Skip to main content
SpringerLink
Log in

Secur(e/ity) Management: A Continuing Uphill Climb

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

With ever growing and evolving threats and cyber attacks, the management of enterprise security and the security of enterprise management systems are key to business—if not a nation’s—operations and survival. Secur(e/ity) management, the moniker for the intertwined topics of secure management and security management, has evolved trying to keep pace. The history of secur(e/ity) management is traced from its origins in the disjoint silos of telecommunications, internetworking and computer security to today’s recognition as necessary, interdisciplinary, interworking technologies and operations. An overview of threats and attacks upon managed and management systems shows that occurrences of ever more sophisticated, complex and harder to detect cyber misconduct are increasing as are the severity and costs of their consequences. Introduction of new technologies, expansion of the perimeters of an enterprise and trends in collaborative business partnerships compound the number of managed system targets of cyber compromise. Technical and marketplace trends in secur(e/ity) management reveal needs that must be bridged. Research attention should focus on developing axiomatic understanding of the natural laws of security, tools to realize vulnerability-free software, metrics for assessing the efficacy of secur(e/ity) management, tools for default-deny strategies so that signature-based security management can be retired, secur(e/ity) management approaches for virtualized and service-oriented environments, and approaches for composite, holistic, secur(e/ity) management.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. The prevailing legal trend is to define “adequate security” as meaning that degree or level of security, which meets or exceeds the requirements established by the Federal Information Security Management Act (FISMA).

  2. The term “Natural Laws of Security” was coined by Mr. Timothy Malcomvetter (malcomvetter@gmail.com), a doctoral student whose future research may be focused in this area.

  3. Albert Einstein. http://quotations.home.worldnet.att.net/alberteinstein.html

References

  1. Chickowski, E.: Gartner: Web security fears cause $2 billion online commerce loss in 2006. SC Magazine. http://haymarket.ec-messenger.com/re?l=1hmb1qIfvmdmdIe (2006). Accessed 28 Nov 2006

  2. Jackson, W.: At last, a move to put the “I” in IT security. Government Computer News. http://www.gcn.com/print/26_05/43226-1.html?topic=security (2007). Accessed 05 Mar 2007

  3. Gaudin, S.: Malware disrupted half of global businesses. InformationWeek. http://www.informationweek.com/story/showArticle.jhtml?articleID=198700793 (2007). Accessed 28 Mar 2007

  4. Gaudin, S.: Companies say security breach could destroy their business. InformationWeek. http://www.informationweek.com/news/showArticle.jhtml?articleID=199201085 (2007). Accessed 24 Apr 2007

  5. Greenemeier, L.: Estonian attacks raise fears of cyber ‘Nuclear Winter’. InformationWeek. http://www.darkreading.com/document.asp?doc_id=124869 (2007). Accessed 24 May 2007

  6. Kamath, J.-P.: Hackers could dent economy, US warned. ComputerWeekly.com. http://www.computerweekly.com/Articles/2007/04/24/223399/hackers-could-dent-economy-us-warned.htm (2007). Accessed 24 Apr 2007

  7. Phillips, J.: Chinese hackers get the drop on fashion houses. The Washington Times. http://washingtontimes.com/world/20070512-105632-6516r.htm (2007). Accessed 13 May 2007

  8. Krebs, B.: Three worked the web to help terrorists—British case reveals how stolen credit card data bought supplies for operatives. Washington Post. http://www.washingtonpost.com/wp-dyn/content/article/2007/07/05/AR2007070501945.html (2007). Accessed 6 July 2007

  9. Shimeall, T.: Phil Williams and Casey Dunlevy, “Countering cyber war. NATO review. http://www.cert.org/archive/pdf/counter_cyberware.pdf (2001/2002). Accessed Winter 2001/2002

  10. Gaudin, S.: China to use computer viruses as cyberwarfare first strike. Information Week. http://www.darkreading.com/document.asp?doc_id=125296 (2007). Accessed 31 May 2007

