Library+-+Information+security

=Title: 2012 Global State of Information Security Survey = []
 * Author(s) **: PricewaterhouseCoopers
 * Link or reference information **:
 * Core ideas **(1, 2, or 3 bullet points that summarize the core idea presented in the article):
 * Almost half of the respondents see themselves as leaders in effective information security practices.
 * 72% of respondents stated their security measures were effective.
 * Security capabilities have been degrading since 2008.
 * Identifies major obstacles to information system security – highest being C-level management involvement and more funding.
 * Asia is doing much better in information system security than the rest of the world.

 **Commentary**:

PWC releases annual surveys regarding information security from 9,600 CEOs, CSOs, CFOs, CISOs, CIOs and VPs from top ranking firms. The results demonstrate that effective information system security requires Chief Executive Management involvement, and those even top-ranking firms who think they have effective practices are still lagging behind the world when it comes to security. It is always good to know where top world firms are in terms of information security to assess risks and costs of adopting effective practices for your business.

 **Posting history**:
 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">[M Hammad Abbasi, initial post on Dec. 13, 2011]
 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">[<<next person who added commentary>>, < >]
 * Title**: An Introduction to Information System Risk Management


 * Author(s)**: Steve Elky


 * Link or reference information**:

[]


 * Core ideas** (1, 2, or 3 bullet points that summarize the core idea presented in the article):


 * Successful and effective risk management is the basis of successful and effective IS security.
 * Important decision should be made regarding the allocation of resources to protect information system
 * Risk management should me consistent and reapeted


 * Commentary**:

The website Expains how to manage risk, by first explaining what risk is with respest to information systems, and why it is imporatnt to manage risk. The aritcle shows how to asses threats and vulnerabilities as well as identify them. Once identified the article shows how to mitigate risk communicate it and later impliment the risk management plan.( IS security must have a framwork so that they can share a common view with IT and business managers and it should be consistent, repeatable, cost-effective and reduce risks.)


 * Commentary**:

The article seems very well written and explained, the detail makes it easier to go through and there are a lot of elements in it that we have discussed in class before which makes it even more relevant. And I think new emerging companies can benefit greatly from it if they are planning an IT security system and IS risk management.


 * Entry history**:

Information Security Library 70-451 Library > Information Security Library
 * [Khadeejah Al-Husseiny, initial post on Oct. 18, 2011]
 * [Sara Al-Mannai, Oct. 20th, 2011]

Overview:
< >

Library Entries:
http://www.credant.com/resources/articles.html
 * Title**: Threats of Computer Security
 * Author(s)**: Gredant Technologies
 * Link or reference information**:
 * Core ideas**:

1- Human Error is a mistake made by human and NOT by a poorly designed process. 2- There are different ways that causes the leak of the information like leaving a computer or a smartphone unprotected, leaving your CD or USB and at others computers and forget about it, and by letting employees using their personal computers at work. 3- the article suggested different solutions like: Human error is causing a lot of troubles to companies and governmental institutions by causing the leak of important information regarding companies' or governmental institutions' users or customers.. Information leak could happen by different ways; by leaving USB's or CD's that contains a company latest advertising campaign or leaving a computer open with sensitive information or even leaving your smartphone or forget it in anyplace with no password that grantee your information security. At the article suggested different solutions for these human errors. .
 * IT department should provide data security advice to encrypt any personal information held electronically that might cause any damage.
 * Setting rules in organization to determine which data should be protected and against whom.
 * When there is leak in data the IT department should measure the amount of damage before telling the person about his information being leaked.
 * encouraging every employees in an organization that the security of the information is everyone responsibly.
 * Commentary**:
 * Entry history**:
 * [Haya Al-Mannai, initial post on Nov. 19, 2011]
 * [<<next person who added commentary>>, < >

__Entry template:__

 * Title**: << title of the article, book, video, etc. >>
 * Author(s)**: << the author(s) who wrote the article, video, book, etc. >>
 * Link or reference information**: << the URL to the article and/or bibliography reference >>
 * Core ideas** (1, 2, or 3 bullet points that summarize the core idea presented in the article):
 * Commentary**:


 * Entry history**:
 * [Bob Monroe, initial post on Oct. 1, 2011]
 * [<<next person who added commentary>>, < >

[] The website Expains how to manage risk, by first explaining what risk is with respest to information systems, and why it is imporatnt to manage risk. The aritcle shows how to asses threats and vulnerabilities as well as identify them. Once identified the article shows how to mitigate risk communicate it and later impliment the risk management plan.( IS security must have a framwork so that they can share a common view with IT and business managers and it should be consistent, repeatable, cost-effective and reduce risks.)
 * Title**: An Introduction to Information System Risk Management
 * Author(s)**: Steve Elky
 * Link or reference information**:
 * Core ideas** (1, 2, or 3 bullet points that summarize the core idea presented in the article):
 * Successful and effective risk management is the basis of successful and effective IS security.
 * Important decision should be made regarding the allocation of resources to protect information system
 * Risk management should me consistent and reapeted
 * Commentary**:

The article seems very well written and explained, the detail makes it easier to go through and there are a lot of elements in it that we have discussed in class before which makes it even more relevant. And I think new emerging companies can benefit greatly from it if they are planning an IT security system and IS risk management.
 * Commentary**:


 * Entry history**:
 * [Khadeejah Al-Husseiny, initial post on Oct. 18, 2011]
 * [Sara Al-Mannai, Oct. 20th, 2011]


 * Title**: The economics of information security investment
 * Author(s)**: LAWRENCE A. GORDON and MARTIN P. LOEB
 * Link or reference information**: http://dl.acm.org/citation.cfm?id=581274
 * Core ideas**:
 * The article talks about the optimal amount to invest in an information system.
 * It also talks about the potential loss and how should firms react to it. It says that they should focus on the investment on information sets with the highest vulnerability.
 * Vulnerable information sets might be expensive to protect; however, it’s better than concentrating its efforts with midrange vulnerabilities.

Company should focus on how to manage their finances when it comes to investing in information security. That means that, companies should find the optimal expense that they should spend on different types of information security. Companies should focus on investments with the highest vulnerability instead the ones with mid-range vulnerabilities.
 * Commentary**:
 * Entry history**:
 * [Dalia Hassan, second post on Oct. 19, 2011]
 * [<<next person who added commentary>>, < >


 * Title**: Virtualization Security Checklist
 * Author(s)**: Michael A. Davis
 * Link or reference information**:[]
 * Core ideas** (1, 2, or 3 bullet points that summarize the core idea presented in the article):
 * Secure Layers: Making sure that there is enough security at each layer
 * Define and Document: Documenting the flow of information and database, also keeping all components organized and up-to-date
 * Restrict and separate: Tight Security over the what employees can and cant do with the system and carefully delegated tasks to specific people.
 * Secure Virtual Network: Securing the virtual network is one of the main aspects in increasing the efficiency of security in general.

