<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
	<id>https://cyber.harvard.edu/cybersecurity/api.php?action=feedcontributions&amp;feedformat=atom&amp;user=Shane</id>
	<title>Cybersecurity Wiki - User contributions [en]</title>
	<link rel="self" type="application/atom+xml" href="https://cyber.harvard.edu/cybersecurity/api.php?action=feedcontributions&amp;feedformat=atom&amp;user=Shane"/>
	<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/Special:Contributions/Shane"/>
	<updated>2026-07-15T05:54:49Z</updated>
	<subtitle>User contributions</subtitle>
	<generator>MediaWiki 1.43.6</generator>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Federal_Plan_for_Cyber_Security_and_Information_Assurance_Research_and_Development&amp;diff=5206</id>
		<title>Federal Plan for Cyber Security and Information Assurance Research and Development</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Federal_Plan_for_Cyber_Security_and_Information_Assurance_Research_and_Development&amp;diff=5206"/>
		<updated>2010-08-08T05:20:33Z</updated>

		<summary type="html">&lt;p&gt;Shane: /* Full Citation */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Federal Plan for Cyber Security and Information Assurance Research and Development&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Nat&#039;l Sci. and Tech. Council, &#039;&#039;Federal Plan for Cyber Security and Information Assurance Research and Development&#039;&#039; (2006). U.S. Government. Online Paper.  [http://www.cyber.st.dhs.gov/docs/Federal%20R&amp;amp;D%20Plan%202006.pdf  &#039;&#039;Web&#039;&#039;], [http://www.nitrd.gov/pubs/csia/csia_federal_plan.pdf &#039;&#039;AltWeb&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/Special:Bibliography?f=wikibiblio.bib&amp;amp;title=Special:Bibliography&amp;amp;view=detailed&amp;amp;action=&amp;amp;keyword=NSTC:2006 &#039;&#039;BibTeX&#039;&#039;]&lt;br /&gt;
[http://books.google.com/books?id=t2MKPwAACAAJ&amp;amp;dq=Federal+Plan+for+Cyber+Security+and+Information+Assurance+Research+and+Development&amp;amp;ei=eThTTL2TIoW4yATg2-CmDg&amp;amp;cd=1  &#039;&#039;Google Books&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
==Key Words== &lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Research_&amp;amp;_Development | Research &amp;amp; Development]]&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
&lt;br /&gt;
Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit vulnerabilities in the nation&#039;s critical information systems, thereby causing considerable suffering and damage. Online e-commerce business, government agency files, and identity records are all potential security targets.&amp;quot;Toward a Safer and More Secure Cyberspace&amp;quot; examines these Internet security vulnerabilities and offers a strategy for future research aimed at countering cyber attacks. It also explores the nature of online threats and some of the reasons why past research for improving cybersecurity has had less impact than anticipated, and considers the human resource base needed to advance the cybersecurity research agenda. This book will be an invaluable resource for Internet security professionals, information technologists, policy makers, data stewards, e-commerce providers, consumer protection advocates, and others interested in digital security and safety.&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Federal_Plan_for_Cyber_Security_and_Information_Assurance_Research_and_Development&amp;diff=5205</id>
		<title>Federal Plan for Cyber Security and Information Assurance Research and Development</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Federal_Plan_for_Cyber_Security_and_Information_Assurance_Research_and_Development&amp;diff=5205"/>
		<updated>2010-08-08T05:19:12Z</updated>

		<summary type="html">&lt;p&gt;Shane: /* Full Citation */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Federal Plan for Cyber Security and Information Assurance Research and Development&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Nat&#039;l Sci. and Tech. Council, &#039;&#039;Federal Plan for Cyber Security and Information Assurance Research and Development&#039;&#039; (2006). U.S. Government. Online Paper.  [http://www.cyber.st.dhs.gov/docs/Federal%20R&amp;amp;D%20Plan%202006.pdf  &#039;&#039;Web&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/Special:Bibliography?f=wikibiblio.bib&amp;amp;title=Special:Bibliography&amp;amp;view=detailed&amp;amp;action=&amp;amp;keyword=NSTC:2006 &#039;&#039;BibTeX&#039;&#039;]&lt;br /&gt;
[http://books.google.com/books?id=t2MKPwAACAAJ&amp;amp;dq=Federal+Plan+for+Cyber+Security+and+Information+Assurance+Research+and+Development&amp;amp;ei=eThTTL2TIoW4yATg2-CmDg&amp;amp;cd=1  &#039;&#039;Google Books&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
==Key Words== &lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Research_&amp;amp;_Development | Research &amp;amp; Development]]&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
&lt;br /&gt;
Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit vulnerabilities in the nation&#039;s critical information systems, thereby causing considerable suffering and damage. Online e-commerce business, government agency files, and identity records are all potential security targets.&amp;quot;Toward a Safer and More Secure Cyberspace&amp;quot; examines these Internet security vulnerabilities and offers a strategy for future research aimed at countering cyber attacks. It also explores the nature of online threats and some of the reasons why past research for improving cybersecurity has had less impact than anticipated, and considers the human resource base needed to advance the cybersecurity research agenda. This book will be an invaluable resource for Internet security professionals, information technologists, policy makers, data stewards, e-commerce providers, consumer protection advocates, and others interested in digital security and safety.&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Keyword_Index_and_Glossary_of_Core_Ideas&amp;diff=4793</id>
		<title>Keyword Index and Glossary of Core Ideas</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Keyword_Index_and_Glossary_of_Core_Ideas&amp;diff=4793"/>
		<updated>2010-07-27T14:03:41Z</updated>