  11. Traynor, I.: Russia accused of unleashing cyberwar to disable Estonia. The Guardian. http://www.guardian.co.uk/russia/article/0,,2081438,00.html (2007). Accessed 17 May 2007

  12. Wait, P.: CRS: Terrorists find fertile environment in cyberspace. Government Computer News. http://www.gcn.com/online/vol1_no1/43263-1.html (2007). Accessed 6 Mar 2007

  13. Business Roundtable Security Task Force, Essential steps to strengthen America’s cyber terrorism preparedness. Business Roundtable. http://www.businessroundtable.org/pdf/20060622002CyberReconFinal6106.pdf (2006). Accessed June 2006

  14. Gross, G.: Experts: U.S. vulnerable to major cyberattacks”, IDG News Service. http://www.networkworld.com/news/2007/042507-experts-us-vulnerable-to-major.html?page=1 (2007). Accessed 25 Apr 2007

  15. Dubie, D.: Management and security: still separate but equal?. Network World, Network/Systems Management Newsletter. http://www.file:///private/var/tmp/folders.501/TemporaryItems/1487107+%204.html (2007). Accessed 7 May 2007

  16. Brusil, P., Hale, J.: The shifting sands of secur(e/ity) management. J. Netw. Syst. Manage., Second Special Issue on Security and Management 13(3), Springer, Sept 2005

  17. Hale, J., Brusil, P.: Secur(e/ity) management: two sides of the same coin. J. Netw. Syst. Manage., Special Issue on Security and Management 12(1), Plenum Publishers, Mar 2004

  18. Mr. Art Coviello, President of RSA, as quoted by Jaikumar Vijayan, in IT faces networks without borders. ComputerWorld, http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=282619&pageNumber=1 (2007). Accessed 12 Feb 2007

  19. NWC News Desk: Microsoft integrates security, management lines. Network Computing. http://www.networkcomputing.com/channels/security/showArticle.jhtml?articleID=199300089 (2007). Accessed 7 May 2007

  20. Phifer, L., Piscitello, D.: The sad and increasingly deplorable state of Internet security, revisited. Business Communication Review. http://www.corecom.com/external/bcrmag/bcrmag-revisited-jun07.pdf (2007). Accessed June 2007

  21. Low, L.: New online threats for the new year. Enterprise Syst. J. http://www.esj.com/news/article.aspx?EditorialsID=2444 (2007). Accessed 6 Feb 2007

  22. Low, L.: New year, new threats. RedmondMag, http://redmondmag.com/reports/article.asp?editorialsid=406 (2007). Accessed Jan 2007

  23. Central News Agency: Chinese professor cracks fifth data security algorithm. The Epoch Times International. http://en.epochtimes.com/news/7-1-11/50336.html (2007). Accessed 11 Jan 2007

  24. Higgins, K.J.: Five security flaws in IPv6. Dark Reading. http://www.darkreading.com/document.asp?doc_id=123506 (2007). Accessed 8 May 2007

  25. IBM: IBM report: software security vulnerabilities will continue to rise in 2007. Press Release. http://www-03.ibm.com/press/us/en/pressrelease/20988.wss (2007). Accessed 30 Jan 2007

  26. Gaudin, S.: Study: 70% of web sites are hackable. InformationWeek. http://www.informationweek.com/news/showArticle.jhtml?articleID=197005784

  27. Trend Micro. http://www.trendmicro.com/ (2007). Accessed 13 Feb 2007

  28. 2006 Annual Threat Roundup and 2007 Forecast. Trend Micro. http://uk.trendmicro-europe.com/global/products/collaterals/white_papers/2006AnnualThreatRoundup.pdf

  29. Washkuch, F. Jr.: Akonix: Instant messaging attacks up 200 percent in a year. SC Magazine. http://scmagazine.com/us/news/article/647261/akonix-instant-messaging-attacks-200-percent-year/ (2007). Accessed 29 Mar 2007

  30. Chickowski, E.: Webroot: 40% of companies report disruptions due to malware. SC Magazine. http://scmagazine.com/us/news/article/647589/webroot-40-percent-companies-report-disruptions-due-malware/ (2007). Accessed 31 Mar 2007