The article in very precisely and organised way outlines the main tips for increasing the security of your system. The article introduces one of the recent attacks on pharmaceutical company by one of the ex-it members. The author explains the simple 4 steps in order to increase the it safety of your system. Each of the steps needs a more centralized approach by the manager. The article supports the idea of tight management of information which as the author promises will raise the safety of the system.
 * Commentary**:


 * Entry history**:


 * [Orkhan Rustamzade, initial post on Oct. 19, 2011]
 * [<<next person who added commentary>>, < >


 * Title**: 7 Things Every CEO Should know about Information Security
 * Author(s)**: Lumension Security
 * Link or reference information:**[]
 * Core ideas** (1, 2, or 3 bullet points that summarize the core idea presented in the article):
 * Landscape of Information Security has changed firewalls and security software are no more effective.
 * CEO's need to constantly check and meet with other board members regarding their Data Protection. Data Protection should be on top ten priority things for the company as ignoring it might lead to loss of customers and lawsuits.
 * Criminals have become more organised and stealth increasing the chances for data theft.

The CEO of Lumension Security talks about modern day challenges that face the CEO regarding the information security. He points out the major problems that companies face regrading their data management. He also discusses the reasons and solutions to the problems. He stresses the main mistakes the CEO's make and what can happen if the threat is ignored. In general the video outlines the main points regarding the information security problems. The CEO also supports his claims with numbers and past experiences of the companies.
 * Commentary**:


 * Entry history**:
 * [Orkhan Rustamzade, initial post on Oct. 19, 2011]
 * [<<next person who added commentary>>, < >

http://collaboration.csc.ncsu.edu/CSC326/Website/lectures/bss-ch1.pdf The author emphasizes the importance of the design of security in protecting your information system. He states that if developers start early and create a system that is testable and reliable, they eliminate the threat of failure. I agree with the author when he states that many software vendors do not understand that security is not an add-on feature. They start to worry about their product only when it has been broken by someone. Thats when they realize that designing security in the software from the start is a plan.
 * Title**: Building Secure Software
 * Author(s)**: John Vega and Gary McGraw
 * Link or reference information**:
 * Core ideas** :
 * The biggest problem in computer security today is that many security practitioners don't know what the problem is or where is it. Simply, it is the software.
 * The fundamental technique is to begin early, know your threats, design for security, and subject your design to thorough objective risk analyses and testing.
 * Software is at the root of all common computer security problems.
 * Commentary**:
 * Entry history**:
 * [Mohammed Kamal, initial post on Oct. 19, 2011]


 * Title**: Information Systems Security Design Methods
 * Author(s)**: Richard Baskerville
 * Link or reference information**: __http://delivery.acm.org/10.1145/170000/162127/p375-baskerville.pdf?ip=86.36.42.98&acc=ACTIVE%20SERVICE&CFID=61371484&CFTOKEN=70626427&__acm__=1319030894_1af5be316e33f472e3e00d99391d9e96


 * Core ideas**:
 * **The importance of security in information systems:** The author mentions that a study done concerning the information security issue showed that one in every five organizations experience security breaches in a matter of 3 years. Therefore, the concern about information security is rising globally.
 * **Security systems have evolved tremendously:** The author shows this evolution in three different generations, some of which use simple risk analysis, cost-benefit analysis and also abstract models.


 * Commentary**: Throughout this article, the author explains how nowadays every organization's information system is susceptible to security abuse. These breaches tend to cost organizations huge amounts of money and therefore these organizations should carefully design their security systems. The author also shows how security design has changed throughout three different generations. In the first generation, analysts tended to follow "checklist methods" in which they had to list all the feasible solutions to a certain security problem and then pick which one is suitable. In the second generation, analysts used "mechanistic engineering methods" which involves designing separate solutions for each functional requirement. In the third generation, they used "logical transformational methods" which focuses on abstract models. Analysts have to find out the attributes of the problem at hand and also the solution.


 * Entry history**:
 * [Walied El Hag Ali, initial post on Oct. 19, 2011]
 * [<<next person who added commentary>>, < >

<span style="color: black; font-family: Arial,sans-serif; font-size: 10pt; vertical-align: baseline;">Title: Smart Phones Could Hear Your Password
[]
 * <span style="color: black; font-family: Arial,sans-serif; font-size: 10pt;">Author(s) **<span style="color: black; font-family: Arial,sans-serif; font-size: 10pt;">: Robert Lemos
 * <span style="color: black; font-family: Arial,sans-serif; font-size: 10pt;">Link or reference information **<span style="color: black; font-family: Arial,sans-serif; font-size: 10pt;">:

<span style="color: black; font-family: Arial,sans-serif; font-size: 10pt;">The article basically talk about how when technology is growing and getting better at some parts, the Hackers and attackers can use these so called advantages into their bad intentions. The hackers can actually use these new features on the Smartphone’s to figure out passwords or to break into someone’s privacy. As the technology advancing the security issued involved with it also get bigger and more complicated to control. I personally after reading this article I might change my mind on choosing a new smartphone. I also already know people who actually cover the cameras in their laptops considering there might be someone who can hack into their webcam system.
 * <span style="color: black; font-family: Arial,sans-serif; font-size: 10pt;">Core ideas **
 * <span style="color: black; font-family: Arial,sans-serif; font-size: 10pt;">Researches show that the sensors inside modern smart phones present a range of security threats.
 * <span style="color: black; font-family: Arial,sans-serif; font-size: 10pt;">Hackers can locate the person place using the GPS system in their Smart phones
 * <span style="color: black; font-family: Arial,sans-serif; font-size: 10pt;">Attackers can now use the phones camera to check surroundings
 * <span style="color: black; font-family: Arial,sans-serif; font-size: 10pt;">Hackers can also turn on the microphones in the phones to record the conversations
 * <span style="color: black; font-family: Arial,sans-serif; font-size: 10pt;">Researchers have shown that the accelerometer and orientation sensor of a phone resting on a surface can be used to eavesdrop as a password is entered using a keyboard on the same surface
 * <span style="color: black; font-family: Arial,sans-serif; font-size: 10pt;">Commentary **<span style="color: black; font-family: Arial,sans-serif; font-size: 10pt;">:
 * <span style="color: black; font-family: Arial,sans-serif; font-size: 10pt;">Entry history **<span style="color: black; font-family: Arial,sans-serif; font-size: 10pt;">:
 * <span style="color: black; font-family: Arial,sans-serif; font-size: 10pt;">[Hussain Hejji, initial post on Oct. 19, 2011]
 * <span style="color: black; font-family: Arial,sans-serif; font-size: 10pt;">[<<next person who added commentary>>, < >


 * Title**:Lawyers and Data Security- Why They Just Don't Get it!


 * Author(s)**: GREDANT Technologies
 * Link or reference information**__:__ [| http://www.credant.com/resources/articles/doc_download/5-lawyers-and-data-security.html]

(Rules in order to secure data) - Prevent access to any of the organizational devices. - Data should be secured centrally in the system (for example: by IT departments). - Do not impact IT operations by enforcing unattainable solution, and make sure that encryption solution is clear to all of the end-users and doesn’t disturb any of the operational activities. - Corporate Governance, where central management console makes sure if a device receives and reports confirmed instructions.
 * Core ideas: **

The article explains how data security is important in the legal sector especially for lawyers, as it respects customers’ confidentiality. It also plays an important role in term of protecting data if a device is lost or stolen by many ways: it prevents access to any of the organizational devices, IT department ensure the secure of data in the system, and by proving the effectiveness of the security system by imposing a corporate governance.
 * Commentary: **


 * Entry history**:
 * [Haya Al_Mannai, initial post on Oct. 19, 2011]
 * [<<next person who added commentary>>, < >


 * Title ** : << Smartphones Present Growing Security Problems on Campus, Report Says.>>
 * Author(s) ** : << Alexandra Rice >>
 * Link or reference information ** : << http://chronicle.com/blogs/wiredcampus/smartphones-present-growing-security-problems-on-campus-report-says/33627>>
 * Core ideas **


 * Due to the advances in technologies such as: smartphones, the threats associated with these technologies have increased as well.


