SRA111: Introduction to Security and Risk Analysis

Course Description

SRA 111 is an introductory course with a broad focus, spanning primarily the areas of security, risk, and risk analysis. In addition to familiarizing the student with basic security terminology, it will also touch upon social and legal issues, risk analysis and mitigation, crime intelligence and forensics, and information warfare and assurance.

This course will motivate students to understand the requirements for security in any government agency or business organization through the use of case studies. Included in this segment are cases related to cyberterrorism, bioterrorism, and critical infrastructure protection. Some concepts to be covered in the area of information security are: confidentiality, integrity, availability, and non- repudiation. Various methods of safeguarding these security concerns will be discussed, such as: single- and multi-factor authentication, encryption, digital signatures, prevention of denial of service attacks, and so forth. This course also covers social and legal issues related to security, in particular identity theft and social engineering. Topics in this section include identity theft, spam, spyware, and adware. This course also covers the basic principles and the approaches to risk analysis. Here students study vulnerability analysis, crime and intelligence analysis, forensics, techniques for risk assessment and risk mitigation.

The course will prepare students for more in-depth courses such as SRA 211, SRA 221 and SRA 311. This course will incorporate collaborative and action-learning experiences wherever appropriate. Emphasis will be placed on developing and practicing writing and speaking skills through application of the concepts that define the course.

Course Objectives

Upon completion of the course, the student will:

• Understand basic security concepts, terminology and possible solutions. • Develop an understanding of the social and legal issues of security and privacy. • Understand the basics of crime intelligence and forensics analysis. • Be able to apply risk analysis, evaluation and mitigation methods. • Understand information warfare and information assurance. • Have an awareness of current and future trends in information and cyber security. 1

Classes Information

Section: 001 Class Time: MWF 11:00-11:50am Class Room: Frable 227

About the Instructor

Instructor: Galen A. Grimes, Associate Professor of IST Office: Frable 213 Office Hours: See faculty website Phone/Fax: 412-675-9479 E-mail: [email protected] Web Site: http://www.personal.psu.edu/faculty/g/a/gag5/

Course Materials

• Supplemental reading materials at the discretion of the instructor • The New York Times (newspaper)

Course Policies • (Any policies implemented by the instructor or campus). • Quizzes will be given throughout the semester, at a rate of approximately 1 per chapter. Quizzes will always cover the material covered since the last Quiz or Exam. The quizzes will be combinations of objective and/or short-answer questions. Makeup quizzes will not be given. Any class material missed by the student is the student's responsibility to acquire. • Students with disabilities. The Pennsylvania State University is committed to providing access to a quality education for all students. Penn State welcomes students with disabilities into the University's educational programs. If a student has a disability- related need for modifications or reasonable accommodations in this course, it is the responsibility of the student to first obtain a University accommodation letter confirming the disability and suggesting appropriate remedies. This letter should be obtained from the campus Disability Contact Liaison. The contact person at Penn State Greater Allegheny is Victoria Garwood (Frable 103, 412-675-9070, [email protected]). Students from other Penn State campuses can find their contact person at http://www.equity.psu.edu/ods/dcl.asp. It is encouraged that students request their accommodation needs early in the semester, and once identified, a reasonable accommodation will be implemented in a timely manner. Students may also access the web site for the Office of Disability Services at University Park for more information: http://www.equity.psu.edu/ods/. • PSU Statement on Academic Integrity. According to the University Advising Handbook: "Academic integrity is the pursuit of scholarly activity free from fraud and deception, and is the educational objective of this institution. Academic dishonesty includes, but is not limited to cheating, plagiarism, fabrication of information or citations, facilitating acts of academic dishonesty by others, unauthorized possession of examinations, submitting work of another person, or work previously used without informing the instructor, or tampering with the academic work of other students. Any violation of academic integrity will be thoroughly investigated, and where warranted, punitive action will be taken." Students should be aware that standards for documentation and intellectual contribution may depend on the course content and method of teaching, and should consult instructors for guidance.

