Association (2003) [[Four Grand Challenges in Trustworthy Computing]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]&lt;br /&gt;
&lt;br /&gt;
Franklin, Jason, et. al (2007) [[An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants]]&lt;br /&gt;
&lt;br /&gt;
Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Institute for Information Infrastructure Protection (2003) [[Cyber Security Research and Development Agenda]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]&lt;br /&gt;
&lt;br /&gt;
Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2009)  [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin  (2005)  [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
Romanosky et al. (2008) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]&lt;br /&gt;
&lt;br /&gt;
Schwartz, Paul and Janger, Edward (2007) [[Notification of Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2004) [[A Model for When Disclosure Helps Security]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2006) [[A Theory of Disclosure for Security and Competitive Reasons]]&lt;br /&gt;
&lt;br /&gt;
Symantec Corporation (2010) [[Symantec Global Internet Security Threat Report]]&lt;br /&gt;
&lt;br /&gt;
Telang, Rahul and Wattal, Sunil (2007) [[Impact of Software Vulnerability Announcements on the Market Value of Software Vendors]]&lt;br /&gt;
&lt;br /&gt;
van Eeten, Michel J. G.  and  Bauer, Johannes M. (2008) [[Economics of Malware]]&lt;br /&gt;
&lt;br /&gt;
Varian, Hal (2000) [[Managing Online Security Risks]]&lt;br /&gt;
&lt;br /&gt;
Varian, Hal (2004) [[System Reliability and Free Riding]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Economics of Cybersecurity | Economics of Cybersecurity-&amp;gt;]][[Risk Management and Investment]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Economics of Cybersecurity | Economics of Cybersecurity-&amp;gt;]][[Incentives]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Economics of Cybersecurity | Economics of Cybersecurity-&amp;gt;]][[Insurance]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Economics of Cybersecurity | Economics of Cybersecurity-&amp;gt;]][[Behavioral Economics]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Economics of Cybersecurity | Economics of Cybersecurity-&amp;gt;]][[Market Failure]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents| Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Managing_Online_Security_Risks&amp;diff=4940</id>
		<title>Managing Online Security Risks</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Managing_Online_Security_Risks&amp;diff=4940"/>
		<updated>2010-07-28T20:16:23Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Key Words */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
&lt;br /&gt;
Managing Online Security Risks&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Hal Varian, &#039;&#039;NYT,&#039;&#039; Managing Online Security Risks (June 1, 2000). [http://people.ischool.berkeley.edu/~hal/people/hal/NYTimes/2000-06-01.html  &#039;&#039;Web&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=Varian:2000&amp;amp;f=wikibiblio.bib &#039;&#039;BibTeX&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
&lt;br /&gt;
*Issues: [[Economics of Cybersecurity]]; [[Risk Management and Investment]]; [[Incentives]]; [[Behavioral Economics]]&lt;br /&gt;
&lt;br /&gt;
==Key Words== &lt;br /&gt;
&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Security_as_an_Externality | Cybersecurity as an Externality]],&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Security_as_a_Public_Good | Cybersecurity as a Public Good]],&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Risk_Modeling | Risk Modelling]]&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
&lt;br /&gt;
In this article, Varian writes about the growing vulnerability of the Internet, a &amp;quot;lab experiment let loose&amp;quot; he describes as being birthed in a secure environment of friendly researchers. The biggest culprit in computer and cyber security, in Varian&#039;s mind, is humans, and not technical vulnerability of any kind.&lt;br /&gt;
&lt;br /&gt;
Whereas cryptography offers a vast measure of effective security, it often fails because of the human element. Varian laments computer security&#039;s focus on the hard issues of cryptography and system design, and the neglect of those more important fields of  user experience, economics and incentives. Varian quotes a study by Ross Anderson that examines fraud in automated telling machines, almost all instances of which occur because of human -- and not machine -- error.&lt;br /&gt;
&lt;br /&gt;
Looking at best practices in British and American banks&#039; customer policies, Varian finds that the US, where liability in a customer dispute automatically falls to the bank, banks have a higher incentive to show that they are right. In Britain, where the bank is right unless the customer proves it wrong, banks have little incentive to take care -- the result is ATM fraud.&lt;br /&gt;
&lt;br /&gt;
Risk management is best thought of not from a technical perspective, but from the standpoint of incentives. Effective risk management is a question of practices, not technology. Furthermore, the job of managing risk should fall to the party that can best do the job. In the case of banks and customers -- this part is the bank. But again, there should be a balance lest customers escape all liability and become too sloppy. &lt;br /&gt;
&lt;br /&gt;
The same goes for computer attacks. Computer security is poor when liability is too diffuse. If a particular user&#039;s computer is taken over via a network, it would be pointless to assign liability to the user, given that most users are clueless about preventing zombie attacks or attacks of any sort. Assigning liability to the network operator makes more sense.&lt;br /&gt;
&lt;br /&gt;
A typical security analysis involves identifying weak points in a system and indicating who might be in a position to fix them. But security analysts should go one step further and examine the incentives of those responsible for the system. Such an analysis could be used to assign liability so that those who are best positioned to control the risks have appropriate incentives to do so.&lt;br /&gt;
&lt;br /&gt;
The study of incentives opens the proverbial cybersecurity door to insurance. Here, too, incentives comes into play. Just as there is no such thing as blanket insurance in the real world, neither does it exist in the realm of cybersecurity. Just as an insurer of an office building will give you a reduced rate if you have sprinklers every 12 feet, an insurer against computer crime will give you a reduced rate if you install security patches within two weeks of their posting, provide continuing education for security staff and engage in other good risk management practices. Yet most insurance companies have very little experience with computer security, and being unable to judge the risks, they offer little in the way of protection. &lt;br /&gt;