		<summary type="html">&lt;p&gt;Shane: /* Best Practices */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Keyword Index and Glossary of Core Ideas==&lt;br /&gt;
&lt;br /&gt;
===Air-Gapped Network===&lt;br /&gt;
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.  &lt;br /&gt;
&lt;br /&gt;
See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Antivirus===&lt;br /&gt;
Software which attempts to identify and delete or isolate [[#Malware |malware]].  Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware.  Usually run as a background service to scan files and email copied to the protected system.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Best Practices===&lt;br /&gt;
&lt;br /&gt;
The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization&#039;s performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm GAO Glossary]&lt;br /&gt;
&lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
&lt;br /&gt;
===Black Hat===&lt;br /&gt;
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).&lt;br /&gt;
&lt;br /&gt;
See also: [[#White_Hat | White Hat]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Blacklist===&lt;br /&gt;
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Whitelist | Whitelist]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Botnet===&lt;br /&gt;
A portmanteau of &amp;quot;robot&amp;quot; and &amp;quot;network.&amp;quot;  Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors.  A single infected computer may be referred to as a zombie computer.  The owners of the computer remotely controlled is often unaware of the infection.  The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]] &lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Estonia_Three_Years_Later | Shackelford]]&lt;br /&gt;
* [[Schneier_on_Security | Schneier]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===&#039;&#039;Casus Belli&#039;&#039;===&lt;br /&gt;
The justification for going to war.  From the Latin &amp;quot;&#039;&#039;casus&#039;&#039;&amp;quot; meaning &amp;quot;incident&amp;quot; or &amp;quot;event&amp;quot; and &amp;quot;&#039;&#039;belli&#039;&#039;&amp;quot; meaning &amp;quot;of war.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Government_and_Cybersecurity | Bellovin]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Civilian Participation===&lt;br /&gt;
The involvement of non-military persons in warfare.  While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents.    This raises complicated questions of law when the combatants are not uniformed military personnel. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Combatant Status===&lt;br /&gt;
The legal status of combatants in warfare.  Existing law distinguishes between uniformed military and civilian status.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Computer Emergency Response Team===&lt;br /&gt;
A group of experts brought together to deal with computer security issues.  The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008).  CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Computer Network Attack===&lt;br /&gt;
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf  Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Computers_and_War | Schmitt]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Communications Privacy Law===&lt;br /&gt;
Laws which regulate access to electronic communications.  In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===COTS Software===&lt;br /&gt;
Commercial Off The Shelf Software.  Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Credit Card Fraud===&lt;br /&gt;
Theft of goods or services using false or stolen credit card information.&lt;br /&gt;
&lt;br /&gt;
See Also: [[#Shoulder_Surfing | Shoulder Surfing]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Crimeware===&lt;br /&gt;
Software tools designed to aid criminals in perpetrating online crime.  Refers only to programs not generally considered desirable or usable for ordinary tasks.  Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[2007_Malware_Report  |Computer Economics]]&lt;br /&gt;
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Crime===&lt;br /&gt;
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer.  Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Security as an Externality===&lt;br /&gt;
Economists define externalities as instances where an individual or firm’s actions have &lt;br /&gt;
economic consequences for others for which there is no compensation. One important &lt;br /&gt;
distinction is between positive and negative externalities. Instances of the latter are most &lt;br /&gt;
commonly discussed, such as the environmental pollution caused by a plant, which may &lt;br /&gt;
have impacts on the value of neighboring homes. Important examples of positive &lt;br /&gt;
externalities are so common in communications networks that there is a class of &amp;quot;network &lt;br /&gt;
externalities. For instance, the simple act of installing telephone service to one additional &lt;br /&gt;
customer creates positive externalities on everyone on the telephone network because &lt;br /&gt;
they can now each reach one additional person.&lt;br /&gt;
Several attributes of computer security suggest that it is an externality. Most importantly, &lt;br /&gt;
the lack of security on one machine can cause adverse effects on another. The most &lt;br /&gt;
obvious example of this is from electronic commerce, where credit card numbers stolen &lt;br /&gt;
from machines lacking security are used to commit fraud at other sites.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Security as a Public Good===&lt;br /&gt;
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Terrorism===&lt;br /&gt;
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&amp;amp;wit_id=2995 FBI]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]&lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Warfare===&lt;br /&gt;
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Global_Cyber_Deterrence | Lan]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Estonia_Three_Years_Later | Shackelford]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Data Mining===&lt;br /&gt;
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Department of Homeland Security===&lt;br /&gt;
Cabinet level department of the United States assigned, &#039;&#039;inter alia&#039;&#039;, the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===DDoS Attack===&lt;br /&gt;
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests.  Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously.  The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Digital Pearl Harbor===&lt;br /&gt;
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor.  The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Disclosure Policy===&lt;br /&gt;
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Distributed Denial of Service (DDoS)===&lt;br /&gt;
See: [[#DDoS_Attack | DDoS Attack]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Dumpster Diving===&lt;br /&gt;
A method of obtaining  proprietary, confidential or useful information by searching through trash discarded by a target.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Einstein===&lt;br /&gt;
The operational name of the National Cybersecurity Protection System (NCPS).  Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected &lt;br /&gt;
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===E.U. Cybersecurity===&lt;br /&gt;
Discussions relating to cybersecurity of the European Union and of European Union states.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Introduction_to_Country_Reports | ENISA]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Geneva Conventions===&lt;br /&gt;
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Laws_of_War | Laws of War]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Generativity===&lt;br /&gt;
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacker===&lt;br /&gt;
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacktivism===&lt;br /&gt;
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development.  [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacktivist===&lt;br /&gt;
A portmanteau of [[#Hacker | &amp;quot;hacker&amp;quot;]] and &amp;quot;activist.&amp;quot; Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Hacktivism | Hacktivism]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Honeypot===&lt;br /&gt;
A computer, network or other information technology resource set as a trap to attract attacks.  Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers.  A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Identity Fraud/Theft===&lt;br /&gt;
The exploitation by malevolent third parties of unwarranted access to clients&#039; or consumers&#039; identities.  Often the result of lax data security or privacy measures.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Information Asymmetries===&lt;br /&gt;
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.&lt;br /&gt;
&lt;br /&gt;
The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Intelligence Infrastructure/Information Infrastructure===&lt;br /&gt;
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nuclear_Security | Aloise]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Information Operations===&lt;br /&gt;
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.&lt;br /&gt;
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Interdependencies===&lt;br /&gt;
The inter-connections between supposedly independent but often interdependent systems.&lt;br /&gt;
&lt;br /&gt;
See also: [[#SCADA_Systems | SCADA Systems]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Cybersecurity_and_Economic_Incentives | OECD]]&lt;br /&gt;
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===International Humanitarian Law===&lt;br /&gt;
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict.  International law is the body of rules governing relations between States.  It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles.  [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Internet Relay Chat (IRC)===&lt;br /&gt;
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information.  IRC chatrooms may be open or private.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Internet Service Providers===&lt;br /&gt;
A company that offers access to the Internet.  Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Market_Consequences_of_Cybersecurity | OECD]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Keylogger===&lt;br /&gt;
Software or hardware that monitors and logs the keystrokes a user types into a computer.  The keylogger may store the key sequences locally for later retrieval or send them to a remote location.  A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
=== Kinetic Attack===&lt;br /&gt;
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent&#039;s infrastructure.  Usually used to distinguish a cyber attack in which destruction of the opponent&#039;s resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Lawfare===&lt;br /&gt;
The use of international law to damage an opponent in a war without use of arms.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
*[[Wired_Warfare | Schmitt]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Laws of War===&lt;br /&gt;
The body of law that define the legality of using armed force to resolve a conflict (&#039;&#039;jus ad bellum&#039;&#039;) and the laws that define the legality of the actual hostilities and related activities (&#039;&#039;jus in bello&#039;&#039;).&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now | Gable]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Malware===&lt;br /&gt;
A variety of computer software designed to infiltrate a user&#039;s computer specifically for malicious purposes.  Includes, &#039;&#039;inter alia&#039;&#039;, computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===National Cybersecurity Strategy (U.S.)===&lt;br /&gt;
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch&#039;s [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative].  The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===National Security===&lt;br /&gt;
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nuclear_Security | Aloise]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===New Normalcy===&lt;br /&gt;
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. [&amp;quot;Cyber Operations - The New Balance,&amp;quot; Stephen W. Korns]&lt;br /&gt;
&lt;br /&gt;
References :&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
===Notice and Take-down===&lt;br /&gt;
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider&#039;s (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Organized Crime===&lt;br /&gt;
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole.  [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Outreach and Collaboration===&lt;br /&gt;
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Introduction_to_Country_Reports | ENISA]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]&lt;br /&gt;
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Password Weakness===&lt;br /&gt;
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Patching===&lt;br /&gt;
Patching refers to the installation of a piece of software designed to fix problems  with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability  or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Phishing===&lt;br /&gt;
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.&lt;br /&gt;
&lt;br /&gt;
References: &lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Privacy Law===&lt;br /&gt;
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional.  Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Red Team===&lt;br /&gt;
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Research &amp;amp; Development===&lt;br /&gt;
Research and development (R&amp;amp;D) addressing cyber security and information infrastructure protection.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]&lt;br /&gt;
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]&lt;br /&gt;
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Risk Modeling===&lt;br /&gt;
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===SCADA Systems===&lt;br /&gt;
SCADA stands for &amp;quot;supervisory control and data acquisition&amp;quot; and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems.  The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Scareware===&lt;br /&gt;
Software or web site that purports to be security software reporting a threat against a user&#039;s computer to convince the user to purchase unneeded software or install malware.&lt;br /&gt;
&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Script Kiddie===&lt;br /&gt;
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Security Trade-Offs===&lt;br /&gt;
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Shoulder Surfing===&lt;br /&gt;
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Sneakernet===&lt;br /&gt;
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another.  Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Air-Gapped_Network | Air-Gapped Network]]&lt;br /&gt;
&lt;br /&gt;
===Social Engineering===&lt;br /&gt;
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Social Network===&lt;br /&gt;
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Software Vulnerability===&lt;br /&gt;
&lt;br /&gt;
A software vulnerablilty refers to the existence of a flaw -- or &amp;quot;bug&amp;quot; -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[The Price of Restricting Vulnerability Publications | Granick]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===SPAM===&lt;br /&gt;
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services.  Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages.  Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.&lt;br /&gt;
&lt;br /&gt;
References: &lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Sponsored Attacks===&lt;br /&gt;
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.&lt;br /&gt;
&lt;br /&gt;
Reverences:&lt;br /&gt;
* [[The_Government_and_Cybersecurity | Bellovin]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===State Affiliation===&lt;br /&gt;
Under the control or command of a recognized state or government.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Tragedy of Commons===&lt;br /&gt;
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone&#039;s long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Transparency===&lt;br /&gt;
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority.  [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Trojan===&lt;br /&gt;
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it.  Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
*[[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Virtual Military Technologies===&lt;br /&gt;
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Virtual Warfare===&lt;br /&gt;
&lt;br /&gt;
See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===White Hat===&lt;br /&gt;
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks.  White hat consultants are often hired to attempt to break into their client&#039;s network to see if all security holes have been addressed.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Black_Hat | Black Hat]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Whitelist===&lt;br /&gt;
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource.  Normally combined with a default &amp;quot;no-access&amp;quot; policy.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Blacklist | Blacklist]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Worm===&lt;br /&gt;
A type of malware that replicates itself and spreads to other computers through network connections.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Zero-Day Exploit===&lt;br /&gt;
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer.  &amp;quot;Zero-day&amp;quot; refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Keyword_Index_and_Glossary_of_Core_Ideas&amp;diff=4792</id>
		<title>Keyword Index and Glossary of Core Ideas</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Keyword_Index_and_Glossary_of_Core_Ideas&amp;diff=4792"/>
		<updated>2010-07-27T13:56:03Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Keyword Index and Glossary of Core Ideas==&lt;br /&gt;
&lt;br /&gt;
===Air-Gapped Network===&lt;br /&gt;
Air gapping is a security measure that isolates a secure network from unsecure networks physically, electrically and electromagnetically.  &lt;br /&gt;
&lt;br /&gt;
See also: [[Keyword_Index_and_Glossary_of_Core_Ideas#Sneakernet | Sneakernet]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Antivirus===&lt;br /&gt;
Software which attempts to identify and delete or isolate [[#Malware |malware]].  Antivirus software may use both a database containing signatures of known threats and heuristics to identify malware.  Usually run as a background service to scan files and email copied to the protected system.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Best Practices===&lt;br /&gt;
&lt;br /&gt;
The processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organization&#039;s performance and efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses and improve organizational efficiency. [http://www.gao.gov/special.pubs/bprag/bprgloss.htm | GAO Glossary]&lt;br /&gt;
&lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
&lt;br /&gt;
===Black Hat===&lt;br /&gt;
A black hat is a computer [[#Hacker | hacker]] who works to harm others (e.g., steal identities, spread computer viruses, install bot software).&lt;br /&gt;
&lt;br /&gt;
See also: [[#White_Hat | White Hat]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Blacklist===&lt;br /&gt;
A list of computers, IP addresses, user names or other identifiers to block from access to a computing resource.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Whitelist | Whitelist]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Botnet===&lt;br /&gt;
A portmanteau of &amp;quot;robot&amp;quot; and &amp;quot;network.&amp;quot;  Refers to networks of sometimes millions of infected machines that are remotely controlled by malicious actors.  A single infected computer may be referred to as a zombie computer.  The owners of the computer remotely controlled is often unaware of the infection.  The owners of a botnet may use the combined network processing power and bandwidth to send [[#SPAM | SPAM]], install [[#Malware | malware]] and mount [[#DDoS_Attack | DDoS attacks]] or may rent out the botnet to other malicious actors.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]] &lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Estonia_Three_Years_Later | Shackelford]]&lt;br /&gt;
* [[Schneier_on_Security | Schneier]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===&#039;&#039;Casus Belli&#039;&#039;===&lt;br /&gt;
The justification for going to war.  From the Latin &amp;quot;&#039;&#039;casus&#039;&#039;&amp;quot; meaning &amp;quot;incident&amp;quot; or &amp;quot;event&amp;quot; and &amp;quot;&#039;&#039;belli&#039;&#039;&amp;quot; meaning &amp;quot;of war.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Government_and_Cybersecurity | Bellovin]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Civilian Participation===&lt;br /&gt;
The involvement of non-military persons in warfare.  While civilians have often provided support to the military in kinetic wars, in [[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Warfare | cyber warfare]] civilians are able to remotely participate in direct attacks against opponents.    This raises complicated questions of law when the combatants are not uniformed military personnel. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Combatant Status===&lt;br /&gt;
The legal status of combatants in warfare.  Existing law distinguishes between uniformed military and civilian status.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Computer Emergency Response Team===&lt;br /&gt;
A group of experts brought together to deal with computer security issues.  The Computer Emergency Response Team (CERT) mandate is to develop and promote best management practices and technology applications to “resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.” (Software Engineering Institute 2008).  CERT may be formed by governments to handle security at the national level or by academic institutions or individual corporations.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Computer Network Attack===&lt;br /&gt;
Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. [http://www.fas.org/irp/doddir/dod/jp3_13.pdf  Joint Doctrine for Information Operations JP 3-13 at I-9 (1998)]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Computers_and_War | Schmitt]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Communications Privacy Law===&lt;br /&gt;
Laws which regulate access to electronic communications.  In the United States, the [http://www.usiia.org/legis/ecpa.html Electronic Communications Privacy Act (ECPA]) protects electronic communications while in transit and prohibits the unlawful access and disclosure of communication contents.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Amending_The_ECPA_To_Enable_a_Culture_of_Cybersecurity_Research | Burstein]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[Cybersecurity:_Preventing_Terrorist_Attacks_and_Protecting_Privacy_in_Cyberspace | Nojeim]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===COTS Software===&lt;br /&gt;
Commercial Off The Shelf Software.  Software that is prepackaged and sold as a commodity rather than custom written for a specific user/organization or purpose. Examples include operating systems, database management programs, email servers, application servers and office product suites. [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD at 18.]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Credit Card Fraud===&lt;br /&gt;
Theft of goods or services using false or stolen credit card information.&lt;br /&gt;
&lt;br /&gt;
See Also: [[#Shoulder_Surfing | Shoulder Surfing]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Crimeware===&lt;br /&gt;
Software tools designed to aid criminals in perpetrating online crime.  Refers only to programs not generally considered desirable or usable for ordinary tasks.  Thus, while a criminal may use Internet Explorer in the commission of a [[#Cyber_Crime | cybercrime]], the Internet Explorer application itself would not be considered crimeware.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[2007_Malware_Report  |Computer Economics]]&lt;br /&gt;
* [[Cybersecurity | Bauer and van Eeten]], [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | [2]]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Crime===&lt;br /&gt;
In its broadest definition, cybercrime includes all crime perpetrated with or involving a computer.  Symantec defines it as any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on the computer alone or in addition to other locations. [http://www.symantec.com/norton/cybercrime/definition.jsp Symantec]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Security as an Externality===&lt;br /&gt;
Economists define externalities as instances where an individual or firm’s actions have &lt;br /&gt;
economic consequences for others for which there is no compensation. One important &lt;br /&gt;
distinction is between positive and negative externalities. Instances of the latter are most &lt;br /&gt;
commonly discussed, such as the environmental pollution caused by a plant, which may &lt;br /&gt;
have impacts on the value of neighboring homes. Important examples of positive &lt;br /&gt;
externalities are so common in communications networks that there is a class of &amp;quot;network &lt;br /&gt;
externalities. For instance, the simple act of installing telephone service to one additional &lt;br /&gt;
customer creates positive externalities on everyone on the telephone network because &lt;br /&gt;
they can now each reach one additional person.&lt;br /&gt;
Several attributes of computer security suggest that it is an externality. Most importantly, &lt;br /&gt;
the lack of security on one machine can cause adverse effects on another. The most &lt;br /&gt;
obvious example of this is from electronic commerce, where credit card numbers stolen &lt;br /&gt;
from machines lacking security are used to commit fraud at other sites.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]], [[Economics_of_Information_Security | 2]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]]&lt;br /&gt;
* [[An_Introduction_to_Key_Themes_in_the_Economics_of_Cyber_Security | Gandal]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Security as a Public Good===&lt;br /&gt;
In economics, a public good is a good that is non-rivalrous and non-excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of the good for consumption by others; and non-excludability that no one can be effectively excluded from using the good.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_Other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Terrorism===&lt;br /&gt;
A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [http://judiciary.senate.gov/hearings/testimony.cfm?id=1054&amp;amp;wit_id=2995 FBI]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[The_Evolving_Landscape_of_Maritime_Cybersecurity | Shah]]&lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Cyber Warfare===&lt;br /&gt;
Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption. [[Cyber_War | Clarke]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks#Full_Citation | Cornish]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Global_Cyber_Deterrence | Lan]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Estonia_Three_Years_Later | Shackelford]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Data Mining===&lt;br /&gt;
The process of extracting hidden information and correlations from one or more databases or collections of data that would not normally be revealed by a simple database query.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Best_Practices_for_Data_Protection_and_Privacy#Synopsis | Besunder]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Department of Homeland Security===&lt;br /&gt;
Cabinet level department of the United States assigned, &#039;&#039;inter alia&#039;&#039;, the task of protecting against terrorist threats and helping state and local authorities prepare for, respond to and recover from domestic disasters.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
* [[Schneier on Security | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===DDoS Attack===&lt;br /&gt;
The disabling of a targeted website or Internet connection by flooding it with such high levels of Internet traffic that it can no longer respond to normal connection requests.  Often mounted by directing an army of zombie computers (see [[#Botnet | botnet]]) to connect to the targeted site simultaneously.  The targeted site may crash while trying to respond to an overwhelming number of connections requests or it may be disabled because all available bandwidth and/or computing resources are tied up responding to the attack requests. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]], [[Security_Engineering | [2]]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin. et. al]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Digital Pearl Harbor===&lt;br /&gt;
A cyberwarfare attack similar in scale and surprise to the 1941 attack on Pearl Harbor.  The expression is often invoked by those who argue that a cyber-based attack is either imminent or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary losses.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Disclosure Policy===&lt;br /&gt;
A policy that governs the disclosure to clients and other stakeholder by a provider of a computer program or system of defects discovered in those products. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Distributed Denial of Service (DDoS)===&lt;br /&gt;
See: [[#DDoS_Attack | DDoS Attack]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Dumpster Diving===&lt;br /&gt;
A method of obtaining  proprietary, confidential or useful information by searching through trash discarded by a target.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Einstein===&lt;br /&gt;
The operational name of the National Cybersecurity Protection System (NCPS).  Was created in 2003 by the United States Computer Emergency Readiness Team (US-CERT)14 in order to aid in its ability to help reduce and prevent computer network vulnerabilities across the federal government. The initial version of Einstein provided an automated process for collecting, correlating, and analyzing agencies’ computer network traffic information from sensors installed at their Internet connections. The Einstein sensors collected &lt;br /&gt;
network flow records at participating agencies, which were then analyzed by US-CERT to detect certain types of malicious activity.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Security | GAO]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===E.U. Cybersecurity===&lt;br /&gt;
Discussions relating to cybersecurity of the European Union and of European Union states.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Introduction_to_Country_Reports | ENISA]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Geneva Conventions===&lt;br /&gt;
Four treaties and three additional protocols that regulates the conduct of hostilities between states and set the standards for humanitarian treatment of the victims of war.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Laws_of_War | Laws of War]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Generativity===&lt;br /&gt;
Generativity is a system’s capacity to produce unanticipated change through unﬁltered contributions from broad and varied audiences. &lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
*[[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacker===&lt;br /&gt;
Advanced computer users who spend a lot of time on or with computers and work hard to find vulnerabilities in IT systems. [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacktivism===&lt;br /&gt;
The nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development.  [http://www.alexandrasamuel.com/dissertation/index.html Samuel, A.]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[World_War_3.0:_Ten_Critical_Trends_for_Cybersecurity | Cetron and Davies]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Terrorism | Stohl]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Hacktivist===&lt;br /&gt;
A portmanteau of [[#Hacker | &amp;quot;hacker&amp;quot;]] and &amp;quot;activist.&amp;quot; Individuals that have a political motive for their activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter-information or disinformation.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Hacktivism | Hacktivism]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Honeypot===&lt;br /&gt;
A computer, network or other information technology resource set as a trap to attract attacks.  Honeypots may be used to collect metrics (how long does it take for an unprotected system to be breached), to test defenses, to examine methods of attack or to catch attackers.  A honeypot system may also be used to collect [[#SPAM | SPAM]] so it can be added to a [[#Blacklist | blacklist]].&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Identity Fraud/Theft===&lt;br /&gt;
The exploitation by malevolent third parties of unwarranted access to clients&#039; or consumers&#039; identities.  Often the result of lax data security or privacy measures.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Notification_of_Data_Security_Breaches | Schwartz and Janger]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Information Asymmetries===&lt;br /&gt;
Information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. This creates an imbalance of power in transactions which can sometimes cause the transactions to go awry.&lt;br /&gt;
&lt;br /&gt;
The software market suffers from the same information asymmetry. Vendors may make claims about the security of their products, but buyers have no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers have no reason to pay more for protection, and vendors are disinclined to invest in it.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]]&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Cyber_War | Clarke]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Intelligence Infrastructure/Information Infrastructure===&lt;br /&gt;
The network of computers and communication lines underlying critical services that American society has come to depend on: financial systems, the power grid, transportation, emergency services, and government programs. Information infrastructure includes the Internet, telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from microwaves to missiles), and “dedicated” devices like individual personal computers. [http://www.cfr.org/publication/10212/targets_for_terrorism.html Council on Foreign Relations]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nuclear_Security | Aloise]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Information Operations===&lt;br /&gt;
Actions taken to affect adversary information and information systems while defending one’s own information and information systems.” Information Operations (IO) can occur during peacetime and at every level of warfare.&lt;br /&gt;
Information warfare (IW), by contrast, is IO “conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries” [Joint Chiefs of Staff, Department of Defense, Dictionary of Military and Associated Terms, Joint Publication]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Interdependencies===&lt;br /&gt;
The inter-connections between supposedly independent but often interdependent systems.&lt;br /&gt;
&lt;br /&gt;
See also: [[#SCADA_Systems | SCADA Systems]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[The_Economics_of_Information_Security | Anderson and Moore]]&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Trust in Cyberspace | National Research Council]]&lt;br /&gt;
* [[Cybersecurity_and_Economic_Incentives | OECD]]&lt;br /&gt;
* [[Evolving_Cybersecurity_Issues_in_the_Utility_Industry | Perkins]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[System_Reliability_and_Free_Riding | Varian]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===International Humanitarian Law===&lt;br /&gt;
That part of international law which seek, for humanitarian reasons, to limit the effects of armed conflict. It protects persons who are not or are no longer participating in the hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the law of war or the law of armed conflict.  International law is the body of rules governing relations between States.  It is contained in agreements between States (treaties or conventions), in customary rules, which consist of State practise considered by them as as legally binding, and in general principles.  [http://www.icrc.org/web/eng/siteeng0.nsf/html/humanitarian-law-factsheet ICRC]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Internet Relay Chat (IRC)===&lt;br /&gt;
A method of real-time Internet communication often used by criminals to buy and sell purloined information such as credit card numbers and personal identity information.  IRC chatrooms may be open or private.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Internet Service Providers===&lt;br /&gt;
A company that offers access to the Internet.  Internet Service Providers may also provide add-on services such as web hosting, electronic mail, virus scanning, SPAM filtering, etc.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Market_Consequences_of_Cybersecurity | OECD]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Keylogger===&lt;br /&gt;
Software or hardware that monitors and logs the keystrokes a user types into a computer.  The keylogger may store the key sequences locally for later retrieval or send them to a remote location.  A hardware keylogger can only be detected by physically inspecting the computer for unusual hardware.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
=== Kinetic Attack===&lt;br /&gt;
Traditional mode of warfare in which arms are used to kill opponents and/or destroy an opponent&#039;s infrastructure.  Usually used to distinguish a cyber attack in which destruction of the opponent&#039;s resources is accomplished through targeted information system attacks without resorting to bullets, bombs or explosives.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[Computers_and_War | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Lawfare===&lt;br /&gt;
The use of international law to damage an opponent in a war without use of arms.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
*[[Wired_Warfare | Schmitt]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Laws of War===&lt;br /&gt;
The body of law that define the legality of using armed force to resolve a conflict (&#039;&#039;jus ad bellum&#039;&#039;) and the laws that define the legality of the actual hostilities and related activities (&#039;&#039;jus in bello&#039;&#039;).&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[Applicability_of_the_Additional_Protocols_to_Computer_Network_Attacks | Dörmann]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now | Gable]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Malware===&lt;br /&gt;
A variety of computer software designed to infiltrate a user&#039;s computer specifically for malicious purposes.  Includes, &#039;&#039;inter alia&#039;&#039;, computer virus software, botnet software, computer worms, spyware, trojan horses, crimeware and rootkits.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[A_Proposal_for_an_International_Convention_To_Regulate_the_Use_of_Information_Systems_in_Armed_Conflict | Brown]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===National Cybersecurity Strategy (U.S.)===&lt;br /&gt;
A comprehensive policy to secure America’s digital infrastructure as part of the Administrative Branch&#039;s [http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative Comprehensive National Cybersecurity Initiative].  The goals of the policy are: to establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber education and redirecting research and development efforts to define and develop strategies to deter hostile or malicious activity in cyberspace.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Cyber_Security_and_Regulation_in_the_United_States | Lewis]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===National Security===&lt;br /&gt;
Broadly refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy. [http://en.wikipedia.org/wiki/National_security Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nuclear_Security | Aloise]]&lt;br /&gt;
*[[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[An_Assessment_of_International_Legal_Issues_in_Information_Operations | DoD Office of General Counsel]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Terrorist_Capabilities_for_Cyberattack:_Overview_and_Policy_Issues | Rollins and Wilson]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]] &lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===New Normalcy===&lt;br /&gt;
New normalcy has become an episodic polict construct in U.S. strategic ideation. National leadership has relied on the new normalcy clarion call to illuminate moments in time when it is understood that the Nation faces not only a severe threat, but also a transcending reorientation. Often invoked in times of national crisis, new normalcy in the American experience signals a cardinal shift in the nature of U.S. security. [&amp;quot;Cyber Operations - The New Balance,&amp;quot; Stephen W. Korns]&lt;br /&gt;
&lt;br /&gt;
References :&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
===Notice and Take-down===&lt;br /&gt;
Most commonly used to remove infringing web material under copyright law, a notice and take-down regime is a procedure by which an infringing web site is removed from a service provider&#039;s (ISP) network, or access to an allegedly infringing website, disabled. Websites violating copyright are subject to notice and take-down, as are phishing websites.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Organized Crime===&lt;br /&gt;
Groups having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole.  [http://www.fbi.gov/hq/cid/orgcrime/glossary.htm FBI]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Cybersecurity_in_the_Payment_Card_Industry | Epstein and Brown]]&lt;br /&gt;
* [[An_Inquiry_into_the_Nature_and_Causes_of_the_Wealth_of_Internet_Miscreants | Franklin et. al]]&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Outreach and Collaboration===&lt;br /&gt;
Working across government and with the private sector to share information on threats and other data, and to develop shared approaches to securing cyberspace. [http://www.fas.org/sgp/crs/natsec/R40836.pdf CRS Report for Congress, at 6 (2009).]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]], [[Strategy_for_Homeland_Defense_and_Civil_Support | [2]]]&lt;br /&gt;
* [[The_National_Strategy_for_the_Physical_Protection_of_Critical_Infrastructures_and_Key_Assets | DHS]], [[A Roadmap for Cybersecurity Research | [2]]]&lt;br /&gt;
* [[Introduction_to_Country_Reports | ENISA]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
*[[The_Law_and_Economics_of_Cybersecurity | Grady and Parisi]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Experiences_and_Challenges_with_Using_CERT_Data_to_Analyze_International_Cyber_Security | Madnick et. al.]]&lt;br /&gt;
* [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | Moore and Clayton]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Cybersecurity:_Current_Legislation%2C_Executive_Branch_Initiatives%2C_and_Options_for_Congress | Theohary and Rollins]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Password Weakness===&lt;br /&gt;
Security threats caused by the use of easily guessable passwords which protect vital stores of confidential information stored online.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cybersecurity%2C_Identity_Theft%2C_and_the_Limits_of_Tort_Liability | Johnson, V.]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Patching===&lt;br /&gt;
Patching refers to the installation of a piece of software designed to fix problems  with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability  or performance. Though meant to fix problems, poorly designed patches can sometimes introduce new problems. [http://en.wikipedia.org/wiki/Patch_%28computing%29 Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Phishing===&lt;br /&gt;
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.&lt;br /&gt;
&lt;br /&gt;
References: &lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Security_Economics_and_the_Internal_Market | Anderson et. al.]]&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Examining_the_Impact_of_Website_Take-down_on_Phishing | Moore and Clayton]], [[The_Consequence_of_Non-Cooperation_in_the_Fight_Against_Phishing | [2]]], [[The_Impact_of_Incentives_on_Notice_and_Take-down | [3]]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Privacy Law===&lt;br /&gt;
Laws which regulate the protection of confidential personal information stored in private records or disclosed to a professional.  Also includes laws which regulate the gathering of electronic data in which personal information is accumulated or misappropriated.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Best_Practices_for_Data_Protection_and_Privacy | Besunder]]&lt;br /&gt;
* [[Securing_Cyberspace_for_the_44th_Presidency | Center for Strategic and International Studies]]&lt;br /&gt;
* [[A Roadmap for Cybersecurity Research | DHS]]&lt;br /&gt;
* [[Strategy_for_Homeland_Defense_and_Civil_Support | DoD]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Red Team===&lt;br /&gt;
A structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives. See [http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm U.S. Army]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | Deputy Chief of Staff for Intelligence]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Research &amp;amp; Development===&lt;br /&gt;
Research and development (R&amp;amp;D) addressing cyber security and information infrastructure protection.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Pricing_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Research_Agenda_for_the_Banking_and_Finance_Sector | Financial Services Sector Coordinating Council for Critical Infrastructure Protection]]&lt;br /&gt;
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]&lt;br /&gt;
* [[Cyber_Security_Research_and_Development_Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[The_Need_for_a_National_Cybersecurity_Research_and_Development_Agenda | Maughan]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Hardening_The_Internet | National Infrastructure Advisory Council]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Risk Modeling===&lt;br /&gt;
The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit analysis of a particular threat and solution. See [http://cisac.stanford.edu/publications/how_much_is_enough__a_riskmanagement_approach_to_computer_security/ Soo Hoo, Kevin J.]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Nothing_Ventured%2C_Nothing_Gained | Geer and Conway]]&lt;br /&gt;
* [[An_Economic_Analysis_of_the_Private_and_Social_Costs_of_the_Provision_of_Cybersecurity_and_other_Public_Security_Goods | Kobayashi]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Making_the_Best_Use_of_Cybersecurity_Economic_Models | Rue and Pfleeger]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===SCADA Systems===&lt;br /&gt;
SCADA stands for &amp;quot;supervisory control and data acquisition&amp;quot; and in the cybersecurity context usually refers to industrial control systems that control infrastructure such as electrical power transmission and distribution, water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large communication systems.  The focus is on whether as these systems are connected to the public Internet they become vulnerable to a remote attack.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyberpower and National Security | Kramer et. al]] &lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[A_Framework_for_Linking_Cybersecurity_Metrics_to_the_Modeling_of_Macroeconomic_Interdependencies | Santos et. al.]]&lt;br /&gt;
* [[Metrics_for_Mitigating_Cybersecurity_Threats_to_Networks | Schneidewind]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Scareware===&lt;br /&gt;
Software or web site that purports to be security software reporting a threat against a user&#039;s computer to convince the user to purchase unneeded software or install malware.&lt;br /&gt;
&lt;br /&gt;
* [[2007_Malware_Report | Computer Economics]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Script Kiddie===&lt;br /&gt;
A derogatory term for a [[#Black_Hat | Black Hat]] who uses canned tools and programs written by more skillful [[#Hacker | hackers]] to commit cyber crime without understanding how they work.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Security Trade-Offs===&lt;br /&gt;
There is no single correct level of security; how much security you have depends on what you’re willing to give up in order to get it. This trade-off is, by its very nature, subjective—secu- rity decisions are based on personal judgments. Different people have different senses of what constitutes a threat, or what level of risk is acceptable. What’s more, between different commu- nities, or organizations, or even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern technological and media-filled world makes these evaluations even harder. [http://www.scribd.com/doc/12185921/beyond-fear-thinking-sensibly-about-security-in-an-uncertain-world-bruce-schneier-copernicus-books-2003 Bruce Schneier]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
&lt;br /&gt;
*[[Cyber-Insurance_Revisited | Bohme]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Shoulder Surfing===&lt;br /&gt;
The process of obtaining passwords or other sensitive information by covertly watching an authorized user enter information into a computer system.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Sneakernet===&lt;br /&gt;
Describes the transfer of data between computers or networks that are not physically, electrically or electromagnetically connected requiring information to be shared by physically transporting media contain the shared information from one computer to another.  Initially described systems lacking the technology to network together, now usually refers to systems deliberately isolated for security reasons.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Air-Gapped_Network | Air-Gapped Network]]&lt;br /&gt;
&lt;br /&gt;
===Social Engineering===&lt;br /&gt;
Conning a human into supplying passwords, computer access or other sensitive information by pretending to be a person with rights to the information or who the target believes they must surrender the information to.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Emerging_Threats_to_Internet_Security_-_Incentives%2C_Externalities_and_Policy_Implications | Bauer and van Eeten]]&lt;br /&gt;
* [[Cyber_Power | Nye]]&lt;br /&gt;
* [[The_Market_Consequences_of_Cybersecurity:_Defining_Externalities_and_Ways_to_Address_Them | OECD]], [[Cybersecurity_and_Economic_Incentives | [2]]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Social Network===&lt;br /&gt;
A software application or website that allows a large group of users to interact with each other, often allowing the creation of online portals or identities to share with specific people or the online world at large.&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Software Vulnerability===&lt;br /&gt;
&lt;br /&gt;
A software vulnerablilty refers to the existence of a flaw -- or &amp;quot;bug&amp;quot; -- in software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. [http://www.spi.dod.mil/tenets.htm U.S. Air Force Software Protection Initiative]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Four Grand Challenges in Trustworthy Computing | Computing Research Association]]&lt;br /&gt;
* [[Mission Impact of Foreign Influence on DoD Software | DoD]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[The Price of Restricting Vulnerability Publications | Granick]]&lt;br /&gt;
* [[Cyber Security Research and Development Agenda | Institute for Information Infrastructure Protection]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]], [[Trust in Cyberspace | [2]]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
* [[Economics_of_Malware | van Eeten and Bauer]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===SPAM===&lt;br /&gt;
Unwanted or junk email usually sent indiscriminately in bulk selling illegal or near illegal goods or services.  Even with low response rates and heavy filtering, SPAM can stil be economically viable because of the extremely low costs in sending even huge quantities of electronic messages.  Commonly believed to be named after the [http://www.youtube.com/watch?v=anwy2MPT5RE Monty Python skit] where the breakfast meat Spam overwhelms all other food choices.&lt;br /&gt;
&lt;br /&gt;
References: &lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[The_Impact_of_Incentives_on_Notice_and_Take-down | Moore and Clayton]]&lt;br /&gt;
* [[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Schneier on Security | Schneier]] &lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[The_Underground_Economy | Thomas and Martin]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Sponsored Attacks===&lt;br /&gt;
[[#Computer_Network_Attack | Computer network attacks]] commissioned by, supported by or carried out by a state or government.&lt;br /&gt;
&lt;br /&gt;
Reverences:&lt;br /&gt;
* [[The_Government_and_Cybersecurity | Bellovin]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===State Affiliation===&lt;br /&gt;
Under the control or command of a recognized state or government.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Cyber_Security_and_Politically%2C_Socially_and_Religiously_Motivated_Cyber_Attacks | Cornish]]&lt;br /&gt;
* [[Cyberspace_and_the_National_Security_of_the_United_Kingdom | Cornish et. al.]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber-Apocalypse_Now_-_Securing_the_Internet_Against_Cyberterrorism_and_Using_Universal_Jurisdiction_as_a_Deterrent | Gable]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[National_Cyber_Defense_Financial_Services_Workshop_Report | National Cyber Defense Initiative]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Combatant_Status_and_Computer_Network_Attack | Watts]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Tragedy of Commons===&lt;br /&gt;
A situation, first described in an influential article written by ecologist Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even when it is clear that it is not in anyone&#039;s long-term interest for this to happen. The term can be applied to any issue related to the management of a shared resource, from energy to the public domain, to cybersecurity.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Why_Information_Security_is_Hard | Anderson]]&lt;br /&gt;
* [[Economics_of_Information_Security | Camp and Wolfram]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Is_Cybersecurity_a_Public_Good | Powell]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Transparency===&lt;br /&gt;
A set of policies, practices and procedures that allow citizens to have accessibility, usability, informativeness, understandability and auditability of information and process held by centers of authority.  [http://en.wikipedia.org/wiki/Transparency_(social) Wikipedia]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Overcoming_Impediments_to_Information_Sharing | Aviram and Tor]]&lt;br /&gt;
* [[Research Agenda for the Banking and Finance Sector | FSSCC]]&lt;br /&gt;
* [[An_Economic_Analysis_of_Notification_Requirements_for_Data_Security_Breaches | Lenard and Rubin]], [[Much_Ado_About_Notification | [2]]]&lt;br /&gt;
* [[Managing_Information_Risk_and_the_Economics_of_Security | Johnson, E.]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Do_Data_Breach_Disclosure_Laws_Reduce_Identity_Theft | Romanosky et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[A_Model_for_When_Disclosure_Helps_Security | Swire]], [[A_Theory_of_Disclosure_for_Security_and_Competitive_Reasons | [2]]]&lt;br /&gt;
* [[Impact_of_Software_Vulnerability_Announcements_on_the_Market_Value_of_Software_Vendors | Telang and Wattal]]&lt;br /&gt;
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Trojan===&lt;br /&gt;
[[#Malware | Malware]] which masquerades as some other type of program such as a link to a web site, a desirable image, etc. to trick a user into installing it.  Named for the Ancient Greek legend of the [http://www.mlahanas.de/Greeks/Mythology/TrojanHorse.html Trojan Horse].&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
*[[The_Economics_of_Online_Crime | Moore et. al.]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]]&lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Virtual Military Technologies===&lt;br /&gt;
Warfare made possible by advances in remotely controlled or semiautomated military technologies which remove the operator from risk of harm while attacking an opponent.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Information_Warfare_and_International_Law_on_the_Use_of_Force | Barkham]]&lt;br /&gt;
* [[Law_and_War_in_the_Virtual_Era | Beard]]&lt;br /&gt;
* [[Critical_Infrastructure_Threats_and_Terrorism | DCSINT]]&lt;br /&gt;
* [[Global_Cyber_Deterrence_Views_from_China | Lan]]&lt;br /&gt;
* [[Wired_Warfare | Schmitt]], [[Computers_and_War | 2]]&lt;br /&gt;
* [[Armed_Attack_in_Cyberspace | Todd]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Virtual Warfare===&lt;br /&gt;
&lt;br /&gt;
See: [[#Virtual_Military_Technologies | Virtual Military Technologies]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===White Hat===&lt;br /&gt;
A white hat is a computer [[#Hacker | hacker]] who works to find and fix computer security risks.  White hat consultants are often hired to attempt to break into their client&#039;s network to see if all security holes have been addressed.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Black_Hat | Black Hat]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]], [[Why_Information_Security_is_Hard | [2]]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Whitelist===&lt;br /&gt;
A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to specifically allow access to a computing resource.  Normally combined with a default &amp;quot;no-access&amp;quot; policy.&lt;br /&gt;
&lt;br /&gt;
See also: [[#Blacklist | Blacklist]]&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Worm===&lt;br /&gt;
A type of malware that replicates itself and spreads to other computers through network connections.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[Cyber_Operations | Korns]]&lt;br /&gt;
* [[Toward_a_Safer_and_More_Secure_Cyberspace | National Research Council]]&lt;br /&gt;
* [[Beyond_Fear | Schneier]], [[Schneier on Security | [2]]] &lt;br /&gt;
* [[Solving_the_Dilemma_of_State_Responses_to_Cyberattacks | Sklerov]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
* [[The_Future_of_the_Internet_and_How_To_Stop_It | Zittrain]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
===Zero-Day Exploit===&lt;br /&gt;
[[#Malware | Malware]] designed to exploit a newly discovered security hole unknown to the software developer.  &amp;quot;Zero-day&amp;quot; refers to the amount of time a developer has between learning of a security hole and the time it becomes public or when [[#Black_Hat | black hat]] [[#Hacker | hackers]] find out about it and try to use the security hole for nefarious purposes.&lt;br /&gt;
&lt;br /&gt;
References:&lt;br /&gt;
* [[Security_Engineering | Anderson]]&lt;br /&gt;
* [[Does_Information_Security_Attack_Frequency_Increase_With_Vulnerability_Disclosure | Arora et. al.]]&lt;br /&gt;
* [[Mission_Impact_of_Foreign_Influence_on_DoD_Software | DoD]]&lt;br /&gt;
* [[The_Price_of_Restricting_Vulnerability_Publications | Granick]]&lt;br /&gt;
* [[McAfee Threats Report | McAfee]]&lt;br /&gt;
* [[Symantec Global Internet Security Threat Report | Symantec]]&lt;br /&gt;
* [[Trend Micro Annual Report | Trend Micro]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Keyword_Index_and_Glossary_of_Core_Ideas#Top | Jump to top of Glossary]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Hardening_The_Internet&amp;diff=4791</id>
		<title>Hardening The Internet</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Hardening_The_Internet&amp;diff=4791"/>
		<updated>2010-07-27T13:55:24Z</updated>