Tentative Schedule

Week Topics Readings Assignments/Tests 1 Introduction to Information Security— Wired Magazine: “Hackers Remotely Kill a Jeep on the Highway—With Me In It:”, July 21, 2015 http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ Reuters: Researcher says can hack GM OnStar app, open vehicle, start engine, July 30, 2015, http://www.reuters.com/article/2015/07/30/us-gm-hacking- idUSKCN0Q42FI20150730 NPR: All Tech Considered, “Major Flaw In Android Phones Would Let Hackers In With Just A Text”, July 27, 2015 http://www.npr.org/sections/alltechconsidered/2015/07/27/426613020/major- flaw-in-android-phones-would-let-hackers-in-with-just-a-text

VIDEO: Bruce Schneier: The Security Mirage (21:05): [cc/t] http://www.ted.com/talks/bruce_schneier.html NPR/On Point, July 26, 2012, A Trade Show for Hackers—Black Hat Conference, http://onpoint.wbur.org/2012/07/26/hackers

2 ***Labor Day*** VIDEO: Nerds 2.0 Volume 1, “Networking the Nerds”, Part 1 [cc] Discussion Activity 1— Personal Security Risks VIDEO: Nerds 2.0 Volume 1, “Networking the Nerds”, Part 2 [cc]

3 Introduction to Security Chapter 1— Discussion Activity 2— Ciampa Malicious Code VIDEO: Mikko Hypponen—Fighting Viruses, Defending the Net (17:36): [cc/t] http://www.ted.com/talks/lang/eng/mikko_hypponen_fighting_viruses_defend ing_the_net.html [VIDEO-MikkoHypponen_2011g.mp4] NPR: Marketplace, How One Hack Got to Engineers with Security Clearance, Sept 10 2013, http://www.marketplace.org/topics/tech/how-one-hack-got- engineers-security-clearances

NPR: All Things Considered, Security Firm Hacks a Car With a Text— Chapter Review Questions— August 29, 2011 [cc/t], http://www.npr.org/2011/08/29/140042759/security- Chapter 1—Ciampa firm-hacks-a-car-with-a-text

NPR: All Tech Considered, With Smarter Cars, The Doors Are Open To Hacking Dangers—July 30, 2013, http://www.npr.org/blogs/alltechconsidered/2013/07/30/206800198 /Smarter-Cars-Open-New-Doors-To-Smarter-Thieves

4 Introduction and Overview of Computer Forensics and Cybercrime Chapter 1— Discussion Activity 3— Britz Security Access Controls Discussion Questions—Chapter 1 (Britz) Discussion Questions 1-5, p.22 NPR: Morning Edition, Dear Apple: Good Luck Against The Quiz—Chapter 1 (Ciampa) Smartphone Black Market—Sept 16 2013, http://www.npr.org/blogs/alltechconsidered/2013/09/16/222125010/ dear-apple-good-luck-against-the-smartphone-black-market

5 Desktop Security Chapter 2— Discussion Activity 4— Ciampa Security Policy NPR: All Things Considered/All Tech Considered, Hunting for a Password That Only You Will Know [cc/t] http://www.npr.org/2011/07/25/138672758/hunting-for-a-password-that-only- you-will-know NPR: All Things Considered/All Tech Considered, How to Protect Yourself From Hacking [cc/t] http://www.npr.org/templates/rundowns/rundown.php?prgId=2&prgDate=7- 25-2011 60 Minutes: Cyber War, JUN 13 2010, Chapter Review Questions— http://www.cbsnews.com/video/watch/?id=6578069n&tag=mncol;lst;1 Chapter 2 (Ciampa)

NPR: All Things Considered, Your PIN May Not be Uncrackable After All, [cc/t] Sept 20, 2012, http://www.npr.org/player/v2/mediaPlayer.html?action=1&t=1&islist=false&i d=161502081&m=161502066

www.passfault.com

NPR, All Things Considered, The Most Secure Password in the World Might Be You, http://www.npr.org/blogs/alltechconsidered/2013/11/05/243060103/the-most- secure-password-in-the-world-might-be-you

6 Contemporary Computer Crime Chapter 4— Discussion Activity 5—Risk Britz Assessment

Discussion Question—Chapter 4 (Britz) Discussion Question 1-5, p.111 NPR: Morning Edition, FEB 12, 2013, “In Cyberwar, Software Flaws Are A Hot Commodity”, http://www.npr.org/2013/02/12/171737191/in- cyberwar-software-flaws-are-a-hot-commodity NPR: Morning Edition, FEB 13, 2013, “Victims Of Cyberattacks Get Proactive Against Intruders”, http://www.npr.org/2013/02/13/171843046/victims-of-cyberattacks- now-going-on-offense-against-intruders NPR: The Diane Rehm Show, FEB 13, 2013, “The Growing Threat Of Cyber- Espionage”, http://thedianerehmshow.org/ Quiz—Chapter 2 (Ciampa)

