Cohen, F.B., Protection and Security on the Information Superhighway, John Wiley and Sons, 1995.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....longer track all data necessary to detect every intrusion. The attacker can then successfully execute the intended intrusion, which the IDS will fail to detect. Similarly, an incident response team can be overloaded by intrusion reports and may be forced to raise detection and response thresholds [7], resulting in real attacks being ignored. In such a situation, focusing limited resources on the most damaging intrusions is a more beneficial and effective approach. A very important but often neglected facet of intrusion detection is its cost effectiveness, or cost benefit trade off. An ....

F. Cohen. Protection and Security on the Information Superhighway. John Wiley & Sons, 1995.

....authorized by the owner of the information. Integrity protects information from being deleted or altered in any way without the permission of the owner of that information. Availability refers to protecting one s services so they are not degraded or made unavailable without authorization. Cohen [2] terms the attack against the security elements as disruptions, which he specifically calls leakage (opposed to confidentiality) corruption (opposed to integrity) and denial (opposed to availability) The first step in the development of a comprehensive architecture to detect and respond to ....

Frederick B. Cohen, Protection and Security on the Information Superhighway, John Wiley & Sons, New York, 1995.

....longer track all data necessary to detect every intrusion. The attacker can then successfully execute the intended intrusion, which the IDS will fail to detect. Similarly, an incident response team can be overloaded by intrusion reports and may be forced to raise detection and response thresholds [5], resulting in real attacks being ignored. In such a situation, focusing limited resources on the most damaging intrusions is a more beneficial and effective approach. A very important but often neglected facet of intrusion detection is its cost effectiveness,orcost benefit trade off. An educated ....

F. Cohen. Protection and Security on the Information Superhighway. John Wiley & Sons, 1995.

....longer track all data necessary to detect every intrusion. The attacker can then successfully execute the intended intrusion, which the IDS will fail to detect. Similarly, an incident response team can be overloaded by intrusion reports and may be forced to raise detection and response thresholds [5], resulting in real attacks being ignored. In such a situation, focusing limited resources on the most damaging intrusions is a more beneficial and effective approach. A very important but often neglected facet of intrusion detection is its cost effectiveness, or cost benefit trade off. An ....

F. Cohen. Protection and Security on the Information Superhighway. John Wiley & Sons, 1995.

....taken very seriously indeed. A model of Internet risks for an organisation is illustrated in Figure 1 (a detailed description of each risk type may be found in Lichtenstein (1996a, 1997) This model has been compiled from earlier findings (for example, Cheswick et al. 1994; NIST, 1994a, 1996; Cohen, 1995; Stallings, 1995; FNC, 1995b) Both deliberate and accidental types of risks have been included, although the difference between deliberate and accidental is often extremely difficult to determine (for example, Vanbokkelen (1990) remarked that Security is subjective; one site might view as idle ....

Cohen, F.B. (1995) Protection and Security on the Information Superhighway, John Wiley & Sons, Inc.

....uses a model of an organisation s Internet risks (Figure 1) as an aid to identifying the significant Internet risks to be addressed by the policy. The model has been composed from a consideration of the many diverse Internet risks being faced by organisations (Cheswick and Bellovin, 1994; Cohen, 1995; NIST, 1994a; 1994b; Stallings, 1995) and is described in detail in Lichtenstein (1997) Internet Acceptable Usage : Arguments and Perils PAWEC 97 6 4 Organisation Other Internet Participants accidental deliberate disclosure non business activities corrupted or erroneous software ....

Cohen F.B. (1995) Protection and Security on the Information Superhighway, John Wiley & Sons, Inc.

....sections unless they also attempt to classify attacks and incidents. For a review of vulnerability taxonomies, see Krsul [Krs98] 4.1. Lists of Terms A popular and simple taxonomy is a list of single, defined terms. An example is the 24 terms below from Icove, et al. ISV95:31 52, see also Coh95:40 54 (39 terms) and Coh97 (96 terms) Wiretapping Dumpster diving Eavesdropping on Emanations Denial of service Harassment Masquerading Software piracy Unauthorized data copying Degradation of service Traffic analysis Trap doors Covert channels Viruses and worms Session hijacking Timing ....

....systems is impossible to create. People have tried to make comprehensive lists, and in some cases have produced encyclopedic volumes on the subject, but there are a potentially infinite number of different problems that can be encountered, so any list can only serve a limited purpose [Coh95:54] Additionally, none of these lists has become widely accepted, partly because the definition of terms is difficult to agree on. For example, even such widely used terms as computer virus have no accepted definition [Amo94:2] In fact, it is common to find many different definitions. This ....

[Article contains additional citation context not shown here]

Frederick B. Cohen, Protection and Security on the Information Superhighway, John Wiley & Sons, New York, 1995.

No context found.

Cohen, F.B., Protection and Security on the Information Superhighway, John Wiley and Sons, 1995.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC