Computer security is one of the most complicated and challenging fields in technology today. A security metrics program provides a major benefit: looking at the metrics on a regular basis offers early clues to changes in attack patterns or environmental factors that may require changes in security strategy. The term "security metrics"…

Many security professionals choose the career because of an interest in the technology of security. Few realize the degree to which a contemporary security office interacts with law enforcement agencies (LEAs) such as the FBI and state, local, and campus police. As the field of information security has matured, the language of risk management is…

At Dartmouth College, the author teaches a course called "Security and Privacy." Its early position in the overall computer science curriculum means the course needs to be introductory, and the author can't assume the students possess an extensive computer science background. These constraints leave the author with a challenge: to construct…

Many of the information security appliances, devices, and techniques currently in use are designed to keep unwanted users and Internet traffic away from important information assets by denying unauthorized access to servers, databases, networks, storage media, and other underlying technology resources. These approaches employ firewalls, intrusion…

No university seems immune to cyber attacks. For many universities, such events have served as wake-up calls to develop a comprehensive information security and privacy strategy. This is no simple task, however. It involves balancing a culture of openness with a need for security and privacy. Security and privacy are not the same, and the…

It is difficult to estimate the costs of not writing thorough IT policy. Misuse of IT resources, whether through ignorance or malice, costs money, as do court cases that can result from abuse. Furthermore, a poor university accreditation report caused in part by poor policy documents will likely have an adverse impact on student enrollment. There…

For years computer viruses have threatened productive use of personal computers, challenging users and support providers to prevent and recover from viral attacks. Now another type of computing malady has begun to enter popular consciousness: spyware. Typically, analyses of spyware focus on technical issues or provide pointers to resources for…

Good information security does not just happen--and often does not happen at all. Resources are always in short supply, and there are always other needs that seem more pressing. Why? Because information security is hard to define, the required tasks are unclear, and the work never seems to be finished. However, the loss to the organization can be…