7 Internet Security Chapter 3— Discussion Activity 6— Ciampa Encryption Chapter Review Questions— Chapter 3 (Ciampa) NPR: All Things Considered: Does iCloud Pose Security Risks to Users, http://www.npr.org/2011/06/09/137089307/does-icloud-pose-security-risks-to- users

8 The Fourth Amendment and Other Legal Issues Chapter 9— Discussion Activity 7—Spam Britz SOPA Virus Kidnaps Computers for Ransom, http://betabeat.com/2012/10/sopa-virus-kidnaps-computers-for-ransom-video/ ABC News Tracks Missing iPad to Florida Home of TSA Officer, 7

http://abcnews.go.com/Blotter/abc-news-tracks-missing-ipad-florida-home- tsa/story?id=17331937 Surveillance of IT Technology— Discussion Questions 1-5, NPR: Fresh Air: The Technology Helping Repressive Regimes Spy, p.264 http://www.npr.org/2011/12/14/143639670/the-technology-helping- repressive-regimes-spy

NPR: Fresh Air: Tracking The Companies That Track You Online, [cc/t] http://www.npr.org/templates/story/story.php?storyId=129298003

NPR/Fresh Air, Interpreting the Constitution in the Digital Age, http://www.npr.org/2011/11/30/142714568/interpreting-the- constitution-in-the-digital-era

Cyber Terrorism CBS News 60 Minutes: Stuxnet: Computer Worm Opens new era of Warfare, http://www.cbsnews.com/video/watch/?id=7400904n&tag=contentBody;story MediaBox Quiz—Chapter 3 (Ciampa)

9 Personal Security Chapter 4— Discussion Activity 8— Ciampa Network Security

CBS News 60 Minute, The Data Brokers-Selling Your Information, http://www.cbsnews.com/news/the-data-brokers-selling-your-personal- information/ Authentication—1FA and 2FA Chapter Review Questions— Chapter 3 (Ciampa) VIDEO: Nigerian 419 Scam

NPR: Morning Edition, July 12, 2012, Mobile Ad Networks Accused of Invasive Apps NPR: Weekend All Things Considered, FEB 17, 2013, Want To Keep Your Messages Private? There's An App For That, http://www.npr.org/blogs/alltechconsidered/2013/02/17/172258256/

want-to-keep-your-messages-private-theres-an-app-for-that

NPR: All Things Considered, Study May Shed Light on How to Stop Spam, http://www.npr.org/2011/05/26/136690513/study-may-shed-light-on-how-to- stop-spam NBC Dateline—To Catch a Con Man: http://www.msnbc.msn.com/id/17697615/

10 Identity Theft and Identity Fraud Chapter 5— Discussion Activity 9— CBS 60 Minutes, “Biggest IRS Scam Around: Identity Tax Refund Fraud”, Britz Mitigation of Risks and http://www.cbsnews.com/videos/biggest-irs-scam-around-identity-tax-refund- Threats fraud/ Discussion—Case Studies Chapter 4 Discussion Questions 1-5, NPR: All Tech Considered, Woman Invokes 5th Amendment to Avoid p.143 Disclosing Laptop Password, http://www.npr.org/2011/07/11/137773335/when-asked-to-disclose-laptop- password-woman-invokes-5th-amendment NPR: Morning Edition, E-Mail, To Encrypt or Not to Encrypt, http://www.npr.org/templates/story/story.php?storyId=91666556 VIDEO: NBC Dateline, “To Catch and ID Thief” (YouTube) VIDEO: NBC Dateline, “Putting a Face on ID Theft” (YouTube) Quiz—Chapter 4

11 Wireless Network Security Chapter 5— Discussion Activity 10— NPR: All Things Considered, McAfee Releases Report on Hacking Project, Ciampa Policies and Laws http://www.npr.org/2011/08/03/138962415/mcafee-releases-report-on- hacking-project How to Crack a WPA Wireless Network http://lifehacker.com/5873407/how- Chapter Review Questions— to-crack-a-wi+fi-networks-wpa-password-with-reaver Chapter 5 (Ciampa) DD-WRT http://dd-wrt.com/site/index

