IMT 551 Foundations of Organizational INFORMATION ASSURANCE Cho-I Chang October 24, 2007 Dr. Barbara Endicott-Popovsky Homework 3a Cyber security always has been an important issue. The current patterns and threat trends are focused on identify theft, data theft, and hackers overflow. The U.S. Secret Service study found that about 60 percent of identity theft is done by people not known to their victim, and identity theft has become the financial crime in the 21st century. Data thefts happen all over the U.S. Data thieves and external attackers account for about 70 percent of the business cybercrime, and rest of the attacks are from inside of the company. In 2006, unknown attackers attacked AT&T. The attacker accessed customer accounts without authorization. Some data thieves were not intend to steal data, but the object they stole contained valuable data. Wells Fargo had data compromise due to a banker lost her suitcase in a robbery. Hackers overflow is a critical issue to many countries, especially in the U.S. From political point of views, U.S is one of the strongest countries in the world. Many of its enemy wants to get their hands on U.S secret, for instance, U.S top-secret military weapons or NASA research or space plans. From user’s point of view, users cracked either software or hardware programs to satisfy their desires. Apple’s new product iPhone, it has only been out on the market for four months. Someone has already cracked the phone, therefore iPhone users do not have to deal with Singular or they can add programs to the phone. In China, there are so many pirate visions of software or movies. Each hack would cost greatly to the industry. IMT 551 Foundations of Organizational INFORMATION ASSURANCE Grading Criteria for Assignment 3b Percentage Content of the papers 40% Relevance to the concepts of our course 25% Logical development of ideas 25% Professionally presented: grammar, spelling, format 10% TOTAL 100% Good perspective on the dashboard--you've given this good thought. Good comprehensive list. Homework 3B It is very important for any information technology professionals for staying current. In order to stay current, one should to attend organization meetings and seminars to obtain value information. Here is a list of my “dashboard”. US-CERT- http://www.us-cert.gov. US-CERT has a partnership with the Department of Homeland Security. It analyzing and reducing cyber threats and vulnerabilities. US-CERT interacts with federal agencies, industry, and research community to distribute cyber security information to the public. Trend Micro - http://www.trendmicro.com. Trend Micro has a Threat Resource Center. It displays latest threats and risks, grayware/spyware watch, Spam & Botnet watch, Crimeware Watch, and Malware Blog. It is very convenience for information security professionals to stay current. Symantec - http://www.symantec.com. Symantec offers ThreatCon to inform users on current viruses and risks. Symantec generates Internet security threat reports to offer analysis and discussion of threat activity. The report covers Internet attacks, vulnerabilities, malicious code, Phishing, spam, security risks, and future trends. Security info watch - www.securityinfowatch.com. Security info watch provides newsletters to inform professionals. It offers many resources like blogs, forum, Podcasts, magazines to help users staying current. The resources cover new technology, news, top issues and more. There are many meetings and seminars that information security professionals can attend for continual education. ISSA offers annual meeting to recognize industry leaders IMT 551 Foundations of Organizational INFORMATION ASSURANCE and opportunity to meet with the ISSA International Board and honorees. ISSA also offers events and conferences for the discussion of practices and technologies. ISACA has global conferences and educational opportunities for professional. ISACA conferences will discuss the latest technologies, systems, and approaches. NIST has many events that address many important information security issues.