&lt;br /&gt;
Varian&#039;s &#039;&#039;next steps&#039;&#039; for a better computer security are as follows: The first step is to assign legal liability to the parties best able to manage the risk. Insurers can then develop expertise in risk management for computer security and provide such services to their clients. &lt;br /&gt;
&lt;br /&gt;
His conclusion is rather bleak:&lt;br /&gt;
&amp;quot;Unfortunately, this will be a long and slow process. In the meantime, we can expect to see many more disruptions on the Internet.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;About the author:&#039;&#039; Hal Varian is Chief Economist at Google and also teaches at UC Berkeley, at the School of Information as well as at the Haas Business School.&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Managing_Online_Security_Risks&amp;diff=4938</id>
		<title>Managing Online Security Risks</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Managing_Online_Security_Risks&amp;diff=4938"/>
		<updated>2010-07-28T20:10:14Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Categorization */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
&lt;br /&gt;
Managing Online Security Risks&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Hal Varian, &#039;&#039;NYT,&#039;&#039; Managing Online Security Risks (June 1, 2000). [http://people.ischool.berkeley.edu/~hal/people/hal/NYTimes/2000-06-01.html  &#039;&#039;Web&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=Varian:2000&amp;amp;f=wikibiblio.bib &#039;&#039;BibTeX&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
&lt;br /&gt;
*Issues: [[Economics of Cybersecurity]]; [[Risk Management and Investment]]; [[Incentives]]; [[Behavioral Economics]]&lt;br /&gt;
&lt;br /&gt;
==Key Words== &lt;br /&gt;
&lt;br /&gt;
Risk management, insurance&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
&lt;br /&gt;
In this article, Varian writes about the growing vulnerability of the Internet, a &amp;quot;lab experiment let loose&amp;quot; he describes as being birthed in a secure environment of friendly researchers. The biggest culprit in computer and cyber security, in Varian&#039;s mind, is humans, and not technical vulnerability of any kind.&lt;br /&gt;
&lt;br /&gt;
Whereas cryptography offers a vast measure of effective security, it often fails because of the human element. Varian laments computer security&#039;s focus on the hard issues of cryptography and system design, and the neglect of those more important fields of  user experience, economics and incentives. Varian quotes a study by Ross Anderson that examines fraud in automated telling machines, almost all instances of which occur because of human -- and not machine -- error.&lt;br /&gt;
&lt;br /&gt;
Looking at best practices in British and American banks&#039; customer policies, Varian finds that the US, where liability in a customer dispute automatically falls to the bank, banks have a higher incentive to show that they are right. In Britain, where the bank is right unless the customer proves it wrong, banks have little incentive to take care -- the result is ATM fraud.&lt;br /&gt;
&lt;br /&gt;
Risk management is best thought of not from a technical perspective, but from the standpoint of incentives. Effective risk management is a question of practices, not technology. Furthermore, the job of managing risk should fall to the party that can best do the job. In the case of banks and customers -- this part is the bank. But again, there should be a balance lest customers escape all liability and become too sloppy. &lt;br /&gt;
&lt;br /&gt;
The same goes for computer attacks. Computer security is poor when liability is too diffuse. If a particular user&#039;s computer is taken over via a network, it would be pointless to assign liability to the user, given that most users are clueless about preventing zombie attacks or attacks of any sort. Assigning liability to the network operator makes more sense.&lt;br /&gt;
&lt;br /&gt;
A typical security analysis involves identifying weak points in a system and indicating who might be in a position to fix them. But security analysts should go one step further and examine the incentives of those responsible for the system. Such an analysis could be used to assign liability so that those who are best positioned to control the risks have appropriate incentives to do so.&lt;br /&gt;
&lt;br /&gt;
The study of incentives opens the proverbial cybersecurity door to insurance. Here, too, incentives comes into play. Just as there is no such thing as blanket insurance in the real world, neither does it exist in the realm of cybersecurity. Just as an insurer of an office building will give you a reduced rate if you have sprinklers every 12 feet, an insurer against computer crime will give you a reduced rate if you install security patches within two weeks of their posting, provide continuing education for security staff and engage in other good risk management practices. Yet most insurance companies have very little experience with computer security, and being unable to judge the risks, they offer little in the way of protection. &lt;br /&gt;
&lt;br /&gt;
Varian&#039;s &#039;&#039;next steps&#039;&#039; for a better computer security are as follows: The first step is to assign legal liability to the parties best able to manage the risk. Insurers can then develop expertise in risk management for computer security and provide such services to their clients. &lt;br /&gt;
&lt;br /&gt;
His conclusion is rather bleak:&lt;br /&gt;
&amp;quot;Unfortunately, this will be a long and slow process. In the meantime, we can expect to see many more disruptions on the Internet.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;About the author:&#039;&#039; Hal Varian is Chief Economist at Google and also teaches at UC Berkeley, at the School of Information as well as at the Haas Business School.&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Managing_Online_Security_Risks&amp;diff=4935</id>
		<title>Managing Online Security Risks</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Managing_Online_Security_Risks&amp;diff=4935"/>
		<updated>2010-07-28T20:04:11Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Synopsis */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
&lt;br /&gt;