		<summary type="html">&lt;p&gt;Shane: /* Key Words */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Hardening The Internet : Final Report and Recommendations by the Council&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Nat&#039;l Infrastructure Advisory Council &#039;&#039;Hardening The Internet&#039;&#039; (2004). [http://www.cyber.st.dhs.gov/docs/NIAC%20Internet%20Hardening.pdf  &#039;&#039;Web&#039;&#039;] [http://www.dhs.gov/xlibrary/assets/niac/NIAC_HardeningInternetPaper_Jan05.pdf &#039;&#039;AltWeb&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=NIAC:2004&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
==Key Words==&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Best_Practices | Best Practices]],&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Department_of_Homeland_Security | Department of Homeland Security]],&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Research_&amp;amp;_Development | Research &amp;amp; Development]]&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
The Council’s report focuses its recommendations in the following three areas: &lt;br /&gt;
&lt;br /&gt;
1) Near-term Approaches: Encouraging the adoption of Best Current Practices as the most effective approach to harden existing defenses against attack. The Council centers these recommendations on education and awareness initiatives and research into the adoption of BCPs;&lt;br /&gt;
&lt;br /&gt;
2) Long-term Approaches: With sufficient time for research and development, additional work on core Internet protocols can be used to harden the Internet and associated networks and devices against malicious attacks. The Council centers these recommendations on more robust research and development;&lt;br /&gt;
&lt;br /&gt;
3) Empowerment: In the near and long term, Internet Service Providers (ISPs) and law enforcement agencies need on-going capabilities to investigate suspicious activity, prosecute cyber criminals, and harden their core operations. The Council centers these recommendations for empowering ISPs and law enforcement agencies on research and policy issues.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
Expertise Required: Computer Networking: Advanced&lt;br /&gt;
&lt;br /&gt;
For a list of Best Current Practices, see the National Reliability and Interoperability Council’s Best Practices Selector at http://www.bell-labs.com/cgiuser/krauscher/bestp.pl&lt;br /&gt;
&lt;br /&gt;
For another working group&#039;s report from the same day see Prioritizing Cyber Vulnerabilities at http://www.dhs.gov/xlibrary/assets/niac/NIAC_CyberVulnerabilitiesPaper_Feb05.pdf&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Outline:&lt;br /&gt;
 ACKNOWLEDGEMENTS &lt;br /&gt;
 EXECUTIVE SUMMARY&lt;br /&gt;
 BACKGROUND&lt;br /&gt;
  RECOMMENDATION AREA I &lt;br /&gt;
   Recommendations: Adoption of Security Best Practices &lt;br /&gt;
   Recommendations: Awareness of Security Best Practices  &lt;br /&gt;
  RECOMMENDATION AREA II &lt;br /&gt;
   Recommendations: Research and Development &lt;br /&gt;
  RECOMMENDATION AREA III &lt;br /&gt;
   Recommendations: Empowering Service Providers and Law Enforcement  &lt;br /&gt;
 SECTION 2 – RECOMMENDATION DISCUSSION&lt;br /&gt;
  RECOMMENDATION AREA I  &lt;br /&gt;
   Adoption of Security Best Practices &lt;br /&gt;
    1A: Measuring Best Practice Adoption  &lt;br /&gt;
    1B: Route and Packet Filtering  &lt;br /&gt;
   Awareness of Security Best Practices &lt;br /&gt;
    1C: End-User or General Public Education  &lt;br /&gt;
    1D: Industry Continuing Education  &lt;br /&gt;
  RECOMMENDATION AREA II &lt;br /&gt;
    2A: Routing Registries for Securing Inter-Domain Routing  &lt;br /&gt;
    2B: Scalable Management and Anomaly Detection Tools  &lt;br /&gt;
    2C: Forensics at High Data Rates &lt;br /&gt;
    2D: Scalable Vulnerability and Flow Analysis &lt;br /&gt;
  RECOMMENDATION AREA III &lt;br /&gt;
    3A: Empowering Internet Service Providers &lt;br /&gt;
    3B: Enhancement of Online Law Enforcement&lt;br /&gt;
 APPENDIX A: ORGANIZATIONAL RESOURCES&lt;br /&gt;
 APPENDIX B: DOCUMENTS AND RESEARCH PAPERS&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Hardening_The_Internet&amp;diff=4790</id>
		<title>Hardening The Internet</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Hardening_The_Internet&amp;diff=4790"/>
		<updated>2010-07-27T13:55:12Z</updated>

		<summary type="html">&lt;p&gt;Shane: /* Key Words */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Hardening The Internet : Final Report and Recommendations by the Council&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Nat&#039;l Infrastructure Advisory Council &#039;&#039;Hardening The Internet&#039;&#039; (2004). [http://www.cyber.st.dhs.gov/docs/NIAC%20Internet%20Hardening.pdf  &#039;&#039;Web&#039;&#039;] [http://www.dhs.gov/xlibrary/assets/niac/NIAC_HardeningInternetPaper_Jan05.pdf &#039;&#039;AltWeb&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=NIAC:2004&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
==Key Words==&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Best_Practices | Best Practices]]&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Department_of_Homeland_Security | Department of Homeland Security]],&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Research_&amp;amp;_Development | Research &amp;amp; Development]]&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
The Council’s report focuses its recommendations in the following three areas: &lt;br /&gt;
&lt;br /&gt;
1) Near-term Approaches: Encouraging the adoption of Best Current Practices as the most effective approach to harden existing defenses against attack. The Council centers these recommendations on education and awareness initiatives and research into the adoption of BCPs;&lt;br /&gt;
&lt;br /&gt;
2) Long-term Approaches: With sufficient time for research and development, additional work on core Internet protocols can be used to harden the Internet and associated networks and devices against malicious attacks. The Council centers these recommendations on more robust research and development;&lt;br /&gt;
&lt;br /&gt;
3) Empowerment: In the near and long term, Internet Service Providers (ISPs) and law enforcement agencies need on-going capabilities to investigate suspicious activity, prosecute cyber criminals, and harden their core operations. The Council centers these recommendations for empowering ISPs and law enforcement agencies on research and policy issues.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
Expertise Required: Computer Networking: Advanced&lt;br /&gt;
&lt;br /&gt;
For a list of Best Current Practices, see the National Reliability and Interoperability Council’s Best Practices Selector at http://www.bell-labs.com/cgiuser/krauscher/bestp.pl&lt;br /&gt;
&lt;br /&gt;
For another working group&#039;s report from the same day see Prioritizing Cyber Vulnerabilities at http://www.dhs.gov/xlibrary/assets/niac/NIAC_CyberVulnerabilitiesPaper_Feb05.pdf&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Outline:&lt;br /&gt;
 ACKNOWLEDGEMENTS &lt;br /&gt;
 EXECUTIVE SUMMARY&lt;br /&gt;
 BACKGROUND&lt;br /&gt;
  RECOMMENDATION AREA I &lt;br /&gt;
   Recommendations: Adoption of Security Best Practices &lt;br /&gt;
   Recommendations: Awareness of Security Best Practices  &lt;br /&gt;
  RECOMMENDATION AREA II &lt;br /&gt;
   Recommendations: Research and Development &lt;br /&gt;
  RECOMMENDATION AREA III &lt;br /&gt;
   Recommendations: Empowering Service Providers and Law Enforcement  &lt;br /&gt;
 SECTION 2 – RECOMMENDATION DISCUSSION&lt;br /&gt;
  RECOMMENDATION AREA I  &lt;br /&gt;
   Adoption of Security Best Practices &lt;br /&gt;
    1A: Measuring Best Practice Adoption  &lt;br /&gt;
    1B: Route and Packet Filtering  &lt;br /&gt;
   Awareness of Security Best Practices &lt;br /&gt;
    1C: End-User or General Public Education  &lt;br /&gt;
    1D: Industry Continuing Education  &lt;br /&gt;
  RECOMMENDATION AREA II &lt;br /&gt;
    2A: Routing Registries for Securing Inter-Domain Routing  &lt;br /&gt;
    2B: Scalable Management and Anomaly Detection Tools  &lt;br /&gt;
    2C: Forensics at High Data Rates &lt;br /&gt;
    2D: Scalable Vulnerability and Flow Analysis &lt;br /&gt;
  RECOMMENDATION AREA III &lt;br /&gt;
    3A: Empowering Internet Service Providers &lt;br /&gt;
    3B: Enhancement of Online Law Enforcement&lt;br /&gt;
 APPENDIX A: ORGANIZATIONAL RESOURCES&lt;br /&gt;
 APPENDIX B: DOCUMENTS AND RESEARCH PAPERS&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Government_Reports_and_Documents&amp;diff=4789</id>
		<title>Government Reports and Documents</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Government_Reports_and_Documents&amp;diff=4789"/>
		<updated>2010-07-27T13:16:39Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Resource by Type | Resource by Type-&amp;gt;]][[Government Reports and Documents]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Department of Commerce (2010) [[Defense Industrial Base Assessment]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2005) [[Strategy for Homeland Defense and Civil Support]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2009) [[A Roadmap for Cybersecurity Research]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
INFOSEC Research Council (2005) [[Hard Problem List]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
National Infrastructure Advisory Council &#039;&#039;(2004)&#039;&#039; [[Hardening The Internet]]&lt;br /&gt;
&lt;br /&gt;
National Institute of Standards and Technology &#039;&#039;(2006)&#039;&#039; [[SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security]]&lt;br /&gt;
&lt;br /&gt;
National Science and Technology Council &#039;&#039;(2006)&#039;&#039; [[Federal Plan for Cyber Security and Information Assurance Research and Development]]&lt;br /&gt;
&lt;br /&gt;
Networking and Information Technology Research and Development &#039;&#039;(2009)&#039;&#039; [[National Cyber Leap Year Summit 2009, Co-Chairs&#039; Report]]&lt;br /&gt;
&lt;br /&gt;
President&#039;s Commission on Critical Infrastructure Protection &#039;&#039;(1997)&#039;&#039; [[Critical Foundations]]&lt;br /&gt;
&lt;br /&gt;
President&#039;s Information Technology Advisory Council &#039;&#039;(2005)&#039;&#039; [[Cyber Security: A Crisis of Prioritization]]&lt;br /&gt;
&lt;br /&gt;
United States Secret Service &#039;&#039;(2004)&#039;&#039; [[Insider Threat Study]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2003)&#039;&#039; [[The National Strategy to Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2009)&#039;&#039; [[Cyberspace Policy Review]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2010)&#039;&#039; [[The Comprehensive National Cybersecurity Initiative]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039;&lt;br /&gt;
* &#039;&#039;[[Government Reports and Documents | Government Reports and Documents-&amp;gt;]][[US Government Reports and Documents]]&#039;&#039;&lt;br /&gt;
* &#039;&#039;[[Government Reports and Documents | Government Reports and Documents-&amp;gt;]][[Non-US Government Reports and Documents]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Hardening_The_Internet&amp;diff=4788</id>
		<title>Hardening The Internet</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Hardening_The_Internet&amp;diff=4788"/>
		<updated>2010-07-26T19:36:19Z</updated>

		<summary type="html">&lt;p&gt;Shane: /* Additional Notes and Highlights */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Hardening The Internet : Final Report and Recommendations by the Council&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Nat&#039;l Infrastructure Advisory Council &#039;&#039;Hardening The Internet&#039;&#039; (2004). [http://www.cyber.st.dhs.gov/docs/NIAC%20Internet%20Hardening.pdf  &#039;&#039;Web&#039;&#039;] [http://www.dhs.gov/xlibrary/assets/niac/NIAC_HardeningInternetPaper_Jan05.pdf &#039;&#039;AltWeb&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=NIAC:2004&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
==Key Words==&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Department_of_Homeland_Security | Department of Homeland Security]],&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Research_&amp;amp;_Development | Research &amp;amp; Development]]&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
The Council’s report focuses its recommendations in the following three areas: &lt;br /&gt;
&lt;br /&gt;
1) Near-term Approaches: Encouraging the adoption of Best Current Practices as the most effective approach to harden existing defenses against attack. The Council centers these recommendations on education and awareness initiatives and research into the adoption of BCPs;&lt;br /&gt;
&lt;br /&gt;
2) Long-term Approaches: With sufficient time for research and development, additional work on core Internet protocols can be used to harden the Internet and associated networks and devices against malicious attacks. The Council centers these recommendations on more robust research and development;&lt;br /&gt;
&lt;br /&gt;
3) Empowerment: In the near and long term, Internet Service Providers (ISPs) and law enforcement agencies need on-going capabilities to investigate suspicious activity, prosecute cyber criminals, and harden their core operations. The Council centers these recommendations for empowering ISPs and law enforcement agencies on research and policy issues.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
Expertise Required: Computer Networking: Advanced&lt;br /&gt;
&lt;br /&gt;
For a list of Best Current Practices, see the National Reliability and Interoperability Council’s Best Practices Selector at http://www.bell-labs.com/cgiuser/krauscher/bestp.pl&lt;br /&gt;
&lt;br /&gt;
For another working group&#039;s report from the same day see Prioritizing Cyber Vulnerabilities at http://www.dhs.gov/xlibrary/assets/niac/NIAC_CyberVulnerabilitiesPaper_Feb05.pdf&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Outline:&lt;br /&gt;
 ACKNOWLEDGEMENTS &lt;br /&gt;
 EXECUTIVE SUMMARY&lt;br /&gt;
 BACKGROUND&lt;br /&gt;
  RECOMMENDATION AREA I &lt;br /&gt;
   Recommendations: Adoption of Security Best Practices &lt;br /&gt;
   Recommendations: Awareness of Security Best Practices  &lt;br /&gt;
  RECOMMENDATION AREA II &lt;br /&gt;
   Recommendations: Research and Development &lt;br /&gt;
  RECOMMENDATION AREA III &lt;br /&gt;
   Recommendations: Empowering Service Providers and Law Enforcement  &lt;br /&gt;
 SECTION 2 – RECOMMENDATION DISCUSSION&lt;br /&gt;
  RECOMMENDATION AREA I  &lt;br /&gt;
   Adoption of Security Best Practices &lt;br /&gt;
    1A: Measuring Best Practice Adoption  &lt;br /&gt;
    1B: Route and Packet Filtering  &lt;br /&gt;
   Awareness of Security Best Practices &lt;br /&gt;
    1C: End-User or General Public Education  &lt;br /&gt;
    1D: Industry Continuing Education  &lt;br /&gt;
  RECOMMENDATION AREA II &lt;br /&gt;
    2A: Routing Registries for Securing Inter-Domain Routing  &lt;br /&gt;
    2B: Scalable Management and Anomaly Detection Tools  &lt;br /&gt;
    2C: Forensics at High Data Rates &lt;br /&gt;
    2D: Scalable Vulnerability and Flow Analysis &lt;br /&gt;
  RECOMMENDATION AREA III &lt;br /&gt;
    3A: Empowering Internet Service Providers &lt;br /&gt;
    3B: Enhancement of Online Law Enforcement&lt;br /&gt;
 APPENDIX A: ORGANIZATIONAL RESOURCES&lt;br /&gt;
 APPENDIX B: DOCUMENTS AND RESEARCH PAPERS&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Hardening_The_Internet&amp;diff=4787</id>
		<title>Hardening The Internet</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Hardening_The_Internet&amp;diff=4787"/>
		<updated>2010-07-26T19:14:18Z</updated>