  31. Unknown: Cyber crime strikes Irish businesses. Siliconrepublic.com News Service. http://www.siliconrepublic.com/news/news.nv?storyid=single7798 (2007). Accessed 21 Feb 2007

  32. Bloor, R.: The extraordinary failure of anti-virus technology. Hurwitz & Assoc. http://viewer.bitpipe.com/viewer/viewDocument.do?accessId=5726883 (2007)

  33. Raisbeck, F.: Key logger use up 500% in three-plus years. SC Magazine. http://scmagazine.com/us/news/article/647265/kaspersky-keylogger-use-500-percent-three-plus-years/ (2007). Accessed 29 Mar 2007

  34. Young, T.: ID fraud taking its toll. Computing. http://www.vnunet.com/computing/news/2172647/id-fraud-taking-toll (2007). Accessed 16 Jan 2007

  35. Carr, J.: URLs with ‘crimeware’ spreading, but war on phishing gains ground. SC Magazine. http://www.scmagazine.com/us/newsletter/dailyupdate/article/20070716/671230/ (2007). Accessed 23 Jul 2007

  36. Gaudin, S.: Nearly 30,000 malicious web sites appear each day. Information Week. http://www.informationweek.com/news/showArticle.jhtml?articleID=200001941 (2007). Accessed 2 July 2007

  37. Drucker, D.: SPAM continues to grow unchecked. Sarbanes-Oxley Compliance Journal. http://www.s-ox.com/dsp_getNewsDetails.cfm?CID=8065 (2007). Accessed 1 Feb 2007

  38. Jackson, W.: Damn spam! There’s more of it than ever. Government Computer News. http://www.gcn.com/online/vol1_no1/43112-1.html?topic=security (2007). Accessed 8 Feb 2007

  39. Messmer, E.: Software vulnerabilities spiked 39% in 2006. Network World. http://www.networkworld.com/news/2007/013007-ibm-security-report.html (2007). Accessed 30 Jan 2007

  40. Greenemeier, L.: Spam is gateway to malware economy, feds say. Information Week. http://www.informationweek.com/news/showArticle.jhtml?articleID=201001378 (2007). Accessed 13 July 2007

  41. Staff: A chronology of data breeches. Privacy Rights Clearinghouse, Originally posted Apr 20, 2005 and updated frequently. http://www.privacyrights.org/ar/ChronDataBreaches.htm (2007). Accessed 24 Feb 2007

  42. Messmer, E.: A third of IT managers report data breaches: survey. Network World. http://www.networkworld.com/news/2007/041107-survey-data-breaches.html?nlhtbug=0409bug2&company=Cisco/Verizon%20 (2007). Accessed 11 Apr 2007

  43. Dubie, D.: Data breaches plague U.S. companies: survey reveals 85% of respondents experience data breech events. Network World. http://www.networkworld.com/news/2007/041107-survey-data-breaches.html?nlhtbug=0409bug2&company=Cisco/Verizon%20 (2007). Accessed 15 May 2007

  44. Zeller, T.: Link by link: an ominous milestone: 100 million data leaks. New York Times, 18 Dec 2006

  45. Wilson, T.: TJX breach skewers customers, banks. Dark Reading. http://www.darkreading.com/document.asp?doc_id=114981 (2007). Accessed 18 Jan 2007

  46. Greenemeier, L.: Massive insider breach at Dupont. InformationWeek. http://www.informationweek.com/news/showArticle.jhtml?articleID=197006474 (2007). Accessed 15 Feb 2007

  47. Gaudin, S.: Report: FBI loses three to four laptops every month. InformationWeek. http://www.darkreading.com/document.asp?doc_id=117286 (2007). Accessed 13 Feb 2007

  48. Hu, S.: Laptop stolen with 22,000 Kaiser patients’ data, CBS5.com News. http://cbs5.com/consumer/local_story_045212622.html (2007). Accessed 14 Feb 2007