 * Young people are facing these threats more than the adults because these young people are using their smartphones mobile Internet to download apps.


 * The article mentions two emerging threats that capture user data. These threats are: search poisoning and then use of stolen cyber data for marketing.

I think this article is really informative, as it explains how smartphones are exposed to new threats. These threats occurred in smartphone because of its small screen. While loading the page, the URL bar disappears and the user might access a page that contains viruses. Moreover, Young people face this security issues as they keep downloading apps using the mobile Internet browser. I really believe that this article is useful because most of us did not have any idea about these threats before.
 * Commentary ** :

[<<next person who added commentary>>, < >
 * Entry history ** :
 * [Ahmad Al-Sarraf, initial post on Oct. 19, 2011]


 * Title**: Hidden Cost of IT Security


 * Author(s)**: Cindy Waxer

[]
 * Link or reference information**:


 * Core ideas**:


 * **Spending on information security has been rising in recent years:** The percentage of IT spending which is invested in information security has risen in recent years, indicating a gain in importance
 * ===Information security is expensive: Good information security comes with a steep price tag, as a company has to cover diverse things such as virus protection tools, intrusion detection and IT security training===
 * ===The potential cost of insufficiently secure IT is even higher than the cost of maintaining a secure system: virus attacks, hacking and mobile hardware theft have account for tens of billions of dollars in damage every year. Though some businesses are more at risk than others, it could essentially hit anyone.===


 * Commentary**: In the article "The Hidden Cost of IT", Cindy Waxer explains why it is necessary for companies to invest in information security. Despite the high price tag of implementing a security infrastructure and maintaining it, it is worth the investment. Criminal activities such as hacking, phishing or viruses have been increasing in recent years and will continue to do so. If a company is negligent about its IT security, it could suffer great losses as a result. The loss incurred by the actual attack is more than bad enough, but for many companies, the greatest asset is the trust of the client. If customers' data is compromised, it could prove very difficult to retain those customers or be able to attract new ones in the future.


 * Entry history**:


 * [Patrick Steinhagen, initial post on Oct. 19, 2011]
 * [<<next person who added commentary>>, < >

<span style="color: #000000; font-family: Arial,sans-serif; font-size: 13px; vertical-align: baseline;">Title: How Biometrics Work

 * <span style="color: #000000; font-family: Arial,sans-serif; font-size: 13px;">Author(s) **<span style="color: #000000; font-family: Arial,sans-serif; font-size: 13px;">: Tracy Wilson
 * <span style="color: #000000; font-family: Arial,sans-serif; font-size: 13px;">Link or reference information **<span style="color: #000000; font-family: Arial,sans-serif; font-size: 13px;">: []
 * <span style="color: #000000; font-family: Arial,sans-serif; font-size: 13px;">Core ideas **
 * Defines a biometric system.
 * components and applications of a biometirc system
 * types of biometric systems

This link walks you through what a biometric system is and how it works. It relates the use of biometric systems to preserving the assets of a company, either it be information or access to certain spaces. It describes the different types of biometric systems like iris authentication and hand geometry authentication. This link also discusses the concerns some have expressed towards this type of technology, the main one being an issue of privacy.
 * <span style="color: #000000; font-family: Arial,sans-serif; font-size: 13px;">Commentary **<span style="color: #000000; font-family: Arial,sans-serif; font-size: 13px;">:


 * <span style="color: #000000; font-family: Arial,sans-serif; font-size: 13px;">Entry history **<span style="color: #000000; font-family: Arial,sans-serif; font-size: 13px;">:
 * <span style="color: #000000; font-family: Arial,sans-serif; font-size: 13px;">[Hind Al Khulaifi, initial post on Nov. 3, 2011]
 * <span style="color: #000000; font-family: Arial,sans-serif; font-size: 13px;">[<<next person who added commentary>>, < >


 * Title ** : Google Reveals the Whys and Wherefores Behind Targeted Ads
 * Author(s) ** : Rob Spiegel
 * Link or reference information ** : []


 * Core ideas **
 * As lawmakers scrutinize how web users’ information is used and collected online, Google offers a new feature that informs users just how it chooses specific ads – a move to reconcile privacy-invasion concerns.
 * The new Google tool provides more transparency than privacy. Users will have the ability to block or opt out of receiving ads from specific advertisers.

The article addresses the issue of privacy, which is an increasingly important concern among Internet users nowadays. Google for example derives the vast majority of its revenues from advertising (search ads). To do so, they track search history, key terms used in emails and numerous other indicators to display ads that are relevant to the user’s interests. The upcoming feature called “Why These Ads?” is designed to let users make changes to improve the ad targeting or to block unwanted ads. It also intends to explain to users why specific ads were displayed to them at specific times.
 * Commentary ** :


 * Entry history ** :
 * [Maryam Al-Subaie, initial post on Nov. 7, 2011]
 * [<<next person who added commentary>>, < >]


 * Title**: Hackers eye Canada business: study
 * Author(s)**: Alastair Sharp
 * Link or reference information**: []


 * Core ideas:**
 * Research shows that 42% of breaches in government were done by 'insiders', which the researchers were shocked to hear, since it is a very high percentage.
 * Many information security attacks are done for specific individuals and therefore, grudges against a person leads to information leaking and hacking.
 * In 2010, the direct cost or budget for an average firm associated with information security fell to $83,000. This is surprising to analyze since security threats are increasing.

While there are ups and downs in the number of breaches brought about by hackers in Canada, the trend is vastly upwards which means that the budget drawn upon information security in a typical company should be increasing, but according to the study, it has been decreasing. While 42% of the breaches are caused by an insider and is targeted towards a specific individual rather than the entire company itself, hacking through the web has also increased at a rapid rate. Most hackers prefer to breach though viruses, worms, spyware, malware, spam, phishing and pharming. Although this article do not go into too much detail of exactly how the hacking should be reduced, I believe that there is technology which is sophisticated enough to stop hacking in Canadian businesses, only if the managers are serious enough to want to eliminate anyone from gaining access to company's and individual's information.
 * Commentary**:


 * Entry history**:
 * [Nahan Arif, initial post on November 16, 2011]
 * [<<next person who added commentary>>, < >


 * Title**: ERM: Entering the Danger Zone
 * Author(s)**: Robert Regis Hyle
 * Link or reference information**: http://www.propertycasualty360.com/2011/11/10/erm-entering-the-danger-zone


 * Core ideas**:
 * Nowadays, the very first step towards having a profitable organization is through successful risk management.
 * Enterprise risk management stops people from getting innovative.

Throughout this article, Robert Regis talk about how Enterprise Risk Management affects the chances of firms being profitable. In the past year, insurance carriers were given a survey on enterprise risk management and 72% of the carriers said that ERM was a high priority. When this survey was repeated this year, only 60% of the carriers recognized ERM as a high priority. The investment in any business that deals with risk has dropped by 12% in only one year. In addition, the author mentions that organizations are seeking to become profitable though innovation. However, many people are scared due to security issues. The problem revolves around consumer's information security. If consumers think that your organization has what it takes to protect their personal information, you succeed, otherwise it could cause organizations to fail.
 * Commentary**:

This article really helps people understand that the fact that they spent a large amount of money and invested in a high leveled security program it doesn't guarantee that users will accept it. Other than that, it helped me relate these both topics of ERM and information security together in a simple way that sows how important both are and how close related they an get.


