DOCSLIB.ORG

Congressional Record—House H3696

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Congressional Record—House H3696 H3696 CONGRESSIONAL RECORD — HOUSE July 20, 2021 1833, the DHS Industrial Control Sys- disrupt, extort, and simply wreak curity Information Sharing Act of 2015 (6 tems Capabilities Enhancement Act of havoc. These systems underpin the U.S.C. 1501); and’’. 2021. functions and services we rely on for (2) in subsection (c)— As I have said from day one as rank- our day-to-day lives, and the threats (A) in paragraph (5)— (i) in subparagraph (A), by striking ‘‘and’’ ing member of this committee, we need they face have never been higher. after the semicolon at the end; to continue to bolster cybersecurity Successful disruption of one of these (ii) by redesignating subparagraph (B) as capabilities at CISA to defend our Fed- systems could have dire consequences subparagraph (C); eral networks and the Nation’s critical for public health and safety, public (iii) by inserting after subparagraph (A) infrastructure from cyber threats. confidence, and even the national and the following new subparagraph: The volume of cyberattacks and economic security of the United ‘‘(B) sharing mitigation protocols to ransomware attacks in 2021 alone States. counter cybersecurity vulnerabilities pursu- shows that no one is immune from na- CISA is well-positioned to help own- ant to subsection (n); and’’; and (iv) in subparagraph (C), as so redesig- tion-state cyber actors or cyber crimi- ers and operators better understand nated, by inserting ‘‘and mitigation proto- nals. Cyber threats, particularly risks to operational technology and cols to counter cybersecurity vulnerabilities ransomware, are the preeminent na- work with them to close security gaps. in accordance with subparagraph (B)’’ before tional security threat facing our Na- I again want to congratulate the gen- ‘‘with Federal’’; tion today. From Colonial Pipeline to a tleman from New York (Mr. KATKO), (B) in paragraph (7)(C), by striking ‘‘shar- local water facility in Florida, we have my committee colleague and ranking ing’’ and inserting ‘‘share’’; and witnessed the real-world consequences member, on authoring this bill to cod- (C) in paragraph (9), by inserting ‘‘mitiga- cyberattacks can have on our critical ify the role that CISA plays in leading tion protocols to counter cybersecurity vulnerabilities,’’ after ‘‘measures,’’; infrastructure. Federal efforts to secure industrial (3) in subsection (e)(1)(G), by striking the In the cyberattack against a water control systems. semicolon after ‘‘and’’ at the end; treatment plant in Florida, hackers Enactment of H.R. 1833 will help to (4) by redesignating subsection (o) as sub- were able to gain access to industrial raise our cybersecurity posture across section (p); and control systems, or ICS for short, and the board. (5) by inserting after subsection (n) fol- attempted to alter the mixture of Madam Speaker, I yield back the bal- lowing new subsection: water chemicals to what could have ance of my time. ‘‘(o) PROTOCOLS TO COUNTER CERTAIN CY- been catastrophic fatal levels. BERSECURITY VULNERABILITIES.—The Direc- The SPEAKER pro tempore. The tor may, as appropriate, identify, develop, Cyber incidents are very rarely sec- question is on the motion offered by and disseminate actionable protocols to tor specific. CISA is a central agency the gentlewoman from New York (Ms. mitigate cybersecurity vulnerabilities to in- that can quickly connect the dots when CLARKE) that the House suspend the formation systems and industrial control a malicious cyber campaign spans mul- rules and pass the bill, H.R. 1833, as systems, including in circumstances in tiple sectors. It is vital that we con- amended. which such vulnerabilities exist because tinue to enhance its visibility across The question was taken. software or hardware is no longer supported by a vendor.’’. the critical infrastructure ecosystem. The SPEAKER pro tempore. In the This bill requires the CISA director SEC. 3. REPORT ON CYBERSECURITY opinion of the Chair, two-thirds being VULNERABILITIES. to maintain capabilities to detect and in the affirmative, the ayes have it. (a) REPORT.—Not later than one year after mitigate threats and vulnerabilities af- Mr. BISHOP of North Carolina. the date of the enactment of this Act, the fecting automated control of critical Madam Speaker, on that I demand the Director of the Cybersecurity and Infrastruc- infrastructure, particularly industrial yeas and nays. ture Security Agency of the Department of control systems. The SPEAKER pro tempore. Pursu- Homeland Security shall submit to the Com- mittee on Homeland Security of the House of This includes maintaining cross-sec- ant to section 3(s) of House Resolution tor incident response capabilities to re- Representatives and the Committee on 8, the yeas and nays are ordered. Homeland Security and Governmental Af- spond to cybersecurity incidents and Pursuant to clause 8 of rule XX, fur- fairs of the Senate a report on how the Agen- providing cybersecurity technical as- ther proceedings on this motion are cy carries out subsection (n) of section 2209 sistance to stakeholders. postponed. of the Homeland Security Act of 2002 to co- ordinate vulnerability disclosures, including We must continue to solidify CISA’s f lead role in protecting our Nation’s disclosures of cybersecurity vulnerabilities critical infrastructure from cyber CYBERSECURITY VULNERABILITY (as such term is defined in such section), and threats, particularly the industrial REMEDIATION ACT subsection (o) of such section (as added by section 2) to disseminate actionable proto- control systems that underpin vital Ms. CLARKE of New York. Madam cols to mitigate cybersecurity components of our daily lives. Speaker, I move to suspend the rules vulnerabilities to information systems and This bill is one step in the commit- and pass the bill (H.R. 2980) to amend industrial control systems, that includes the tee’s continued efforts to build up the Homeland Security Act of 2002 to following: CISA’s authorities and resources to ef- provide for the remediation of cyberse- (1) A description of the policies and proce- fectively carry out its mission, and it curity vulnerabilities, and for other dures relating to the coordination of vulner- is a resounding statement to have such purposes, as amended. ability disclosures. heavy-hitting, bipartisan support. (2) A description of the levels of activity in The Clerk read the title of the bill. furtherance of such subsections (n) and (o) of Madam Speaker, I urge all Members The text of the bill is as follows: such section 2209. to join me in supporting H.R. 1833, and H.R. 2980 (3) Any plans to make further improve- I reserve the balance of my time. Be it enacted by the Senate and House of Rep- ments to how information provided pursuant Ms. CLARKE of New York. Madam resentatives of the United States of America in to such subsections can be shared (as such Speaker, I have no further speakers, Congress assembled, term is defined in such section 2209) between the Department and industry and other and I am prepared to close after the SECTION 1. SHORT TITLE. stakeholders. gentleman from New York closes. I re- This Act may be cited as the ‘‘Cybersecu- (4) Any available information on the de- serve the balance of my time. rity Vulnerability Remediation Act’’. Mr. KATKO. Madam Speaker, I have gree to which such information was acted SEC. 2. CYBERSECURITY VULNERABILITIES. upon by industry and other stakeholders. no further speakers. I urge Members to Section 2209 of the Homeland Security Act (5) A description of how privacy and civil support this bill. I yield back the bal- of 2002 (6 U.S.C. 659) is amended— liberties are preserved in the collection, re- ance of my time. (1) in subsection (a)— tention, use, and sharing of vulnerability Ms. CLARKE of New York. Madam (A) in paragraph (5), by striking ‘‘and’’ disclosures. Speaker, I yield myself the balance of after the semicolon at the end; (b) FORM.—The report required under sub- my time to close. (B) by redesignating paragraph (6) as para- section (b) shall be submitted in unclassified I would like to start by thanking the graph (7); and form but may contain a classified annex. (C) by inserting after paragraph (5) the fol- SEC. 4. COMPETITION RELATING TO CYBERSECU- gentleman from New York for his out- lowing new paragraph: RITY VULNERABILITIES. standing leadership in this regard. ‘‘(6) the term ‘cybersecurity vulnerability’ The Under Secretary for Science and Tech- Industrial control systems are a rich has the meaning given the term ‘security nology of the Department of Homeland Secu- target for cyber adversaries looking to vulnerability’ in section 102 of the Cyberse- rity, in consultation with the Director of the VerDate Sep 11 2014 05:06 Jul 21, 2021 Jkt 019060 PO 00000 Frm 00024 Fmt 7634 Sfmt 0634 E:\CR\FM\K20JY7.039 H20JYPT1 ctelli on DSK11ZRN23PROD with HOUSE July 20, 2021 CONGRESSIONAL RECORD — HOUSE H3697 Cybersecurity and Infrastructure Security GENERAL LEAVE tinuing to work with her and my other Agency of the Department, may