		<summary type="html">&lt;p&gt;Shane: /* Additional Notes and Highlights */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Hardening The Internet : Final Report and Recommendations by the Council&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Nat&#039;l Infrastructure Advisory Council &#039;&#039;Hardening The Internet&#039;&#039; (2004). [http://www.cyber.st.dhs.gov/docs/NIAC%20Internet%20Hardening.pdf  &#039;&#039;Web&#039;&#039;] [http://www.dhs.gov/xlibrary/assets/niac/NIAC_HardeningInternetPaper_Jan05.pdf &#039;&#039;AltWeb&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=NIAC:2004&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
==Key Words==&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Department_of_Homeland_Security | Department of Homeland Security]],&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Research_&amp;amp;_Development | Research &amp;amp; Development]]&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
The Council’s report focuses its recommendations in the following three areas: &lt;br /&gt;
&lt;br /&gt;
1) Near-term Approaches: Encouraging the adoption of Best Current Practices as the most effective approach to harden existing defenses against attack. The Council centers these recommendations on education and awareness initiatives and research into the adoption of BCPs;&lt;br /&gt;
&lt;br /&gt;
2) Long-term Approaches: With sufficient time for research and development, additional work on core Internet protocols can be used to harden the Internet and associated networks and devices against malicious attacks. The Council centers these recommendations on more robust research and development;&lt;br /&gt;
&lt;br /&gt;
3) Empowerment: In the near and long term, Internet Service Providers (ISPs) and law enforcement agencies need on-going capabilities to investigate suspicious activity, prosecute cyber criminals, and harden their core operations. The Council centers these recommendations for empowering ISPs and law enforcement agencies on research and policy issues.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
Expertise Required: Computer Networking: Moderate&lt;br /&gt;
&lt;br /&gt;
For a list of Best Current Practices, see the National Reliability and Interoperability Council’s Best Practices Selector at http://www.bell-labs.com/cgiuser/krauscher/bestp.pl&lt;br /&gt;
&lt;br /&gt;
For another working group&#039;s report from the same day see Prioritizing Cyber Vulnerabilities at http://www.dhs.gov/xlibrary/assets/niac/NIAC_CyberVulnerabilitiesPaper_Feb05.pdf&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Outline:&lt;br /&gt;
 ACKNOWLEDGEMENTS &lt;br /&gt;
 EXECUTIVE SUMMARY&lt;br /&gt;
 BACKGROUND&lt;br /&gt;
  RECOMMENDATION AREA I &lt;br /&gt;
   Recommendations: Adoption of Security Best Practices &lt;br /&gt;
   Recommendations: Awareness of Security Best Practices  &lt;br /&gt;
  RECOMMENDATION AREA II &lt;br /&gt;
   Recommendations: Research and Development &lt;br /&gt;
  RECOMMENDATION AREA III &lt;br /&gt;
   Recommendations: Empowering Service Providers and Law Enforcement  &lt;br /&gt;
 SECTION 2 – RECOMMENDATION DISCUSSION&lt;br /&gt;
  RECOMMENDATION AREA I  &lt;br /&gt;
   Adoption of Security Best Practices &lt;br /&gt;
    1A: Measuring Best Practice Adoption  &lt;br /&gt;
    1B: Route and Packet Filtering  &lt;br /&gt;
   Awareness of Security Best Practices &lt;br /&gt;
    1C: End-User or General Public Education  &lt;br /&gt;
    1D: Industry Continuing Education  &lt;br /&gt;
  RECOMMENDATION AREA II &lt;br /&gt;
    2A: Routing Registries for Securing Inter-Domain Routing  &lt;br /&gt;
    2B: Scalable Management and Anomaly Detection Tools  &lt;br /&gt;
    2C: Forensics at High Data Rates &lt;br /&gt;
    2D: Scalable Vulnerability and Flow Analysis &lt;br /&gt;
  RECOMMENDATION AREA III &lt;br /&gt;
    3A: Empowering Internet Service Providers &lt;br /&gt;
    3B: Enhancement of Online Law Enforcement&lt;br /&gt;
 APPENDIX A: ORGANIZATIONAL RESOURCES&lt;br /&gt;
 APPENDIX B: DOCUMENTS AND RESEARCH PAPERS&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Hardening_The_Internet&amp;diff=4786</id>
		<title>Hardening The Internet</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Hardening_The_Internet&amp;diff=4786"/>
		<updated>2010-07-26T17:20:24Z</updated>

		<summary type="html">&lt;p&gt;Shane: /* Additional Notes and Highlights */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Hardening The Internet : Final Report and Recommendations by the Council&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Nat&#039;l Infrastructure Advisory Council &#039;&#039;Hardening The Internet&#039;&#039; (2004). [http://www.cyber.st.dhs.gov/docs/NIAC%20Internet%20Hardening.pdf  &#039;&#039;Web&#039;&#039;] [http://www.dhs.gov/xlibrary/assets/niac/NIAC_HardeningInternetPaper_Jan05.pdf &#039;&#039;AltWeb&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=NIAC:2004&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
==Key Words==&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Department_of_Homeland_Security | Department of Homeland Security]],&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Research_&amp;amp;_Development | Research &amp;amp; Development]]&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
The Council’s report focuses its recommendations in the following three areas: &lt;br /&gt;
&lt;br /&gt;
1) Near-term Approaches: Encouraging the adoption of Best Current Practices as the most effective approach to harden existing defenses against attack. The Council centers these recommendations on education and awareness initiatives and research into the adoption of BCPs;&lt;br /&gt;
&lt;br /&gt;
2) Long-term Approaches: With sufficient time for research and development, additional work on core Internet protocols can be used to harden the Internet and associated networks and devices against malicious attacks. The Council centers these recommendations on more robust research and development;&lt;br /&gt;
&lt;br /&gt;
3) Empowerment: In the near and long term, Internet Service Providers (ISPs) and law enforcement agencies need on-going capabilities to investigate suspicious activity, prosecute cyber criminals, and harden their core operations. The Council centers these recommendations for empowering ISPs and law enforcement agencies on research and policy issues.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
For a list of Best Current Practices, see the National Reliability and Interoperability Council’s Best Practices Selector at http://www.bell-labs.com/cgiuser/krauscher/bestp.pl&lt;br /&gt;
&lt;br /&gt;
For another working group&#039;s report from the same day see Prioritizing Cyber Vulnerabilities at http://www.dhs.gov/xlibrary/assets/niac/NIAC_CyberVulnerabilitiesPaper_Feb05.pdf&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Outline:&lt;br /&gt;
 ACKNOWLEDGEMENTS &lt;br /&gt;
 EXECUTIVE SUMMARY&lt;br /&gt;
 BACKGROUND&lt;br /&gt;
  RECOMMENDATION AREA I &lt;br /&gt;
   Recommendations: Adoption of Security Best Practices &lt;br /&gt;
   Recommendations: Awareness of Security Best Practices  &lt;br /&gt;
  RECOMMENDATION AREA II &lt;br /&gt;
   Recommendations: Research and Development &lt;br /&gt;
  RECOMMENDATION AREA III &lt;br /&gt;
   Recommendations: Empowering Service Providers and Law Enforcement  &lt;br /&gt;
 SECTION 2 – RECOMMENDATION DISCUSSION&lt;br /&gt;
  RECOMMENDATION AREA I  &lt;br /&gt;
   Adoption of Security Best Practices &lt;br /&gt;
    1A: Measuring Best Practice Adoption  &lt;br /&gt;
    1B: Route and Packet Filtering  &lt;br /&gt;
   Awareness of Security Best Practices &lt;br /&gt;
    1C: End-User or General Public Education  &lt;br /&gt;
    1D: Industry Continuing Education  &lt;br /&gt;
  RECOMMENDATION AREA II &lt;br /&gt;
    2A: Routing Registries for Securing Inter-Domain Routing  &lt;br /&gt;
    2B: Scalable Management and Anomaly Detection Tools  &lt;br /&gt;
    2C: Forensics at High Data Rates &lt;br /&gt;
    2D: Scalable Vulnerability and Flow Analysis &lt;br /&gt;
  RECOMMENDATION AREA III &lt;br /&gt;
    3A: Empowering Internet Service Providers &lt;br /&gt;
    3B: Enhancement of Online Law Enforcement&lt;br /&gt;
 APPENDIX A: ORGANIZATIONAL RESOURCES&lt;br /&gt;
 APPENDIX B: DOCUMENTS AND RESEARCH PAPERS&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Hardening_The_Internet&amp;diff=4785</id>
		<title>Hardening The Internet</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Hardening_The_Internet&amp;diff=4785"/>
		<updated>2010-07-26T17:19:00Z</updated>

		<summary type="html">&lt;p&gt;Shane: /* Additional Notes and Highlights */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Hardening The Internet : Final Report and Recommendations by the Council&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Nat&#039;l Infrastructure Advisory Council &#039;&#039;Hardening The Internet&#039;&#039; (2004). [http://www.cyber.st.dhs.gov/docs/NIAC%20Internet%20Hardening.pdf  &#039;&#039;Web&#039;&#039;] [http://www.dhs.gov/xlibrary/assets/niac/NIAC_HardeningInternetPaper_Jan05.pdf &#039;&#039;AltWeb&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=NIAC:2004&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
==Key Words==&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Department_of_Homeland_Security | Department of Homeland Security]],&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Research_&amp;amp;_Development | Research &amp;amp; Development]]&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
The Council’s report focuses its recommendations in the following three areas: &lt;br /&gt;
&lt;br /&gt;
1) Near-term Approaches: Encouraging the adoption of Best Current Practices as the most effective approach to harden existing defenses against attack. The Council centers these recommendations on education and awareness initiatives and research into the adoption of BCPs;&lt;br /&gt;
&lt;br /&gt;
2) Long-term Approaches: With sufficient time for research and development, additional work on core Internet protocols can be used to harden the Internet and associated networks and devices against malicious attacks. The Council centers these recommendations on more robust research and development;&lt;br /&gt;
&lt;br /&gt;
3) Empowerment: In the near and long term, Internet Service Providers (ISPs) and law enforcement agencies need on-going capabilities to investigate suspicious activity, prosecute cyber criminals, and harden their core operations. The Council centers these recommendations for empowering ISPs and law enforcement agencies on research and policy issues.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
For a list of Best Current Practices, see the National Reliability and Interoperability Council’s Best Practices Selector at http://www.bell-labs.com/cgiuser/krauscher/bestp.pl&lt;br /&gt;
&lt;br /&gt;
For another working group&#039;s report from the same day see Prioritizing Cyber Vulnerabilities at http://www.dhs.gov/xlibrary/assets/niac/NIAC_CyberVulnerabilitiesPaper_Feb05.pdf&lt;br /&gt;
&lt;br /&gt;
For the following workgroup focused on achieving educational parity see Workforce Preparation Education and Research Working Group at http://www.dhs.gov/xlibrary/assets/niac/niac_workforcereport_april06.pdf&lt;br /&gt;
&lt;br /&gt;
Outline:&lt;br /&gt;
 ACKNOWLEDGEMENTS &lt;br /&gt;
 EXECUTIVE SUMMARY&lt;br /&gt;
 BACKGROUND&lt;br /&gt;
  RECOMMENDATION AREA I &lt;br /&gt;
   Recommendations: Adoption of Security Best Practices &lt;br /&gt;
   Recommendations: Awareness of Security Best Practices  &lt;br /&gt;
  RECOMMENDATION AREA II &lt;br /&gt;
   Recommendations: Research and Development &lt;br /&gt;
  RECOMMENDATION AREA III &lt;br /&gt;
   Recommendations: Empowering Service Providers and Law Enforcement  &lt;br /&gt;
 SECTION 2 – RECOMMENDATION DISCUSSION&lt;br /&gt;
  RECOMMENDATION AREA I  &lt;br /&gt;
   Adoption of Security Best Practices &lt;br /&gt;
    1A: Measuring Best Practice Adoption  &lt;br /&gt;
    1B: Route and Packet Filtering  &lt;br /&gt;
   Awareness of Security Best Practices &lt;br /&gt;
    1C: End-User or General Public Education  &lt;br /&gt;
    1D: Industry Continuing Education  &lt;br /&gt;
  RECOMMENDATION AREA II &lt;br /&gt;
    2A: Routing Registries for Securing Inter-Domain Routing  &lt;br /&gt;
    2B: Scalable Management and Anomaly Detection Tools  &lt;br /&gt;
    2C: Forensics at High Data Rates &lt;br /&gt;
    2D: Scalable Vulnerability and Flow Analysis &lt;br /&gt;
  RECOMMENDATION AREA III &lt;br /&gt;
    3A: Empowering Internet Service Providers &lt;br /&gt;
    3B: Enhancement of Online Law Enforcement&lt;br /&gt;
 APPENDIX A: ORGANIZATIONAL RESOURCES&lt;br /&gt;
 APPENDIX B: DOCUMENTS AND RESEARCH PAPERS&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Hardening_The_Internet&amp;diff=4782</id>
		<title>Hardening The Internet</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Hardening_The_Internet&amp;diff=4782"/>
		<updated>2010-07-26T14:38:12Z</updated>

		<summary type="html">&lt;p&gt;Shane: /* Additional Notes and Highlights */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Hardening The Internet : Final Report and Recommendations by the Council&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Nat&#039;l Infrastructure Advisory Council &#039;&#039;Hardening The Internet&#039;&#039; (2004). [http://www.cyber.st.dhs.gov/docs/NIAC%20Internet%20Hardening.pdf  &#039;&#039;Web&#039;&#039;] [http://www.dhs.gov/xlibrary/assets/niac/NIAC_HardeningInternetPaper_Jan05.pdf &#039;&#039;AltWeb&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=NIAC:2004&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
==Key Words==&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Department_of_Homeland_Security | Department of Homeland Security]],&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Research_&amp;amp;_Development | Research &amp;amp; Development]]&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
The Council’s report focuses its recommendations in the following three areas: &lt;br /&gt;
&lt;br /&gt;
1) Near-term Approaches: Encouraging the adoption of Best Current Practices as the most effective approach to harden existing defenses against attack. The Council centers these recommendations on education and awareness initiatives and research into the adoption of BCPs;&lt;br /&gt;
&lt;br /&gt;
2) Long-term Approaches: With sufficient time for research and development, additional work on core Internet protocols can be used to harden the Internet and associated networks and devices against malicious attacks. The Council centers these recommendations on more robust research and development;&lt;br /&gt;
&lt;br /&gt;
3) Empowerment: In the near and long term, Internet Service Providers (ISPs) and law enforcement agencies need on-going capabilities to investigate suspicious activity, prosecute cyber criminals, and harden their core operations. The Council centers these recommendations for empowering ISPs and law enforcement agencies on research and policy issues.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
For a list of Best Current Practices, see the National Reliability and Interoperability Council’s Best Practices Selector at http://www.bell-labs.com/cgiuser/krauscher/bestp.pl&lt;br /&gt;
&lt;br /&gt;
For another working group&#039;s report from the same day see Prioritizing Cyber Vulnerabilities at http://www.dhs.gov/xlibrary/assets/niac/NIAC_CyberVulnerabilitiesPaper_Feb05.pdf&lt;br /&gt;
&lt;br /&gt;
Outline:&lt;br /&gt;
 ACKNOWLEDGEMENTS &lt;br /&gt;
 EXECUTIVE SUMMARY&lt;br /&gt;
 BACKGROUND&lt;br /&gt;
  RECOMMENDATION AREA I &lt;br /&gt;
   Recommendations: Adoption of Security Best Practices &lt;br /&gt;
   Recommendations: Awareness of Security Best Practices  &lt;br /&gt;
  RECOMMENDATION AREA II &lt;br /&gt;
   Recommendations: Research and Development &lt;br /&gt;
  RECOMMENDATION AREA III &lt;br /&gt;
   Recommendations: Empowering Service Providers and Law Enforcement  &lt;br /&gt;
 SECTION 2 – RECOMMENDATION DISCUSSION&lt;br /&gt;
  RECOMMENDATION AREA I  &lt;br /&gt;
   Adoption of Security Best Practices &lt;br /&gt;
    1A: Measuring Best Practice Adoption  &lt;br /&gt;
    1B: Route and Packet Filtering  &lt;br /&gt;
   Awareness of Security Best Practices &lt;br /&gt;
    1C: End-User or General Public Education  &lt;br /&gt;
    1D: Industry Continuing Education  &lt;br /&gt;
  RECOMMENDATION AREA II &lt;br /&gt;
    2A: Routing Registries for Securing Inter-Domain Routing  &lt;br /&gt;
    2B: Scalable Management and Anomaly Detection Tools  &lt;br /&gt;
    2C: Forensics at High Data Rates &lt;br /&gt;
    2D: Scalable Vulnerability and Flow Analysis &lt;br /&gt;
  RECOMMENDATION AREA III &lt;br /&gt;
    3A: Empowering Internet Service Providers &lt;br /&gt;
    3B: Enhancement of Online Law Enforcement&lt;br /&gt;
 APPENDIX A: ORGANIZATIONAL RESOURCES&lt;br /&gt;
 APPENDIX B: DOCUMENTS AND RESEARCH PAPERS&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Hardening_The_Internet&amp;diff=4781</id>
		<title>Hardening The Internet</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Hardening_The_Internet&amp;diff=4781"/>
		<updated>2010-07-26T14:32:43Z</updated>