Managing Online Security Risks&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Hal Varian, &#039;&#039;NYT,&#039;&#039; Managing Online Security Risks (June 1, 2000). [http://people.ischool.berkeley.edu/~hal/people/hal/NYTimes/2000-06-01.html  &#039;&#039;Web&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=Varian:2000&amp;amp;f=wikibiblio.bib &#039;&#039;BibTeX&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
&lt;br /&gt;
Issues: [[Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Issues: [[Risk Management and Investment]]&lt;br /&gt;
&lt;br /&gt;
Issues: [[Incentives]]&lt;br /&gt;
&lt;br /&gt;
==Key Words== &lt;br /&gt;
&lt;br /&gt;
Risk management, insurance&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
&lt;br /&gt;
In this article, Varian writes about the growing vulnerability of the Internet, a &amp;quot;lab experiment let loose&amp;quot; he describes as being birthed in a secure environment of friendly researchers. The biggest culprit in computer and cyber security, in Varian&#039;s mind, is humans, and not technical vulnerability of any kind.&lt;br /&gt;
&lt;br /&gt;
Whereas cryptography offers a vast measure of effective security, it often fails because of the human element. Varian laments computer security&#039;s focus on the hard issues of cryptography and system design, and the neglect of those more important fields of  user experience, economics and incentives. Varian quotes a study by Ross Anderson that examines fraud in automated telling machines, almost all instances of which occur because of human -- and not machine -- error.&lt;br /&gt;
&lt;br /&gt;
Looking at best practices in British and American banks&#039; customer policies, Varian finds that the US, where liability in a customer dispute automatically falls to the bank, banks have a higher incentive to show that they are right. In Britain, where the bank is right unless the customer proves it wrong, banks have little incentive to take care -- the result is ATM fraud.&lt;br /&gt;
&lt;br /&gt;
Risk management is best thought of not from a technical perspective, but from the standpoint of incentives. Effective risk management is a question of practices, not technology. Furthermore, the job of managing risk should fall to the party that can best do the job. In the case of banks and customers -- this part is the bank. But again, there should be a balance lest customers escape all liability and become too sloppy. &lt;br /&gt;
&lt;br /&gt;
The same goes for computer attacks. Computer security is poor when liability is too diffuse. If a particular user&#039;s computer is taken over via a network, it would be pointless to assign liability to the user, given that most users are clueless about preventing zombie attacks or attacks of any sort. Assigning liability to the network operator makes more sense.&lt;br /&gt;
&lt;br /&gt;
A typical security analysis involves identifying weak points in a system and indicating who might be in a position to fix them. But security analysts should go one step further and examine the incentives of those responsible for the system. Such an analysis could be used to assign liability so that those who are best positioned to control the risks have appropriate incentives to do so.&lt;br /&gt;
&lt;br /&gt;
The study of incentives opens the proverbial cybersecurity door to insurance. Here, too, incentives comes into play. Just as there is no such thing as blanket insurance in the real world, neither does it exist in the realm of cybersecurity. Just as an insurer of an office building will give you a reduced rate if you have sprinklers every 12 feet, an insurer against computer crime will give you a reduced rate if you install security patches within two weeks of their posting, provide continuing education for security staff and engage in other good risk management practices. Yet most insurance companies have very little experience with computer security, and being unable to judge the risks, they offer little in the way of protection. &lt;br /&gt;
&lt;br /&gt;
Varian&#039;s &#039;&#039;next steps&#039;&#039; for a better computer security are as follows: The first step is to assign legal liability to the parties best able to manage the risk. Insurers can then develop expertise in risk management for computer security and provide such services to their clients. &lt;br /&gt;
&lt;br /&gt;
His conclusion is rather bleak:&lt;br /&gt;
&amp;quot;Unfortunately, this will be a long and slow process. In the meantime, we can expect to see many more disruptions on the Internet.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;About the author:&#039;&#039; Hal Varian is Chief Economist at Google and also teaches at UC Berkeley, at the School of Information as well as at the Haas Business School.&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Managing_Online_Security_Risks&amp;diff=4908</id>
		<title>Managing Online Security Risks</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Managing_Online_Security_Risks&amp;diff=4908"/>
		<updated>2010-07-28T19:39:23Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Additional Notes and Highlights */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
&lt;br /&gt;
Managing Online Security Risks&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Hal Varian, &#039;&#039;NYT,&#039;&#039; Managing Online Security Risks (June 1, 2000). [http://people.ischool.berkeley.edu/~hal/people/hal/NYTimes/2000-06-01.html  &#039;&#039;Web&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=Varian:2000&amp;amp;f=wikibiblio.bib &#039;&#039;BibTeX&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
&lt;br /&gt;
Issues: [[Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Issues: [[Risk Management and Investment]]&lt;br /&gt;
&lt;br /&gt;
Issues: [[Incentives]]&lt;br /&gt;
&lt;br /&gt;
==Key Words== &lt;br /&gt;
&lt;br /&gt;
Risk management, insurance&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;This could be an abstract from the article.&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;About the author:&#039;&#039; Hal Varian is Chief Economist at Google and also teaches at UC Berkeley, at the School of Information as well as at the Haas Business School.&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Managing_Online_Security_Risks&amp;diff=4907</id>
		<title>Managing Online Security Risks</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Managing_Online_Security_Risks&amp;diff=4907"/>
		<updated>2010-07-28T19:39:00Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: /* Additional Notes and Highlights */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
&lt;br /&gt;
Managing Online Security Risks&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Hal Varian, &#039;&#039;NYT,&#039;&#039; Managing Online Security Risks (June 1, 2000). [http://people.ischool.berkeley.edu/~hal/people/hal/NYTimes/2000-06-01.html  &#039;&#039;Web&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=Varian:2000&amp;amp;f=wikibiblio.bib &#039;&#039;BibTeX&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