 * Entry history**:
 * [Walied El Hag Ali, initial post on Nov. 18, 2011]
 * [Ayah Abujarbou, Nov. 19, 2011]

[] > this is a very helpful reading made by the National Institution of Standards and Technology that shows institutes how important it is to secure their information in the early stages of their software development. Other than that, the fact that this article shows us how it is important to focus on security from the initiation phase of the system till the disposal phase. It also shows different ways in which these securities can be implemented not only in the SDLC cycle but also other cycles such as cross-organization projects and service-oriented architecture. that helps organizations and students understand the importance of such topics.
 * Title**: Security Considerations in the System Development Life Cycle
 * Author(s)**: Richard Kissel, Kevin Stine, Matthew Scholl.
 * Link or reference information**:
 * Core ideas:**
 * Early integration of security in the SDLC enables agencies to maximize return on investment in security programs.
 * developed to assist federal government agencies in integrating essential information technology (IT) security step into their established IT system development life cycle (SDLC).
 * Commentary**:


 * Entry history**:
 * [Ayah Abujarbou, initial post on Nov. 19, 2011]
 * [<<next person who added commentary>>, < >

Top Tips on How to Avoid Losing Your Life if You Lose Your Smartphone at the Christmas Bash to avoid loosing important data from your smart phone you can do the following 12 tips: 1- download important data from your phone to your computer. 2- let the IT department to Encrypt your mobile phone to avoid loosing important client information. 3- Use a strong password that combines letters, numbers and symbols. 4- put your name and phone number with a details about a reward offered for the person who will return your phone. 5- Use smart-phone's security features such as PIN. 6- Don't keep data that people can use against you in your phone such as your pictures. 7- Don't keep your old emails or SMS on your phone as they might include your bank account details or any other important details. 8- always check your saved outbox or drafts messages as they might a lots of information. 9- Mark your handset physically with your personal information. 10- Record your IMEI. 11- Contact the police immediately when loosing your phone. 12- Don't leave your mobile open to access.
 * Title**:
 * Author(s):** Credant Technologies. ‭ ‬
 * Link or reference information:** http://www.credant.com/resources/articles.html
 * Core ideas:**

Your smartphone might get loosed at anytime. However, protecting your personal information is really essential, as you should make sure that no one will be able to assume your identity or threaten you with any of your smartphone contact. There are 12 tips that you can follow in order to protect your or your client personal informations.
 * Commentary:**


 * Entry history:**
 * [Haya, initial post on Nov. 19, 2011]
 * [<<next person who added commentary>>, < >

**<span style="font-family: 'Times New Roman','serif';">Author(s) **<span style="font-family: 'Times New Roman','serif';">: Ed Hansberry
====**<span style="font-family: 'Times New Roman','serif';">Link or reference information **<span style="font-family: 'Times New Roman','serif';">: http://www.informationweek.com/blog/personal_tech/230500001 ==== ====**<span style="font-family: 'Times New Roman','serif';">Core ideas **<span style="font-family: 'Times New Roman','serif';"> (1, 2, or 3 bullet points that summarize the core idea presented in the article): ====

<span style="font-family: 'times new roman','serif';">2) Apple has done a great job of improving security in the iPhone and that makes her have a competitive advantage among other manufacturers.
====<span style="font-family: 'times new roman','serif';">3) Windows 7 also have considered that and made some similar protections to apple, however Android hasn’t been active on this side because it is more of a carrier issue rather than being Google’s issue. ==== ====<span style="font-family: 'times new roman','serif';">4) As the market for smartphones and tablets is growing, we are more targeted by hackers and so we should be more careful of what we do with the device. ====

**<span style="font-family: 'Times New Roman','serif';">Commentary **<span style="font-family: 'Times New Roman','serif';">:
====<span style="font-family: 'Times New Roman','serif';">I believe that the author actually has a point in this and made me consider thinking of putting information security as one of the standards of buying a new phone. This is because, nowadays, the smartphones and the tablets are becoming more like computers and laptops and we started keeping a lot of valuable information and materials in them. Unlike before, the smartphone was used only to call other people. Thus, we should consider having a strong security platform for where we keep our valuable data and to prevent these hackers from intruding into these data. ====

**<span style="font-family: 'Times New Roman','serif';">Entry history **<span style="font-family: 'Times New Roman','serif';">:

 * ====<span style="font-family: 'Times New Roman','serif';">[Hussain Hejji, initial post on Nov. 19, 2011] ====
 * ====<<next person who added commentary>>, < >====


 * Title **: Online Security Threats in 2010


 * Author(s) **: UKFast


 * Link or reference information **: http://www.youtube.com/watch?v=nSn2elyIICw&feature=related


 * Core ideas: **
 * Information Security managers in UKFast, which is a company that deals with huge amounts of data of big organizations, talk about the difficulties and importance of having strong security measures for that data.
 * The few number of people working in the security field is not enough in this era, where data plays an important role in organizations, and must be protected.
 * People don't think of information security when setting their passwords and pin codes. This makes it more difficult to protect their information, which is all due to lack of awareness about the importance of security.
 * Your own information is not yours anymore once you give it out to an organization, and this is why organizations must work very hard on protecting your information.


 * Commentary **:

This video is insightful. It talks about the importance of having information security because the audience and the data are now stored in huge numbers, almost about everyone. The video was published in 2010 which makes me wonder how much more important and difficult it is to have information security now in 2011.


 * Entry history **:


 * [Layal Al-Alami, initial post on Nov. 19, 2011]
 * [<<next person who added commentary>>, < >

National Institute of Standards and Technology Technology Administration U.S. Department of Commerce >>
 * Title**: Threats of Computer Security
 * Author(s)**:
 * Link or reference information**: [|http://alcor.concordia.ca/~helpline/security/threats.html]
 * Core ideas** (1, 2, or 3 bullet points that summarize the core idea presented in the article):
 * Seven important threats to computers:
 * 1) === Errors and Omissions ===
 * 2) === Fraud and Theft ===
 * 3) === Employee Sabotage ===
 * 4) === Loss of Physical and Infrastructure Support ===
 * 5) === Malicious Hackers ===
 * 6) === Industrial EspionageMalicious Code ===
 * 7) === Malicious Code ===
 * There are many threats that would have various types of damages which will result in loosing data.
 * The effects of various threats affect:
 * The confidentiality or integrity of data.
 * The availability of a system.

Knowing the threats before they happen would help to have a good security of data or system. Every company should think first about threats before having the security strategy, because knowing the things that could affect the secure of the system or data give the company the power to have a strong secure system and strategy.
 * Commentary**:
 * Entry history**:
 * [Dalia Saleh, initial post on Nov. 19, 2011]
 * [<<next person who added commentary>>, < >

- Information security is important today in the business world because of the higher expectations of customers about the protection of data and due to the need to keep up with new and different technologies to roll-out internal and external services in a business.
 * Title**: Insights: The Future of Information Security
 * Author(s)**: DeloitteLLP
 * Link or reference information**: http://www.youtube.com/watch?v=9OcMr4Amwxk
 * Core ideas** (1, 2, or 3 bullet points that summarize the core idea presented in the article):

- The difficulty of risk management comes as a result of the existence of very specific and purposeful attackers with tremendous resources, skills and time along with the other advantages like their profession in using newer technologies.