		<summary type="html">&lt;p&gt;Shane: /* Additional Notes and Highlights */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Hardening The Internet : Final Report and Recommendations by the Council&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Nat&#039;l Infrastructure Advisory Council &#039;&#039;Hardening The Internet&#039;&#039; (2004). [http://www.cyber.st.dhs.gov/docs/NIAC%20Internet%20Hardening.pdf  &#039;&#039;Web&#039;&#039;] [http://www.dhs.gov/xlibrary/assets/niac/NIAC_HardeningInternetPaper_Jan05.pdf &#039;&#039;AltWeb&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=NIAC:2004&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
==Key Words==&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Department_of_Homeland_Security | Department of Homeland Security]],&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Research_&amp;amp;_Development | Research &amp;amp; Development]]&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
The Council’s report focuses its recommendations in the following three areas: &lt;br /&gt;
&lt;br /&gt;
1) Near-term Approaches: Encouraging the adoption of Best Current Practices as the most effective approach to harden existing defenses against attack. The Council centers these recommendations on education and awareness initiatives and research into the adoption of BCPs;&lt;br /&gt;
&lt;br /&gt;
2) Long-term Approaches: With sufficient time for research and development, additional work on core Internet protocols can be used to harden the Internet and associated networks and devices against malicious attacks. The Council centers these recommendations on more robust research and development;&lt;br /&gt;
&lt;br /&gt;
3) Empowerment: In the near and long term, Internet Service Providers (ISPs) and law enforcement agencies need on-going capabilities to investigate suspicious activity, prosecute cyber criminals, and harden their core operations. The Council centers these recommendations for empowering ISPs and law enforcement agencies on research and policy issues.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
For a list of Best Current Practices, see the National Reliability and Interoperability Council’s Best Practices Selector at http://www.bell-labs.com/cgiuser/krauscher/bestp.pl&lt;br /&gt;
&lt;br /&gt;
For another working group&#039;s report from the same day see PRIORITIZING CYBER VULNERABILITIES at http://www.dhs.gov/xlibrary/assets/niac/NIAC_CyberVulnerabilitiesPaper_Feb05.pdf&lt;br /&gt;
&lt;br /&gt;
Outline:&lt;br /&gt;
 ACKNOWLEDGEMENTS &lt;br /&gt;
 EXECUTIVE SUMMARY&lt;br /&gt;
 BACKGROUND&lt;br /&gt;
  RECOMMENDATION AREA I &lt;br /&gt;
   Recommendations: Adoption of Security Best Practices &lt;br /&gt;
   Recommendations: Awareness of Security Best Practices  &lt;br /&gt;
  RECOMMENDATION AREA II &lt;br /&gt;
   Recommendations: Research and Development &lt;br /&gt;
  RECOMMENDATION AREA III &lt;br /&gt;
   Recommendations: Empowering Service Providers and Law Enforcement  &lt;br /&gt;
 SECTION 2 – RECOMMENDATION DISCUSSION&lt;br /&gt;
  RECOMMENDATION AREA I  &lt;br /&gt;
   Adoption of Security Best Practices &lt;br /&gt;
    1A: Measuring Best Practice Adoption  &lt;br /&gt;
    1B: Route and Packet Filtering  &lt;br /&gt;
   Awareness of Security Best Practices &lt;br /&gt;
    1C: End-User or General Public Education  &lt;br /&gt;
    1D: Industry Continuing Education  &lt;br /&gt;
  RECOMMENDATION AREA II &lt;br /&gt;
    2A: Routing Registries for Securing Inter-Domain Routing  &lt;br /&gt;
    2B: Scalable Management and Anomaly Detection Tools  &lt;br /&gt;
    2C: Forensics at High Data Rates &lt;br /&gt;
    2D: Scalable Vulnerability and Flow Analysis &lt;br /&gt;
  RECOMMENDATION AREA III &lt;br /&gt;
    3A: Empowering Internet Service Providers &lt;br /&gt;
    3B: Enhancement of Online Law Enforcement&lt;br /&gt;
 APPENDIX A: ORGANIZATIONAL RESOURCES&lt;br /&gt;
 APPENDIX B: DOCUMENTS AND RESEARCH PAPERS&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Information_Security_Governance&amp;diff=4780</id>
		<title>Information Security Governance</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Information_Security_Governance&amp;diff=4780"/>
		<updated>2010-07-26T14:28:18Z</updated>

		<summary type="html">&lt;p&gt;Shane: /* Additional Notes and Highlights */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Information Security Governance: A Call to Action&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Nat&#039;l Cyber Sec. Summit Task Force &#039;&#039;Information Security Governance&#039;&#039; (2004). [http://www.cyber.st.dhs.gov/docs/Information%20Security%20Governance-%20A%20Call%20to%20Action%20(2004).pdf  &#039;&#039;Web&#039;&#039;] [http://www.criminal-justice-careers.com/resources/InfoSecGov4_04.pdf &#039;&#039;AltWeb&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=NCSSTF:2004&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
* Threats and Actors: [[States]]; [[Groups]], [[Private Critical Infrastructure]]&lt;br /&gt;
* Issues: [[Usability/Human Factors]], [[Psychology and Politics]], [[Information Sharing/Disclosure]], [[Public-Private Cooperation]]&lt;br /&gt;
* Approaches: [[Regulation/Liability]], [[Private Efforts/Organizations]], [[Government Organizations]], [[Deterrence]], [[Technology]]&lt;br /&gt;
&lt;br /&gt;
==Key Words==&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Civilian_Participation | Civilian Participation]], [[Keyword_Index_and_Glossary_of_Core_Ideas#Department_of_Homeland_Security | Department of Homeland Security]], [[Keyword_Index_and_Glossary_of_Core_Ideas#National_Cybersecurity_Strategy_(U.S.) | National Cybersecurity Strategy (U.S.)]], [[Keyword_Index_and_Glossary_of_Core_Ideas#Research_&amp;amp;_Development | Research &amp;amp; Development]],&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
To better secure its information systems and strengthen America’s homeland security, the private sector should incorporate  information security into its corporate governance efforts. Although information security is not solely a technical issue, it is often treated that way. If businesses, educational institutions, and non-profit organizations are to make significant progress securing their information assets, executives must make information security an integral part of core business operations. There is no better way to accomplish this goal than to highlight it as part of the existing internal controls and policies that constitute corporate governance.&lt;br /&gt;
&lt;br /&gt;
The Corporate Governance Task Force believes that information security governance (ISG) efforts will be most successful if conducted voluntarily, instead of mandated by government. With the appropriate tools and guidance, the private sector can effectively rise to the challenges set out in The National Strategy to Secure Cyberspace.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
&lt;br /&gt;
Expertise Required: Executive Administration: Moderate&lt;br /&gt;
&lt;br /&gt;
Outline:&lt;br /&gt;
 EXECUTIVE SUMMARY &lt;br /&gt;
 1 INTRODUCTION AND CHARGE &lt;br /&gt;
 2 CORPORATE GOVERNANCE TASK FORCE RECOMMENDATIONS &lt;br /&gt;
  2.1 Information Security Governance Framework  &lt;br /&gt;
  2.2 ISG Framework Implementation  &lt;br /&gt;
  2.3 ISG Verification and Compliance  &lt;br /&gt;
  2.3.a Verification and Compliance Recommendations &lt;br /&gt;
 3.0 CONCLUSIONS  &lt;br /&gt;
 APPENDIX A: INFORMATION SECURITY GOVERNANCE FRAMEWORK  &lt;br /&gt;
 APPENDIX B: ISG FUNCTIONS AND RESPONSIBILITIES GUIDES  &lt;br /&gt;
 APPENDIX C: ORGANIZATION/PROCESS FOR IMPLEMENTATION  &lt;br /&gt;
 APPENDIX D: ISG ASSESSMENT TOOL&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Information_Security_Governance&amp;diff=4779</id>
		<title>Information Security Governance</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Information_Security_Governance&amp;diff=4779"/>
		<updated>2010-07-26T14:20:57Z</updated>

		<summary type="html">&lt;p&gt;Shane: /* Additional Notes and Highlights */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Information Security Governance: A Call to Action&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Nat&#039;l Cyber Sec. Summit Task Force &#039;&#039;Information Security Governance&#039;&#039; (2004). [http://www.cyber.st.dhs.gov/docs/Information%20Security%20Governance-%20A%20Call%20to%20Action%20(2004).pdf  &#039;&#039;Web&#039;&#039;] [http://www.criminal-justice-careers.com/resources/InfoSecGov4_04.pdf &#039;&#039;AltWeb&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=NCSSTF:2004&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
* Threats and Actors: [[States]]; [[Groups]], [[Private Critical Infrastructure]]&lt;br /&gt;
* Issues: [[Usability/Human Factors]], [[Psychology and Politics]], [[Information Sharing/Disclosure]], [[Public-Private Cooperation]]&lt;br /&gt;
* Approaches: [[Regulation/Liability]], [[Private Efforts/Organizations]], [[Government Organizations]], [[Deterrence]], [[Technology]]&lt;br /&gt;
&lt;br /&gt;
==Key Words==&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Civilian_Participation | Civilian Participation]], [[Keyword_Index_and_Glossary_of_Core_Ideas#Department_of_Homeland_Security | Department of Homeland Security]], [[Keyword_Index_and_Glossary_of_Core_Ideas#National_Cybersecurity_Strategy_(U.S.) | National Cybersecurity Strategy (U.S.)]], [[Keyword_Index_and_Glossary_of_Core_Ideas#Research_&amp;amp;_Development | Research &amp;amp; Development]],&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
To better secure its information systems and strengthen America’s homeland security, the private sector should incorporate  information security into its corporate governance efforts. Although information security is not solely a technical issue, it is often treated that way. If businesses, educational institutions, and non-profit organizations are to make significant progress securing their information assets, executives must make information security an integral part of core business operations. There is no better way to accomplish this goal than to highlight it as part of the existing internal controls and policies that constitute corporate governance.&lt;br /&gt;
&lt;br /&gt;
The Corporate Governance Task Force believes that information security governance (ISG) efforts will be most successful if conducted voluntarily, instead of mandated by government. With the appropriate tools and guidance, the private sector can effectively rise to the challenges set out in The National Strategy to Secure Cyberspace.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
&lt;br /&gt;
Expertise Required: &lt;br /&gt;
&lt;br /&gt;
Outline:&lt;br /&gt;
 EXECUTIVE SUMMARY &lt;br /&gt;
 1 INTRODUCTION AND CHARGE &lt;br /&gt;
 2 CORPORATE GOVERNANCE TASK FORCE RECOMMENDATIONS &lt;br /&gt;
  2.1 Information Security Governance Framework  &lt;br /&gt;
  2.2 ISG Framework Implementation  &lt;br /&gt;
  2.3 ISG Verification and Compliance  &lt;br /&gt;
  2.3.a Verification and Compliance Recommendations &lt;br /&gt;
 3.0 CONCLUSIONS  &lt;br /&gt;
 APPENDIX A: INFORMATION SECURITY GOVERNANCE FRAMEWORK  &lt;br /&gt;
 APPENDIX B: ISG FUNCTIONS AND RESPONSIBILITIES GUIDES  &lt;br /&gt;
 APPENDIX C: ORGANIZATION/PROCESS FOR IMPLEMENTATION  &lt;br /&gt;
 APPENDIX D: ISG ASSESSMENT TOOL&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Hardening_The_Internet&amp;diff=4778</id>
		<title>Hardening The Internet</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Hardening_The_Internet&amp;diff=4778"/>
		<updated>2010-07-26T14:16:40Z</updated>

		<summary type="html">&lt;p&gt;Shane: /* Additional Notes and Highlights */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Hardening The Internet : Final Report and Recommendations by the Council&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Nat&#039;l Infrastructure Advisory Council &#039;&#039;Hardening The Internet&#039;&#039; (2004). [http://www.cyber.st.dhs.gov/docs/NIAC%20Internet%20Hardening.pdf  &#039;&#039;Web&#039;&#039;] [http://www.dhs.gov/xlibrary/assets/niac/NIAC_HardeningInternetPaper_Jan05.pdf &#039;&#039;AltWeb&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=NIAC:2004&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
==Key Words==&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Department_of_Homeland_Security | Department of Homeland Security]],&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Research_&amp;amp;_Development | Research &amp;amp; Development]]&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
The Council’s report focuses its recommendations in the following three areas: &lt;br /&gt;
&lt;br /&gt;
1) Near-term Approaches: Encouraging the adoption of Best Current Practices as the most effective approach to harden existing defenses against attack. The Council centers these recommendations on education and awareness initiatives and research into the adoption of BCPs;&lt;br /&gt;
&lt;br /&gt;
2) Long-term Approaches: With sufficient time for research and development, additional work on core Internet protocols can be used to harden the Internet and associated networks and devices against malicious attacks. The Council centers these recommendations on more robust research and development;&lt;br /&gt;
&lt;br /&gt;
3) Empowerment: In the near and long term, Internet Service Providers (ISPs) and law enforcement agencies need on-going capabilities to investigate suspicious activity, prosecute cyber criminals, and harden their core operations. The Council centers these recommendations for empowering ISPs and law enforcement agencies on research and policy issues.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
For a list of Best Current Practices, see the National Reliability and Interoperability Council’s Best Practices Selector at http://www.bell-labs.com/cgiuser/krauscher/bestp.pl&lt;br /&gt;
&lt;br /&gt;
Outline:&lt;br /&gt;
 ACKNOWLEDGEMENTS &lt;br /&gt;
 EXECUTIVE SUMMARY&lt;br /&gt;
 BACKGROUND&lt;br /&gt;
  RECOMMENDATION AREA I &lt;br /&gt;
   Recommendations: Adoption of Security Best Practices &lt;br /&gt;
   Recommendations: Awareness of Security Best Practices  &lt;br /&gt;
  RECOMMENDATION AREA II &lt;br /&gt;
   Recommendations: Research and Development &lt;br /&gt;
  RECOMMENDATION AREA III &lt;br /&gt;
   Recommendations: Empowering Service Providers and Law Enforcement  &lt;br /&gt;
 SECTION 2 – RECOMMENDATION DISCUSSION&lt;br /&gt;
  RECOMMENDATION AREA I  &lt;br /&gt;
   Adoption of Security Best Practices &lt;br /&gt;
    1A: Measuring Best Practice Adoption  &lt;br /&gt;
    1B: Route and Packet Filtering  &lt;br /&gt;
   Awareness of Security Best Practices &lt;br /&gt;
    1C: End-User or General Public Education  &lt;br /&gt;
    1D: Industry Continuing Education  &lt;br /&gt;
  RECOMMENDATION AREA II &lt;br /&gt;
    2A: Routing Registries for Securing Inter-Domain Routing  &lt;br /&gt;
    2B: Scalable Management and Anomaly Detection Tools  &lt;br /&gt;
    2C: Forensics at High Data Rates &lt;br /&gt;
    2D: Scalable Vulnerability and Flow Analysis &lt;br /&gt;
  RECOMMENDATION AREA III &lt;br /&gt;
    3A: Empowering Internet Service Providers &lt;br /&gt;
    3B: Enhancement of Online Law Enforcement&lt;br /&gt;
 APPENDIX A: ORGANIZATIONAL RESOURCES&lt;br /&gt;
 APPENDIX B: DOCUMENTS AND RESEARCH PAPERS&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Hardening_The_Internet&amp;diff=4777</id>
		<title>Hardening The Internet</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Hardening_The_Internet&amp;diff=4777"/>
		<updated>2010-07-26T14:14:42Z</updated>