12 Avenues for Prosecuting and Government Efforts Chapter 7— NPR, All Things Considered, “Laboring in the Shadows to Keep the Web Free Britz of Child Porn”, http://www.npr.org/2013/11/17/245829002/laboring-in-the-shadows-to-keep- 9

the-web-free-of-child-porn Discussion Questions—Chapter 7 Discussion Questions 1-5, CBS News 60 Minutes, “FBI Director on threat of ISIS, Cybercrime”, p.213 http://www.cbsnews.com/news/fbi-director-james-comey-on-threat-of-isis- cybercrime/ Quiz—Chapter 5 (Ciampa)

13 Enterprise Security Chapter 6— VIDEO: How Online Gamblers Unmasked Cheaters— Ciampa http://www.cbsnews.com/stories/2008/11/25/60minutes/main4633254.shtml NPR: On the Media, Government Reverses Itself on Online Gambling, http://www.onthemedia.org/2012/jan/06/government-reverses-itself-line- gambling/ VIDEO: TJ Maxx Break-in (Hi Tech Heist) http://www.cbsnews.com/video/watch/?id=4649240n http://www.youtube.com/watch?v=MxG2J3bf1BQ&feature=related VIDEO: To Catch a Con Man—(YouTube) Chapter Review Questions— Chapter 6 (Ciampa) VIDEO: To Catch an ID Thief—(YouTube)

VIDEO: To Catch a Lotto Scammer—(YouTube)

14 Computer Forensics: Terminology and Requirements Chapter 10— Britz Video: To Catch a Predator - Discussion Questions 1-5, http://www.msnbc.msn.com/id/21134540/vp/22412084#22424498 p.299 To Catch a Predator—YouTube http://www.youtube.com/results?search_query=dateline+nbc+to+catch+a+pre dator&aq=1 Quiz—Chapter 6 (Ciampa)

15 Semester Project Presentations

Final Exam—Chapters 1-6 (Ciampa); Chapters 1, 4, 5, 7, 9, 10 (Britz)

NOTE: Syllabus subject to change without notice.

Grading

A 100.0%—93.0% A- 92.9%—90.0% B+ 89.9%—88.0% B 87.9%—82.0% B- 81.9%—80.0% C+ 79.9%—78.0% C 77.9%—70.0% D 69.9%—60.0% F 59.9%—00.0%

Assignments Points Chapter Review Questions 120 (20 points/each x 6) Quizzes 180-300 (30-50 points/each x 6) Lab participation 120 (20 points/each x 6) Discussion Activities 100 (10 points/each x 10) Risk Assessment Project 150 Group Video Project 150 In Class Discussion/Participation 15% Final Exam 100

Assignments are due the Sunday evening of the week they are assigned.

Use the following advice to receive maximum learning benefits from your participation in this course:

DO DON’T

§ Do take a proactive learning approach § Don’t assume there is only one correct answer to a question § Do share your thoughts on critical issues and potential § Don’t be afraid to share your perspective on the issues problem solutions analyzed in the course § Do plan your course work in advance § Don’t be negative towards points of view that are different § Do explore a variety of learning resources in addition to the from yours textbook § Don’t underestimate the impact of collaboration on your § Do offer relevant examples from your experience learning § Do make an effort to understand different points of view § Don’t limit your course experience to reading the textbook § Do connect concepts explored in this course to real-life § Don’t postpone your work on the course deliverables – professional situations and your own experiences work on small assignment components every day

Appendix A: Reading List

Module 1: Motivation • CSI/FBI Computer Crime and Security 2004 Survey. (M1-1) http://i.cmpnet.com/gocsi/db_area/pdfs/fbi/FBI2004.pdf • Michael E. Whitman, “Enemy at the Gate: Threats to Information Security,” Communications of the ACM, Vol. 46, No. 8, August 2003, pp. 91-95. (M1-2) • The National Strategy to Secure Cyberspace, The Whitehouse, US, February 2003. (M1-3) http://www.whitehouse.gov/pcipb/cyberspace_strategy.pdf • Critical Infrastructure Protection: Challenges and Efforts to Secure Systems, GAO-04-354, March 15, 2004. (M1-4) http://www.gao.gov/new.items/d04354.pdf