establish an Ms. CLARKE of New York. Madam colleagues on the preeminent national incentive-based program that allows indus- Speaker, I ask unanimous consent that security threat facing our Nation try, individuals, academia, and others to all Members may have 5 legislative today. compete in identifying remediation solutions Madam Speaker, I urge Members to for cybersecurity vulnerabilities (as such days to revise and extend their re- term is defined in section 2209 of the Home- marks and to include extraneous mate- join me in supporting H.R. 2980, and I land Security Act of 2002, as amended by sec- rial on this measure. reserve the balance of my time. tion 2) to information systems (as such term The SPEAKER pro tempore. Is there Ms. CLARKE of New York. Madam is defined in such section 2209) and industrial objection to the request of the gentle- Speaker, I yield 5 minutes to the gen- control systems, including supervisory con- woman from New York? tlewoman from Texas (Ms.
Load more

Recommended publications
  • The Most Common Blunder People Make When the Topic of a Computer Virus Arises Is to Refer to a Worm Or Trojan Horse As a Virus
    Trojan And Email Forging 1) Introduction To Trojan&viruses: A Trojan horse, or Trojan, in computing is a generally non-self-replicating type of malware program containing malicious code that, when executed, carries out actions determined by the nature of the Trojan, typically causing loss or theft of data, and possible system harm. The term is derived from the story of the wooden horse used to trick defenders of Troy into taking concealed warriors into their city in ancient Anatolia, because computer Trojans often employ a form of social engineering, presenting themselves as routine, useful, or interesting in order to persuade victims to install them on their computers.[1][2][3][4][5] A Trojan often acts as a backdoor, contacting a controller which can then have unauthorized access to the affected computer.[6] While Trojans and backdoors are not easily detectable by themselves, computers may appear to run slower due to heavy processor or network usage. Malicious programs are classified as Trojans if they do not attempt to inject themselves into other files (computer virus) or otherwise propagate themselves (worm).[7] A computer may host a Trojan via a malicious program a user is duped into executing (often an e-mail attachment disguised to be unsuspicious, e.g., a routine form to be filled in) or by drive-by download. The Difference Between a Computer Virus, Worm and Trojan Horse The most common blunder people make when the topic of a computer virus arises is to refer to a worm or Trojan horse as a virus. One common mistake that people make when the topic of a computer virus arises is to refer to a worm or Trojan horse as a virus.
    [Show full text]
  • Surveying a World of Advanced Threats
    Chapter 1 Surveying a World of Advanced Threats In This Chapter ▶ Distinguishing between basic and advanced threats ▶ Recognizing three types of cyberenemies ▶ Counting the cost of data breaches It’s getting rough out there. I’m not kidding. In more than two decades of observing the effects of enterprise and government data breaches, I’ve never seen anything like today’s threat landscape. The sheer number of recent high-profile cyberattacks is staggering. The bad guys clearly have the upper hand, and it seems like there’s nothing that any of us can do about it. Given the efficacy of modern-day threats, today’s informa- tion security professionals are judged not only on how well they can block known threats but also on how quickly they can uncover, identify, and mitigate unknown threats. Unfortunately, too many security professionals lack the tools andCOPYRIGHTED training needed to stay ahead MATERIAL in this cyberarms race. In this chapter, I distinguish between basic and advanced cyberthreats while exploring common variations of advanced threats along the way. I also cite recent data-breach statistics, describe three types of cyberenemies, and review high-profile commercial and government cyberattacks that recently made international headlines. But first, allow me to clarify the differences between basic and advanced threats. 004_9781118658765-ch01.indd4_9781118658765-ch01.indd 3 77/1/13/1/13 112:452:45 PMPM 4 Advanced Threat Detection For Dummies Contrasting Basic and Advanced Threats The following are key characteristics of basic and advanced cyberthreats: ✓ Basic threats are known threats against known operat- ing system (OS) or application-level vulnerabilities.