- Businesses need to prioritize risk. Seeing where the risks are and therefore where to spend the majority of the time, money and resources for protection is a way to prioritize. Therefore, more prescription, legislation regulation and guidance to make security a higher priority are needed along with strategic thinking and understanding of information security.

This video is very useful in showing organizations why information security is worthwhile and how to manage and secure the information through knowing what ways to consider for prioritizing risks. The video also alerts companies to not miss some of the bigger risks that attackers see through looking at both internal and external risks. So, given the risks and the limited resources, organizations need to think strategically and understand the information and know more about how to protect their data through having a strategic view on security and considering executive management when dealing with problems in information security.
 * Commentary**:
 * Entry history**:
 * [Najla Al-Madhadi, initial post on Nov. 19, 2011]
 * [<<next person who added commentary>>, < >

[]
 * Title**: Android Malware hits record heights
 * Author(s)**: Katherine Noyes
 * Link or reference information**:
 * Core ideas**:
 * The amount and severity of malware found on Android based devices has increased by 472% since July
 * The problem is the open app store, for which anyone can generate content.
 * It would be a good idea for google to change this system and make security a priority
 * In the meantime, it is important for users to follow, not lead when downloading apps

Though malware like trojans has increased among all platforms, the increase on Android based devices has been particularly steep. This is extremely dangerous, as it can make the phone vulnerable to money scams or even to spy on the user and listen to conversations. According to the article, the source of this sharp rise is the open app store, in which applications are not tested or approved by the carrier (in this case Google). While this allows rapid and liberal development it also poses a threat, as concealed viruses spread by downloading these apps. The article suggests that Google remedy this problem and make security one of its selling points rather than trying to be as liberal as possible. In the meantime, the article suggests that Android users onlyy download apps which already enjoy some degree of popularity and show decent ratings, in order to avoid the increased risk of downloading untested applications.
 * Commentary**:


 * Entry history**:
 * [Patrick Steinhagen, initial post on Nov. 19, 2011]
 * [<<next person who added commentary>>, < >

[] - Think twice before you trust iCloud in sharing/using data. - Turn off iCloud to make sure that your data is not being sync. - Because of the fact that many cooperations are using clouds in sharing information among their employees, it is good to keep in mind that there are chances employees might lose their phone in public spaces.
 * Title**: 5 things to note about iCloud security
 * Author(s)**: Ellyne Phneah
 * Link or reference information**:
 * Core ideas**:

iCloud system is being one of the most issues that people have concern with. As an iPhone user, to feel secure is really an issue. In this post, the author is bringing very short quotes as recommendations for Apple users who use iCloud app. These note or recommendations are just to make iPhone users feel more secure and hopefully reduces some security risks.
 * Commentary**:
 * Entry history**:
 * [Aisha Al Zaman, initial post on Nov. 20, 2011]
 * [<<next person who added commentary>>, < >

As the world becomes more globalized, and more of our data is stored in IT systems, information security shifts its focus. Moving from a time where much of our information was stored on paper brings about many complications. As we constantly see, the cyber space is a hostile environment and many unfortunate situations occur. Security plays a major role in this, particularly for large businesses, as it avoids the leakage of any information which may affect the company's performance. This paper outlines some important guidelines for developing IT security for the new millennium.
 * Title**: Information System Security Management in the New Millennium
 * Author(s)**: Gurpreet Dhillon, James Backhouse
 * Link or reference information**: http://tols17.oulu.fi/~jhyvonen/Tietoturvan%20hallinta%20tenttimateriaalit/Luento1.pdf
 * Core ideas**
 * With the hopes of keeping up with the competition, most of the companies rush into adapting IT without an understanding of the security risks it imposes or carefully planning their strategy. They continue to undermine the importance of technological security.
 * The Audit Commission in England estimated a loss of 2 billion dollars through lack of IT security. This lack of security is constantly costing companies around the world large sums.
 * Confidentiality, integrity, availability, responsibility, trust and ethicality are factors which play important roles in managing the new age of information security, as explained in the paper.
 * Commentary**:


 * Entry history**:
 * [Fatima Fikree, initial post on Nov. 20, 2011]
 * [<<next person who added commentary>>, < >

-Technology alone can’t protect organizations -To properly protect a company’s IT systems, there must be proper IT risk management - Best practices to secure networks includes encryption through out the organization and other methods
 * Title ** : Network Security: Is it the Technology or the Management?
 * Author(s) ** : Jeff Hudson
 * Link or reference information ** : []
 * Core ideas **

I think the article highlights some of the topics we have discussed in previous classes that should be applied to ensure a secure network in organizations. The fact that a lot of organizations rely on only technologies is what makes breaking in into their systems a lot easier for hackers. In the post the author compares IT security technologies to other forms of security on other devices such as anti-lock breaks of cars. He makes it easier for people with little knowledge in the subject to visualize and realize the effect of security management and paints a really useful picture on how relying on technology alone sometimes without the interference of the human analysis and practices could results in great lose both financially and physically to organization’s information and business.
 * Commentary ** :
 * Posting history ** :
 * [Sara Al-Mannai, post on Nov. 23, 2011]


 * Title**: How Computer Viruses Works
 * Author(s)**: [|Marshall Brain]
 * Link or reference information**: http://computer.howstuffworks.com/virus.htm

This article focuses on the different viruses that may effect information security and disrupt the functionality of computers. It describes Internet viruses as biological viruses as they both carry very similar characteristics. The article also lists three reasons why hackers create viruses: 1.the thrill in general, 2.the thrill of watching things blow up, 3,bragging rights. It then goes on to explain how viruses spread, either because of the spread of personal computers, through computer “bulletin boards” and finally through floppy disks. This took place during the early 1980’s and viruses mostly spread when the personal computer was introduced. Next the article discusses boot sector viruses and how they spread when the PC is turned on. However dangerous those viruses were in the past, they are no longer as harmful as they used to be because of new technological security systems built into PCs and the use od CDs to download programs instead of floppy disks. It explains how viruses, e-mail viruses, Trojan horses, and worms work and spread. It explains in further detail e-mail viruses and worms. Finally, the article provides advice to protect yourself from viruses; running a more secure system like UNIX, buy virus protection software, avoid programs from unknown sources, make sure that “MACRO virus protection” is enabled in all Microsoft applications, and finally never double click on email attachments that contain an “executable” (EXE, COM, VBS). The main points of the article are as follows:
 * Summary:**


 * Core Ideas:**
 * 1) Introduction to how computer viruses work
 * Viruses
 * E-mail viruses
 * Trojan horses
 * Worms
 * 1) Virus origins
 * 2) Virus history
 * 3) Virus evolution
 * 4) E-mail viruses
 * 5) Worms
 * 6) How to protect your computer from viruses

This article focuses on different types of viruses, how they spread, and the history of viruses. This article had touched upon our discussion from last class regarding how viruses work and the many types different types of viruses that have different potentials. Nowadays, people and institutes spend money on information security systems to protect confidential personal information. I think it is less common that we hear about viruses today, but as IT systems develop, I think more viruses could be born and created that can affect information security.
 * Commentary**:


 * Entry history**:
 * [Nasser Al-Khori, initial post on Nov. 26, 2011]
 * [<<next person who added commentary>>, <