&lt;br /&gt;
Issues: [[Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Issues: [[Risk Management and Investment]]&lt;br /&gt;
&lt;br /&gt;
Issues: [[Incentives]]&lt;br /&gt;
&lt;br /&gt;
==Key Words== &lt;br /&gt;
&lt;br /&gt;
Risk management, insurance&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;This could be an abstract from the article.&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;About the author:&#039;&#039; Hal Varian is Chief Economist at Google and also teaches at UC Berkeley.&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Cybersecurity_Annotated_Bibliography&amp;diff=4900</id>
		<title>Cybersecurity Annotated Bibliography</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Cybersecurity_Annotated_Bibliography&amp;diff=4900"/>
		<updated>2010-07-28T19:28:44Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Anderson, Ross (2001) [[Why Information Security is Hard]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross and Moore, Tyler (2006)  [[The Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross, et. al (2008) [[Security Economics and the Internal Market]]&lt;br /&gt;
&lt;br /&gt;
Arora et al. (2006) [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure]]&lt;br /&gt;
&lt;br /&gt;
Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]&lt;br /&gt;
&lt;br /&gt;
Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]] &lt;br /&gt;
&lt;br /&gt;
Beard, Jack M. (2009) [[Law and War in the Virtual Era]] &lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer &#039;&#039;(2005)&#039;&#039; [[Cyber-Insurance Revisited]]&lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer and Kataria, Gaurav &#039;&#039;(2006)&#039;&#039; [[Models and Measures for Correlation in Cyber-Insurance]]&lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer and Schwartz, Galina &#039;&#039;(2010)&#039;&#039; [[Modeling Cyber-Insurance]]&lt;br /&gt;
&lt;br /&gt;
Brown, Davis  (2006) [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]] &lt;br /&gt;
&lt;br /&gt;
Camp, and L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Camp, L. Jean and Wolfram, Catherine  (2004) [[Pricing Security]]&lt;br /&gt;
&lt;br /&gt;
Center for Strategic and International Studies (2008) [[Securing Cyberspace for the 44th Presidency]]&lt;br /&gt;
&lt;br /&gt;
Clarke, Richard A. and Knake, Robert (2010) [[Cyber War]]&lt;br /&gt;
&lt;br /&gt;
Clinton, Larry &#039;&#039;(Undated)&#039;&#039; [[Cyber-Insurance Metrics and Impact on Cyber-Security]]&lt;br /&gt;
&lt;br /&gt;
Computer Economics, Inc. (2007) [[2007 Malware Report]]&lt;br /&gt;
&lt;br /&gt;
Computing Research Association (2003) [[Four Grand Challenges in Trustworthy Computing]]&lt;br /&gt;
&lt;br /&gt;
Department of Commerce (2010) [[Defense Industrial Base Assessment]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2005) [[Strategy for Homeland Defense and Civil Support]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense Office of General Counsel &#039;&#039;(1999)&#039;&#039; [[An Assessment of International Legal Issues in Information Operations]] &lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2009) [[A Roadmap for Cybersecurity Research]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Dörmann, Knut  (2004) [[Applicability of the Additional Protocols to Computer Network Attacks]] &lt;br /&gt;
&lt;br /&gt;
Dunlap, Charles J. Jr. &#039;&#039;(2009)&#039;&#039; [[Towards a Cyberspace Legal Regime in the Twenty-First Century]] &lt;br /&gt;
&lt;br /&gt;
Energetics Inc. (2006) [[Roadmap to Secure Control Systems in the Energy Sector]]&lt;br /&gt;
&lt;br /&gt;
Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]&lt;br /&gt;
&lt;br /&gt;
Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]&lt;br /&gt;
&lt;br /&gt;
Franklin, Jason, et. al (2007) [[An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants]]&lt;br /&gt;
&lt;br /&gt;
Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark and Parisi, Francesco (&#039;&#039;2006&#039;&#039;) [[The Law and Economics of Cybersecurity: An Introduction]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Granick, Jennifer Stisa (2005) [[The Price of Restricting Vulnerability Publications]]&lt;br /&gt;
&lt;br /&gt;
Hollis, Duncan B. (2007) [[Why States Need an International Law for Information Operations]] &lt;br /&gt;
&lt;br /&gt;
Institute for Information Infrastructure Protection (2003) [[Cyber Security Research and Development Agenda]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]&lt;br /&gt;
&lt;br /&gt;
Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]&lt;br /&gt;
&lt;br /&gt;
Korns, Stephen W.  (2009) [[Cyber Operations]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2006) [[Much Ado About Notification]]&lt;br /&gt;
&lt;br /&gt;
McAfee, Inc. (2010) [[McAfee Threats Report]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2007) [[Examining the Impact of Website Take-down on Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2009)  [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force &#039;&#039;(2004)&#039;&#039; [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
National Infrastructure Advisory Council &#039;&#039;(2004)&#039;&#039; [[Hardening The Internet]]&lt;br /&gt;
&lt;br /&gt;
National Institute of Standards and Technology &#039;&#039;(2006)&#039;&#039; [[SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Science and Technology Council &#039;&#039;(2006)&#039;&#039; [[Federal Plan for Cyber Security and Information Assurance Research and Development]]&lt;br /&gt;
&lt;br /&gt;
Networking and Information Technology Research and Development &#039;&#039;(2009)&#039;&#039; [[National Cyber Leap Year Summit 2009, Co-Chairs&#039; Report]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin &#039;&#039;(2005)&#039;&#039; [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
President&#039;s Commission on Critical Infrastructure Protection &#039;&#039;(1997)&#039;&#039; [[Critical Foundations]]&lt;br /&gt;
&lt;br /&gt;
President&#039;s Information Technology Advisory Council &#039;&#039;(2005)&#039;&#039; [[Cyber Security: A Crisis of Prioritization]]&lt;br /&gt;
&lt;br /&gt;
Romanosky et al. (&#039;&#039;2008&#039;&#039;) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]&lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N., et. al (2004) [[Computers and War]] &lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N. (1999) [[Computer Network Attack and the Use of Force in International Law]] &lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N. (2002) [[Wired Warfare]] &lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2008) [[Schneier on Security]]&lt;br /&gt;