    [Show full text]
  • Chapter 3: Viruses, Worms, and Blended Threats
    Chapter 3 Chapter 3: Viruses, Worms, and Blended Threats.........................................................................46 Evolution of Viruses and Countermeasures...................................................................................46 The Early Days of Viruses.................................................................................................47 Beyond Annoyance: The Proliferation of Destructive Viruses .........................................48 Wiping Out Hard Drives—CIH Virus ...................................................................48 Virus Programming for the Masses 1: Macro Viruses...........................................48 Virus Programming for the Masses 2: Virus Generators.......................................50 Evolving Threats, Evolving Countermeasures ..................................................................51 Detecting Viruses...................................................................................................51 Radical Evolution—Polymorphic and Metamorphic Viruses ...............................53 Detecting Complex Viruses ...................................................................................55 State of Virus Detection.........................................................................................55 Trends in Virus Evolution..................................................................................................56 Worms and Vulnerabilities ............................................................................................................57
    [Show full text]
  • Cyber-Crime, Securities Markets and Systemic Risk, Joint Staff
    Staff Working Paper: [SWP2/2013] Cyber-crime, securities markets and systemic risk 16 July, 2013 Joint Staff Working Paper of the IOSCO Research Department and World Federation of Exchanges Author: Rohini Tendulkar (IOSCO Research Department) Survey: Grégoire Naacke (World Federation of Exchanges Office) and Rohini Tendulkar This Staff Working Paper should not be reported as representing the views of IOSCO or the WFE. The views and opinions expressed in this Staff Working Paper are those of the author and do not necessarily reflect the views of the International Organisation of Securities Commissions or the World Federation of Exchanges, or its members. For further information please contact: [email protected] IOSCO Staff Working Paper July 2013 Contents About this Document ................................................................................................................ 2 Executive Summary ................................................................................................................... 3 Introduction .............................................................................................................................. 6 Understanding the Cyber-Crime Risk ...................................................................................... 11 Systemic risk scenarios ........................................................................................................ 22 A Focus on The World’s Exchanges ......................................................................................... 23
    [Show full text]
  • TROJANS, WORMS, and SPYWARE This Page Intentionally Left Blank
    TROJANS, WORMS, AND SPYWARE This page intentionally left blank TROJANS, WORMS, AND SPYWARE A Computer Security Professional’s Guide to Malicious Code Michael Erbschloe AMSTERDAM • BOSTON • HEIDELBERG • LONDON NEW YORK • OXFORD • PARIS • SAN DIEGO SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO Elsevier Butterworth–Heinemann 200 Wheeler Road, Burlington, MA 01803, USA Linacre House, Jordan Hill, Oxford OX2 8DP, UK Copyright © 2005, Elsevier Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Permissions may be sought directly from Elsevier’s Science & Technology Rights Department in Oxford, UK: phone: (+44) 1865 843830, fax: (+44) 1865 853333, e-mail: [email protected]. You may also complete your request on-line via the Elsevier homepage (http://elsevier.com), by selecting “Customer Support” and then “Obtaining Permissions.” Recognizing the importance of preserving what has been written, Elsevier prints its books on acid-free paper whenever possible. Library of Congress Cataloging-in-Publication Data Application submitted. British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library. ISBN: 0-7506-7848-8 For information on all Butterworth–Heinemann publications visit our website at http://books.elsevier.com/security 03 04 05 06 07 08 09 10 9 8 7 6 5 4 3 2 1 Printed
