Free Essay

Evaluation of the Paper “Why Information Security Is Hard” by Ross Anderson

In:

Submitted By IronSatan
Words 495
Pages 2
Security Evaluation
Matthew Williams
CMGT/441
1/21/2013
Shivie Bhagan

Security Evaluation
My evaluation is of the paper “Why Information Security is Hard” by Ross Anderson. This paper is an evaluation that covers an economic perspective of information security in the financial industry throughout the world. Simply summed up by the statement, “The more people use a typical network, the more valuable it becomes. The more people use the phone system - or the Internet - more people there are to talk to and so the more useful it is to each user.” (Anderson, 2001)
In the first paragraph Denial of Service (DOS) attacks are described as one of the issues presented by the current security incentive structure. “As an example presented the author states, “While individual computer users might be happy to spend $100 on anti-virus software to protect themselves against attack, they are unlikely to spend even $1 on software to prevent their machines being used to attack Amazon or Microsoft.” (Anderson, 2001) The statement accurately describes what I’d like to call a failure to respond to an indirect threat. Simply because a user is not directly being attacked most assume they are safe and that the statistics are in their favor. Unfortunately, this is rarely the case, like the great library in Alexandria which was destroyed and affects us all even today though indirectly.
In a typical connection, the user sends a message asking the server to authenticate it. The server returns the authentication approval to the user. The user acknowledges this approval and then is allowed onto the server.
In a DOS attack, the attacker sends several authentication requests to a server, filling it up. All requests have false return addresses, so the server can't find the user when it tries to send the authentication approval. The server then waits, sometimes more than a minute, before closing the connection. When the connection is rejected, the attacker or pseudo attacker sends a new batch of forged requests, and the process begins again which ends up tying the server up indefinitely.
DOS attacks are simple to recreate and perform as you simply need to have a .bat file introduced to a number of users that spreads in order to do one thing, ping a server with any type of request. After the bandwidth limit is reached the server is forced to shut down and restart or crash completely, at which point a Trojan program can be loaded to steal information, which will likely be from the same users who inadvertently helped bring down a server full of their own personal information. I agree with the disposition of the author to increase user’s awareness to their own additions to attacks like the DOS attack.

Works Cited
Anderson, R. (2001). Why Information Security is Hard. Cambridge: University of Cambridge Computer Laboratory.

CNET News. (2000). How a 'denial of service' attack works. Retrieved from

http://news.cnet.com: http://news.cnet.com/2100-1017-236728.html

Similar Documents

Premium Essay

Information Security

...Why Information Security is Hard – An Economic Perspective Ross Anderson University of Cambridge Computer Laboratory, JJ Thomson Avenue, Cambridge CB3 0FD, UK Ross.Anderson@cl.cam.ac.uk Abstract According to one common view, information security comes down to technical measures. Given better access control policy models, formal proofs of cryptographic protocols, approved firewalls, better ways of detecting intrusions and malicious code, and better tools for system evaluation and assurance, the problems can be solved. In this note, I put forward a contrary view: information insecurity is at least as much due to perverse incentives. Many of the problems can be explained more clearly and convincingly using the language of microeconomics: network externalities, asymmetric information, moral hazard, adverse selection, liability dumping and the tragedy of the commons. risk of forged signatures from the bank that relies on the signature (and that built the system) to the person alleged to have made the signature. Common Criteria evaluations are not made by the relying party, as Orange Book evaluations were, but by a commercial facility paid by the vendor. In general, where the party who is in a position to protect a system is not the party who would suffer the results of security failure, then problems may be expected. A different kind of incentive failure surfaced in early 2000, with distributed denial of service attacks against a number of high-profile web sites. These exploit a number...

Words: 5786 - Pages: 24

Free Essay

Herd Behavior

...HIRSHLEIFER* ABSTRACT The basic paradigm of asset pricing is in vibrant f lux. The purely rational approach is being subsumed by a broader approach based upon the psychology of investors. In this approach, security expected returns are determined by both risk and misvaluation. This survey sketches a framework for understanding decision biases, evaluates the a priori arguments and the capital market evidence bearing on the importance of investor psychology for security prices, and reviews recent models. The best plan is . . . to profit by the folly of others. — Pliny the Elder, from John Bartlett, comp. Familiar Quotations, 9th ed. 1901. IN THE MUDDLED DAYS BEFORE THE RISE of modern finance, some otherwisereputable economists, such as Adam Smith, Irving Fisher, John Maynard Keynes, and Harry Markowitz, thought that individual psychology affects prices.1 What if the creators of asset-pricing theory had followed this thread? Picture a school of sociologists at the University of Chicago proposing the Deficient Markets Hypothesis: that prices inaccurately ref lect all available information. A brilliant Stanford psychologist, call him Bill Blunte, invents the Deranged Anticipation and Perception Model ~or DAPM!, in which proxies for market misvaluation are used to predict security returns. Imagine the euphoria when researchers discovered that these mispricing proxies ~such * Hirshleifer is from the Fisher College of Business, The Ohio State University. This survey was written...