&lt;br /&gt;
Schwartz, Paul and Janger, Edward (2007) [[Notification of Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Sklerov, Matthew J. (2009) [[Solving the Dilemma of State Responses to Cyberattacks]] &lt;br /&gt;
&lt;br /&gt;
Stohl, Michael (2006) [[Cyber Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2004) [[A Model for When Disclosure Helps Security]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2006) [[A Theory of Disclosure for Security and Competitive Reasons]]&lt;br /&gt;
&lt;br /&gt;
Symantec Corporation (2010) [[Symantec Global Internet Security Threat Report]]&lt;br /&gt;
&lt;br /&gt;
Telang, Rahul and Wattal, Sunil (&#039;&#039;2007&#039;&#039;) [[Impact of Software Vulnerability Announcements on the Market Value of Software Vendors]]&lt;br /&gt;
&lt;br /&gt;
Thomas, Rob and Martin, Jerry (2006) [[The Underground Economy]]&lt;br /&gt;
&lt;br /&gt;
Todd, Graham H. &#039;&#039;(2009)&#039;&#039; [[Armed Attack in Cyberspace]] &lt;br /&gt;
&lt;br /&gt;
Trend Micro Incorporated (2010) [[Trend Micro Annual Report]]&lt;br /&gt;
&lt;br /&gt;
United States Secret Service &#039;&#039;(2004)&#039;&#039; [[Insider Threat Study]]&lt;br /&gt;
&lt;br /&gt;
van Eeten, Michel J. G. and  Bauer, Johannes M. (2008) [[Economics of Malware]]&lt;br /&gt;
&lt;br /&gt;
Varian, Hal &#039;&#039;(2000)&#039;&#039; [[Managing Online Security Risks]]&lt;br /&gt;
&lt;br /&gt;
Varian, Hal (2004) [[System Reliability and Free Riding]]&lt;br /&gt;
&lt;br /&gt;
Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2003)&#039;&#039; [[The National Strategy to Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2009)&#039;&#039; [[Cyberspace Policy Review]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2010)&#039;&#039; [[The Comprehensive National Cybersecurity Initiative]]&lt;br /&gt;
&lt;br /&gt;
Zittrain, Jonathan L. (2008) [[The Future of the Internet and How To Stop It]]&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Cybersecurity_Annotated_Bibliography&amp;diff=4896</id>
		<title>Cybersecurity Annotated Bibliography</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Cybersecurity_Annotated_Bibliography&amp;diff=4896"/>
		<updated>2010-07-28T19:26:20Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Anderson, Ross (2001) [[Why Information Security is Hard]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross and Moore, Tyler (2006)  [[The Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross, et. al (2008) [[Security Economics and the Internal Market]]&lt;br /&gt;
&lt;br /&gt;
Arora et al. (2006) [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure]]&lt;br /&gt;
&lt;br /&gt;
Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]&lt;br /&gt;
&lt;br /&gt;
Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]] &lt;br /&gt;
&lt;br /&gt;
Beard, Jack M. (2009) [[Law and War in the Virtual Era]] &lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer &#039;&#039;(2005)&#039;&#039; [[Cyber-Insurance Revisited]]&lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer and Kataria, Gaurav &#039;&#039;(2006)&#039;&#039; [[Models and Measures for Correlation in Cyber-Insurance]]&lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer and Schwartz, Galina &#039;&#039;(2010)&#039;&#039; [[Modeling Cyber-Insurance]]&lt;br /&gt;
&lt;br /&gt;
Brown, Davis  (2006) [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]] &lt;br /&gt;
&lt;br /&gt;
Camp, and L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Camp, L. Jean and Wolfram, Catherine  (2004) [[Pricing Security]]&lt;br /&gt;
&lt;br /&gt;
Center for Strategic and International Studies (2008) [[Securing Cyberspace for the 44th Presidency]]&lt;br /&gt;
&lt;br /&gt;
Clarke, Richard A. and Knake, Robert (2010) [[Cyber War]]&lt;br /&gt;
&lt;br /&gt;
Clinton, Larry &#039;&#039;(Undated)&#039;&#039; [[Cyber-Insurance Metrics and Impact on Cyber-Security]]&lt;br /&gt;
&lt;br /&gt;
Computer Economics, Inc. (2007) [[2007 Malware Report]]&lt;br /&gt;
&lt;br /&gt;
Computing Research Association (2003) [[Four Grand Challenges in Trustworthy Computing]]&lt;br /&gt;
&lt;br /&gt;
Department of Commerce (2010) [[Defense Industrial Base Assessment]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2005) [[Strategy for Homeland Defense and Civil Support]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense Office of General Counsel &#039;&#039;(1999)&#039;&#039; [[An Assessment of International Legal Issues in Information Operations]] &lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2009) [[A Roadmap for Cybersecurity Research]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Dörmann, Knut  (2004) [[Applicability of the Additional Protocols to Computer Network Attacks]] &lt;br /&gt;
&lt;br /&gt;
Dunlap, Charles J. Jr. &#039;&#039;(2009)&#039;&#039; [[Towards a Cyberspace Legal Regime in the Twenty-First Century]] &lt;br /&gt;
&lt;br /&gt;
Energetics Inc. (2006) [[Roadmap to Secure Control Systems in the Energy Sector]]&lt;br /&gt;
&lt;br /&gt;
Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]&lt;br /&gt;
&lt;br /&gt;
Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]&lt;br /&gt;
&lt;br /&gt;
Franklin, Jason, et. al (2007) [[An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants]]&lt;br /&gt;
&lt;br /&gt;
Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark and Parisi, Francesco (&#039;&#039;2006&#039;&#039;) [[The Law and Economics of Cybersecurity: An Introduction]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Granick, Jennifer Stisa (2005) [[The Price of Restricting Vulnerability Publications]]&lt;br /&gt;
&lt;br /&gt;
Hollis, Duncan B. (2007) [[Why States Need an International Law for Information Operations]] &lt;br /&gt;
&lt;br /&gt;
Institute for Information Infrastructure Protection (2003) [[Cyber Security Research and Development Agenda]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]&lt;br /&gt;
&lt;br /&gt;
Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]&lt;br /&gt;
&lt;br /&gt;
Korns, Stephen W.  (2009) [[Cyber Operations]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2006) [[Much Ado About Notification]]&lt;br /&gt;
&lt;br /&gt;
McAfee, Inc. (2010) [[McAfee Threats Report]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2007) [[Examining the Impact of Website Take-down on Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2009)  [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force &#039;&#039;(2004)&#039;&#039; [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
National Infrastructure Advisory Council &#039;&#039;(2004)&#039;&#039; [[Hardening The Internet]]&lt;br /&gt;
&lt;br /&gt;
