skip to main content
10.1145/1940941.1940967acmotherconferencesArticle/Chapter ViewAbstractPublication PagesinfoseccdConference Proceedingsconference-collections
research-article

Cautionary tales from real world failures for managing security in the cyber world

Published: 01 October 2010 Publication History

Abstract

Any field of endeavor benefits from a body of knowledge of failures that provide guidance on what to avoid. As a relatively young discipline whose failures can often be handled privately, information security professionals do not have access to the volume of well documented failures for analysis that more mature professions such as mechanical and civil engineering rely on. This paper examines catastrophic failures from the physical world and provides "lessons learned" that can be applied in managing an information systems security program.

References

[1]
Clark, C. 1997. Radium Girls: women and industrial health reform. The University of North Carolina Press, Chapel Hill, NC.
[2]
Dowie, M. 1995. Losing Ground -- American Environmentalism at the Close of the Twentieth Century. The MIT Press, Cambridge, MA.
[3]
Federal Financial Institutions Examination Council. 2006. Information Security IT Examination Handbook. DOI=http://www.ffiec.gov/ffiecinfobase/booklets/information_security/information_security.pdf.
[4]
French, F. and Burgess, C. 2007. In the Shadow of the Moon -- A Challenging Journey to Tranquility, 1965--1969. University of Nebraska Press, Lincoln, NE.
[5]
ISC2. 2008. 2008 Annual Report. DOI = https://www.isc2.org/uploadedFiles/(ISC)2_Public_Content/About_ISC2/2008 annual report electronic.pdf.
[6]
ISO/IEC JTC 1. 2005. ISO/IEC 17799:2005 Information technology -- Security Techniques -- Code of practice for information security management. The International Organization for Standardization, Switzerland.
[7]
IT Governance Institute. 2007. COBIT 4.1 -- Framework, Control Objectives, Management Guidelines, Maturity Models. DOI = http://www.isaca.org/Knowledge-Center/cobit/Documents/CobiT_4.1.pdf.
[8]
Lim, J. 1998. An Engineering Disaster: Therac-25. DOI= http://www.stanford.edu/class/cs181/Materials/therac.pdf.
[9]
McDonald's. 2010. World Wide Web Home Page. DOI=http://www.mcdonalds.com/us/en/home.html.
[10]
Petroski, H. 1997. Design Paradigms -- Case Histories of Error and Judgment in Engineering. The Press Syndicate of the University of Cambridge, Cambridge, United Kingdom.
[11]
Petroski, H. 1999. Remaking the World -- Adventures in Engineering. Vintage Books, New York, NY.
[12]
Petroski, H. 1985. To Engineer is Human -- The Role of Failure in Successful Design. St. Martin's Press, New York, NY.
[13]
Rhodes, R. 2008. Arsenals of Folly -- The Making of the Nuclear Arms Race. Vintage Books, New York, NY.
[14]
Rubin, C. 1994. The Green Crusade -- Rethinking the Roots of Environmentalism. Rowman & Littlefield Publishers, Inc., Lanham, MD.
[15]
Singh, S. 1999. The Code Book -- The Evolution of Secrecy from Mary, Queen of Scots to Quantum Cryptography. Doubleday, New York, NY.
[16]
Whittaker, W. 2001. Child Labor in America-History, Policy and Legislative Issue. Novinka Books, Hauppauge, N

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
InfoSecCD '10: 2010 Information Security Curriculum Development Conference
October 2010
187 pages
ISBN:9781450302029
DOI:10.1145/1940941
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

  • KSU - CISE: KSU Center for InfoSec Education
  • ISSA: The Metro Atlanta Information Systems Security Association

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 October 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. bridges
  2. catastrophic failure
  3. civil engineering
  4. failure
  5. lessons learned

Qualifiers

  • Research-article

Conference

InfoSecCD '10
Sponsor:
  • KSU - CISE
  • ISSA

Acceptance Rates

Overall Acceptance Rate 18 of 23 submissions, 78%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 242
    Total Downloads
  • Downloads (Last 12 months)2
  • Downloads (Last 6 weeks)1
Reflects downloads up to 12 Feb 2025

Other Metrics

Citations

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media