  49. Keizer, G.: Johns Hopkins loses 135,000 worker, patient records. Compterworld. http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9010919&taxonomyId=17&intsrc=kc_top (2007). Accessed 8 Feb 2007

  50. Unknown: UM study: hackers attack computers every 39 seconds. PRNewswire. http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/02-06-2007/0004521013&EDATE= (2007). Accessed 6 Feb 2007

  51. TCiIT Compliance Institute. The global authority for IT compliance information and alerts best practices: organizations neglect human factors in security. http://www.itcinstitute.com/display.aspx?id=363

  52. Gaudin, S.: Security breaches cost $90 to $305 per lost record. InformationWeek. http://www.informationweek.com/news/showArticle.jhtml?articleID=199000222 (2007). Accessed 11 Apr 2007

  53. McGillicuddy, S.: Rising cost of data breaches fuels security spending. SMB News. http://searchsmb.techtarget.com/originalContent/0289142sid44_gci123014800.html?track=NL-383&ad=595419&asrc=EM_NLT_1728761&uid=1106199 (2006). Accessed 15 Nov 2006

  54. Jaques, R.: TK Maxx security blunder will cost US$8.3B. ITnews.com.au. http://www.itnews.com.au/newsstory.aspx?CIaNID=52299 (2007). Accessed 18 May 2007

  55. Lamos, R.: Fraud linked to TJX data heist spreads. Security Focus. http://www.securityfocus.com/news/11438 (2007). Accessed 26 Jan 2007

  56. Greenemeier, L.: TJX data shows up in massive credit card fraud at Florida Wal-Mart stores. InformationWeek. http://www.informationweek.com/news/showArticle.jhtml?articleID=198500476 (2007). Accessed 24 Mar 2007

  57. Abelson, J.: Class action suit filed against TJX. Boston Globe. http://www.boston.com/business/ticker/2007/01/class_action_su_1.html (2007). Accessed 29 Jan 2007

  58. Massachusetts Bankers Association: Massachusetts, Connecticut Bankers Associations and the Maine Association of Community Banks and Individual Banks file class action lawsuit against TJX companies Inc. https://www.massbankers.org/pdfs/DataBreachSuitNR5.pdf (2007). Accessed 24 Apr 2007

  59. Class Action Suit Files Against Chicago Board of Elections for Data Exposure. Chicago Sun-Times, 23 Jan 2007. http://infosecplace.com/blog/category/data-theft/

  60. “2006 CSI/FBI Computer Crime and Security Survey”. http://i.cmpnet.com/gocsi/db_area/pdfs/fbi/FBI2006.pdf

  61. Staff: Network downtime from attack has companies losing revenue. Access Control & Security Systems, Security Management Weekly. http://securitysolutions.com/news/network-downtime-report/index.html (2007). Accessed 27 Feb 2007

  62. Washkuch F. Jr.: FBI: Web fraud cost more than $200 million in 2006. SC Magazine. http://scmagazine.com/us/news/article/645020/fbi-web-fraud-cost-200-million-2006/ (2007). Accessed 20 Mar 2007

  63. Kennedy, J.: Hanging on the telephone. siliconrepublic.com. http://www.siliconrepublic.com/news/news.nv?storyid=single7916 (2007). Accessed 8 Mar 2007

  64. Young, T.: Cost of ID fraud could reach £3.8bn in four years. Computing. http://www.vnunet.com/computing/news/2168208/cost-id-fraud-reach-8bn-four (2006). Accessed 9 Nov 2006

  65. McAfee, Inc.: Reports on online identity theft trends. http://www.mcafee.com/us/about/press/corporate/2007/20070115_182020_r.html (2007). Accessed 15 Jan 2007

  66. LaPlante, A.: Phishers and rootkits and death threats, oh my!. Editor’s note, InformationWeek Daily Newsletter. http://www.informationweek.com (2007). Accessed 19 Jan 2007

  67. Gaudin, S.: Government busts identity theft ring that targeted Forbes 400 richest. Information Week. http://www.informationweek.com/news/showArticle.jhtml?articleID=201800899&cid=nl_IWK_daily (2007). Accessed 17 Aug 2007