National Institute of Standards and Technology &#039;&#039;(2006)&#039;&#039; [[SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Science and Technology Council &#039;&#039;(2006)&#039;&#039; [[Federal Plan for Cyber Security and Information Assurance Research and Development]]&lt;br /&gt;
&lt;br /&gt;
Networking and Information Technology Research and Development &#039;&#039;(2009)&#039;&#039; [[National Cyber Leap Year Summit 2009, Co-Chairs&#039; Report]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin &#039;&#039;(2005)&#039;&#039; [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
President&#039;s Commission on Critical Infrastructure Protection &#039;&#039;(1997)&#039;&#039; [[Critical Foundations]]&lt;br /&gt;
&lt;br /&gt;
President&#039;s Information Technology Advisory Council &#039;&#039;(2005)&#039;&#039; [[Cyber Security: A Crisis of Prioritization]]&lt;br /&gt;
&lt;br /&gt;
Romanosky et al. (&#039;&#039;2008&#039;&#039;) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]&lt;br /&gt;
&lt;br /&gt;
Schmit, Michael N., et. al &#039;&#039;(2004)&#039;&#039; [[Computers and War]] &lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N. &#039;&#039;(1999)&#039;&#039; [[Computer Network Attack and the Use of Force in International Law]] &lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N. &#039;&#039;(2002)&#039;&#039; [[Wired Warfare]] &lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2008) [[Schneier on Security]]&lt;br /&gt;
&lt;br /&gt;
Schwartz, Paul and Janger, Edward (&#039;&#039;2007&#039;&#039;) [[Notification of Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Sklerov, Matthew J. &#039;&#039;(2009)&#039;&#039; [[Solving the Dilemma of State Responses to Cyberattacks]] &lt;br /&gt;
&lt;br /&gt;
Stohl, Michael &#039;&#039;(2006)&#039;&#039; [[Cyber Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (&#039;&#039;2004&#039;&#039;) [[A Model for When Disclosure Helps Security]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (&#039;&#039;2006&#039;&#039;) [[A Theory of Disclosure for Security and Competitive Reasons]]&lt;br /&gt;
&lt;br /&gt;
Symantec Corporation (2010) [[Symantec Global Internet Security Threat Report]]&lt;br /&gt;
&lt;br /&gt;
Telang, Rahul and Wattal, Sunil (&#039;&#039;2007&#039;&#039;) [[Impact of Software Vulnerability Announcements on the Market Value of Software Vendors]]&lt;br /&gt;
&lt;br /&gt;
Thomas, Rob and Martin, Jerry (2006) [[The Underground Economy]]&lt;br /&gt;
&lt;br /&gt;
Todd, Graham H. &#039;&#039;(2009)&#039;&#039; [[Armed Attack in Cyberspace]] &lt;br /&gt;
&lt;br /&gt;
Trend Micro Incorporated (2010) [[Trend Micro Annual Report]]&lt;br /&gt;
&lt;br /&gt;
United States Secret Service &#039;&#039;(2004)&#039;&#039; [[Insider Threat Study]]&lt;br /&gt;
&lt;br /&gt;
van Eeten, Michel J. G. and  Bauer, Johannes M. (2008) [[Economics of Malware]]&lt;br /&gt;
&lt;br /&gt;
Varian, Hal &#039;&#039;(2000)&#039;&#039; [[Managing Online Security Risks]]&lt;br /&gt;
&lt;br /&gt;
Varian, Hal (2004) [[System Reliability and Free Riding]]&lt;br /&gt;
&lt;br /&gt;
Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2003)&#039;&#039; [[The National Strategy to Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2009)&#039;&#039; [[Cyberspace Policy Review]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2010)&#039;&#039; [[The Comprehensive National Cybersecurity Initiative]]&lt;br /&gt;
&lt;br /&gt;
Zittrain, Jonathan L. (2008) [[The Future of the Internet and How To Stop It]]&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Cybersecurity_Annotated_Bibliography&amp;diff=4893</id>
		<title>Cybersecurity Annotated Bibliography</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Cybersecurity_Annotated_Bibliography&amp;diff=4893"/>
		<updated>2010-07-28T19:25:22Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Anderson, Ross (2001) [[Why Information Security is Hard]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross and Moore, Tyler (2006)  [[The Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross, et. al (2008) [[Security Economics and the Internal Market]]&lt;br /&gt;
&lt;br /&gt;
Arora et al. (2006) [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure]]&lt;br /&gt;
&lt;br /&gt;
Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]&lt;br /&gt;
&lt;br /&gt;
Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]] &lt;br /&gt;
&lt;br /&gt;
Beard, Jack M. (2009) [[Law and War in the Virtual Era]] &lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer &#039;&#039;(2005)&#039;&#039; [[Cyber-Insurance Revisited]]&lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer and Kataria, Gaurav &#039;&#039;(2006)&#039;&#039; [[Models and Measures for Correlation in Cyber-Insurance]]&lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer and Schwartz, Galina &#039;&#039;(2010)&#039;&#039; [[Modeling Cyber-Insurance]]&lt;br /&gt;
&lt;br /&gt;
Brown, Davis  (2006) [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]] &lt;br /&gt;
&lt;br /&gt;
Camp, and L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Camp, L. Jean and Wolfram, Catherine  (2004) [[Pricing Security]]&lt;br /&gt;
&lt;br /&gt;
Center for Strategic and International Studies (2008) [[Securing Cyberspace for the 44th Presidency]]&lt;br /&gt;
&lt;br /&gt;
Clarke, Richard A. and Knake, Robert (2010) [[Cyber War]]&lt;br /&gt;
&lt;br /&gt;
Clinton, Larry &#039;&#039;(Undated)&#039;&#039; [[Cyber-Insurance Metrics and Impact on Cyber-Security]]&lt;br /&gt;
&lt;br /&gt;
Computer Economics, Inc. (2007) [[2007 Malware Report]]&lt;br /&gt;
&lt;br /&gt;
Computing Research Association (2003) [[Four Grand Challenges in Trustworthy Computing]]&lt;br /&gt;
&lt;br /&gt;
Department of Commerce (2010) [[Defense Industrial Base Assessment]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2005) [[Strategy for Homeland Defense and Civil Support]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense Office of General Counsel &#039;&#039;(1999)&#039;&#039; [[An Assessment of International Legal Issues in Information Operations]] &lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2009) [[A Roadmap for Cybersecurity Research]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Dörmann, Knut  &#039;&#039;(2004)&#039;&#039; [[Applicability of the Additional Protocols to Computer Network Attacks]] &lt;br /&gt;
&lt;br /&gt;
Dunlap, Charles J. Jr. &#039;&#039;(2009)&#039;&#039; [[Towards a Cyberspace Legal Regime in the Twenty-First Century]] &lt;br /&gt;
&lt;br /&gt;
Energetics Inc. (2006) [[Roadmap to Secure Control Systems in the Energy Sector]]&lt;br /&gt;
&lt;br /&gt;
Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]&lt;br /&gt;
&lt;br /&gt;
Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]&lt;br /&gt;