Words: 33427 - Pages: 134

Premium Essay

Acc 803: Leo’s Four-Plex Theater Case

...Contingency-based research has a long tradition in the study of management control systems (MCS). Researchers have attempted to explain the effectiveness of MCS by examining designs that best suit the nature of the environment, technology, size, structure, strategy and national culture. In recent years, contingency-based research has maintained its popularity with studies including these variables but redefining them in contemporary terms. This paper provides a critical review of findings from contingency-based studies over the past 20 years, deriving a series of propositions relating MCS to organizational context. The paper examines issues related to the purpose of MCS, the elements of MCS, the meaning and measurement of contextual variables, and issues concerning theory development. A final section considers the possibility that contingency-based ideas could encompass insights from a variety of theories to help understand MCS within its organizational context. # 2002 Elsevier Science Ltd. All rights reserved. 1. Introduction The three purposes of this paper are to provide a review of empirical, contingency-based research as it has developed since the early 1980s, to critically evaluate this work, and consider a variety of theoretical foundations that may assist in developing future research. The review is based, in the main, on research employing survey-based methods that has been published in a broad selection of accounting and management journals.1 The review is selective and illustrative...

Words: 26957 - Pages: 108

Premium Essay

Cryptography

...1. INTRODUCTION Does increased security provide comfort to paranoid people? Or does security provide some very basic protections that we are naive to believe that we don't need? During this time when the Internet provides essential communication between tens of millions of people and is being increasingly used as a tool for commerce, security becomes a tremendously important issue to deal with. There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography, which is the focus of this chapter. But it is important to note that while cryptography is necessary for secure communications, it is not by itself sufficient. The reader is advised, then, that the topics covered in this chapter only describe the first of many steps necessary for better security in any number of situations. This paper has two major purposes. The first is to define some of the terms and concepts behind basic cryptographic methods, and to offer a way to compare the myriad cryptographic schemes in use today. The second is to provide some real examples of cryptography in use today. I would like to say at the outset that this paper is very focused on terms, concepts, and schemes in current use and is not a treatise of the whole field. No mention is made here about pre-computerized crypto schemes, the difference between a substitution and transposition...

Words: 7926 - Pages: 32

Free Essay

Marketing Mnagement

...Journal of Applied Psychology 2007, Vol. 92, No. 4, 909 –927 Copyright 2007 by the American Psychological Association 0021-9010/07/$12.00 DOI: 10.1037/0021-9010.92.4.909 Trust, Trustworthiness, and Trust Propensity: A Meta-Analytic Test of Their Unique Relationships With Risk Taking and Job Performance Jason A. Colquitt, Brent A. Scott, and Jeffery A. LePine University of Florida The trust literature distinguishes trustworthiness (the ability, benevolence, and integrity of a trustee) and trust propensity (a dispositional willingness to rely on others) from trust (the intention to accept vulnerability to a trustee based on positive expectations of his or her actions). Although this distinction has clarified some confusion in the literature, it remains unclear (a) which trust antecedents have the strongest relationships with trust and (b) whether trust fully mediates the effects of trustworthiness and trust propensity on behavioral outcomes. Our meta-analysis of 132 independent samples summarized the relationships between the trust variables and both risk taking and job performance (task performance, citizenship behavior, counterproductive behavior). Meta-analytic structural equation modeling supported a partial mediation model wherein trustworthiness and trust propensity explained incremental variance in the behavioral outcomes when trust was controlled. Further analyses revealed that the trustworthiness dimensions also predicted affective commitment, which had unique...