  68. Claburn, T.: Eli Lily recovers confidential documents but loses secrets to the web. InformationWeek. http://www.informationweek.com/news/showArticle.jhtml?articleID=197006245 (2007). Accessed 15 Feb 2007

  69. Chickowski, E.: Gartner: Web security fears cause $2 billion online commerce loss in 2006, SC Magazine. http://haymarket.ec-messenger.com/re?l=1hmb1qIfvmdmdIe (2006). Accessed 28 Nov 2006

  70. eMarketer: Security concerns hinder online buying. http://www.emarketer.com/Article.aspx?id=1004949 (2007). Accessed 23 May 2007

  71. Klein, A.: The new front line in defending against online threats. “E-Commerce Times. http://www.technewsworld.com/rsstory/55686.html (2007). Accessed 12 Feb 2007

  72. Dallaway, E.: Cybercrime unreported due to reputation risks. Infosecurity News, Elsevier, May 2007

  73. Berinato, S.: The bad guys get smarter. Chief Security Officer newsletter. http://www.csoonline.com/read/010107/brf_bank_phishing.html?source=nlt_csoupdate (2007). Accessed Jan 2007

  74. Jackson, W.: Laser targeting by hackers. Government Computer News. http://www.gcn.com/online/vol1_no1/44317-1.html (2007). Accessed 21 May 2007

  75. Gaudin, S.: Most IT managers expect major security hit very year. Information Week. http://www.darkreading.com/document.asp?doc_id=116628 (2007). Accessed 7 Feb 2007

  76. van Grinsven L.: Mobile carriers to make it easy to send money home”, Reuters. http://today.reuters.com/news/articlenews.aspx?type=technologyNews&storyid=2007-02-12T155354Z_01_L09313027_RTRUKOC_0_US-MOBILE-3GSM-REMITTANCES.xml (2007). Accessed 12 Feb 2007

  77. Jackson, W.: Hackers continue to become more professional. Government Computer News. http://www.gcn.com/online/vol1_no1/43339-1.html (2007). Accessed 19 Mar 2007

  78. Gaudin, S.: Symantec: criminals pool resources to beef up online attacks. InformationWeek. http://www.informationweek.com/news/showArticle.jhtml?articleID=198500504 (2007). Accessed 24 Mar 2007

  79. Keizer, G.: Criminals selling stolen identities at bargain basement prices. Computerworld. http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9013538&pageNumber=1 (2007). Accessed 19 Mar 2007

  80. Schwartz, E.: Keeping up with polymorphic worms. Top Tech News. http://www.toptechnews.com/story.xhtml?story_id=020001Y4ZAI8 (2007). Accessed 8 Feb 2007

  81. Staff writers: Organized malware factories threaten Internet users. Haymarket Itnews.com. http://www.itnews.com.au/newsstory.aspx?CIaNID=45136 (2007). Accessed 31 Jan 2007

  82. Messmer, E.: Report says identity thieves working hand in hand with ‘bot herders’. Network World. http://www.networkworld.com/news/2007/031907-identity-thieves-bot-herders.html?netht=031907dailynews2&company=HDI (2007). Accessed 19 Mar 2007

  83. Mason, B.: Experts see proliferation of cyber threats. Contra Costa Times. http://www.topix.net/content/kri/1907616030321338565615687515752740829445 (2007). Accessed 20 Feb 2007

  84. Mello, J.: Mac Malware: slow but steady evolution. MacNewsWorld. http://www.technewsworld.com/story/55765.html (2007). Accessed 15 Feb 2007

  85. Richmond, R.: A new battleground for computer security. Wall Strret Journal. http://online.wsj.com/article/SB117313867582027623.html (2007). Accessed 6 Mar 2007

  86. Riden, J. et al.: Know your enemy: web application threats. Honeynet Projects. http://honeynet.org/papers/webapp/ (2007). Accessed 7 Feb 2007

  87. SANS Institute: SANS Top-20 Internet Security Attack Targets (2006 Annual Update). Summary Press Release. https://www.sans.org/top20/2006/press_release.pdf?portal=5e9cae56b1696a02c3a951273defafb1

