Domain: gocsi.com
Stories and comments across the archive that link to gocsi.com.
Comments · 9
-
The Real Data and CSI Links
This article doesn't even mention the Computer Security Institute (CSI), the organization which conducts and publishes these surveys. The FBI allows them use of crime databases and is just presented the end result. On top of that, they present you with one graph and label it as referenced from the "Computer Crime Survey" when, in fact, this survey also had to do with security and is entitled 2005 Computer Crime and Security Survey. I believe you'll find a wealth of information in that PDF as it contains many graphs that break down respondents of crimes, average security expenditures, types of attacks, etc. If you're interested in what constitutes a "computer crime," check out the policy and sample cases (some amusing) as we all know that what is and isn't illegal with computers can get very fuzzy very fast.
I think this is a case of CSI running a survey and doing a damn fine job on the support but the media (and Slashdot) feel that FBI is better news than CSI. -
Re:They're no different...
You're probably right that your mom can cause more physical damage to others with her car, but I would argue that she could probably cause more monetary damage to others with her computer. Distributed denial of service attacks are consistently ranked as the most expensive attacks against companies, universities, and government agencies (outranking viruses and spyware). Actually, the worst your mom and her Dell (had to throw that in to remain on-topic) could do is not "install sypware by accident", but actually be used as a zombie to send out spam or launch DDoS attacks.
Granted, the person that suggests requiring a "driver's license" for the Internet is never going to win a popularity contest, but the GP has a valid point about requiring a little bit of knowledge in order to use a computer. I would recommend holding the ISP accountable for your mom's actions. If AOL gets fined whenever your mom's computer is used to launch a DDoS attack, they'll start dropping the customers that refuse to install virus/spyware protection. After your mom gets kicked by a couple of ISPs, she'll be forced to learn not to open the email attachment from her friend in Nigeria. On the other hand, if your mom can use her computer without harming anyone else, Dell and AOL will be happy to keep her as a customer and we'll be all the merrier.
-
Re:Money Power Politicss
Based on data in 2003 CSI/FBI Computer Crime and Security Survey, 40% of institutes suspected that US competitors were the source of at least one attack against them. Foreign companies and goverments attacked against 25% of instituest.
I think it will be used as corpate espionage tool.
-
Some Reading
I found Counter Hack a good book to read and Tangled Web
Both emphasize that Internal Factors should be given as high (if not higher) priority than just blocking incoming ports (which is all a lot of the /. 'Use iptables dude' guys do...)
If you want to get serious, you'll have to understand the social, ecenomic and technical factors behind computer security, especially if you want to play with the big guys.
My $0.02 -
Survey: We Only See the Tip of the Iceberg
The Computer Security Institute announced in its Computer Crime and Security Survey that 90% of respondents had security breaches in the last year. ONLY 34% reported ANY of the breaches to law enforcement for fear of bad publicity.
Bottom line: We barely see the tip of the iceberg when it comes to computer security breaches. -
Survey: We Only See the Tip of the Iceberg
The Computer Security Institute announced in its Computer Crime and Security Survey that 90% of respondents had security breaches in the last year. ONLY 34% reported ANY of the breaches to law enforcement for fear of bad publicity.
Bottom line: We barely see the tip of the iceberg when it comes to computer security breaches. -
Actually...it's amazing how slowly people give up outdated truisms.
This is a quote quoted in The CSI/FBI Computer Crime and Security Survey:
"Over its seven-year life span, the survey has told a compelling story. It has underscored some of the verities of the information security profession, for example that technology alone cannot thwart cyber attacks and that there is a need for greater cooperation between the private sector and the government. It has also challenged some of the profession's 'conventional wisdom,' for example that the 'threat from inside the organization is far greater than the threat from outside the organization' and that 'most hack attacks are perpetrated by juveniles on joy-rides in cyberspace.' Over the seven-year life span of the survey, a sense of the 'facts on the ground' has emerged. There is much more illegal and unauthorized activity going on in cyberspace than corporations admit to their clients, stockholders and business partners or report to law enforcement. Incidents are widespread, costly and commonplace. Post-9/11, there seems to be a greater appreciation for how much information security means not only to each individual enterprise but also to the economy itself and to society as a whole. Hopefully, this greater appreciation will translate into increased staffing levels, more investment in training and enhanced organizational clout for those responsible for information security."
In other words, please give up on this nonsense about how there's more risk from the inside. It's kind of obvious, really: how many more people are there on the internet than there are inside a typical organization? I personally have dealt with 10's if not 100's of external breakins. I've only dealt with one internal breakin, and that one started from on-campus, looped through an offcampus host, and only then came back oncampus.
-
Re:or..Hahaha... MAYBE not?
Anyways... Internal vulnerability to attack is nothing new, its always been considered the most likely source of an attempt on an organization's security. However, recent reports from law enforcement show that the rising threat of external attack is starting to become more serious than in previous years.
Of course, internal vulnerability to fraud and data theft are still very important (USB keychain datastorage, keystroke monitors, and cd burners in workstations pose significant risks).
-
CRC Pressare publishers of many respected technical reference books. Several of my favorite books are CRC titles. I am quite disappointed in this action.
CRC representatives will be at a number of technical conferences this year, including the Computer Security Conference in Chicago next week. I intend to visit their booth and talk to their representative about this shameful action. You should, too.
Assuming they don't just use an attractive freelancing schoolteacher, which other book companies seem to do...