		<summary type="html">&lt;p&gt;Shane: /* Full Citation */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Hardening The Internet : Final Report and Recommendations by the Council&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Nat&#039;l Infrastructure Advisory Council &#039;&#039;Hardening The Internet&#039;&#039; (2004). [http://www.cyber.st.dhs.gov/docs/NIAC%20Internet%20Hardening.pdf  &#039;&#039;Web&#039;&#039;] [http://www.dhs.gov/xlibrary/assets/niac/NIAC_HardeningInternetPaper_Jan05.pdf &#039;&#039;AltWeb&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=NIAC:2004&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
* Resource by Type: [[US Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
==Key Words==&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Department_of_Homeland_Security | Department of Homeland Security]],&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Research_&amp;amp;_Development | Research &amp;amp; Development]]&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
The Council’s report focuses its recommendations in the following three areas: &lt;br /&gt;
&lt;br /&gt;
1) Near-term Approaches: Encouraging the adoption of Best Current Practices as the most effective approach to harden existing defenses against attack. The Council centers these recommendations on education and awareness initiatives and research into the adoption of BCPs;&lt;br /&gt;
&lt;br /&gt;
2) Long-term Approaches: With sufficient time for research and development, additional work on core Internet protocols can be used to harden the Internet and associated networks and devices against malicious attacks. The Council centers these recommendations on more robust research and development;&lt;br /&gt;
&lt;br /&gt;
3) Empowerment: In the near and long term, Internet Service Providers (ISPs) and law enforcement agencies need on-going capabilities to investigate suspicious activity, prosecute cyber criminals, and harden their core operations. The Council centers these recommendations for empowering ISPs and law enforcement agencies on research and policy issues.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
For a list of Best Current Practices, see the National Reliability and Interoperability Council’s Best Practices Selector at http://www.bell-labs.com/cgiuser/krauscher/bestp.pl&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Regulation/Liability&amp;diff=4776</id>
		<title>Regulation/Liability</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Regulation/Liability&amp;diff=4776"/>
		<updated>2010-07-26T14:07:30Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Approaches | Approaches-&amp;gt;]][[Regulation/Liability]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross (2001) [[Why Information Security is Hard]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross and Moore, Tyler (2006)  [[The Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross, et. al (2008) [[Security Economics and the Internal Market]]&lt;br /&gt;
&lt;br /&gt;
Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]&lt;br /&gt;
&lt;br /&gt;
Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]] &lt;br /&gt;
&lt;br /&gt;
Camp, L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Center for Strategic and International Studies (2008) [[Securing Cyberspace for the 44th Presidency]]&lt;br /&gt;
&lt;br /&gt;
Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Granick, Jennifer Stisa (2005) [[The Price of Restricting Vulnerability Publications]]&lt;br /&gt;
&lt;br /&gt;
Institute for Information Infrastructure Protection (2003) [[Cyber Security Research and Development Agenda]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]&lt;br /&gt;
&lt;br /&gt;
Korns, Stephen W.  (2009) [[Cyber Operations]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2006) [[Much Ado About Notification]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin  (2005)  [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
Romanosky et al. (2008) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]&lt;br /&gt;
&lt;br /&gt;
Todd, Graham H. (2009) [[Armed Attack in Cyberspace]] &lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N., et. al (2004) [[Computers and War]] &lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N. (2002) [[Wired Warfare]] &lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2008) [[Schneier on Security]]&lt;br /&gt;
&lt;br /&gt;
Schwartz, Paul and Janger, Edward (2007) [[Notification of Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Sklerov, Matthew J. (2009) [[Solving the Dilemma of State Responses to Cyberattacks]] &lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2004) [[A Model for When Disclosure Helps Security]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2006) [[A Theory of Disclosure for Security and Competitive Reasons]]&lt;br /&gt;
&lt;br /&gt;
Zittrain, Jonathan L. (2008) [[The Future of the Internet and How To Stop It]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Private_Efforts/Organizations&amp;diff=4775</id>
		<title>Private Efforts/Organizations</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Private_Efforts/Organizations&amp;diff=4775"/>
		<updated>2010-07-26T14:06:27Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Approaches | Approaches-&amp;gt;]][[Private Efforts/Organizations]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Government_Organizations&amp;diff=4774</id>
		<title>Government Organizations</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Government_Organizations&amp;diff=4774"/>
		<updated>2010-07-26T14:05:56Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Approaches | Approaches-&amp;gt;]][[Government Organizations]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]] &lt;br /&gt;
&lt;br /&gt;
Department of Commerce (2010) [[Defense Industrial Base Assessment]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2005) [[Strategy for Homeland Defense and Civil Support]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2009) [[A Roadmap for Cybersecurity Research]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2008) [[Schneier on Security]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Approaches&amp;diff=4773</id>
		<title>Approaches</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Approaches&amp;diff=4773"/>
		<updated>2010-07-26T14:05:39Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Approaches]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross (2001) [[Why Information Security is Hard]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross and Moore, Tyler (2006)  [[The Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross, et. al (2008) [[Security Economics and the Internal Market]]&lt;br /&gt;
&lt;br /&gt;
Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]&lt;br /&gt;
&lt;br /&gt;
Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]] &lt;br /&gt;
&lt;br /&gt;
Beard, Jack M. (2009) [[Law and War in the Virtual Era]]&lt;br /&gt;
&lt;br /&gt;
Brown, Davis  (2006) [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]]  &lt;br /&gt;
&lt;br /&gt;
Camp, L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Center for Strategic and International Studies (2008) [[Securing Cyberspace for the 44th Presidency]]&lt;br /&gt;
&lt;br /&gt;
Clarke, Richard A. and Knake, Robert (2010) [[Cyber War]]&lt;br /&gt;
&lt;br /&gt;
Department of Commerce (2010) [[Defense Industrial Base Assessment]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense &#039;&#039;(2005)&#039;&#039; [[Strategy for Homeland Defense and Civil Support]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense Office of General Counsel (1999) [[An Assessment of International Legal Issues in Information Operations]] &lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Dörmann, Knut  (2004) [[Applicability of the Additional Protocols to Computer Network Attacks]] &lt;br /&gt;
&lt;br /&gt;
Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]&lt;br /&gt;
&lt;br /&gt;
Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Granick, Jennifer Stisa (2005) [[The Price of Restricting Vulnerability Publications]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]&lt;br /&gt;
&lt;br /&gt;
Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2006) [[Much Ado About Notification]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2007) [[Examining the Impact of Website Take-down on Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
Nye, Joseph (2010) [[Cyber Power]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin  (2005)  [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
Romanosky et al. (2008) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2008) [[Schneier on Security]]&lt;br /&gt;
&lt;br /&gt;
Schwartz, Paul and Janger, Edward (2007) [[Notification of Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2004) [[A Model for When Disclosure Helps Security]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2006) [[A Theory of Disclosure for Security and Competitive Reasons]]&lt;br /&gt;
&lt;br /&gt;
Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]&lt;br /&gt;
&lt;br /&gt;
Zittrain, Jonathan L. (2008) [[The Future of the Internet and How To Stop It]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Approaches | Approaches-&amp;gt;]][[Regulation/Liability]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Approaches | Approaches-&amp;gt;]][[Private Efforts/Organizations]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Approaches | Approaches-&amp;gt;]][[Government Organizations]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Approaches | Approaches-&amp;gt;]][[International Cooperation]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Approaches | Approaches-&amp;gt;]][[International Law (including Laws of War)]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Approaches | Approaches-&amp;gt;]][[Deterrence]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Approaches | Approaches-&amp;gt;]][[Technology]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Deterrence&amp;diff=4772</id>
		<title>Deterrence</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Deterrence&amp;diff=4772"/>
		<updated>2010-07-26T14:05:21Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Approaches | Approaches-&amp;gt;]][[Deterrence]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross, et. al (2008) [[Security Economics and the Internal Market]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]&lt;br /&gt;
&lt;br /&gt;
Korns, Stephen W.  (2009) [[Cyber Operations]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
Sklerov, Matthew J. (2009) [[Solving the Dilemma of State Responses to Cyberattacks]] &lt;br /&gt;
&lt;br /&gt;
Todd, Graham H. (2009) [[Armed Attack in Cyberspace]] &lt;br /&gt;
&lt;br /&gt;
Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Technology&amp;diff=4771</id>
		<title>Technology</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Technology&amp;diff=4771"/>
		<updated>2010-07-26T14:04:47Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Approaches | Approaches-&amp;gt;]][[Technology]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross and Moore, Tyler (2006)  [[The Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2007) [[Examining the Impact of Website Take-down on Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents| Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Security_Targets&amp;diff=4770</id>
		<title>Security Targets</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Security_Targets&amp;diff=4770"/>
		<updated>2010-07-26T14:04:05Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Clarke, Richard A. and Knake, Robert  (2010)  [[Cyber War]]&lt;br /&gt;
&lt;br /&gt;
Brown, Davis  (2006) [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]] &lt;br /&gt;
&lt;br /&gt;
Department of Commerce (2010) [[Defense Industrial Base Assessment]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense &#039;&#039;(2005)&#039;&#039; [[Strategy for Homeland Defense and Civil Support]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Energetics Inc. (2006) [[Roadmap to Secure Control Systems in the Energy Sector]]&lt;br /&gt;
&lt;br /&gt;
Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]&lt;br /&gt;
&lt;br /&gt;
Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
McAfee, Inc. (2010) [[McAfee Threats Report]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2007) [[Examining the Impact of Website Take-down on Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin  (2005)  [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
Symantec Corporation (2010) [[Symantec Global Internet Security Threat Report]]&lt;br /&gt;
&lt;br /&gt;
Thomas, Rob and Martin, Jerry (2006) [[The Underground Economy]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Security Targets | Security Targets-&amp;gt;]][[Public Critical Infrastructure | Public Critical Infrastructure-&amp;gt;]][[Military Networks (.mil)]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Security Targets | Security Targets-&amp;gt;]][[Public Critical Infrastructure | Public Critical Infrastructure-&amp;gt;]][[Military Networks (.mil)]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Security Targets | Security Targets-&amp;gt;]][[Private Critical Infrastructure | Private Critical Infrastructure-&amp;gt;]][[Electricity, Oil and Natural Gas]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Security Targets | Security Targets-&amp;gt;]][[Private Critical Infrastructure | Private Critical Infrastructure-&amp;gt;]][[Financial Institutions and Networks]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Security Targets | Security Targets-&amp;gt;]][[Private Critical Infrastructure | Private Critical Infrastructure-&amp;gt;]][[Transportation]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Security Targets | Security Targets-&amp;gt;]][[Private Critical Infrastructure | Private Critical Infrastructure-&amp;gt;]][[Water, Sewer, etc.]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Security Targets | Security Targets-&amp;gt;]][[Communications | Communications-&amp;gt;]][[Telephone]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Security Targets | Security Targets-&amp;gt;]][[Communications | Communications-&amp;gt;]][[Public Data Networks]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Security Targets | Security Targets-&amp;gt;]][[Communications | Communications-&amp;gt;]][[Cloud Computing]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Private_Critical_Infrastructure&amp;diff=4769</id>
		<title>Private Critical Infrastructure</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Private_Critical_Infrastructure&amp;diff=4769"/>
		<updated>2010-07-26T14:03:25Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets | Security Targets-&amp;gt;]][[Private Critical Infrastructure]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2009) [[A Roadmap for Cybersecurity Research]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Energetics Inc. (2006) [[Roadmap to Secure Control Systems in the Energy Sector]]&lt;br /&gt;
&lt;br /&gt;
Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]&lt;br /&gt;
&lt;br /&gt;
Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
McAfee, Inc. (2010) [[McAfee Threats Report]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin  (2005)  [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
Symantec Corporation (2010) [[Symantec Global Internet Security Threat Report]]&lt;br /&gt;
&lt;br /&gt;
Thomas, Rob and Martin, Jerry (2006) [[The Underground Economy]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Private Critical Infrastructure | Private Critical Infrastructure-&amp;gt;]][[Electricity, Oil and Natural Gas]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Private Critical Infrastructure | Private Critical Infrastructure-&amp;gt;]][[Financial Institutions and Networks]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Private Critical Infrastructure | Private Critical Infrastructure-&amp;gt;]][[Transportation]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Private Critical Infrastructure | Private Critical Infrastructure-&amp;gt;]][[Water, Sewer, etc.]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Threats_and_Actors&amp;diff=4768</id>
		<title>Threats and Actors</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Threats_and_Actors&amp;diff=4768"/>
		<updated>2010-07-26T14:02:41Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Threats and Actors]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]]&lt;br /&gt;
&lt;br /&gt;
Brown, Davis  (2006) [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]]&lt;br /&gt;
&lt;br /&gt;
Clarke, Richard A. and Knake, Robert (2010) [[Cyber War]]&lt;br /&gt;
&lt;br /&gt;
Department of Commerce (2010) [[Defense Industrial Base Assessment]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense &#039;&#039;(2005)&#039;&#039; [[Strategy for Homeland Defense and Civil Support]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense Office of General Counsel (1999) [[An Assessment of International Legal Issues in Information Operations]] &lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Dörmann, Knut  (2004) [[Applicability of the Additional Protocols to Computer Network Attacks]] &lt;br /&gt;
&lt;br /&gt;
Energetics Inc. (2006) [[Roadmap to Secure Control Systems in the Energy Sector]]&lt;br /&gt;
&lt;br /&gt;
Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]&lt;br /&gt;
&lt;br /&gt;
Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]&lt;br /&gt;
&lt;br /&gt;
Franklin, Jason, et. al (2007) [[An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
McAfee, Inc. (2010) [[McAfee Threats Report]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2007) [[Examining the Impact of Website Take-down on Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
Nye, Joseph (2010) [[Cyber Power]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin  (2005)  [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
Rotenberg et. al. (&#039;&#039;2010&#039;&#039;) [[The Cyber War Threat Has Been Grossly Exaggerated]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2008) [[Schneier on Security]]&lt;br /&gt;
&lt;br /&gt;
Stohl, Michael &#039;&#039;(2006)&#039;&#039; [[Cyber Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Symantec Corporation (2010) [[Symantec Global Internet Security Threat Report]]&lt;br /&gt;
&lt;br /&gt;
Thomas, Rob and Martin, Jerry (2006) [[The Underground Economy]]&lt;br /&gt;
&lt;br /&gt;
Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Actors and Incentives | Actors and Incentives-&amp;gt;]][[States]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Actors and Incentives | Actors and Incentives-&amp;gt;]][[Groups]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Actors and Incentives | Actors and Incentives-&amp;gt;]][[Hacktivists]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Actors and Incentives | Actors and Incentives-&amp;gt;]][[Terrorists]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets | Security Targets-&amp;gt;]][[Public Critical Infrastructure | Public Critical Infrastructure-&amp;gt;]][[Government Networks (.gov)]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets | Security Targets-&amp;gt;]][[Public Critical Infrastructure | Public Critical Infrastructure-&amp;gt;]][[Military Networks (.mil)]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets | Security Targets-&amp;gt;]][[Private Critical Infrastructure | Private Critical Infrastructure-&amp;gt;]][[Electricity, Oil and Natural Gas]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets | Security Targets-&amp;gt;]][[Private Critical Infrastructure | Private Critical Infrastructure-&amp;gt;]][[Financial Institutions and Networks]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets | Security Targets-&amp;gt;]][[Private Critical Infrastructure | Private Critical Infrastructure-&amp;gt;]][[Transportation]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets | Security Targets-&amp;gt;]][[Private Critical Infrastructure | Private Critical Infrastructure-&amp;gt;]][[Water, Sewer, etc.]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets | Security Targets-&amp;gt;]][[Communications | Communications-&amp;gt;]][[Telephone]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets | Security Targets-&amp;gt;]][[Communications | Communications-&amp;gt;]][[Public Data Networks]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets | Security Targets-&amp;gt;]][[Communications | Communications-&amp;gt;]][[Cloud Computing]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=States&amp;diff=4767</id>
		<title>States</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=States&amp;diff=4767"/>
		<updated>2010-07-26T14:00:54Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Threats and Actors | Threats and Actors-&amp;gt;]][[Actors and Incentives | Actors and Incentives-&amp;gt;]][[States]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]] &lt;br /&gt;
&lt;br /&gt;
Brown, Davis  (2006) [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]] &lt;br /&gt;
&lt;br /&gt;
Clarke, Richard A. and Knake, Robert  (2010)  [[Cyber War]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2005) [[Strategy for Homeland Defense and Civil Support]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense Office of General Counsel (1999) [[An Assessment of International Legal Issues in Information Operations]] &lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2009) [[A Roadmap for Cybersecurity Research]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Dörmann, Knut  (2004) [[Applicability of the Additional Protocols to Computer Network Attacks]] &lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Korns, Stephen W.  (2009) [[Cyber Operations]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
Nye, Joseph (2010) [[Cyber Power]]&lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N., et. al (2004) [[Computers and War]] &lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N. (2002) [[Wired Warfare]] &lt;br /&gt;
&lt;br /&gt;
Sklerov, Matthew J. (2009) [[Solving the Dilemma of State Responses to Cyberattacks]] &lt;br /&gt;
&lt;br /&gt;
Todd, Graham H. (2009) [[Armed Attack in Cyberspace]] &lt;br /&gt;
&lt;br /&gt;
Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Actors_and_Incentives&amp;diff=4766</id>
		<title>Actors and Incentives</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Actors_and_Incentives&amp;diff=4766"/>
		<updated>2010-07-26T14:00:37Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Threats and Actors | Threats and Actors-&amp;gt;]][[Actors and Incentives]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]]&lt;br /&gt;
&lt;br /&gt;
Brown, Davis  (2006) [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]] &lt;br /&gt;
&lt;br /&gt;
Clarke, Richard A. and Knake, Robert  (2010)  [[Cyber War]]&lt;br /&gt;
&lt;br /&gt;
Department of Commerce (2010) [[Defense Industrial Base Assessment]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense Office of General Counsel (1999) [[An Assessment of International Legal Issues in Information Operations]] &lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Dörmann, Knut  (2004) [[Applicability of the Additional Protocols to Computer Network Attacks]] &lt;br /&gt;
&lt;br /&gt;
Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]&lt;br /&gt;
&lt;br /&gt;
Franklin, Jason, et. al (2007) [[An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]&lt;br /&gt;
&lt;br /&gt;
McAfee, Inc. (2010) [[McAfee Threats Report]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
Nye, Joseph (2010) [[Cyber Power]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2008) [[Schneier on Security]]&lt;br /&gt;
&lt;br /&gt;
Stohl, Michael &#039;&#039;(2006)&#039;&#039; [[Cyber Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Actors and Incentives | Actors and Incentives-&amp;gt;]][[States]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Actors and Incentives | Actors and Incentives-&amp;gt;]][[Groups]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Actors and Incentives | Actors and Incentives-&amp;gt;]][[Hacktivists]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Actors and Incentives | Actors and Incentives-&amp;gt;]][[Terrorists]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Groups&amp;diff=4765</id>
		<title>Groups</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Groups&amp;diff=4765"/>
		<updated>2010-07-26T14:00:25Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Threats and Actors | Threats and Actors-&amp;gt;]][[Actors and Incentives | Actors and Incentives-&amp;gt;]][[Groups]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Korns, Stephen W.  (2009) [[Cyber Operations]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Public-Private_Cooperation&amp;diff=4764</id>
		<title>Public-Private Cooperation</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Public-Private_Cooperation&amp;diff=4764"/>
		<updated>2010-07-26T14:00:13Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Issues | Issues-&amp;gt;]][[Public-Private Cooperation]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]&lt;br /&gt;
&lt;br /&gt;
Center for Strategic and International Studies (2008) [[Securing Cyberspace for the 44th Presidency]]&lt;br /&gt;
&lt;br /&gt;
Department of Commerce (2010) [[Defense Industrial Base Assessment]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2005) [[Strategy for Homeland Defense and Civil Support]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2009) [[A Roadmap for Cybersecurity Research]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Energetics Inc. (2006) [[Roadmap to Secure Control Systems in the Energy Sector]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Korns, Stephen W.  (2009) [[Cyber Operations]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin  (2005)  [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents| Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Information_Sharing/Disclosure&amp;diff=4763</id>
		<title>Information Sharing/Disclosure</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Information_Sharing/Disclosure&amp;diff=4763"/>
		<updated>2010-07-26T13:59:46Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Issues | Issues-&amp;gt;]][[Information Sharing/Disclosure]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross and Moore, Tyler (2006)  [[The Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross, et. al (2008) [[Security Economics and the Internal Market]]&lt;br /&gt;
&lt;br /&gt;
Arora et al. (2006) [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure]]&lt;br /&gt;
&lt;br /&gt;
Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]&lt;br /&gt;
&lt;br /&gt;
Camp, L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Computing Research Association (2003) [[Four Grand Challenges in Trustworthy Computing]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Granick, Jennifer Stisa (2005) [[The Price of Restricting Vulnerability Publications]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2006) [[Much Ado About Notification]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2007) [[Examining the Impact of Website Take-down on Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2009)  [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin  (2005)  [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
Romanosky et al. (2008) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]&lt;br /&gt;
&lt;br /&gt;
Schwartz, Paul and Janger, Edward (2007) [[Notification of Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2004) [[A Model for When Disclosure Helps Security]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2006) [[A Theory of Disclosure for Security and Competitive Reasons]]&lt;br /&gt;
&lt;br /&gt;
Telang, Rahul and Wattal, Sunil (2007) [[Impact of Software Vulnerability Announcements on the Market Value of Software Vendors]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents| Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Psychology_and_Politics&amp;diff=4762</id>
		<title>Psychology and Politics</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Psychology_and_Politics&amp;diff=4762"/>
		<updated>2010-07-26T13:59:34Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Issues | Issues-&amp;gt;]][[Psychology and Politics]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents| Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Issues&amp;diff=4761</id>
		<title>Issues</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Issues&amp;diff=4761"/>
		<updated>2010-07-26T13:59:20Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Issues]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross (2001) [[Why Information Security is Hard]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross and Moore, Tyler (2006) [[The Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross, et. al (2008) [[Security Economics and the Internal Market]]&lt;br /&gt;
&lt;br /&gt;
Arora et al. (2006) [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure]]&lt;br /&gt;
&lt;br /&gt;
Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]&lt;br /&gt;
&lt;br /&gt;
Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]] &lt;br /&gt;
&lt;br /&gt;
Beard, Jack M. (2009) [[Law and War in the Virtual Era]] &lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer &#039;&#039;(2005)&#039;&#039; [[Cyber-Insurance Revisited]]&lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer and Kataria, Gaurav &#039;&#039;(2006)&#039;&#039; [[Models and Measures for Correlation in Cyber-Insurance]]&lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer and Schwartz, Galina &#039;&#039;(2010)&#039;&#039; [[Modeling Cyber-Insurance]]&lt;br /&gt;
&lt;br /&gt;
Brown, Davis  (2006) [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]] &lt;br /&gt;
&lt;br /&gt;
Camp, and L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Camp, L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Camp, L. Jean and Wolfram, Catherine  (2004) [[Pricing Security]]&lt;br /&gt;
&lt;br /&gt;
Center for Strategic and International Studies (2008) [[Securing Cyberspace for the 44th Presidency]]&lt;br /&gt;
&lt;br /&gt;
Clarke, Richard A. and Knake, Robert (2010) [[Cyber War]]&lt;br /&gt;
&lt;br /&gt;
Clinton, Larry &#039;&#039;(Undated)&#039;&#039; [[Cyber-Insurance Metrics and Impact on Cyber-Security]]&lt;br /&gt;
&lt;br /&gt;
Computing Research Association (2003) [[Four Grand Challenges in Trustworthy Computing]]&lt;br /&gt;
&lt;br /&gt;
Department of Commerce (2010) [[Defense Industrial Base Assessment]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense Office of General Counsel (1999) [[An Assessment of International Legal Issues in Information Operations]] &lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence &#039;&#039;(2006)&#039;&#039; [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Dörmann, Knut  (2004) [[Applicability of the Additional Protocols to Computer Network Attacks]] &lt;br /&gt;
&lt;br /&gt;
Dunlap, Charles J. Jr. &#039;&#039;(2009)&#039;&#039; [[Towards a Cyberspace Legal Regime in the Twenty-First Century]] &lt;br /&gt;
&lt;br /&gt;
Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]&lt;br /&gt;
&lt;br /&gt;
Energetics Inc. (2006) [[Roadmap to Secure Control Systems in the Energy Sector]]&lt;br /&gt;
&lt;br /&gt;
Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]&lt;br /&gt;
&lt;br /&gt;
Franklin, Jason, et. al (2007) [[An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants]]&lt;br /&gt;
&lt;br /&gt;
Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Granick, Jennifer Stisa (2005) [[The Price of Restricting Vulnerability Publications]]&lt;br /&gt;
&lt;br /&gt;
Hollis, Duncan B. &#039;&#039;(2007)&#039;&#039; [[Why States Need an International Law for Information Operations]] &lt;br /&gt;
&lt;br /&gt;
Institute for Information Infrastructure Protection (2003) [[Cyber Security Research and Development Agenda]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]&lt;br /&gt;
&lt;br /&gt;
Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]&lt;br /&gt;
&lt;br /&gt;
Korns, Stephen W.  &#039;&#039;(2009)&#039;&#039; [[Cyber Operations]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2006) [[Much Ado About Notification]]&lt;br /&gt;
&lt;br /&gt;
McAfee, Inc. (2010) [[McAfee Threats Report]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2007) [[Examining the Impact of Website Take-down on Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2009)  [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
Nye, Joseph (2010) [[Cyber Power]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin  (2005)  [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
Romanosky et al. (2008) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]&lt;br /&gt;
&lt;br /&gt;
Rotenberg et. al &#039;&#039;(2010)&#039;&#039; [[The Cyber War Threat Has Been Grossly Exaggerated]]&lt;br /&gt;
&lt;br /&gt;
Schmit, Michael N., et. al &#039;&#039;(2004)&#039;&#039; [[Computers and War]] &lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N. &#039;&#039;(1999)&#039;&#039; [[Computer Network Attack and the Use of Force in International Law]] &lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N. &#039;&#039;(2002)&#039;&#039; [[Wired Warfare]] &lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2008) [[Schneier on Security]]&lt;br /&gt;
&lt;br /&gt;
Schwartz, Paul and Janger, Edward (2007) [[Notification of Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Sklerov, Matthew J. &#039;&#039;(2009)&#039;&#039; [[Solving the Dilemma of State Responses to Cyberattacks]] &lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2004) [[A Model for When Disclosure Helps Security]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2006) [[A Theory of Disclosure for Security and Competitive Reasons]]&lt;br /&gt;
&lt;br /&gt;
Symantec Corporation (2010) [[Symantec Global Internet Security Threat Report]]&lt;br /&gt;
&lt;br /&gt;
Telang, Rahul and Wattal, Sunil (2007) [[Impact of Software Vulnerability Announcements on the Market Value of Software Vendors]]&lt;br /&gt;
&lt;br /&gt;
Thomas, Rob and Martin, Jerry (2006) [[The Underground Economy]]&lt;br /&gt;
&lt;br /&gt;
Todd, Graham H. &#039;&#039;(2009)&#039;&#039; [[Armed Attack in Cyberspace]] &lt;br /&gt;
&lt;br /&gt;
Trend Micro Incorporated (2010) [[Trend Micro Annual Report]]&lt;br /&gt;
&lt;br /&gt;
van Eeten, Michel J. G.  and  Bauer, Johannes M. (2008) [[Economics of Malware]]&lt;br /&gt;
&lt;br /&gt;
Varian, Hal (2004) [[System Reliability and Free Riding]]&lt;br /&gt;
&lt;br /&gt;
Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]&lt;br /&gt;
&lt;br /&gt;
Zittrain, Jonathan L. (2008) [[The Future of the Internet and How To Stop It]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Metrics]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Economics of Cybersecurity | Economics of Cybersecurity-&amp;gt;]][[Risk Management and Investment]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Economics of Cybersecurity | Economics of Cybersecurity-&amp;gt;]][[Incentives]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Economics of Cybersecurity | Economics of Cybersecurity-&amp;gt;]][[Insurance]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Economics of Cybersecurity | Economics of Cybersecurity-&amp;gt;]][[Behavioral Economics]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Economics of Cybersecurity | Economics of Cybersecurity-&amp;gt;]][[Market Failure]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Supply Chain Issues]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Usability/Human Factors]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Psychology and Politics]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Information Sharing/Disclosure]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Public-Private Cooperation]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Attribution]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Identity Management]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Privacy]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Cybercrime]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Cyberwar]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Espionage | Espionage-&amp;gt;]][[Government to Government]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Espionage | Espionage-&amp;gt;]][[Industrial]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Espionage | Espionage-&amp;gt;]][[Media Perceptions]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents| Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Usability/Human_Factors&amp;diff=4760</id>
		<title>Usability/Human Factors</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Usability/Human_Factors&amp;diff=4760"/>
		<updated>2010-07-26T13:59:03Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Issues | Issues-&amp;gt;]][[Usability/Human Factors]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Computing Research Association (2003) [[Four Grand Challenges in Trustworthy Computing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2007) [[Examining the Impact of Website Take-down on Phishing]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2008) [[Schneier on Security]]&lt;br /&gt;
&lt;br /&gt;
Zittrain, Jonathan L. (2008) [[The Future of the Internet and How To Stop It]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents| Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Resource_by_Type&amp;diff=4619</id>
		<title>Resource by Type</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Resource_by_Type&amp;diff=4619"/>
		<updated>2010-07-21T21:55:30Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Resource by Type]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Camp, L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Center for Strategic and International Studies (2008) [[Securing Cyberspace for the 44th Presidency]]&lt;br /&gt;
&lt;br /&gt;
Clarke, Richard A. and Knake, Robert  (2010)  [[Cyber War]]&lt;br /&gt;
&lt;br /&gt;
Computing Research Association (2003) [[Four Grand Challenges in Trustworthy Computing]]&lt;br /&gt;
&lt;br /&gt;
Computer Economics, Inc. (2007) [[2007 Malware Report]]&lt;br /&gt;
&lt;br /&gt;
Computing Research Association &#039;&#039;(2003)&#039;&#039; [[Four Grand Challenges in Trustworthy Computing]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2005) [[Strategy for Homeland Defense and Civil Support]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2009) [[A Roadmap for Cybersecurity Research]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Energetics Inc. (2006) [[Roadmap to Secure Control Systems in the Energy Sector]]&lt;br /&gt;
&lt;br /&gt;
Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Institute for Information Infrastructure Protection (2003) [[Cyber Security Research and Development Agenda]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
McAfee, Inc. &#039;&#039;(2010)&#039;&#039; [[McAfee Threats Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
National Infrastructure Advisory Council &#039;&#039;(2004)&#039;&#039; [[Hardening The Internet]]&lt;br /&gt;
&lt;br /&gt;
National Institute of Standards and Technology &#039;&#039;(2006)&#039;&#039; [[SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Science and Technology Council &#039;&#039;(2006)&#039;&#039; [[Federal Plan for Cyber Security and Information Assurance Research and Development]]&lt;br /&gt;
&lt;br /&gt;
Networking and Information Technology Research and Development &#039;&#039;(2009)&#039;&#039; [[National Cyber Leap Year Summit 2009, Co-Chairs&#039; Report]]&lt;br /&gt;
&lt;br /&gt;
President&#039;s Commission on Critical Infrastructure Protection &#039;&#039;(1997)&#039;&#039; [[Critical Foundations]]&lt;br /&gt;
&lt;br /&gt;
President&#039;s Information Technology Advisory Council &#039;&#039;(2005)&#039;&#039; [[Cyber Security: A Crisis of Prioritization]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2008) [[Schneier on Security]]&lt;br /&gt;
&lt;br /&gt;
Symantec Corporation (2010) [[Symantec Global Internet Security Threat Report]]&lt;br /&gt;
&lt;br /&gt;
Trend Micro Incorporated (2010) [[Trend Micro Annual Report]]&lt;br /&gt;
&lt;br /&gt;
United States Secret Service &#039;&#039;(2004)&#039;&#039; [[Insider Threat Study]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2003)&#039;&#039; [[The National Strategy to Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2009)&#039;&#039; [[Cyberspace Policy Review]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2010)&#039;&#039; [[The Comprehensive National Cybersecurity Initiative]]&lt;br /&gt;
&lt;br /&gt;
Zittrain, Jonathan L. (2008) [[The Future of the Internet and How To Stop It]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Resource by Type | Resource by Type-&amp;gt;]][[Government Reports and Documents | Government Reports and Documents-&amp;gt;]][[US Government Reports and Documents]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Resource by Type | Resource by Type-&amp;gt;]][[Government Reports and Documents | Government Reports and Documents-&amp;gt;]][[Non-US Government Reports and Documents]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Resource by Type | Resource by Type-&amp;gt;]][[Independent Reports]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Resource by Type | Resource by Type-&amp;gt;]][[Industry Reports]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Resource by Type | Resource by Type-&amp;gt;]][[Books]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=US_Government_Reports_and_Documents&amp;diff=4618</id>
		<title>US Government Reports and Documents</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=US_Government_Reports_and_Documents&amp;diff=4618"/>
		<updated>2010-07-21T21:55:02Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Resource by Type | Resource by Type-&amp;gt;]][[Government Reports and Documents | Government Reports and Documents-&amp;gt;]][[US Government Reports and Documents]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2005) [[Strategy for Homeland Defense and Civil Support]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2009) [[A Roadmap for Cybersecurity Research]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Security Summit Task Force (2004) [[Information Security Governance]]&lt;br /&gt;
&lt;br /&gt;
National Infrastructure Advisory Council &#039;&#039;(2004)&#039;&#039; [[Hardening The Internet]]&lt;br /&gt;
&lt;br /&gt;
National Institute of Standards and Technology &#039;&#039;(2006)&#039;&#039; [[SP 800-82: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security]]&lt;br /&gt;
&lt;br /&gt;
National Science and Technology Council &#039;&#039;(2006)&#039;&#039; [[Federal Plan for Cyber Security and Information Assurance Research and Development]]&lt;br /&gt;
&lt;br /&gt;
Networking and Information Technology Research and Development &#039;&#039;(2009)&#039;&#039; [[National Cyber Leap Year Summit 2009, Co-Chairs&#039; Report]]&lt;br /&gt;
&lt;br /&gt;
President&#039;s Commission on Critical Infrastructure Protection &#039;&#039;(1997)&#039;&#039; [[Critical Foundations]]&lt;br /&gt;
&lt;br /&gt;
President&#039;s Information Technology Advisory Council &#039;&#039;(2005)&#039;&#039; [[Cyber Security: A Crisis of Prioritization]]&lt;br /&gt;
&lt;br /&gt;
United States Secret Service &#039;&#039;(2004)&#039;&#039; [[Insider Threat Study]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2003)&#039;&#039; [[The National Strategy to Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2009)&#039;&#039; [[Cyberspace Policy Review]]&lt;br /&gt;
&lt;br /&gt;
White House &#039;&#039;(2010)&#039;&#039; [[The Comprehensive National Cybersecurity Initiative]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Information_Security_Governance&amp;diff=4617</id>
		<title>Information Security Governance</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Information_Security_Governance&amp;diff=4617"/>
		<updated>2010-07-21T21:53:09Z</updated>