**<span style="font-family: Arial,sans-serif; font-size: 10pt;">Title **<span style="font-family: Arial,sans-serif; font-size: 10pt;">: How cyberattacks threaten real-world peace <span style="display: block; font-family: arial,sans-serif; text-align: left;">Author(s)
 * Guy-Philippe Goldstein

<span style="display: block; font-family: arial,sans-serif; text-align: left;">Link or reference information <span style="display: block; font-family: arial,sans-serif; text-align: left;">[]

<span style="display: block; font-family: arial,sans-serif; font-size: 10pt; text-align: left;">**Core ideas**
 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">Cyber weapons are extremely dangerous and can threaten world peace
 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">Many people don’t know that cyber weapons can cause physical damage, as to what happened in 1982, when the US caused a pipeline in Soviet Siberia to explode by infiltrating the IT management system of the pipeline.
 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">General James Cartwright, Vice Chairman of the Joint Chiefs of Staff, says in a report to Congress that cyber attacks could be as powerful as weapons of mass destruction.
 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">What makes cyber weapons even more dangerous is that the identity of the attacker stays anonymous, and also it is difficult to distinguish if a cyber weapon was created to defensive purposes rather than offensive, and the defensive cyber weapons can be used to attack
 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">Cyber weapons do not replace conventional or nuclear weapons -- they just add a new layer to the existing system of terror

**<span style="font-family: Arial,sans-serif; font-size: 10pt;">Commentary **<span style="font-family: Arial,sans-serif; font-size: 10pt;">: <span style="display: block; font-family: arial,sans-serif; font-size: 10pt; text-align: left;">(This talk is in French, but translation is available) This is a very interesting talk byGuy-Philippe Goldstein who is the author of Babel Minute Zero, a novel that examines the reality of cyberwar in our current geopolitical topography. It is important for people to understand the dangers of a cyberwar, or the damages of the cyber weapons. As we have talked in class about Stuxnet worm and how it was brilliantly engineered to leave no trace behind, this issue alone can cause major issues. When a country gets attacked but has no clue of who attacked it, it can accuse a certain country and that may cause diplomatic problems between countries.

<span style="display: block; font-family: arial,sans-serif; font-size: 10pt; text-align: left;">**Posting history**:
 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">[Mohammed Al-Rawahi, initial post on Dec. 5, 2011]
 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">[<<next person who added commentary>>, < >]


 * Title ** : How to protect your computer from malware?
 * Author(s) ** : Jeremy Lubin
 * Link ** : []


 * Core ideas ** :
 * This video identifies the two general ways that malwares are installed in users’ computers. The first way is by visiting certain websites that contain malwares. The second way is by downloading file that seems legitimate, but it actually contains malwares.
 * This video provides few examples that malwares can do, such as: deleting computer data, stealing information including credit cards and passwords, sending spam emails and attacking other computers and networks.
 * This video shows the common symptoms of malwares, which are: taken the users to a spammed websites after clicking on search results, pop up and strange toolbars.
 * This video offers few general guidelines to avoid malwares from affecting the users’ computers. These guidelines are: update operating systems and software regularly, avoid downloading files or email attachments from unknown source or sender and run up-to-date anti-virus software.

I really think that this video is interesting because it provides all the basic information about malwares. Many people don’t know how malwares get to their computers and what is the best way to avoid these malwares. Jeremy Lubin, google consumer experience specialist, suggests the best guidelines to protect users' computers. It helps in increasing awareness among users and make sure they have all the necessary requirements to avoid malwares attacks.
 * Commentary ** :

Also, I found this article at the end of the video that explains the same topics, but it provides further protection guidelines. This is the link:

[]


 * Posting history: **

[<<next person who added commentary>>, < >]
 * [Ahmad Al-Sarraf, initial post on Dec. 6, 2011]


 * Title**: Management of Information Security
 * Author(s)**: Vima Salazar
 * Link or reference information**: http://www.cgiar.org/pdf/iau/Management%20of%20Information%20Security%20GPN.pdf


 * Core ideas**:
 * Security management should be treated as a business issue.
 * Information security issues should have management support.
 * Businesses should define clear roles for information security.

The author of the article defines information security as "the protection of valuable assets against loss, misuse, disclosure or damage". CGIAR are depending heavily on information systems. Just as information systems provides many benefits to the center, it also makes in vulnerable to many risks. The security objective is met when 4 factors are present: Availability, Confidentiality, Integrity and Authenticity. The significance of each of these factors vary according to the type of information. In addition, the author says that "security that is state-of-the-art today is obsolete tomorrow". This means that security measures have to change every year and the CGIAR centers have to cope with the changes.
 * Commentary**:


 * Entry history**:
 * [Walied El Hag Ali, initial post on Dec. 6, 2011]
 * [<<next person who added commentary>>, < >

**Author(s)**: CenturionStrategies **Link or reference information**: __ http://www.youtube.com/watch?v=o3_i2dr_4V8 __
 * Title ** : High-Tech Credit Cards Easy Target For Thieves Privacy Experts Critical Of RFID Technology


 * Core ideas ** :
 * Credit cards are efficient, and make the payment process faster, but some high-tech credit cards could be opening customers up to identity theft.
 * The dependency on RFID creates some privacy issues; people can now access information that is not intended for them to access.
 * Banks should stop offering cards that use the RFID technology.
 * People should be informed rather than scared about the RFID technology


 * Commentary ** :

Although credit cards foster the payment process, they do create some privacy issues. In this video, the researcher was able to extract the credit card information from customers without the need of even seeing the credit card. The professor interviewed in the video suggests that people should be more informed about the RFID technology when making decisions rather than fear it. I agree with that, banks don’t force anyone to use cards equipped with RFID technologies. Having said that, if customers were aware of such facts, they could easily avoid using cards equipped with RFID if they don’t wish to.


 * [Firas Bata, initial post on December. 12, 2011]

<span style="font-family: 'Arial','sans-serif'; font-size: 13px;">**Title**: Information security means better business <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">**Author(s)**: Richard Brown <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">**Link or reference information**: []


 * <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">Core ideas **<span style="font-family: 'Arial','sans-serif'; font-size: 13px;"> (1, 2, or 3 bullet points that summarize the core idea presented in the article):


 * <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">Information security is a core business idea and should be considered as a business activity.
 * <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">Regulatory environment is required for successful implementation of security. This can be achieved by imposing international standards of security on all businesses. Businesses are also tightening their policy of information security.
 * <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">Organizations with most effective standards for security have the three following standards:
 * <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">They are driven by results
 * <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">Educating the management about the risk and spending money on realistic risk assessment.
 * <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">Committed to individual standards and making sure that the company follows them

<span style="font-family: 'Arial','sans-serif'; font-size: 13px;">**Commentary**:Infringement of company information is a great threat to businesses these days. There is a required by businesses to secure their information. Technology to secure information is evolving at the moment. Businesses have started to use information security to protect against threats. In the current period, information is vulnerable to many threats, such as the Anonymous organization which hacks into government and business information, stealing large amount of valuable information. This cost a lot to businesses. To protect themselves, businesses must adopt information security as an integral part of their business activities. If the information is secure, businesses will be able to function efficiently.