    [Show full text]
  • Meeting the Cyber Security Challenge
    Research Series 01.2012 - Newidea 7 - 2012 GCSP avenue de la Paix 7bis Meeting the P. O. Box 1295 CH - 1211 Geneva 1 T + 41 22 906 16 00 Cyber Security Challenge F + 41 22 906 16 49 [email protected] www.gcsp.ch Gustav Lindstrom Impartial, Inclusive, Influential The opinions and views expressed in this document do not necessarily reflect the position of the Swiss authorities or the Geneva Centre for Security Policy. Copyright © Geneva Centre for Security Policy, 2012 Meeting the Cyber Security Challenge Gustav Lindstrom GCSP Geneva Papers — Research Series n° 7, June 2012 The Geneva Centre for Security Policy The Geneva Centre for Security Policy (GCSP) is an international training centre for security policy based in Geneva. An international foundation with over forty member states, it offers courses for civil servants, diplomats and military officers from all over the world. Through research, workshops and conferences it pro- vides an internationally recognized forum for dialogue on timely issues relating to security and peace. The Geneva Papers and l’Esprit de Genève With its vocation for peace, Geneva is the city where international organizations, NGOs, and the academic community, working together, have the possibility of creating the essential conditions for debate and concrete action. The Geneva Pa- pers intend to serve the same goal by promoting a platform for constructive and substantive dialogue. Geneva Papers – Research Series The Geneva Papers – Research Series is a new set of publications offered by the GCSP. It complements the Geneva Papers – Conference Series that was launched in 2008, whose purpose is to reflect on the main issues and debates of an event organized by the GCSP.
    [Show full text]
  • The Roles and Responsibilities for Defending the Nation from Cyber Attack
    S. HRG. 115–597 THE ROLES AND RESPONSIBILITIES FOR DEFENDING THE NATION FROM CYBER ATTACK HEARING BEFORE THE COMMITTEE ON ARMED SERVICES UNITED STATES SENATE ONE HUNDRED FIFTEENTH CONGRESS FIRST SESSION OCTOBER 19, 2017 Printed for the use of the Committee on Armed Services ( Available via the World Wide Web: http://www.govinfo.gov/ U.S. GOVERNMENT PUBLISHING OFFICE 36–192 PDF WASHINGTON : 2019 VerDate Nov 24 2008 11:07 May 02, 2019 Jkt 000000 PO 00000 Frm 00001 Fmt 5011 Sfmt 5011 Y:\REIER-AVILES\2017\2017 HEARINGS TO BE PRINTED\36192.TXT WILDA COMMITTEE ON ARMED SERVICES JOHN MCCAIN, Arizona, Chairman JAMES M. INHOFE, Oklahoma JACK REED, Rhode Island ROGER F. WICKER, Mississippi BILL NELSON, Florida DEB FISCHER, Nebraska CLAIRE MCCASKILL, Missouri TOM COTTON, Arkansas JEANNE SHAHEEN, New Hampshire MIKE ROUNDS, South Dakota KIRSTEN E. GILLIBRAND, New York JONI ERNST, Iowa RICHARD BLUMENTHAL, Connecticut THOM TILLIS, North Carolina JOE DONNELLY, Indiana DAN SULLIVAN, Alaska MAZIE K. HIRONO, Hawaii DAVID PERDUE, Georgia TIM KAINE, Virginia TED CRUZ, Texas ANGUS S. KING, JR., Maine LINDSEY GRAHAM, South Carolina MARTIN HEINRICH, New Mexico BEN SASSE, Nebraska ELIZABETH WARREN, Massachusetts LUTHER STRANGE, Alabama GARY C. PETERS, Michigan CHRISTIAN D. BROSE, Staff Director ELIZABETH L. KING, Minority Staff Director (II) VerDate Nov 24 2008 11:07 May 02, 2019 Jkt 000000 PO 00000 Frm 00002 Fmt 8486 Sfmt 8486 Y:\REIER-AVILES\2017\2017 HEARINGS TO BE PRINTED\36192.TXT WILDA C O N T E N T S OCTOBER 19, 2017 Page THE ROLES AND RESPONSIBILITIES FOR DEFENDING THE NATION FROM CYBER ATTACK .................................................................................................................
