Manjak, M. (2011, June 8). Social engineering your employees to information security. Retrieved from http://www.sans.org/reading_room/whitepapers/awareness/social-engineering-employees-information-security_1686
"This paper will examine the role and value of Information Security Awareness efforts in the organization. I will discuss the various threats (e.g., social engineering tactics) targeting employees that an InfoSec Awareness campaign is designed to counter. We will review some of the obstacles to implementing a program, offer some tools and strategies for developing effective materials, and lastly look at two case studies of Information Security Awareness campaigns at the University at Albany, SUNY."
Rice, M. J. (2011). Monitoring critical infrastructure assets and strategic signaling to deter aggression in cyberspace (doctoral dissertation). Retrieved from Dissertations and Theses database. [Full text.]
"... [this] dissertation focuses on three components. First, it describes government monitoring scenarios and outlines the constitutional authorities and principal legal issues associated with government monitoring of private critical infrastructure assets. Second, it presents a signaling framework based on adversary-defender interactions that can be used to help deter aggression in cyberspace. Finally, it discusses the application of deception techniques to shield cyberspace sensors. Well-executed and nuanced deception with regard to the deployment and use of sensors can help a defender gain tactical and strategic superiority in cyberspace."
Rutkowski, A. (2011). Public international law of the international telecommunications instruments: Cyber security treaty provisions since 1850. info, 13(1), 13-31. doi:10.1108/14636691111101856 [Full text available in the Emerald Fulltext and Management Reviews database.]
"This paper aims to describe the history of cyber security public international law since 1850 that is found in treaty instruments developed by the signatory nations of what is now known as the International Telecommunication Union (ITU). Because of the esoteric nature of the subject and, until recently, the very difficult access to reference materials, knowledge of these provisions was confined to a handful of scholars. ... What the material reveals is a 150-year history of cybersecurity law that is not only relevant to significant developments today, but also controlling as a set of obligations that virtually every nation has accepted."
Schwartz, A. (2011). Identity management and privacy: A rare opportunity to get it right. Communications of the ACM, 54(6), 22-24. doi:10.1145/1953122.1953134 [Full text available in the ACM Digital Library database.]
"Since 1976, when Whitfield Diffie and Martin Hellman first surmised the possibilities for the potential uses for digital signatures, there has been ongoing discussion of building an online identity management structure. As use of the Internet has become more central to daily life and our financial and physical security has become intertwined with cyber security, the calls to authenticate and identify individual users have increased. However, we still have not seen a single set of answers to these issues that offer a path to an interoperable identity management system that will achieve the goals of authenticating users at different levels of risk, keeping the Internet as an innovative and growing hub for the world’s interactions, and building trust among Internet users. Therefore, it is easy to be doubtful and even cynical that we can build an identity management infrastructure that is voluntary, privacy-protective, secure, and interoperable. Over the next few years, we have a rare opportunity to build such a system, and this opportunity may be our last."
Vanderwerken, J., & Ubell, R. (2011, June). Training on the cyber security front lines. T&D, 65(6), 46-50. Retrieved from http://www.astd.org/TD/ [Full text available in the Academic Search Complete database.]
"... according to a Booz Allen Hamilton survey, the nation's cyber defense is seriously challenged by shortages of highly skilled cyber-security experts. The report notes that 40 percent of chief information officers, chief information security officers, and IT managers are unsatisfied with the quality of cybersecurity job applicants, and according to SANS Institute Research Director Alan Paller, more than 30,000 specialists are needed today."