  88. Lemon, S.: Average zero-day bug has 348-day lifespan. IDG News Service. http://www.networkworld.com/news/2007/070907-average-zero-day-bug-has-348-day.html (2007). Accessed 9 July 2007

  89. Higgins, K.J.: DNS attack: only a warning shot? DarkReading. http://www.darkreading.com/document.asp?doc_id=116685 (2007). Accessed 7 Feb 2007

  90. Garretson, C.: How secure is your security software? Network World. http://www.networkworld.com/news/2007/060507-qa-pescatore.html?netht=060607dailynews1& (2007). Accessed 5 June 2007

  91. Gaudin, S.: Before attacking Symantec, virus writer also voiced grudge against SANS. InformationWeek. http://www.informationweek.com/news/showArticle.jhtml?articleID=197700889 (2007). Accessed 2 Mar 2007

  92. Vijayan, J.: IT faces networks without borders. ComputerWorld, http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=282619&pageNumber=1 (2007). Accessed 12 Feb 2007

  93. Gaudin, S.: Hackers’ latest attack: malware in disguise. InformationWeek. http://www.informationweek.com/news/showArticle.jhtml?articleID=197700463 (2007). Accessed 1 Mar 2007

  94. Higgins, K.: Attackers hide in fast flux. Dark Reading. http://www.darkreading.com/document.asp?doc_id=129304 (2007). Accessed 17 July 2007

  95. Kirk, J.: Stealthy attack serves malicious code only once. IDG News Service. http://www.networkworld.com/news/2007/060407-stealthy-attack-serves-malicious-code.html?netht=060507dailynews1& (2007). Accessed 4 June 2007

  96. Broersma, M.: Peer-to-peer botnets a new and growing threat. Techworld.com. http://www2.csoonline.com/blog_view.html?CID=32852 (2007). Accessed 17 Apr 2007

  97. Kirk, J.: Hackers build private IM to keep out the law. IDG News Service. http://www.networkworld.com/news/2007/032807-hackers-build-private-im-to.html?nlhtbug=0326bug2&company=Cisco (2007). Accessed 28 Mar 2007

  98. McMillan, R.: Hackers looking forward to iPhone. Computer World. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9008038&intsrc=hm_list (2007). Accessed 13 Jan 2007

  99. Radcliff, D.: The surprising security threat: your printers. ComputerWorld. http://www.computerworld.com/action/article.do?command=printArticleBasic&articleId=277746 (2007). Accessed 15 Jan 2007

  100. Kelley, D.: Security management convergence via SIM (Security Information Management)—a requirements perspective. Reports Column, Special Issue on Security and Management. J. Netw. Syst. Manage. 12(1) Mar 2004

  101. President George W. Bush, Homeland security presidential directive /HSPD-12, The White House. http://www.whitehouse.gov/news/releases/2004/08/20040827-8.html (2004). Accessed 27 Aug 2004

  102. CRN: Security a commodity? Dark Reading. http://www.darkreading.com/document.asp?doc_id=115148 (2007). Accessed 30 Jan 2007

  103. Richter, C.: The evolution of managed security services: a virtual reality. Information Systems Security, Auerbach. http://www.infosectoday.com/Articles/Managed_Services.htm

  104. Brodkin, J.: Security tops managed service investment priorities, Network World. http://www.networkworld.com/news/2007/022107-security-managed-service-investment.html?netht=022207dailynews1&company=Cisco%20 (2007). Accessed 21 Feb 2007

  105. Dubie, D.: Organized, financially-driven online criminals a main corporate threat. Network World. http://www.networkworld.com/news/2007/070307-internet-security-systems.html?page=1 (2007). Accessed 3 July 2007

  106. Greenemeier, L.: Virtualization’s next frontier: security. InformationWeek. http://www.informationweek.com/story/showArticle.jhtml?articleID=198001538 (2007). Accessed 17 Mar 2007