&lt;br /&gt;
Franklin, Jason, et. al (2007) [[An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants]]&lt;br /&gt;
&lt;br /&gt;
Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark and Parisi, Francesco (&#039;&#039;2006&#039;&#039;) [[The Law and Economics of Cybersecurity: An Introduction]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Granick, Jennifer Stisa (2005) [[The Price of Restricting Vulnerability Publications]]&lt;br /&gt;
&lt;br /&gt;
Hollis, Duncan B. (2007) [[Why States Need an International Law for Information Operations]] &lt;br /&gt;
&lt;br /&gt;
Institute for Information Infrastructure Protection (2003) [[Cyber Security Research and Development Agenda]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]&lt;br /&gt;
&lt;br /&gt;
Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]&lt;br /&gt;
&lt;br /&gt;
Korns, Stephen W.  (2009) [[Cyber Operations]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2006) [[Much Ado About Notification]]&lt;br /&gt;
&lt;br /&gt;
McAfee, Inc. (2010) [[McAfee Threats Report]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2007) [[Examining the Impact of Website Take-down on Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2009)  [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force &#039;&#039;(2004)&#039;&#039; [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
National Infrastructure Advisory Council &#039;&#039;(2004)&#039;&#039; [[Hardening The Internet]]&lt;br /&gt;
&lt;br /&gt;
National Institute of Standards and Technology &#039;&#039;(2006)&#039;&#039; [[SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Science and Technology Council &#039;&#039;(2006)&#039;&#039; [[Federal Plan for Cyber Security and Information Assurance Research and Development]]&lt;br /&gt;
&lt;br /&gt;
Networking and Information Technology Research and Development &#039;&#039;(2009)&#039;&#039; [[National Cyber Leap Year Summit 2009, Co-Chairs&#039; Report]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin &#039;&#039;(2005)&#039;&#039; [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
President&#039;s Commission on Critical Infrastructure Protection &#039;&#039;(1997)&#039;&#039; [[Critical Foundations]]&lt;br /&gt;
&lt;br /&gt;
President&#039;s Information Technology Advisory Council &#039;&#039;(2005)&#039;&#039; [[Cyber Security: A Crisis of Prioritization]]&lt;br /&gt;
&lt;br /&gt;
Romanosky et al. (&#039;&#039;2008&#039;&#039;) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]&lt;br /&gt;
&lt;br /&gt;
Schmit, Michael N., et. al &#039;&#039;(2004)&#039;&#039; [[Computers and War]] &lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N. &#039;&#039;(1999)&#039;&#039; [[Computer Network Attack and the Use of Force in International Law]] &lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N. &#039;&#039;(2002)&#039;&#039; [[Wired Warfare]] &lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2008) [[Schneier on Security]]&lt;br /&gt;
&lt;br /&gt;
Schwartz, Paul and Janger, Edward (&#039;&#039;2007&#039;&#039;) [[Notification of Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Sklerov, Matthew J. &#039;&#039;(2009)&#039;&#039; [[Solving the Dilemma of State Responses to Cyberattacks]] &lt;br /&gt;
&lt;br /&gt;
Stohl, Michael &#039;&#039;(2006)&#039;&#039; [[Cyber Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (&#039;&#039;2004&#039;&#039;) [[A Model for When Disclosure Helps Security]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (&#039;&#039;2006&#039;&#039;) [[A Theory of Disclosure for Security and Competitive Reasons]]&lt;br /&gt;
&lt;br /&gt;
Symantec Corporation (2010) [[Symantec Global Internet Security Threat Report]]&lt;br /&gt;
&lt;br /&gt;
Telang, Rahul and Wattal, Sunil (&#039;&#039;2007&#039;&#039;) [[Impact of Software Vulnerability Announcements on the Market Value of Software Vendors]]&lt;br /&gt;
&lt;br /&gt;
Thomas, Rob and Martin, Jerry (2006) [[The Underground Economy]]&lt;br /&gt;
&lt;br /&gt;
Todd, Graham H. &#039;&#039;(2009)&#039;&#039; [[Armed Attack in Cyberspace]] &lt;br /&gt;
&lt;br /&gt;
Trend Micro Incorporated (2010) [[Trend Micro Annual Report]]&lt;br /&gt;
&lt;br /&gt;
United States Secret Service &#039;&#039;(2004)&#039;&#039; [[Insider Threat Study]]&lt;br /&gt;
&lt;br /&gt;
van Eeten, Michel J. G. and  Bauer, Johannes M. (2008) [[Economics of Malware]]&lt;br /&gt;
&lt;br /&gt;
Varian, Hal &#039;&#039;(2000)&#039;&#039; [[Managing Online Security Risks]]&lt;br /&gt;
&lt;br /&gt;
Varian, Hal (2004) [[System Reliability and Free Riding]]&lt;br /&gt;
&lt;br /&gt;
Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2003)&#039;&#039; [[The National Strategy to Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2009)&#039;&#039; [[Cyberspace Policy Review]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2010)&#039;&#039; [[The Comprehensive National Cybersecurity Initiative]]&lt;br /&gt;
&lt;br /&gt;
Zittrain, Jonathan L. (2008) [[The Future of the Internet and How To Stop It]]&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Cybersecurity_Annotated_Bibliography&amp;diff=4892</id>
		<title>Cybersecurity Annotated Bibliography</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Cybersecurity_Annotated_Bibliography&amp;diff=4892"/>
		<updated>2010-07-28T19:24:44Z</updated>

		<summary type="html">&lt;p&gt;Jalbert: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Anderson, Ross (2001) [[Why Information Security is Hard]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross and Moore, Tyler (2006)  [[The Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross, et. al (2008) [[Security Economics and the Internal Market]]&lt;br /&gt;
&lt;br /&gt;
Arora et al. (2006) [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure]]&lt;br /&gt;
&lt;br /&gt;
Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]&lt;br /&gt;
&lt;br /&gt;
Barkham, Jason &#039;&#039;(2001)&#039;&#039; [[Information Warfare and International Law on the Use of Force]] &lt;br /&gt;
&lt;br /&gt;
Beard, Jack M. (2009) [[Law and War in the Virtual Era]] &lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer &#039;&#039;(2005)&#039;&#039; [[Cyber-Insurance Revisited]]&lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer and Kataria, Gaurav &#039;&#039;(2006)&#039;&#039; [[Models and Measures for Correlation in Cyber-Insurance]]&lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer and Schwartz, Galina &#039;&#039;(2010)&#039;&#039; [[Modeling Cyber-Insurance]]&lt;br /&gt;
&lt;br /&gt;
Brown, Davis  &#039;&#039;(2006)&#039;&#039; [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]] &lt;br /&gt;
&lt;br /&gt;
Camp, and L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Camp, L. Jean and Wolfram, Catherine  (2004) [[Pricing Security]]&lt;br /&gt;