		<summary type="html">&lt;p&gt;Shane: /* Categorization */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Information Security Governance: A Call to Action&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Nat&#039;l Cyber Sec. Summit Task Force &#039;&#039;Information Security Governance&#039;&#039; (2004). [http://www.cyber.st.dhs.gov/docs/Information%20Security%20Governance-%20A%20Call%20to%20Action%20(2004).pdf  &#039;&#039;Web&#039;&#039;] [http://www.criminal-justice-careers.com/resources/InfoSecGov4_04.pdf &#039;&#039;AltWeb&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=NCSSTF:2004&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
&lt;br /&gt;
*Selected Resources by Type: [[US Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
*Threats and Actors: [[States]]; [[Groups]], [[Private Critical Infrastructure]]&lt;br /&gt;
&lt;br /&gt;
*Issues: [[Usability/Human Factors]], [[Psychology and Politics]], [[Information Sharing/Disclosure]], [[Public-Private Cooperation]]&lt;br /&gt;
&lt;br /&gt;
*Approaches: [[Regulation/Liability]], [[Private Efforts/Organizations]], [[Government Organizations]], [[Deterrence]], [[Technology]]&lt;br /&gt;
&lt;br /&gt;
==Key Words==&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Civilian_Participation | Civilian Participation]], [[Keyword_Index_and_Glossary_of_Core_Ideas#Department_of_Homeland_Security | Department of Homeland Security]], [[Keyword_Index_and_Glossary_of_Core_Ideas#National_Cybersecurity_Strategy_(U.S.) | National Cybersecurity Strategy (U.S.)]], [[Keyword_Index_and_Glossary_of_Core_Ideas#Research_&amp;amp;_Development | Research &amp;amp; Development]],&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
To better secure its information systems and strengthen America’s homeland security, the private sector should incorporate  information security into its corporate governance efforts. Although information security is not solely a technical issue, it is often treated that way. If businesses, educational institutions, and non-profit organizations are to make significant progress securing their information assets, executives must make information security an integral part of core business operations. There is no better way to accomplish this goal than to highlight it as part of the existing internal controls and policies that constitute corporate governance.&lt;br /&gt;
&lt;br /&gt;
The Corporate Governance Task Force believes that information security governance (ISG) efforts will be most successful if conducted voluntarily, instead of mandated by government. With the appropriate tools and guidance, the private sector can effectively rise to the challenges set out in The National Strategy to Secure Cyberspace.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Outline:&lt;br /&gt;
 EXECUTIVE SUMMARY &lt;br /&gt;
 1 INTRODUCTION AND CHARGE &lt;br /&gt;
 2 CORPORATE GOVERNANCE TASK FORCE RECOMMENDATIONS &lt;br /&gt;
  2.1 Information Security Governance Framework  &lt;br /&gt;
  2.2 ISG Framework Implementation  &lt;br /&gt;
  2.3 ISG Verification and Compliance  &lt;br /&gt;
  2.3.a Verification and Compliance Recommendations &lt;br /&gt;
 3.0 CONCLUSIONS  &lt;br /&gt;
 APPENDIX A: INFORMATION SECURITY GOVERNANCE FRAMEWORK  &lt;br /&gt;
 APPENDIX B: ISG FUNCTIONS AND RESPONSIBILITIES GUIDES  &lt;br /&gt;
 APPENDIX C: ORGANIZATION/PROCESS FOR IMPLEMENTATION  &lt;br /&gt;
 APPENDIX D: ISG ASSESSMENT TOOL&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Information_Security_Governance&amp;diff=4616</id>
		<title>Information Security Governance</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Information_Security_Governance&amp;diff=4616"/>
		<updated>2010-07-21T21:52:27Z</updated>

		<summary type="html">&lt;p&gt;Shane: /* Categorization */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Information Security Governance: A Call to Action&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Nat&#039;l Cyber Sec. Summit Task Force &#039;&#039;Information Security Governance&#039;&#039; (2004). [http://www.cyber.st.dhs.gov/docs/Information%20Security%20Governance-%20A%20Call%20to%20Action%20(2004).pdf  &#039;&#039;Web&#039;&#039;] [http://www.criminal-justice-careers.com/resources/InfoSecGov4_04.pdf &#039;&#039;AltWeb&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=NCSSTF:2004&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
&lt;br /&gt;
*Selected Resources by Type: [[U.S. Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
*Threats and Actors: [[States]]; [[Groups]], [[Private Critical Infrastructure]]&lt;br /&gt;
&lt;br /&gt;
*Issues: [[Usability/Human Factors]], [[Psychology and Politics]], [[Information Sharing/Disclosure]], [[Public-Private Cooperation]]&lt;br /&gt;
&lt;br /&gt;
*Approaches: [[Regulation/Liability]], [[Private Efforts/Organizations]], [[Government Organizations]], [[Deterrence]], [[Technology]]&lt;br /&gt;
&lt;br /&gt;
==Key Words==&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Civilian_Participation | Civilian Participation]], [[Keyword_Index_and_Glossary_of_Core_Ideas#Department_of_Homeland_Security | Department of Homeland Security]], [[Keyword_Index_and_Glossary_of_Core_Ideas#National_Cybersecurity_Strategy_(U.S.) | National Cybersecurity Strategy (U.S.)]], [[Keyword_Index_and_Glossary_of_Core_Ideas#Research_&amp;amp;_Development | Research &amp;amp; Development]],&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
To better secure its information systems and strengthen America’s homeland security, the private sector should incorporate  information security into its corporate governance efforts. Although information security is not solely a technical issue, it is often treated that way. If businesses, educational institutions, and non-profit organizations are to make significant progress securing their information assets, executives must make information security an integral part of core business operations. There is no better way to accomplish this goal than to highlight it as part of the existing internal controls and policies that constitute corporate governance.&lt;br /&gt;
&lt;br /&gt;
The Corporate Governance Task Force believes that information security governance (ISG) efforts will be most successful if conducted voluntarily, instead of mandated by government. With the appropriate tools and guidance, the private sector can effectively rise to the challenges set out in The National Strategy to Secure Cyberspace.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Outline:&lt;br /&gt;
 EXECUTIVE SUMMARY &lt;br /&gt;
 1 INTRODUCTION AND CHARGE &lt;br /&gt;
 2 CORPORATE GOVERNANCE TASK FORCE RECOMMENDATIONS &lt;br /&gt;
  2.1 Information Security Governance Framework  &lt;br /&gt;
  2.2 ISG Framework Implementation  &lt;br /&gt;
  2.3 ISG Verification and Compliance  &lt;br /&gt;
  2.3.a Verification and Compliance Recommendations &lt;br /&gt;
 3.0 CONCLUSIONS  &lt;br /&gt;
 APPENDIX A: INFORMATION SECURITY GOVERNANCE FRAMEWORK  &lt;br /&gt;
 APPENDIX B: ISG FUNCTIONS AND RESPONSIBILITIES GUIDES  &lt;br /&gt;
 APPENDIX C: ORGANIZATION/PROCESS FOR IMPLEMENTATION  &lt;br /&gt;
 APPENDIX D: ISG ASSESSMENT TOOL&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Information_Security_Governance&amp;diff=4615</id>
		<title>Information Security Governance</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Information_Security_Governance&amp;diff=4615"/>
		<updated>2010-07-21T21:44:46Z</updated>

		<summary type="html">&lt;p&gt;Shane: /* Key Words */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Information Security Governance: A Call to Action&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Nat&#039;l Cyber Sec. Summit Task Force &#039;&#039;Information Security Governance&#039;&#039; (2004). [http://www.cyber.st.dhs.gov/docs/Information%20Security%20Governance-%20A%20Call%20to%20Action%20(2004).pdf  &#039;&#039;Web&#039;&#039;] [http://www.criminal-justice-careers.com/resources/InfoSecGov4_04.pdf &#039;&#039;AltWeb&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=NCSSTF:2004&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
&lt;br /&gt;
Overview: [[US Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
==Key Words==&lt;br /&gt;
[[Keyword_Index_and_Glossary_of_Core_Ideas#Civilian_Participation | Civilian Participation]], [[Keyword_Index_and_Glossary_of_Core_Ideas#Department_of_Homeland_Security | Department of Homeland Security]], [[Keyword_Index_and_Glossary_of_Core_Ideas#National_Cybersecurity_Strategy_(U.S.) | National Cybersecurity Strategy (U.S.)]], [[Keyword_Index_and_Glossary_of_Core_Ideas#Research_&amp;amp;_Development | Research &amp;amp; Development]],&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
To better secure its information systems and strengthen America’s homeland security, the private sector should incorporate  information security into its corporate governance efforts. Although information security is not solely a technical issue, it is often treated that way. If businesses, educational institutions, and non-profit organizations are to make significant progress securing their information assets, executives must make information security an integral part of core business operations. There is no better way to accomplish this goal than to highlight it as part of the existing internal controls and policies that constitute corporate governance.&lt;br /&gt;
&lt;br /&gt;
The Corporate Governance Task Force believes that information security governance (ISG) efforts will be most successful if conducted voluntarily, instead of mandated by government. With the appropriate tools and guidance, the private sector can effectively rise to the challenges set out in The National Strategy to Secure Cyberspace.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Outline:&lt;br /&gt;
 EXECUTIVE SUMMARY &lt;br /&gt;
 1 INTRODUCTION AND CHARGE &lt;br /&gt;
 2 CORPORATE GOVERNANCE TASK FORCE RECOMMENDATIONS &lt;br /&gt;
  2.1 Information Security Governance Framework  &lt;br /&gt;
  2.2 ISG Framework Implementation  &lt;br /&gt;
  2.3 ISG Verification and Compliance  &lt;br /&gt;
  2.3.a Verification and Compliance Recommendations &lt;br /&gt;
 3.0 CONCLUSIONS  &lt;br /&gt;
 APPENDIX A: INFORMATION SECURITY GOVERNANCE FRAMEWORK  &lt;br /&gt;
 APPENDIX B: ISG FUNCTIONS AND RESPONSIBILITIES GUIDES  &lt;br /&gt;
 APPENDIX C: ORGANIZATION/PROCESS FOR IMPLEMENTATION  &lt;br /&gt;
 APPENDIX D: ISG ASSESSMENT TOOL&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Information_Security_Governance&amp;diff=4614</id>
		<title>Information Security Governance</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Information_Security_Governance&amp;diff=4614"/>
		<updated>2010-07-21T19:27:03Z</updated>

		<summary type="html">&lt;p&gt;Shane: /* Additional Notes and Highlights */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Information Security Governance: A Call to Action&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Nat&#039;l Cyber Sec. Summit Task Force &#039;&#039;Information Security Governance&#039;&#039; (2004). [http://www.cyber.st.dhs.gov/docs/Information%20Security%20Governance-%20A%20Call%20to%20Action%20(2004).pdf  &#039;&#039;Web&#039;&#039;] [http://www.criminal-justice-careers.com/resources/InfoSecGov4_04.pdf &#039;&#039;AltWeb&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=NCSSTF:2004&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
&lt;br /&gt;
Overview: [[US Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
==Key Words== &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
To better secure its information systems and strengthen America’s homeland security, the private sector should incorporate  information security into its corporate governance efforts. Although information security is not solely a technical issue, it is often treated that way. If businesses, educational institutions, and non-profit organizations are to make significant progress securing their information assets, executives must make information security an integral part of core business operations. There is no better way to accomplish this goal than to highlight it as part of the existing internal controls and policies that constitute corporate governance.&lt;br /&gt;
&lt;br /&gt;
The Corporate Governance Task Force believes that information security governance (ISG) efforts will be most successful if conducted voluntarily, instead of mandated by government. With the appropriate tools and guidance, the private sector can effectively rise to the challenges set out in The National Strategy to Secure Cyberspace.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Outline:&lt;br /&gt;
 EXECUTIVE SUMMARY &lt;br /&gt;
 1 INTRODUCTION AND CHARGE &lt;br /&gt;
 2 CORPORATE GOVERNANCE TASK FORCE RECOMMENDATIONS &lt;br /&gt;
  2.1 Information Security Governance Framework  &lt;br /&gt;
  2.2 ISG Framework Implementation  &lt;br /&gt;
  2.3 ISG Verification and Compliance  &lt;br /&gt;
  2.3.a Verification and Compliance Recommendations &lt;br /&gt;
 3.0 CONCLUSIONS  &lt;br /&gt;
 APPENDIX A: INFORMATION SECURITY GOVERNANCE FRAMEWORK  &lt;br /&gt;
 APPENDIX B: ISG FUNCTIONS AND RESPONSIBILITIES GUIDES  &lt;br /&gt;
 APPENDIX C: ORGANIZATION/PROCESS FOR IMPLEMENTATION  &lt;br /&gt;
 APPENDIX D: ISG ASSESSMENT TOOL&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Information_Security_Governance&amp;diff=4613</id>
		<title>Information Security Governance</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Information_Security_Governance&amp;diff=4613"/>
		<updated>2010-07-21T17:27:30Z</updated>