Words: 16513 - Pages: 67

Free Essay

After Bailout

...AFTER THE BAILOUT: REGULATING SYSTEMIC MORAL HAZARD* Karl S. Okamoto ** How do we prevent excessive risk taking in the financial markets? This Essay offers a strategy for regulating financial markets to better prevent the kind of disaster we saw during the Financial Crisis of 2008. By developing a model of risk-manager decisionmaking, this Essay illustrates how even “good people” acting in utterly rational and expected ways brought us into economic turmoil. The assertion of this Essay is that the root cause of the Financial Crisis was systemic moral hazard. Systemic moral hazard poses a unique challenge in crafting a regulatory response. The challenge lies in that the best response to systemic moral hazard is “predictive prevention.” It is inherently difficult to reward individuals for producing predictive prevention. Unsurprisingly, markets fail to produce it at optimal levels and thus cannot prevent systemic moral hazard and the kind of crises that ensue. The difficulty in valuing predictive prevention is seen when we model how risk managers make decisions regarding the prevention of excessive risk. The model reveals how the balance can be tipped in favor of risk taking that leads to systemic failure and broad social harm. The model also reveals how regulation might work to reset the balance to one that is superior for society. We can achieve optimal risktaking decisionmaking in two ways: (1) by requiring all asset managers in the market to put their own money at risk in...

Words: 26469 - Pages: 106

Free Essay

Advances in Management Accounting

...LIST OF CONTRIBUTORS Solomon Appel Robert H. Ashton Reza Barkhi Metropolitan College of New York, New York, NY, USA Fuqua School of Business, Duke University, Durham, NC, USA Pamplin College of Business, Virginia Polytechnic Institute and State University, Blacksburg, VA, USA School of Management, University of Michigan-Dearborn, MI, USA College of Business Administration, San Diego State University, San Diego, CA, USA Department of Accounting, University of Arkansas at Little Rock, AR, USA Zicklin School of Business, CUNY – Baruch College, New York, NY, USA Belk College of Business, University of North Carolina at Charlotte, NC, USA College of Business and Economics, West Virginia University, Morgantown, WV, USA RSM Erasmus University, Department of Financial Management, Rotterdam, The Netherlands Mohamed E. Bayou Chee W. Chow Cynthia M. Daily Harry Z. Davis Nabil Elias Arron Scott Fleming Frank G. H. Hartmann vii viii LIST OF CONTRIBUTORS Fred A. Jacobs Frances Kennedy James M. Kohlmeyer, III Leslie Kren John Y. Lee Michael S. Luehlfing Adam S. Maiga School of Accountancy, Georgia State University, Atlanta, GA, USA Department of Accountancy and Legal Studies, Clemson University, SC, USA College of Business, East Carolina University, Greenville, NC, USA School of Business, University of Wisconsin, Milwaukee, WI, USA Lubin School of Business, Pace University, Pleasantville, NY, USA School of Professional Accountancy, Louisiana Tech University, LA...

Words: 111886 - Pages: 448

Free Essay

How Did Cliff Take Advantage of Principles of Operant Conditioning to Modify His Staff’s Behavior?

...explosives. Hattrill said the dogs were dual responsetrained when they detected something. “If the odor is around a passenger, they are trained to sit beside them. If it’s around cargo, they are trained to scratch. When they detect something, their whole temperament will change. “The dogs can screen up to 300 people within 10 to 15 minutes at the airport. Nothing else can do that.” (McKenzie-McLean, 2006, p. 7) module 15 Classical Conditioning The Basics of Classical Conditioning Applying Conditioning Principles to Human Behavior Extinction Generalization and Discrimination module 16 Operant Conditioning The Basics of Operant Conditioning Positive Reinforcers, Negative Reinforcers, and Punishment The Pros and Cons of Punishment: Why Reinforcement Beats Punishment Schedules of Reinforcement: Timing Life’s Rewards Shaping: Reinforcing What Doesn’t Come Naturally Becoming an Informed Consumer of Psychology: Using Behavior Analysis and Behavior Modification module 17 Cognitive Approaches to Learning Latent Learning...

Words: 14487 - Pages: 58

Free Essay

Core Concepts of Ais

...CORE CONCEPTS OF Accounting Information Systems Twelfth Edition Mark G. Simkin, Ph.D. Professor Department of Accounting and Information Systems University of Nevada Jacob M. Rose, Ph.D. Professor Department of Accounting and Finance University of New Hampshire Carolyn Strand Norman, Ph.D., CPA Professor Department of Accounting Virginia Commonwealth University JOHN WILEY & SONS, INC. VICE PRESIDENT & PUBLISHER SENIOR ACQUISITIONS EDITOR PROJECT EDITOR ASSOCIATE EDITOR SENIOR EDITORIAL ASSISTANT PRODUCTION MANAGER PRODUCTION EDITOR MARKETING MANAGER CREATIVE DIRECTOR SENIOR DESIGNER PRODUCTION MANAGEMENT SERVICES SENIOR ILLUSTRATION EDITOR PHOTO EDITOR MEDIA EDITOR COVER PHOTO George Hoffman Michael McDonald Brian Kamins Sarah Vernon Jacqueline Kepping Dorothy Sinclair Erin Bascom Karolina Zarychta Harry Nolan Wendy Lai Laserwords Maine Anna Melhorn Elle Wagner Greg Chaput Maciej Frolow/Brand X/Getty Images, Inc. This book was set in 10/12pt Garamond by Laserwords Private Limited, and printed and bound by RR Donnelley/Jefferson City. The cover was printed by RR Donnelley/Jefferson City. This book is printed on acid free paper. Founded in 1807, John Wiley & Sons, Inc. has been a valued source of knowledge and understanding for more than 200 years, helping people around the world meet their needs and fulfill their aspirations. Our company is built on a foundation of principles that include responsibility to the...