&lt;br /&gt;
Center for Strategic and International Studies (2008) [[Securing Cyberspace for the 44th Presidency]]&lt;br /&gt;
&lt;br /&gt;
Clarke, Richard A. and Knake, Robert (2010) [[Cyber War]]&lt;br /&gt;
&lt;br /&gt;
Clinton, Larry &#039;&#039;(Undated)&#039;&#039; [[Cyber-Insurance Metrics and Impact on Cyber-Security]]&lt;br /&gt;
&lt;br /&gt;
Computer Economics, Inc. (2007) [[2007 Malware Report]]&lt;br /&gt;
&lt;br /&gt;
Computing Research Association (2003) [[Four Grand Challenges in Trustworthy Computing]]&lt;br /&gt;
&lt;br /&gt;
Department of Commerce (2010) [[Defense Industrial Base Assessment]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2005) [[Strategy for Homeland Defense and Civil Support]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense Office of General Counsel &#039;&#039;(1999)&#039;&#039; [[An Assessment of International Legal Issues in Information Operations]] &lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2009) [[A Roadmap for Cybersecurity Research]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Dörmann, Knut  &#039;&#039;(2004)&#039;&#039; [[Applicability of the Additional Protocols to Computer Network Attacks]] &lt;br /&gt;
&lt;br /&gt;
Dunlap, Charles J. Jr. &#039;&#039;(2009)&#039;&#039; [[Towards a Cyberspace Legal Regime in the Twenty-First Century]] &lt;br /&gt;
&lt;br /&gt;
Energetics Inc. (2006) [[Roadmap to Secure Control Systems in the Energy Sector]]&lt;br /&gt;
&lt;br /&gt;
Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]&lt;br /&gt;
&lt;br /&gt;
Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]&lt;br /&gt;
&lt;br /&gt;
Franklin, Jason, et. al (2007) [[An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants]]&lt;br /&gt;
&lt;br /&gt;
Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark and Parisi, Francesco (&#039;&#039;2006&#039;&#039;) [[The Law and Economics of Cybersecurity: An Introduction]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Granick, Jennifer Stisa (2005) [[The Price of Restricting Vulnerability Publications]]&lt;br /&gt;
&lt;br /&gt;
Hollis, Duncan B. (2007) [[Why States Need an International Law for Information Operations]] &lt;br /&gt;
&lt;br /&gt;
Institute for Information Infrastructure Protection (2003) [[Cyber Security Research and Development Agenda]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]&lt;br /&gt;
&lt;br /&gt;
Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]&lt;br /&gt;
&lt;br /&gt;
Korns, Stephen W.  (2009) [[Cyber Operations]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2006) [[Much Ado About Notification]]&lt;br /&gt;
&lt;br /&gt;
McAfee, Inc. (2010) [[McAfee Threats Report]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2007) [[Examining the Impact of Website Take-down on Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2009)  [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force &#039;&#039;(2004)&#039;&#039; [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
National Infrastructure Advisory Council &#039;&#039;(2004)&#039;&#039; [[Hardening The Internet]]&lt;br /&gt;
&lt;br /&gt;
National Institute of Standards and Technology &#039;&#039;(2006)&#039;&#039; [[SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Science and Technology Council &#039;&#039;(2006)&#039;&#039; [[Federal Plan for Cyber Security and Information Assurance Research and Development]]&lt;br /&gt;
&lt;br /&gt;
Networking and Information Technology Research and Development &#039;&#039;(2009)&#039;&#039; [[National Cyber Leap Year Summit 2009, Co-Chairs&#039; Report]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin &#039;&#039;(2005)&#039;&#039; [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
President&#039;s Commission on Critical Infrastructure Protection &#039;&#039;(1997)&#039;&#039; [[Critical Foundations]]&lt;br /&gt;
&lt;br /&gt;
President&#039;s Information Technology Advisory Council &#039;&#039;(2005)&#039;&#039; [[Cyber Security: A Crisis of Prioritization]]&lt;br /&gt;
&lt;br /&gt;
Romanosky et al. (&#039;&#039;2008&#039;&#039;) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]&lt;br /&gt;
&lt;br /&gt;
Schmit, Michael N., et. al &#039;&#039;(2004)&#039;&#039; [[Computers and War]] &lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N. &#039;&#039;(1999)&#039;&#039; [[Computer Network Attack and the Use of Force in International Law]] &lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N. &#039;&#039;(2002)&#039;&#039; [[Wired Warfare]] &lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2008) [[Schneier on Security]]&lt;br /&gt;
&lt;br /&gt;
Schwartz, Paul and Janger, Edward (&#039;&#039;2007&#039;&#039;) [[Notification of Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Sklerov, Matthew J. &#039;&#039;(2009)&#039;&#039; [[Solving the Dilemma of State Responses to Cyberattacks]] &lt;br /&gt;
&lt;br /&gt;
Stohl, Michael &#039;&#039;(2006)&#039;&#039; [[Cyber Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (&#039;&#039;2004&#039;&#039;) [[A Model for When Disclosure Helps Security]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (&#039;&#039;2006&#039;&#039;) [[A Theory of Disclosure for Security and Competitive Reasons]]&lt;br /&gt;
&lt;br /&gt;
Symantec Corporation (2010) [[Symantec Global Internet Security Threat Report]]&lt;br /&gt;
&lt;br /&gt;
Telang, Rahul and Wattal, Sunil (&#039;&#039;2007&#039;&#039;) [[Impact of Software Vulnerability Announcements on the Market Value of Software Vendors]]&lt;br /&gt;
&lt;br /&gt;
Thomas, Rob and Martin, Jerry (2006) [[The Underground Economy]]&lt;br /&gt;
&lt;br /&gt;
Todd, Graham H. &#039;&#039;(2009)&#039;&#039; [[Armed Attack in Cyberspace]] &lt;br /&gt;
&lt;br /&gt;
Trend Micro Incorporated (2010) [[Trend Micro Annual Report]]&lt;br /&gt;
&lt;br /&gt;
United States Secret Service &#039;&#039;(2004)&#039;&#039; [[Insider Threat Study]]&lt;br /&gt;
&lt;br /&gt;
van Eeten, Michel J. G. and  Bauer, Johannes M. (2008) [[Economics of Malware]]&lt;br /&gt;
&lt;br /&gt;
Varian, Hal &#039;&#039;(2000)&#039;&#039; [[Managing Online Security Risks]]&lt;br /&gt;
&lt;br /&gt;
Varian, Hal (2004) [[System Reliability and Free Riding]]&lt;br /&gt;
&lt;br /&gt;
Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2003)&#039;&#039; [[The National Strategy to Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2009)&#039;&#039; [[Cyberspace Policy Review]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2010)&#039;&#039; [[The Comprehensive National Cybersecurity Initiative]]&lt;br /&gt;
&lt;br /&gt;
Zittrain, Jonathan L. (2008) [[The Future of the Internet and How To Stop It]]&lt;/div&gt;</summary>
		<author><name>Jalbert</name></author>
	</entry>
</feed>