First Topic Listing
Previous Topic Listing
Next Topic Listing
Last Topic Listing
(Links to resources will open in a new window)
At the February 2002 CENDI meeting, Dr. Liu explained that the biggest threats for computer security at NLM are from information gathering and viruses and that the challenge is to maintain performance and reliability in the face of these threats. The current security architecture at NLM includes three zones, however, in 2002, they will be moving to a five zone architecture. The new architecture separates the internal IDS from the incident monitoring and for public servers from the private servers. Dr. Liu characterized the new system as being multidimensional in nature. He closed by saying that good security is better than perfect security that can never be implemented.
ICSU is a non-governmental organization, founded in 1931 to bring together natural scientists in international scientific endeavor. The Council acts as a focus for the exchange of ideas and information and the development of standards. This site links to the conference program, committees, and summaries of invited papers for this joint conference with UNESCO. The 13 invited papers cover topics on standards, archiving, electronic publishing in developing countries, digital libraries, S&T information, copyright, data security, and economics of information.
The nation's security relies on a variety of infrastructures for telecommunications, finance, transportation, etc. All of these systems are increasingly dependent on computers and computer network technology. This report discusses the current state of knowledge regarding secure, trustworthy and reliable systems, and outlines a research agenda to improve trust in cyberspace.
The CNI organization is described. There are over 200 institutional members, predominantly higher education institutions. All are concerned about the impact of networking on education. Four major areas of effort: general advocacy about networked information, content and organization on the Internet, organization and professional issues, including strategies and best practices, and standards and infrastructure. Specific projects in these areas are described. Of particular interest is distance learning/education.
The global economy requires the sharing of information, even sensitive information, with appropriate parties, across national boundaries. However, it is important for competitiveness and national security that this information be protected from vandalism or interception. This report discusses the role that cryptography has played in security information to date. It also discusses the law enforcement and national security dilemmas that are posed by cryptography. The committee recommends that national policy should be changed to support the broad use of cryptography in ways that take into account security as well as privacy, economic competitiveness and other competing interests. A framework for a new national cryptography policy is outlined.
This document collects papers from this conference which cover a wide range of topics including encryption, intellectual property related metadata for rights management, secure servers, copyright management systems, etc.
The Council on Library and Information Resources held a workshop on January 24, 2000 to begin a discussion among communities that have a stake in the authencity of digital information. Another goal of the workshop was to create a common understanding of the key terms and concepts surrounding authenticity. In order to prepare for the discussion, five individuals were asked to write position papers that identify the attributes that define authentic digital data over time. The papers and workshop discussions are presented in this publication.
This article reports on the ongoing work of the International Research on Permanent Authentic Records in Electronic Systems (InterPARES). This project is involved in taking a record-centric approach to the development of a typology of requirements for maintaining the authenticity of records over time. Authenticity issues and long-term preservation are central to the work of this project. The article covers the requirements for preserving the authenticity of electronic records, provides a template for analysis and a model of the preservation process and the appraisal of electronic records. The authors conclude by identifying several key areas of concern.
This memorandum transmits OMB guidance to executive agenices concerning the interpretation and implementation of the Electronic Signatures in Global and National Commerce Act (E-SIGN) (Public Law 106-229) enacted on June 30, 2000. This law enables companies to contract online to buy and sell a broad array of products and services. Although it eliminates barriers to electronic commerce, it also provides consumers with protections equivalent to those available in the world of paperbased transactions. The Guidance provides an overview of E-SIGN and suggests some steps for Federal agency implementation.
This White paper summarizes some of the insights from the RAND Workshop held November 6-7, 1997 in Washington DC. The authors point out that a secure communications system between the government and individual citizens for the transmission of sensitive information needs to be created.. This system should have strong provisions for privacy, integrity, and authentication. The Government also needs to promulgate security standards that can be adopted by non-governmental users. Several components of a secure system including identity, authority, and certificate authorities are discussed at length. The Social Security Administration, the U.S. Postal Service, and state departments of motor vehicles were pointed out as being agencies that would benefit from such a system. In conclusion, the authors provide a summary of the primary issues that would need to be resolved before such a system could be put in place. These include the responsibilities of certificate authorities; private key management and protection; legal status of electronic transactions; key escrow laws and standards; cost issues; relations among certificate authorities; e-mail addresses for all citizens; and equal access to government services. In conclusion, the authors suggest that the best approach to the problem is an incremental, experimental one and that success will largely depend on education and training.
ITAA is a trade organization with over 26,000 members from a broad spectrum of the U.S. IT industry. The Web site focuses on information about the IT industry, its issues, association programs, publications, reports, new developments, electronic commerce, ASP, information security, and NextGen as well as many other topics.
This report was made in response to House Representative Stephen Horn's request that GAO review the federal government's public key infrastructure (PKI) strategy and initiatives to assess the issues and challenges that would be faced when adopting this new technology throughout the government. PKI is considered an enabler of electronic government and the Federal PKI Steering Committee found that there has been progress in seeding PKI technology throughout the government, however, designing and implementing large-scale systems using this technology remains a large task. The report describes the principal findings made in planning and coordinating PKI initiatives, discusses the major challenges of interoperability, operational experience, affordability, policies and procedures, and trained personnel that would be required for full PKI Implementation. The report also discusses the Committee's recommendations for executive action that would ensure the security of federal information systems.
This web site, sponsored by the Defense Information Systems Agency, serves as a clearinghouse for information assurance (IA) information. Some information is restricted to *.mil and *.go users, however the public can access the policy and guidance sections which includes executive orders, national directives, standards and policies. The site also has a public key infrastructure (PKI) section that contains links to policy documents, other web site links (some sections in this area are not publicly available). Also of interest is the site's "What's New" section, most of which is publicly available.
The IATAC is hosted by Booz Allen Hamilton and is a U.S. Department of Defense Information Analysis Center (IAC) sponsored by the Defense Technical Information Center (DTIC). The IATAC serves as the Department of Defense's central access point for information on Information Assurance emerging technologies in system vulnerabilities, research and development, models and analysis to support the development and implementation of effective defense against information warfare attacks. The site provides access to reports on vulnerability analysis, intrusion detection, review of products, and related information. Newly added information can easily be found by checking the "What's New" page. The site provides a recommended reading list, a list of their upcoming conference and training programs, and access to their newsletter.
The Internet Storm Center is supported by the SANS Institute. The ISC web site gathers network intrusion detection log entries on a daily basis in an effort to track new storms faster, isolating the sites that are used for attacks, and providing authoritative data on the types of attacks being mounted against computers in various industries and regions around the globe. The Internet Storm Center is free to the Internet community.
The CERT Coordination Center (CERT/CC) is a federally funded research and development center operated by Carnegie Mellon University. CERT is a center of Internet Security expertise, located at the Software Engineering Institute. The web site provides a range of network security information. The Center's work includes publishing security alerts, researching long-term changes in networked systems, handling computer security incidents and vulnerabilities, and developing educational information and training programs to improve security.
NIST's Computer Security Resource Center's mission is sto improve information systems security by raising awareness of IT risks, vulnerabilities and protection requirements; researching, studying, and advising agencies of IT vulnerabilities and devising techniques for the cost-effective security and privacy of sensitive Federal systems; developing standards, metrics, tests and validation programs; and developing guidance to increase secure IT planning, implementation, management and operation. The web site contains a wealth of security related information and descriptions of the Center's recent projects on cryptographic standards and applications; security testing; security research and emerging technology; security management and guidance; and outreadch, awareness and education.
First Topic Listing |
Previous Topic Listing |
Next Topic Listing |
Last Topic Listing |