    [Show full text]
  • An Intelligence Based Model for the Prevention of Advanced Cyber-Attacks
    An Intelligence based Model for the Prevention of Advanced Cyber-Attacks Olawale Surajudeen Adebayo Associate Professor (Dr.) Normaziah Bintin 1 AbdulAzeez Computer Science Department, International Islamic Computer Science Department, International Islamic University Malaysia, 2CSS Department, Federal University University Malaysia of Technology Minna, Nigeria [email protected] [email protected], [email protected], [email protected] Abstract — The trend and motive of Cyber-attacks have gone Nimda, Conficker, Code Red etc.), and APTs (Advanced beyond traditional damages, challenges to information stealing Persistent Threat which is a sophisticated cyber-attack that for political and economic gain. With the recent APT (Advance employs advanced stealth techniques to remain undetected Persistent Threat), Zero-day malware, and Blended threat, the over times) [17]. The important cyber-attacks considered in task of protecting vita infrastructures are increasingly becoming this research are Malware and APTs (Andvanced Persistent difficult. This paper presents an intelligence based technique that combined the traditional signature based detection with the next Threats). generation based detection. The proposed model consists of virtual execution environment, detection, and prevention module. Next Generation Security is a security that is meant to deal The virtual execution environment is designated to analyze and with the recent next generation threats and cyber-attacks. New execute a suspected file contains malware while other module Generation Security is a defence strategy that capable of not inspect, detect, and prevent malware execution based on the only scanning and detecting but also preventing the feature intelligent gathering in the central management system (CMS). escalation of occurrence of next generation threats like zero- The model based on Next Generation Malware Detection of day malware, polymorphic and blended malware.
    [Show full text]
  • Cyber-Security Threat Characterisation a Rapid Comparative Analysis
    CHILDREN AND FAMILIES The RAND Corporation is a nonprofit institution that helps improve policy and EDUCATION AND THE ARTS decisionmaking through research and analysis. ENERGY AND ENVIRONMENT HEALTH AND HEALTH CARE This electronic document was made available from www.rand.org as a public INFRASTRUCTURE AND service of the RAND Corporation. TRANSPORTATION INTERNATIONAL AFFAIRS LAW AND BUSINESS NATIONAL SECURITY Skip all front matter: Jump to Page 16 POPULATION AND AGING PUBLIC SAFETY SCIENCE AND TECHNOLOGY Support RAND TERRORISM AND Browse Reports & Bookstore HOMELAND SECURITY Make a charitable contribution For More Information Visit RAND at www.rand.org Explore RAND Europe View document details Limited Electronic Distribution Rights This document and trademark(s) contained herein are protected by law as indicated in a notice appearing later in this work. This electronic representation of RAND intellectual property is provided for non-commercial use only. Unauthorized posting of RAND electronic documents to a non-RAND Web site is prohibited. RAND electronic documents are protected under copyright law. Permission is required from RAND to reproduce, or reuse in another form, any of our research documents for commercial use. For information on reprint and linking permissions, please see RAND Permissions. This report is part of the RAND Corporation research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity. EUROPE Cyber-security threat characterisation A rapid comparative analysis Neil Robinson, Luke Gribbon, Veronika Horvath, Kate Robertson Prepared for the Center for Asymmetric Threat Studies (CATS), Swedish National Defence College, Stockholm The research described in this document was prepared for the Center for Asymmetric Threat Studies (CATS), Swedish National Defence College, Stockholm.