Module 2: Basic Concepts of Information Security 12

• Kevin D. Mitnick, “Are You the Weak Link?” Harvard Business Review, April 2003, pp. 18-20. (M2-1) • Information Assurance Technical Framework, NSA. (M2-2) http://www.iatf.net/framework_docs/version-3_1/index.cfm • The Orange Book, DoD (M2-3). http://www.fas.org/irp/nsa/rainbow/std001.htm • Common Criteria Documentation. (M2-4). http://niap.bahialab.com/cc-scheme/cc_docs/index.cfm

Module 3: Social and Legal Issues • Bill Arbaugh, “Security: Technical, Social, and Legal Challenges,” Computers, February 2002, pp. 109-111. (M3-1) • Michael Clarkson, Beating the Superbug: Recent Developments in Worms and virus, SANS Institute, 2002. (M3-2). https://www.sans.org/rr/whitepapers/malicious/146.php • A&T, A Social Engineering Example (M3-3). http://www.searchlores.org/social_1.htm • LabMice.net, Social Engineering. (M3-4) http://labmice.techtarget.com/security/socialengineering.htm

Module 4: Analysis Methods • SANS Top 20 Internet Vulnerabilities. (M4-1) http://www.sans.org/top20/#w1 • SANS Institute, A Model for Peer Vulnerability Assessment, 2001. (M4-2). www.sans.org/rr/whitepapers/testing/263.php. • Ashcroft, J., Daniels, D. J. and Hart, S. V., Method to Assess the Vulnerability of US Chemical Facilities, Special report, NCJ 195171, The National Institute of Justice, Nov., 2002. (M4-3). http://www.ncjrs.gov/pdffiles1/nij/195171.pdf. • Cathleen Brackin, Vulnerability Management: Tools, Challenges and Best Practices, SANS Institute, December 13, 2003. (M4-4). http://www.sans.org/rr/whitepapers/threats/1267.php • Jeffrey King, 10 Vulnerabilities a Scanner Might Not Find, SANS Institute, May 12, 2003. (M4-5). http://www.sans.org/rr/whitepapers/threats/1030.php • Robert Rowlingson, A Ten Step Process for Forensics Readiness, International Journal of Digital Evidence, Winter 2004. (M4-6). http://www.dfrws.org/2001/dfrws-rm-final.pdf • Warren Harrison et al, A Lessons Learned Repository for Computer Forensics, International Journal of Digital Evidence, Fall 2002. (M4-7). http://www.utica.edu/academic/institutes/ecii/publications/articles/A0B13342-B4E0-1F6A- • Michael Potaczala, Computer Forensics, Term Paper, 2001. (M4-8). http://chantry.acs.ucf.edu/~mikep/cf/CHS5937- TermPaper.pdf • Timothy J. Shimeall, Casey J. Dunlevy, and Phil Williams, Intelligence Analysis for Internet Security: Ideas, Barriers and Possibilities, CERT Analysis Center, Software Engineering Institute, Carnegie Mellon University. (M4-9). http://www.cert.org/archive/html/spie.html • Preparing for the 21st Century: An Appraisal of US Intelligence, INT-Report, March 1, 1996. (M4-10). http://www.fas.org/irp/offdocs/report.html

• Introduction to Security Risk Analysis & Security Risk Assessment (http://www.security-risk-analysis.com/introduction.htm) (M4-11) • Security Scanning is not Risk Analysis (http://www.intranetjournal.com/articles/200207/pse_07_14_02a.html) (M4-12)/

Module 5: Information Warfare & IA • Manic Velocity, Footprinting: The Basics of Hacking, Hack in the Box. ()-1). http://www.hackinthebox.org/article.php?sid=5359 • Tony Bradley, Introduction to Packet Sniffing. (M5-2). http://netsecurity.about.com/cs/hackertools/a/aa121403.htm • Tony Bradley, Introduction to Port Scanning. (M5-3). http://netsecurity.about.com/cs/hackertools/a/aa121303.htm • Joanne Cummings, From Intrusion Detection to Intrusion Prevention, Network World, 09/23/02. (M5-4). http://www.networkworld.com/buzz/2002/intruder.html • Whatis.Com, Denial of Service. (M5-5). http://whatis.techtarget.com/definition/0,289893,sid9_gci213591,00.html • Denial of Service Attacks, CERT® Coordination Center. (M5-6). http://www.cert.org/tech_tips/denial_of_service.html • Wardriving, Wikipedia, the Free Encyclopedia. (M5-7). http://en.wikipedia.org/wiki/Wardriving