		<summary type="html">&lt;p&gt;Shane: /* Full Citation */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Full Title of Reference==&lt;br /&gt;
Information Security Governance: A Call to Action&lt;br /&gt;
&lt;br /&gt;
==Full Citation==&lt;br /&gt;
&lt;br /&gt;
Nat&#039;l Cyber Sec. Summit Task Force &#039;&#039;Information Security Governance&#039;&#039; (2004). [http://www.cyber.st.dhs.gov/docs/Information%20Security%20Governance-%20A%20Call%20to%20Action%20(2004).pdf  &#039;&#039;Web&#039;&#039;] [http://www.criminal-justice-careers.com/resources/InfoSecGov4_04.pdf &#039;&#039;AltWeb&#039;&#039;]&lt;br /&gt;
&lt;br /&gt;
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&amp;amp;view=detailed&amp;amp;startkey=NCSSTF:2004&amp;amp;f=wikibiblio.bib BibTeX]&lt;br /&gt;
&lt;br /&gt;
==Categorization==&lt;br /&gt;
&lt;br /&gt;
Overview: [[US Government Reports and Documents]]&lt;br /&gt;
&lt;br /&gt;
==Key Words== &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Synopsis==&lt;br /&gt;
To better secure its information systems and strengthen America’s homeland security, the private sector should incorporate  information security into its corporate governance efforts. Although information security is not solely a technical issue, it is often treated that way. If businesses, educational institutions, and non-profit organizations are to make significant progress securing their information assets, executives must make information security an integral part of core business operations. There is no better way to accomplish this goal than to highlight it as part of the existing internal controls and policies that constitute corporate governance.&lt;br /&gt;
&lt;br /&gt;
The Corporate Governance Task Force believes that information security governance (ISG) efforts will be most successful if conducted voluntarily, instead of mandated by government. With the appropriate tools and guidance, the private sector can effectively rise to the challenges set out in The National Strategy to Secure Cyberspace.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
==Additional Notes and Highlights==&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Private_Efforts/Organizations&amp;diff=4612</id>
		<title>Private Efforts/Organizations</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Private_Efforts/Organizations&amp;diff=4612"/>
		<updated>2010-07-21T17:17:17Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Approaches | Approaches-&amp;gt;]][[Private Efforts/Organizations]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Issues&amp;diff=4611</id>
		<title>Issues</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Issues&amp;diff=4611"/>
		<updated>2010-07-21T17:17:03Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Issues]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross (2001) [[Why Information Security is Hard]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross and Moore, Tyler (2006) [[The Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross, et. al (2008) [[Security Economics and the Internal Market]]&lt;br /&gt;
&lt;br /&gt;
Arora et al. (2006) [[Does Information Security Attack Frequency Increase With Vulnerability Disclosure]]&lt;br /&gt;
&lt;br /&gt;
Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]&lt;br /&gt;
&lt;br /&gt;
Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]] &lt;br /&gt;
&lt;br /&gt;
Beard, Jack M. (2009) [[Law and War in the Virtual Era]] &lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer &#039;&#039;(2005)&#039;&#039; [[Cyber-Insurance Revisited]]&lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer and Kataria, Gaurav &#039;&#039;(2006)&#039;&#039; [[Models and Measures for Correlation in Cyber-Insurance]]&lt;br /&gt;
&lt;br /&gt;
Bohme, Rainer and Schwartz, Galina &#039;&#039;(2010)&#039;&#039; [[Modeling Cyber-Insurance]]&lt;br /&gt;
&lt;br /&gt;
Brown, Davis  (2006) [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]] &lt;br /&gt;
&lt;br /&gt;
Camp, and L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Camp, L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Camp, L. Jean and Wolfram, Catherine  (2004) [[Pricing Security]]&lt;br /&gt;
&lt;br /&gt;
Center for Strategic and International Studies (2008) [[Securing Cyberspace for the 44th Presidency]]&lt;br /&gt;
&lt;br /&gt;
Clarke, Richard A. and Knake, Robert (2010) [[Cyber War]]&lt;br /&gt;
&lt;br /&gt;
Clinton, Larry &#039;&#039;(Undated)&#039;&#039; [[Cyber-Insurance Metrics and Impact on Cyber-Security]]&lt;br /&gt;
&lt;br /&gt;
Computing Research Association (2003) [[Four Grand Challenges in Trustworthy Computing]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense Office of General Counsel (1999) [[An Assessment of International Legal Issues in Information Operations]] &lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence &#039;&#039;(2006)&#039;&#039; [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Dörmann, Knut  &#039;&#039;(2004)&#039;&#039; [[Applicability of the Additional Protocols to Computer Network Attacks]] &lt;br /&gt;
&lt;br /&gt;
Dunlap, Charles J. Jr. &#039;&#039;(2009)&#039;&#039; [[Towards a Cyberspace Legal Regime in the Twenty-First Century]] &lt;br /&gt;
&lt;br /&gt;
Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]&lt;br /&gt;
&lt;br /&gt;
Energetics Inc. (2006) [[Roadmap to Secure Control Systems in the Energy Sector]]&lt;br /&gt;
&lt;br /&gt;
Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]&lt;br /&gt;
&lt;br /&gt;
Franklin, Jason, et. al (2007) [[An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants]]&lt;br /&gt;
&lt;br /&gt;
Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Granick, Jennifer Stisa (2005) [[The Price of Restricting Vulnerability Publications]]&lt;br /&gt;
&lt;br /&gt;
Hollis, Duncan B. &#039;&#039;(2007)&#039;&#039; [[Why States Need an International Law for Information Operations]] &lt;br /&gt;
&lt;br /&gt;
Institute for Information Infrastructure Protection (2003) [[Cyber Security Research and Development Agenda]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]&lt;br /&gt;
&lt;br /&gt;
Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]&lt;br /&gt;
&lt;br /&gt;
Korns, Stephen W.  &#039;&#039;(2009)&#039;&#039; [[Cyber Operations]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2006) [[Much Ado About Notification]]&lt;br /&gt;
&lt;br /&gt;
McAfee, Inc. (2010) [[McAfee Threats Report]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2007) [[Examining the Impact of Website Take-down on Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2009)  [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
Nye, Joseph (2010) [[Cyber Power]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin  (2005)  [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
Romanosky et al. (2008) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]&lt;br /&gt;
&lt;br /&gt;
Rotenberg et. al &#039;&#039;(2010)&#039;&#039; [[The Cyber War Threat Has Been Grossly Exaggerated]]&lt;br /&gt;
&lt;br /&gt;
Schmit, Michael N., et. al &#039;&#039;(2004)&#039;&#039; [[Computers and War]] &lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N. &#039;&#039;(1999)&#039;&#039; [[Computer Network Attack and the Use of Force in International Law]] &lt;br /&gt;
&lt;br /&gt;
Schmitt, Michael N. &#039;&#039;(2002)&#039;&#039; [[Wired Warfare]] &lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2008) [[Schneier on Security]]&lt;br /&gt;
&lt;br /&gt;
Schwartz, Paul and Janger, Edward (2007) [[Notification of Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Sklerov, Matthew J. &#039;&#039;(2009)&#039;&#039; [[Solving the Dilemma of State Responses to Cyberattacks]] &lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2004) [[A Model for When Disclosure Helps Security]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2006) [[A Theory of Disclosure for Security and Competitive Reasons]]&lt;br /&gt;
&lt;br /&gt;
Symantec Corporation (2010) [[Symantec Global Internet Security Threat Report]]&lt;br /&gt;
&lt;br /&gt;
Telang, Rahul and Wattal, Sunil (2007) [[Impact of Software Vulnerability Announcements on the Market Value of Software Vendors]]&lt;br /&gt;
&lt;br /&gt;
Thomas, Rob and Martin, Jerry (2006) [[The Underground Economy]]&lt;br /&gt;
&lt;br /&gt;
Todd, Graham H. &#039;&#039;(2009)&#039;&#039; [[Armed Attack in Cyberspace]] &lt;br /&gt;
&lt;br /&gt;
Trend Micro Incorporated (2010) [[Trend Micro Annual Report]]&lt;br /&gt;
&lt;br /&gt;
van Eeten, Michel J. G.  and  Bauer, Johannes M. (2008) [[Economics of Malware]]&lt;br /&gt;
&lt;br /&gt;
Varian, Hal (2004) [[System Reliability and Free Riding]]&lt;br /&gt;
&lt;br /&gt;
Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]&lt;br /&gt;
&lt;br /&gt;
Zittrain, Jonathan L. (2008) [[The Future of the Internet and How To Stop It]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Metrics]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Economics of Cybersecurity | Economics of Cybersecurity-&amp;gt;]][[Risk Management and Investment]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Economics of Cybersecurity | Economics of Cybersecurity-&amp;gt;]][[Incentives]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Economics of Cybersecurity | Economics of Cybersecurity-&amp;gt;]][[Insurance]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Economics of Cybersecurity | Economics of Cybersecurity-&amp;gt;]][[Behavioral Economics]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Economics of Cybersecurity | Economics of Cybersecurity-&amp;gt;]][[Market Failure]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Supply Chain Issues]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Usability/Human Factors]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Psychology and Politics]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Information Sharing/Disclosure]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Public-Private Cooperation]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Attribution]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Identity Management]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Privacy]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Cybercrime]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Cyberwar]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Espionage | Espionage-&amp;gt;]][[Government to Government]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Espionage | Espionage-&amp;gt;]][[Industrial]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Issues | Issues-&amp;gt;]][[Espionage | Espionage-&amp;gt;]][[Media Perceptions]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents| Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Approaches&amp;diff=4610</id>
		<title>Approaches</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Approaches&amp;diff=4610"/>
		<updated>2010-07-21T17:16:29Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Approaches]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross (2001) [[Why Information Security is Hard]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross and Moore, Tyler (2006)  [[The Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross, et. al (2008) [[Security Economics and the Internal Market]]&lt;br /&gt;
&lt;br /&gt;
Aviram, Amitai and Tor, Avishalom (2004) [[Overcoming Impediments to Information Sharing]]&lt;br /&gt;
&lt;br /&gt;
Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]] &lt;br /&gt;
&lt;br /&gt;
Beard, Jack M. (2009) [[Law and War in the Virtual Era]]&lt;br /&gt;
&lt;br /&gt;
Brown, Davis  (2006) [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]]  &lt;br /&gt;
&lt;br /&gt;
Camp, L. Jean and Lewis, Stephen (2004) [[Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Center for Strategic and International Studies (2008) [[Securing Cyberspace for the 44th Presidency]]&lt;br /&gt;
&lt;br /&gt;
Clarke, Richard A. and Knake, Robert (2010) [[Cyber War]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense &#039;&#039;(2005)&#039;&#039; [[Strategy for Homeland Defense and Civil Support]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense Office of General Counsel (1999) [[An Assessment of International Legal Issues in Information Operations]] &lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]&lt;br /&gt;
&lt;br /&gt;
Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Granick, Jennifer Stisa (2005) [[The Price of Restricting Vulnerability Publications]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]&lt;br /&gt;
&lt;br /&gt;
Kobayashi, Bruce H. (2006) [[An Economic Analysis of the Private and Social Costs of the Provision of Cybersecurity and Other Public Security Goods]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2005) [[An Economic Analysis of Notification Requirements for Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Lernard, Thomas M. and Rubin, Paul H. (2006) [[Much Ado About Notification]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2007) [[Examining the Impact of Website Take-down on Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
Nye, Joseph (2010) [[Cyber Power]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin  (2005)  [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
Romanosky et al. (2008) [[Do Data Breach Disclosure Laws Reduce Identity Theft]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2008) [[Schneier on Security]]&lt;br /&gt;
&lt;br /&gt;
Schwartz, Paul and Janger, Edward (2007) [[Notification of Data Security Breaches]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2004) [[A Model for When Disclosure Helps Security]]&lt;br /&gt;
&lt;br /&gt;
Swire, Peter P (2006) [[A Theory of Disclosure for Security and Competitive Reasons]]&lt;br /&gt;
&lt;br /&gt;
Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]&lt;br /&gt;
&lt;br /&gt;
Zittrain, Jonathan L. (2008) [[The Future of the Internet and How To Stop It]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Approaches | Approaches-&amp;gt;]][[Regulation/Liability]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Approaches | Approaches-&amp;gt;]][[Private Efforts/Organizations]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Approaches | Approaches-&amp;gt;]][[Government Organizations]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Approaches | Approaches-&amp;gt;]][[International Cooperation]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Approaches | Approaches-&amp;gt;]][[International Law (including Laws of War)]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Approaches | Approaches-&amp;gt;]][[Deterrence]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Approaches | Approaches-&amp;gt;]][[Technology]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Threats_and_Actors&amp;diff=4609</id>
		<title>Threats and Actors</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Threats_and_Actors&amp;diff=4609"/>
		<updated>2010-07-21T17:13:00Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Threats and Actors]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]]&lt;br /&gt;
&lt;br /&gt;
Brown, Davis  (2006) [[A Proposal for an International Convention To Regulate the Use of Information Systems in Armed Conflict]]&lt;br /&gt;
&lt;br /&gt;
Clarke, Richard A. and Knake, Robert  (2010)  [[Cyber War]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense &#039;&#039;(2005)&#039;&#039; [[Strategy for Homeland Defense and Civil Support]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense Office of General Counsel (1999) [[An Assessment of International Legal Issues in Information Operations]] &lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Energetics Inc. (2006) [[Roadmap to Secure Control Systems in the Energy Sector]]&lt;br /&gt;
&lt;br /&gt;
Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]&lt;br /&gt;
&lt;br /&gt;
Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]&lt;br /&gt;
&lt;br /&gt;
Franklin, Jason, et. al (2007) [[An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants]]&lt;br /&gt;
&lt;br /&gt;
Grady, Mark F. and Parisi, Francesco (2006) [[The Law and Economics of Cybersecurity]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Vincent R. (2005) [[Cybersecurity, Identity Theft, and the Limits of Tort Liability]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
McAfee, Inc. (2010) [[McAfee Threats Report]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2007) [[Examining the Impact of Website Take-down on Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (2007) [[Toward a Safer and More Secure Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
Nye, Joseph (2010) [[Cyber Power]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin  (2005)  [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
Rotenberg et. al. (&#039;&#039;2010&#039;&#039;) [[The Cyber War Threat Has Been Grossly Exaggerated]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2008) [[Schneier on Security]]&lt;br /&gt;
&lt;br /&gt;
Stohl, Michael &#039;&#039;(2006)&#039;&#039; [[Cyber Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Symantec Corporation (2010) [[Symantec Global Internet Security Threat Report]]&lt;br /&gt;
&lt;br /&gt;
Thomas, Rob and Martin, Jerry (2006) [[The Underground Economy]]&lt;br /&gt;
&lt;br /&gt;
Watts, Sean (2010) [[Combatant Status and Computer Network Attack]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Actors and Incentives | Actors and Incentives-&amp;gt;]][[States]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Actors and Incentives | Actors and Incentives-&amp;gt;]][[Groups]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Actors and Incentives | Actors and Incentives-&amp;gt;]][[Hacktivists]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Actors and Incentives | Actors and Incentives-&amp;gt;]][[Terrorists]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets | Security Targets-&amp;gt;]][[Public Critical Infrastructure | Public Critical Infrastructure-&amp;gt;]][[Government Networks (.gov)]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets | Security Targets-&amp;gt;]][[Public Critical Infrastructure | Public Critical Infrastructure-&amp;gt;]][[Military Networks (.mil)]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets | Security Targets-&amp;gt;]][[Private Critical Infrastructure | Private Critical Infrastructure-&amp;gt;]][[Electricity, Oil and Natural Gas]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets | Security Targets-&amp;gt;]][[Private Critical Infrastructure | Private Critical Infrastructure-&amp;gt;]][[Financial Institutions and Networks]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets | Security Targets-&amp;gt;]][[Private Critical Infrastructure | Private Critical Infrastructure-&amp;gt;]][[Transportation]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets | Security Targets-&amp;gt;]][[Private Critical Infrastructure | Private Critical Infrastructure-&amp;gt;]][[Water, Sewer, etc.]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets | Security Targets-&amp;gt;]][[Communications | Communications-&amp;gt;]][[Telephone]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets | Security Targets-&amp;gt;]][[Communications | Communications-&amp;gt;]][[Public Data Networks]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets | Security Targets-&amp;gt;]][[Communications | Communications-&amp;gt;]][[Cloud Computing]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Technology&amp;diff=4608</id>
		<title>Technology</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Technology&amp;diff=4608"/>
		<updated>2010-07-21T17:12:44Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Approaches | Approaches-&amp;gt;]][[Technology]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross and Moore, Tyler (2006)  [[The Economics of Information Security]]&lt;br /&gt;
&lt;br /&gt;
Gandal, Neil (2008) [[An Introduction to Key Themes in the Economics of Cyber Security]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2007) [[Examining the Impact of Website Take-down on Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents| Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Communications&amp;diff=4607</id>
		<title>Communications</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Communications&amp;diff=4607"/>
		<updated>2010-07-21T17:12:21Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets | Security Targets-&amp;gt;]][[Communications]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Communications | Communications-&amp;gt;]][[Telephone]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Communications | Communications-&amp;gt;]][[Public Data Networks]]&#039;&#039;&lt;br /&gt;
*&#039;&#039;[[Communications | Communications-&amp;gt;]][[Cloud Computing]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents| Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Groups&amp;diff=4606</id>
		<title>Groups</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Groups&amp;diff=4606"/>
		<updated>2010-07-21T17:12:04Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Threats and Actors | Threats and Actors-&amp;gt;]][[Actors and Incentives | Actors and Incentives-&amp;gt;]][[Groups]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
Korns, Stephen W.  (2009) [[Cyber Operations]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Government_Organizations&amp;diff=4605</id>
		<title>Government Organizations</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Government_Organizations&amp;diff=4605"/>
		<updated>2010-07-21T17:11:50Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Approaches | Approaches-&amp;gt;]][[Government Organizations]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Barkham, Jason (2001) [[Information Warfare and International Law on the Use of Force]] &lt;br /&gt;
&lt;br /&gt;
Department of Defense (2007) [[Mission Impact of Foreign Influence on DoD Software]]&lt;br /&gt;
&lt;br /&gt;
Department of Defense (2005) [[Strategy for Homeland Defense and Civil Support]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2009) [[A Roadmap for Cybersecurity Research]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Kramer, Franklin D., et. al (2009) [[Cyberpower and National Security]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
National Research Council (1999) [[Trust in Cyberspace]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2003) [[Beyond Fear]]&lt;br /&gt;
&lt;br /&gt;
Schneier, Bruce (2008) [[Schneier on Security]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
	<entry>
		<id>https://cyber.harvard.edu/cybersecurity/?title=Financial_Institutions_and_Networks&amp;diff=4604</id>
		<title>Financial Institutions and Networks</title>
		<link rel="alternate" type="text/html" href="https://cyber.harvard.edu/cybersecurity/?title=Financial_Institutions_and_Networks&amp;diff=4604"/>
		<updated>2010-07-21T17:11:34Z</updated>

		<summary type="html">&lt;p&gt;Shane: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&#039;&#039;[[Table of Contents | TOC-&amp;gt;]][[Threats and Actors | Threats and Actors-&amp;gt;]][[Security Targets | Security Targets-&amp;gt;]][[Private Critical Infrastructure | Private Critical Infrastructure-&amp;gt;]][[Financial Institutions and Networks]]&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
Anderson, Ross J. (2008) [[Security Engineering]]&lt;br /&gt;
&lt;br /&gt;
Epstein, Richard A. and Brown, Thomas P. (2008) [[Cybersecurity in the Payment Card Industry]]&lt;br /&gt;
&lt;br /&gt;
Department of Homeland Security (2003) [[The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets]]&lt;br /&gt;
&lt;br /&gt;
Deputy Chief of Staff for Intelligence (2006) [[Critical Infrastructure Threats and Terrorism]]&lt;br /&gt;
&lt;br /&gt;
Financial Services Sector Coordinating Council for Critical Infrastructure Protection (2008) [[Research Agenda for the Banking and Finance Sector]]&lt;br /&gt;
&lt;br /&gt;
Johnson, Eric M. (2008) [[Managing Information Risk and the Economics of Security]]&lt;br /&gt;
&lt;br /&gt;
McAfee, Inc. (2010) [[McAfee Threats Report]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard  (2008) [[The Consequence of Non-Cooperation in the Fight Against Phishing]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler and Clayton, Richard (2009) [[The Impact of Incentives on Notice and Take-down]]&lt;br /&gt;
&lt;br /&gt;
Moore, Tyler, et. al (2009) [[The Economics of Online Crime]]&lt;br /&gt;
&lt;br /&gt;
National Cyber Defense Initiative (2009) [[National Cyber Defense Financial Services Workshop Report]]&lt;br /&gt;
&lt;br /&gt;
Powell, Benjamin  (2005)  [[Is Cybersecurity a Public Good]]&lt;br /&gt;
&lt;br /&gt;
Symantec Corporation (2010) [[Symantec Global Internet Security Threat Report]]&lt;br /&gt;
&lt;br /&gt;
Thomas, Rob and Martin, Jerry (2006) [[The Underground Economy]]&lt;br /&gt;
&lt;br /&gt;
*&#039;&#039;&#039;&#039;&#039;Subcategories:&#039;&#039;&#039;&#039;&#039; &#039;&#039;None&#039;&#039;&lt;br /&gt;
&lt;br /&gt;
&#039;&#039;[[Table of Contents | Jump to Table of Contents]]&#039;&#039;&lt;/div&gt;</summary>
		<author><name>Shane</name></author>
	</entry>
</feed>