<span style="font-family: 'Arial','sans-serif'; font-size: 13px;">**Posting history**:


 * <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">[Anas Ali Chaudry, initial post on Dec. 12, 2011]
 * <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">[<<next person who added commentary>>, < >]

** Title ** : ** Risk Management ** ** Author(s) ** : uploaded by [|**gnutradenv**] ** Link or reference information ** : []

** Core ideas ** (1, 2, or 3 bullet points that summarize the core idea presented in the article):


 * Different techniques to measure risk managements
 * Risk management and market volatility

** Commentary ** : The video is a very useful tool to better understand what risk management is in the business world. It introduces different techniques to measure the risk in the organizations. Also, it provides real examples of real cases to illustrate risk managements in the market like the NASDAQ and the other companies in the US market. Also, explains the volatility of the market will affect the risk management in companies and how it can resolved with less loss of money.

** Posting history ** : [<<next person who added commentary>>, < >
 * [Dua’a Althabatah, initial post on Dec. 12, 2011]


 * Title**: << 8 Levels of Information Technology Security >>


 * Author(s)**: << Wikibon >>


 * Link or reference information**: << http://wikibon.org/blog/8-levels-of-information-technology-security/ >>


 * Core ideas**:
 * 8 Levels of IT Security ranging from having a Security Policy to Identity and Access Privilege Management
 * Step by Step explanations of how and what these levels are
 * Picture format to make it easier to read and be understood by everyone who reads it


 * Commentary**:

This is a picture format informational article that gives a step by step process of how to secure your companies information technologies and all informations worked on within the company. I like how it is in a picture format, because i personally find reading articles about security being dry, long and usually lose interest before reaching the end. But this format was able to convey their message concisely, and in very little text. The information written in this article is important and everyone who owns a company should be able to secure their information from any outside/unwanted access.


 * Entry history**:


 * [Laura Jaber, initial post on Dec. 13, 2011]
 * [<<next person who added commentary>>, < >

<span style="font-family: 'Arial','sans-serif'; font-size: 13px;">**<span style="font-family: 'Arial','sans-serif';">Author(s) **: CREDANT Technologies <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">**<span style="font-family: 'Arial','sans-serif';">Link or reference information **:[] <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">**<span style="font-family: 'Arial','sans-serif';">Core ideas ** (1, 2, or 3 bullet points that summarize the core idea presented in the article): <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">**<span style="font-family: 'Arial','sans-serif';">Commentary **: <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">Nowadays, it becomes more difficult than any time before to keep organizational data secure even by using different kinds of protection programs. This happened because of the increase in smartphone usage and of many other personal kinds of devices, and for the increase of organizational internal and outsider threats which makes it more difficult for any organization to be sure about having their data secured and safe. As a result, the author is suggesting that every organization should have an expert data security technology provider to help them have their data totally protected. <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">**<span style="font-family: 'Arial','sans-serif';">Entry history **:
 * <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">Title **<span style="font-family: 'Arial','sans-serif'; font-size: 13px;">: 2011 Forecast Calls for Tighter Security, Stronger Compliance, and a Focus On Device Encryption
 * <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">Companies should control the use of personal devices like smartphone, ipad, and iphone as they are increasing the risks of data breaches on any organization.
 * <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">Rmovable devices increase the risks of removing many of an organizations’ information.
 * <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">Data breaches could be a result of insider or outsider hackers.
 * <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">The author provides a solution for many of the given issues which is to have a data security expert in every and each organization.
 * <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">[Haya Al-Mannai, initial post on Dec. 19, 2011]
 * <span style="font-family: 'Arial','sans-serif'; font-size: 13px;">[<<next person who added commentary>>, < >

<span style="font-family: Arial,sans-serif; font-size: 13px;">**Author(s)**: CNN Tech <span style="font-family: Arial,sans-serif; font-size: 13px;">**Link or reference information:** http://articles.cnn.com/2001-09-17/tech/information.security.idg_1_privacy-and-security-national-security-information-security?_s=PM:TECH <span style="font-family: Arial,sans-serif; font-size: 13px;">**Core ideas** (1, 2, or 3 bullet points that summarize the core idea presented in the article): <span style="font-family: Arial,sans-serif; font-size: 13px;">**Commentary**: Protecting federal, national and corporate data is a governments key responsibility. With the rise of issues such as internet privacy due to the rise of terrorist attacks, governments such as the United States government have designed and planned infrastructure to further protect their national data. Private sector companies have also realized that they need to protect their data and by that, they decided to work together with the government to reduce these risks. The governments focus on protecting their data has steered thier attention from internet privacy which has worried many individuals. Currently the United States government have funded agencies to protect the 'cyberassests' of the government.
 * <span style="font-family: Arial,sans-serif; font-size: 13px;">Title **<span style="font-family: Arial,sans-serif; font-size: 13px;">: Information Security Will Be Key With Lawmakers
 * <span style="font-family: Arial,sans-serif;">Technology issues such as internet privacy have become more significant with the increase of terrorist attacks in the US. Protecting corporate and national data about security incidents have become a priority.
 * <span style="font-family: Arial,sans-serif;">Private sector companies have become fearful of internet attacks and decided to work with the government in attempt to reduce these security risks.
 * <span style="font-family: Arial,sans-serif;">New infrastructure plans have been made in attempts to protect federal information which have been contniously accused for poor security.

<span style="font-family: Arial,sans-serif; font-size: 13px;">**Entry history**:
 * <span style="font-family: Arial,sans-serif; font-size: 13px;">[Meshail Al Misnad, initial post on Dec. 13, 2011]
 * <span style="font-family: Arial,sans-serif; font-size: 13px;">[<<next person who added commentary>>, < >


 * Title ** : Self-Aware Data? Smarter for Sure
 * Author(s) ** : Chris Poulin
 * Link or reference information ** : []

- Data and the system that the data is in are two separate things - Protecting the system doesn’t really mean fully protecting data - Recommendations to firms on protecting data rather than systems
 * Core ideas ** :

I really enjoyed and like this article and the content of it, it brought things into perspective regarding data security rather than system security. I’ve never really separated the two things, and always thought that system hacking is the same as data getting messed with and so on. I would think that the most important asset companies and firms try to protect and keep safe is their data, but most firms try to protect the system rather than the data itself, and that’s what the author is trying to suggest, smart data that can protect it self from threats such as hacking and intrusions. As I said before, it shines a light on the fact that the system and the data are two separate things that both need to be protect and both need to be independent of each other and as long as they depend on each other, breaking into the system means breaking into the data.
 * Commentary ** :


 * Entry history ** :
 * [Sara Al-Mannai, initial post on Dec. 13, 2011]
 * [<<next person who added commentary>>, < >

**Author(s)**: //Michael Riley and John Walcott//
 * Title**: China Based Hacking of 760 Companies Shows Global Cyber War
 * Link or reference information**: []
 * Core ideas** (1, 2, or 3 bullet points that summarize the core idea presented in the article):
 * Chinese hackers have targeted Google Inc. and Inter Corp due to the "solid-gold intellectual property data stored in their computers."
 * The significance of cyber security is somewhat undervalued. If a system is hacked, the hacker can access confidential information sent by the users of the system. Things such as private emails, business negotiations and new product ideas are revealed and stolen by hackers.
 * What worries users of broadband public internet is that hackers are able to get a hold of company secrets.
 * Chinese hackers are hacking into even the smallest U.S businesses highlighting the depth of their cyber war.
 * “They are stealing everything that isn’t bolted down, and it’s getting exponentially worse,” said Representative Mike Rogers, a Michigan Republican who is chairman of the Permanent Select Committee on Intelligence.