Module 6: Securing the Future • Cyber Security: A Crisis of Prioritization, President’s IT Advisory Committee, Feb. 2005. (M6-1) http://www.nitrd.gov/pitac/reports/20050301_cybersecurity/cybersecurity.pdf • Amitava Dutta and Kevin McCrohan, “Management’s Role in Information Security in a Cyber Economy,” California Management Review, Vol.45, No.1, Fall 2002, pp. 67-87. (M6-2) • Mark Lum, Offshore Outsourcing and Information Confidentiality, SANS Institute, April 2004. (M6-3). http://www.sans.org/rr/whitepapers/legal/1438.php • Vadalasetty, S.R., Security Concerns in Using Open Source Software for Enterprise Requirements, SANS Institute, October 2003. (M6-4). http://www.sans.org/rr/whitepapers/awareness/1305.php • Scott Byrum, The Impact of the Sarbanes Oxley Act on IT Security, SANS Institute, October 2003. (M6-5). http://www.sans.org/rr/whitepapers/casestudies/1344.php

Appendix B: Video List • Businessweek video library: http://feedroom.businessweek.com/ • Information Assurance Video, NIATEC, Idaho State University. http://niatec.info/videos.htm • Security Awareness Program Contest. http://www.educause.edu/content.asp?page_id=7103&bhcp=1 • Security on ZDNet: Video and Audio: http://zdnn.search.com/search?cat=230&int.1273=on&q=Security • ZDNet Video at the Whiteboard: http://news.zdnet.com/2036-2_22-5718923.html

Appendix C: Selected Web Links • Center for Information Assurance at Penn State. http://net1.ist.psu.edu/cica/ • CERT Coordination Center, Carnegie Mellon University. http://www.cert.org/ • CERT Virtual Training Environment. https://vte.cert.org/aboutvte.html • CIA, Criminal Intelligence Analysis, Interpol. http://www.interpol.int/Public/cia/default.asp. • CIA, Financial and high-tech crimes, Interpol. http://www.interpol.int/Public/FinancialCrime/Default.asp • Computer Forensics, Cybercrime and Steganography Resources. http://www.forensics.nl/ • Computer Security Resources Center (CSRC), National Institute of Standard and Technology (NIST). http://csrc.nist.gov/ • Dan Farmer and Wietse Venema, Forensic Discovery, Addison-Wesley, http://www.porcupine.org/forensics/forensic-discovery/ • History of Computer Security, Computer Security Division, National Institute of Standards and Technology (NIST). http://csrc.nist.gov/publications/history/ • IAPP – International Association of Privacy Professionals: https://www.privacyassociation.org/ • ICSA Information Security Magazine. http://informationsecurity.techtarget.com/ • Identity Theft Resources. http://www.privacyrights.org/identity.htm • Information and Computer Security Resources, SANS.org. http://www.sans.org/resources/ • ISACA: http://www.isaca.org/ • IT Audit – The Institute of Internal Auditors, http://www.theiia.org/ITAudit/ • IWS- The Information Warfare Site. http://www.iwar.org.uk/cip/ • Network Security Library. http://www.windowsecurity.com/whitepaper/ • National Coordination Office for Networking and Information Technology Research and Development (NITRD). http://www.nitrd.gov/pubs/ • Privacy.Org: http://privacy.org/ • Richards J. Heuer, Jr., Psychology of Intelligence Analysis, Center for the Study of Intelligence, Central Intelligence Agency, 1999. http://www.cia.gov/csi/books/19104/index.html • Security and Risk Analysis (http://www.cert.org/octave/methodintro.html) • Wikipedia, the Free Encyclopedia. http://en.wikipedia.org/wiki/ • Wireless LAN Security & Wardriving (http://www.wardrive.net/) • ZDNet: Security White Papers, Webcast, and Case Studies. http://whitepapers.zdnet.com/search.aspx?kw=Security http://whitepapers.zdnet.com/search.aspx?&kw=Security&dtid=2