    [Show full text]
  • Design, Analysis, and Evaluation
    An Anomaly Behavior Analysis Methodology for the Internet of Things: Design, Analysis, and Evaluation Item Type text; Electronic Dissertation Authors Pacheco Ramirez, Jesus Horacio Publisher The University of Arizona. Rights Copyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author. Download date 02/10/2021 07:40:12 Link to Item http://hdl.handle.net/10150/625581 1 AN ANOMALY BEHAVIOR ANALYSIS METHODOLOGY FOR THE INTERNET OF THINGS: DESIGN, ANALYSIS, AND EVALUATION By Jesus Horacio Pacheco Ramirez Copyright Jesus Horacio Pacheco Ramirez 2017 A Dissertation Submitted to the Faculty of the DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING In Partial Fulfillment of the Requirements For the Degree of DOCTOR OF PHILOSOPHY In the Graduate College THE UNIVERSITY OF ARIZONA 2017 2 THE UNIVERSITY OF ARIZONA GRADUATE COLLEGE As members of the Dissertation Committee, we certify that we have read the dissertation prepared by Jesus Horacio Pacheco Ramirez entitled “An Anomaly Behavior Analysis Methodology for the Internet of Things: Design, Analysis, and Evaluation” and recommend that it be accepted as fulfilling the dissertation requirement for the Degree of Doctor of Philosophy _______________________________________________________Date: June 08, 2017 Dr. Salim Hariri _______________________________________________________Date: June 08, 2017 Dr. Ali Akoglu _______________________________________________________Date: June 08, 2017 Dr. Gregory Ditzler Final approval and acceptance of this dissertation is contingent upon the candidate's submission of the final copies of the dissertation to the Graduate College. I hereby certify that I have read this dissertation prepared under my direction and recommend that it be accepted as fulfilling the dissertation requirement.
    [Show full text]
  • Security Policies and Procedures.Pdf
    ptg16525539 Security Program and Policies: Principles and Practices Second Edition ptg16525539 Sari Stern Greene 800 East 96th Street, Indianapolis, Indiana 46240 USA Security Program and Policies: Principles and Practices, Editor-in-Chief Second Edition Dave Dusthimer Sari Stern Greene Acquisitions Editor Betsy Brown Copyright ® 2014 by Pearson Education, Inc. Development Editor All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or Box Twelve, Inc. transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in Managing Editor the preparation of this book, the publisher and author assume no responsibility for errors or Sandra Schroeder omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. Project Editor Seth Kerney ISBN-13: 978-0-7897-5167-6 ISBN-10: 0-7897-5167-4 Copy Editor Bart Reed Library of Congress Control Number: 2014932766 Indexer Printed in the United States of America Heather McNeill Second Printing: July 2015 Proofreader Anne Goebel ptg16525539 Trademarks Technical Editors All terms mentioned in this book that are known to be trademarks or service marks have Ronald Gonzales been appropriately capitalized. Pearson IT Certification cannot attest to the accuracy of this Tatyana Zidarov information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. Publishing Coordinator Vanessa Evans Warning and Disclaimer Interior Designer Every effort has been made to make this book as complete and as accurate as possible, but Gary Adair no warranty or fitness is implied.
    [Show full text]
  • CA Threat Portfolio Technology Brief
    TECHNOLOGY BRIEF: CA THREAT MANAGEMENT SOLUTIONS The CA Threat Management Solutions Table of Contents Executive Summary SECTION 1: CHALLENGE 2 The Security Threat Landscape Security Threats Productivity Threats SECTION 2: OPPORTUNITY 4 Types of Malicious Software Viral Threats Spyware and Other Non-Viral Threats Blended Threats SECTION 3: BENEFITS 8 An Effective Threat Strategy Yields Multi-Fold Benefits Business Benefits of the CA Threat Management Solutions SECTION 4: CONCLUSIONS 12 SECTION 5: REFERENCES 12 ABOUT CA Back Cover Copyright © 2007 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. To the extent permitted by applicable law, CA provides this document “As Is” without warranty of any kind, including, without limitation, any implied warranties of merchantability or fitness for a particular purpose, or non-infringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised of such damages. Executive Summary Challenge Businesses are critically dependent upon their IT systems and failure to counter threats to IT systems can not only result in damage to network, systems and data, but can also affect the reputation of your business. Threats to computer systems affect both system security and productivity. Viruses and spyware are the main threats to business IT systems, but blended threats, where different types of malicious software are used in combination, are now very common.
    [Show full text]