Thomas M. Chen and Jimi Thompson, Southern Methodist University
Matthew C. Elder, Symantec Corporation
In today's society, computer systems are valuable, and often invaluable, for innumerable business and personal uses. Computer systems and networks are also very tempting as targets, shown by statistics that track the frequency and prevalence of cybercrimes. For example, Symantec Corporation estimates that organizations were hit by an average of 11 attacks daily during the first half of 2004 (Turner, 2004).
Part of the temptation is the ease of electronic attacks. Although not every attack takes advantage of vulnerabilities, it is widely known that computer systems have numerous vulnerabilities. In early 2004, about 48 new vulnerabilities were discovered weekly on average (Turner, 2004). Moreover, 96 percent of them were serious enough to be rated as moderately or highly severe. Attackers are keenly aware of new vulnerabilities because it takes time for organizations to set up ...