Resource and Asset Protection 15
term is INFOSEC, meaning information security, which describes the protection of classi-
ﬁed information stored on computers or transmitted by radio, telephone, teletype, or any
Acronyms associated with this new category of crime include a number of unique terms.
A sampling of information warfare deﬁnitions follows:
CARNIVORE: an FBI system used to monitor e- mail and other trafﬁc through ISPs.•
Defense Information Structure (DIS): the worldwide shared or interconnected system
of computers, communications, data, applications, security, personnel, training, and
other support structures serving the military’s information needs.
Defense Information Security Administration (DISA): the military organization charged
with responsibility to provide information systems to ﬁghting units.
van Eck monitoring: monitoring the security of a computer or other electronic equip-
ment by detecting low levels of electromagnetic emissions from the device.
Electromagnetic pulse (EMP): a pulse of electromagnetic energy capable of disrupting
computers, computer networks, and other forms of telecommunications equipment.
High- Energy Radio Frequency (HERF): a device that can disrupt the normal operation
of digital equipment such as computers and navigational equipment.
Information security (INFOSEC): protection of classiﬁed information that is stored on
computers or transmitted by radio, telephone, or other means.
Note that some of these acronyms relate to advanced forms of security attacks.
RESOURCE AND ASSET PROTECTION
One of the primary concerns of most organizations is protecting its computer and networking
assets. Of particular interest is the security and integrity of the data and database resources
of the users and the organization. Companies can lose competitive position, and even fail, if
information gets into the wrong hands. Securing data against illegal access and alteration is
even more of an issue on networks, because there are many opportunities for snooping and
interception when transmitting data between computers and between LANs.
It is obvious that security in the computing and networking environment has a high
priority with corporate entities. The purpose of this book is to develop a broad and general
understanding of the security issues that relate to the computing and communications envi-
ronment. Various areas of organizations are visited to identify candidates for security solutions.
Vulnerabilities are identiﬁed and countermeasures or controls are suggested. In addition, a
number of risks and their related costs are identiﬁed. Corporate and site computer policy is
addressed, followed by topics on basic threats, attacks, and vulnerabilities of the networking
asset. Protection of database assets is a priority because this issue applies to everyone that
uses networking services.
Many techniques are available for computer and network protection: from user passwords
to biometrics and from ﬁrewalls to intrusion detection technologies. The challenge is to employ
appropriate security measures that will provide sufﬁcient protection of the organization’s assets
59940_Newman_02Print.indb 15 2/6/09 11:42:22 AM