  107. Messmer, E.: Virtualization security risks being overlooked, Gartner warns. Network World. http://www.networkworld.com/news/2007/040607-virtualization-security.html?nlhtbug=0409bug1&company=Cisco/Verizon%20 (2007). Accessed 6 Apr 2007

  108. Antonopoulos, A.: Securing virtualized infrastructure: from static security to virtual shields. Nenertes Research, http://www.bluelane.com/lib/pdfs/SecuringVirtualizedInfrastructure.pdf

  109. Dubie, D.: Virtualization invites management nightmare, says Yankee Group analyst. http://www.networkworld.com/news/2007/032707-qa-virtualization-nightmare.html?page=1 (2007). Accessed 27 Mar 2007

  110. Miller, J.: Lawmakers to DHS: spend more on cybersecurity. Federal Computer Week. http://www.fcw.com/article103126-07-03-07-Web&newsletter=yes (2007). Accessed 3 July 2007

  111. Wilson, T.: Experts: US not prepared for cyber attack—multibillion dollar investment recommended to mitigate threats. Dark Reading. http://www.darkreading.com/document.asp?doc_id=122732 (2007). Accessed 26 Apr 2007

  112. Congressional testimony of the Computing Research Association on cyber security research and development. http://www.cra.org/govaffairs/pitac_cyber_testimony.php (2004). Accessed 29 July 2004

  113. Hale, J., Brusil, P.: Secur(e/ity) management: two sides of the same coin. Special Issue on Security and Management. J. Netw. Syst. Manage. 12(1), Plenum Publishers, Mar 2004

  114. Brusil, P., Hale, J.: The shifting sands of secur(e/ity) management. Second Special Issue on Security and Management. J. Netw. Syst. Manage. 13(3), Springer, Sept 2005

  115. Congressional testimony of the Computing Research Association on cyber security research and development. http://www.cra.org/govaffairs/pitac_cyber_testimony.php (2004). Accessed 29 July 2004

  116. Computer Science and Telecommunications Board: Toward a safer and more secure cyberspace. The National Academic Press. http://books.nap.edu/catalog.php?record_id=11925 (2007)

  117. Swanson, M., et al.: Security metrics guide for information technology systems, NIST Special Pub 800-55, http://csrc.nist.gov/publications/nistpubs/800-55/sp800-55.pdf (2003). Accessed July 2003

  118. Berinato, S.: A Few Good Metrics. CSO Magazine. http://www.csoonline.com/read/070105/metrics.html (2005). Accessed July 2005

  119. Franklin, C.: Hey, hacker, get offa my cloud. Dark Reading. http://www.darkreading.com/blog.asp?blog_sectionid=415&doc_id=130144 (2007). Accessed 27 July 2007

  120. Lemos, R.: Stormy weather for malware defenses. SecurityFocus. http://www.securityfocus.com/news/11446?ref=rss (2007). Accessed 5 Mar 2007

  121. Bloor, R.: The extraordinary failure of anti-virus technology. Hurwitz & Assoc., TechTarget. http://go.techtarget.com/r/1001945/5424368>http://go.techtarget.com/r/1001945/5424368 (2007)

  122. Dubie, D.: The business of network behavior analysis. Network World, Sept 26, 2006. http://www.networkworld.com/news/2006/100206-specialfocus.html?rlh=0423nsm1&company= (2006)

  123. Klein, A.: The new front line in defending against online threats. “E-Commerce Times. http://www.technewsworld.com/rsstory/55686.html (2007). Accessed 12 Feb 2007

Download references

Author information

Authors and Affiliations

  1. Institute for Information Security, University of Tulsa, Tulsa, USA

    John Hale & Paul Brusil

Authors
  1. John Hale
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Paul Brusil
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to John Hale.

Additional information

“We often give our enemies the means of our own destruction.”—Aesop.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Hale, J., Brusil, P. Secur(e/ity) Management: A Continuing Uphill Climb. J Netw Syst Manage 15, 525–553 (2007). https://doi.org/10.1007/s10922-007-9079-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10922-007-9079-4

Keywords

Search

Navigation