Words: 241803 - Pages: 968

Premium Essay

Uk Mba Handbook Strathclyde

...MBA UK Course Handbook the Strathclyde 2014/15 The Strathclyde MBA 1 The University of Strathclyde's mission dates from our founder, Professor John Anderson, leaving instructions in his will for 'a place of useful learning' to be established in the city. By this he meant an institution open to everyone, regardless of gender, status or income. “ The Place of Useful Learning John Anderson 1796 ” We continue to be committed to 'useful learning' through our provision of relevant, high quality, educational opportunities, the global application of our research and our focus on knowledge exchange, all of which aim to benefit the wider economy and society. Our commitment to 'useful learning' is about: • • Offering a wide range of education opportunities in a flexible, innovative learning environment. Developing students who have the aptitudes and capacities to make significant contributions to their communities after graduation as employees, employers and citizens. Connecting research through knowledge exchange to make an impact on modern society. • 2 Contents Welcome ................................................................................................................. 5 The University of Strathclyde .................................................................................. 6 Strathclyde Business School ................................................................................... 6 About the Handbook and MyPlace ........

Words: 30889 - Pages: 124

Premium Essay

Is3920 Lab 9

...Order Code RL33199 Data Security Breaches: Context and Incident Summaries Updated May 7, 2007 Rita Tehan Information Research Specialist Knowledge Services Group Data Security Breaches: Context and Incident Summaries Summary Personal data security breaches are being reported with increasing regularity. Within the past few years, numerous examples of data such as Social Security, bank account, credit card, and driver’s license numbers, as well as medical and student records have been compromised. A major reason for the increased awareness of these security breaches is a California law that requires notice of security breaches to the affected individuals. This law, implemented in July 2003, was the first of its kind in the nation. State data security breach notification laws require companies and other entities that have lost data to notify affected consumers. As of January 2007, 35 states have enacted legislation requiring companies or state agencies to disclose security breaches involving personal information. Congress is considering legislation to address personal data security breaches, following a series of high-profile data security breaches at major financial services firms, data brokers (including ChoicePoint and LexisNexis), and universities. In the past three years, multiple measures have been introduced, but to date, none have been enacted. This report will be updated regularly. Contents Introduction . . . . . . . . . . . . . . . . . . . ....

Words: 18803 - Pages: 76

Premium Essay

Health Information System

...Austin and Boxerman’s Information Systems for Healthcare Management Seventh Edition Gerald L. Glandon Detlev H. Smaltz Donna J. Slovensky 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 [First Page] [-1], (1) Lines: 0 to 27 * 516.0pt PgVar ——— ——— Normal Page * PgEnds: PageBreak [-1], (1) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 AUPHA/HAP Editorial Board Sandra Potthoff, Ph.D., Chair University of Minnesota Simone Cummings, Ph.D. Washington University Sherril B. Gelmon, Dr.P.H., FACHE Portland State University Thomas E. Getzen, Ph.D. Temple University Barry Greene, Ph.D. University of Iowa Richard S. Kurz, Ph.D. Saint Louis University Sarah B. Laditka, Ph.D. University of South Carolina Tim McBride, Ph.D. St. Louis University Stephen S. Mick, Ph.D. Virginia Commonwealth University Michael A. Morrisey, Ph.D. University of Alabama—Birmingham Dawn Oetjen, Ph.D. University of Central Florida Peter C. Olden, Ph.D. University of Scranton Lydia M. Reed AUPHA Sharon B. Schweikhart, Ph.D. The Ohio State University Nancy H. Shanks, Ph.D. Metropolitan State College of Denver * [-2], (2 Lines: 2 59.41 ——— ——— Normal * PgEnds [-2], (2 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 [-3], (3) Lines:...