The U.S government is now playing a key role in providing cyber security for the private sector. Not only do these Chinese hackers steal manufacturing techniques, blueprints and chemical formulas but they have stolen 'entire industries.' The US government is also raising awareness amongst companies in order to improve security on possible future attacks.
 * Commentary**:

Just recently, 17 Chinese and China based hacking operations were suspended by the US intelligence agency.


 * Entry history**:
 * [Meshail Al Misnad, initial post on Dec. 13, 2011]
 * [<<next person who added commentary>>, < >

http://muse.jhu.edu/journals/sais_review/v030/30.2.ammori.html I believe this article is insightful because it helps us understand the basic dilemma that most information technologies face today. For instance, digital cash constantly battles this issue as consumers want anonymity and government wants to minimize fraud and illegal actions. It also helps us understand the basic difference between security and freedom and how they conflict with each other.
 * Title **: Security Versus Freedom on the Internet
 * Author(s) **: Marvin Ammori, Keira Poellet
 * Link or reference information **:
 * Core ideas ** (1, 2, or 3 bullet points that summarize the core idea presented in the article):
 * Cybersecurity is basically the protection of information that is on the Internet or such systems. It is extremely important at the governmental level because of espionage, attacks, and other serious crimes that can be done if security is jeopardized.
 * Freedom is rather the ability of individuals to access information on the internet. This is to ensure a leveled playing field for speakers and innovators across the Internet.
 * Governments and regulatory institutions are constantly battling this dilemma in the aims of providing a very secure internet but with freedom.
 * Commentary **:
 * Entry history **:
 * [Fatima Fikree, initial post on Dec. 13, 2011]
 * [<<next person who added commentary>>, < >

**<span style="background-color: #ffffff; font-family: Arial; text-decoration: none; vertical-align: baseline;">Title **<span style="background-color: #ffffff; font-family: Arial; text-decoration: none; vertical-align: baseline;">**:** Information security Presentation []
 * <span style="background-color: #ffffff; font-family: Arial; text-decoration: none; vertical-align: baseline;">Author(s) **<span style="background-color: #ffffff; font-family: Arial; text-decoration: none; vertical-align: baseline;">**:** Daniel Urebe Gomez
 * <span style="background-color: #ffffff; font-family: Arial; text-decoration: none; vertical-align: baseline;">Link or reference information: **


 * <span style="background-color: #ffffff; font-family: Arial; text-decoration: none; vertical-align: baseline;">Core ideas **
 * <span style="background-color: #ffffff; font-family: Arial; text-decoration: none; vertical-align: baseline;">Elements that security must protect: Information, Equipment and People.
 * <span style="background-color: #ffffff; font-family: Arial; text-decoration: none; vertical-align: baseline;">Protecting information is maintain its safe from any threats that can affect it.
 * <span style="background-color: #ffffff; font-family: Arial; text-decoration: none; vertical-align: baseline;">Integrity, Confidentiality and Availability: Correct Information, for the correct Person, at the correct moment.
 * <span style="background-color: #ffffff; font-family: Arial; text-decoration: none; vertical-align: baseline;">Are agents able to operate in security failures and as consequence inflict causalities or damages to assets of the user.
 * <span style="background-color: #ffffff; font-family: Arial; text-decoration: none; vertical-align: baseline;">Safety measures are actions oriented towards the elimination of vulnerability, having a sight to avoid threat becomes reality.


 * <span style="background-color: #ffffff; font-family: Arial; text-decoration: none; vertical-align: baseline;">Commentary: **

<span style="background-color: #ffffff; font-family: Arial; text-decoration: none; vertical-align: baseline;">Modern managers have to realise that information security is a serious issue of now days. Data is assets of the company and it is vital to protect it. Vulnerability of the data to users who can harm it can danger company’s data security. Therefore, we can conclude that the security is a practice oriented towards the elimination of the vulnerability to avoid the possibility that the potential threats take shape in atmosphere that is wanted to protect.

=<span style="background-color: white; font-family: Arial,sans-serif; font-size: 10pt; vertical-align: baseline;">Title: 2012 Global State of Information Security Survey = <span style="background-color: white; color: black; font-family: Arial,sans-serif; font-size: 10pt; text-decoration: none;">[]
 * <span style="background-color: #ffffff; font-family: Arial; text-decoration: none; vertical-align: baseline;">Posting history: **
 * <span style="background-color: #ffffff; font-family: Arial; font-size: 13px; text-decoration: none; vertical-align: baseline;">[Nijat Ibrahimov, initial post on Dec. 13, 2011]
 * <span style="background-color: #ffffff; font-family: Arial; font-size: 13px; text-decoration: none; vertical-align: baseline;">[<<next person who added commentary>>, < >]
 * <span style="background-color: white; font-family: Arial,sans-serif; font-size: 10pt;">Author(s) **<span style="background-color: white; font-family: Arial,sans-serif; font-size: 10pt;">: PricewaterhouseCoopers
 * <span style="background-color: white; font-family: Arial,sans-serif; font-size: 10pt;">Link or reference information **<span style="background-color: white; font-family: Arial,sans-serif; font-size: 10pt;">:
 * <span style="background-color: white; font-family: Arial,sans-serif; font-size: 10pt;">Core ideas **<span style="background-color: white; font-family: Arial,sans-serif; font-size: 10pt;">(1, 2, or 3 bullet points that summarize the core idea presented in the article):
 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">Almost half of the respondents see themselves as leaders in effective information security practices.
 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">72% of respondents stated their security measures were effective.
 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">Security capabilities have been degrading since 2008.
 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">Identifies major obstacles to information system security – highest being C-level management involvement and more funding.
 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">Asia is doing much better in information system security than the rest of the world.

<span style="font-family: Arial,sans-serif; font-size: 10pt;"> **Commentary**:

<span style="font-family: Arial,sans-serif; font-size: 10pt;">PWC releases annual surveys regarding information security from 9,600 CEOs, CSOs, CFOs, CISOs, CIOs and VPs from top ranking firms. The results demonstrate that effective information system security requires Chief Executive Management involvement, and those even top-ranking firms who think they have effective practices are still lagging behind the world when it comes to security. It is always good to know where top world firms are in terms of information security to assess risks and costs of adopting effective practices for your business.

<span style="font-family: Arial,sans-serif; font-size: 10pt;"> **Posting history**: <span style="font-family: Arial,sans-serif;"> <span style="font-family: Arial,sans-serif;"> <span style="font-family: Arial,sans-serif;"> Title: Security architecture. Authors: Wikipedia Link or reference information:http://en.wikipedia.org/wiki/Security_architecture
 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">[M Hammad Abbasi, initial post on Dec. 13, 2011]
 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">[<<next person who added commentary>>, < >]

Core ideas:
 * Security of IT can be described as the IT system's ability to protect the confidentiality and integrity of the processed information.
 * security architecture is defined as how the security controls are positioned and how they relate to the overall IT architecture.

Commentary: This is a very informative article, which one can use as a basis to understand what IT security architecture is and how it relates to the overall IT system. Security qualities are considered as non - functional requirements when designing systems. This means that they are not required for the system to meet its functional goals such as processing financial transactions, but are needed for a given level of assurance that the system will perform to meet the functional requirements that have been defined.

Posting history: [Mohammed Al Ahmadani, initial posting on Dec. 16, 2011]