Words: 123678 - Pages: 495

Free Essay

Surveillance in Schools

...Surveillance Surveillance in Schools: Safety vs. Personal Privacy A project created by Kathy Davis, John Kelsey, Dia Langellier, Misty Mapes, and Jeff Rosendahl Project Home Security Cameras Metal Detectors Locker Searches Internet Tracking “Surveillance…n. close observation, esp. of a suspected person” [emphasis added] --Reader’s Digest Oxford Complete Wordfinder, 1996 In 1995, “The total number of crimes committed per year in or near the 85,000 U.S. public schools has been estimated at around 3 million” (Volokh & Snell, 1998). Our educational system is evolving all the time, and one factor that is constantly changing is the aggressiveness within our schools. In 1940, a survey of teachers revealed that the biggest behavioral problems they had from students were “talking out of turn, chewing gum, making noise, running in the halls, cutting in line, [violating] the dress code, [and] littering” (Volokh & Snell, 1998). In 1990, the toprated problems were “drug abuse, alcohol abuse, pregnancy, suicide, rape, robbery, [and] assault” (Volokh & Snell, 1998). In 1940, we had little need for surveillance beyond a teacher’s observation and intervention. Today, however, we live in a much more diverse society with troubled youth and adults who have easy access to weapons, drugs, pornography, etc., which have enabled students and staff to bring their violent and/or inappropriate tendencies into the naïve schools. What worked in 1940 (teacher-student confrontation) is not as realistic...

Words: 17490 - Pages: 70

Premium Essay

The Social

...animal Books by Elliot Aronson Theories of Cognitive Consistency (with R. Abelson et al.), 1968 Voices of Modern Psychology, 1969 The Social Animal, 1972, 1976, 1980, 1984, 1988, 1992, 1995, 1999, 2004; (with J. Aronson), 2008 Readings About the Social Animal, 1973, 1977, 1981, 1984, 1988, 1992, 1995, 1999, 2004; (with J. Aronson), 2008 Social Psychology (with R. Helmreich), 1973 Research Methods in Social Psychology (with J. M. Carlsmith & P. Ellsworth), 1976 The Jigsaw Classroom (with C. Stephan et al.), 1978 Burnout: From Tedium to Personal Growth (with A. Pines & D. Kafry), 1981 Energy Use: The Human Dimension (with P. C. Stern), 1984 The Handbook of Social Psychology (with G. Lindzey), 3rd ed., 1985 Career Burnout (with A. Pines), 1988 Methods of Research in Social Psychology (with P. Ellsworth, J. M. Carlsmith, & M. H. Gonzales), 1990 Age of Propaganda (with A. R. Pratkanis), 1992, 2000 Social Psychology, Vols. 1–3 (with A. R. Pratkanis), 1992 Social Psychology: The Heart and the Mind (with T. D. Wilson & R. M. Akert), 1994 Cooperation in the Classroom: The Jigsaw Method (with S. Patnoe), 1997 Nobody Left to Hate: Teaching Compassion After Columbine, 2000 Social Psychology: An Introduction (with T. D. Wilson & R. M. Akert), 2002, 2005, 2007 The Adventures of Ruthie and a Little Boy Named Grandpa (with R. Aronson), 2006 Mistakes Were Made (But Not By Me) (with C. Tavris), 2007 Books by Joshua Aronson Improving Academic Achievement, 2002 The Social Animal To...

Words: 208005 - Pages: 833

Premium Essay

Paper

...Management of Information Security Third Edition This page intentionally left blank Management of Information Security Third Edition Michael Whitman, Ph.D., CISM, CISSP Herbert Mattord, M.B.A., CISM, CISSP Kennesaw State University ———————————————————————— Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Management of Information Security, Third Edition Michael E. Whitman and Herbert J. Mattord Vice President, Career and Professional Editorial: Dave Garza Executive Editor: Stephen Helba Managing Editor: Marah Bellegarde Product Manager: Natalie Pashoukos Developmental Editor: Lynne Raughley Editorial Assistant: Meghan Orvis Vice President, Career and Professional Marketing: Jennifer McAvey Marketing Director: Deborah S. Yarnell Senior Marketing Manager: Erin Coffin Marketing Coordinator: Shanna Gibbs Production Director: Carolyn Miller Production Manager: Andrew Crouth Senior Content Project Manager: Andrea Majot Senior Art Director: Jack Pendleton Cover illustration: Image copyright 2009. Used under license from Shutterstock.com Production Technology Analyst: Tom Stover © 2010 Course Technology, Cengage Learning ALL RIGHTS RESERVED. No part of this work covered by the copyright herein may be reproduced, transmitted, stored, or used in any form or by any means graphic, electronic, or mechanical, including but not limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information networks...

Words: 229697 - Pages: 919