Information Assurance

Subversion as a Threat in Information Warfare

ABSTRACT

As adversaries develop Information Warfare capabilities, the threat of information system subversion presents a significant risk. System subversion will be defined and characterized as a warfare tool. Through recent security incidents, it is shown that means, motive, and opportunity exist for subversion, that this threat is real, and that it represents a significant vulnerability. Mitigation of the subversion threat touches the most fundamental aspect of the security problem: proving the absence of a malicious artifice. A constructive system engineering technique to mitigate the subversion threat is identified.

In Pursuit of a Standard Penetration Testing Methodology

ABSTRACT

Penetration testing has gained great momentum commercially, but there is limited methodological research in the literature.  A methodology is important for penetration testing if it is to maintain a degree of separation between the security profession and wanton attacks.  The methodological approaches to security posture testing are explored; using tactics adopted from crackers themselves; and, look particularly at a small body of literature. The surveyed methodologies are compared and contrasted, extrapolating the major trends and features into a hybrid, and conclude with directions for future research. In general, it was found that the methodologies to converge on reconnaissance, attack and escape.

Using Outcomes-based Assessment as an Assurance Tool for Assurance Education

ABSTRACT

We discuss our efforts to deliver a graduate-level assurance curriculum with a strong emphasis on logic and formal methods. Specifically, we describe what we are teaching in two of our foundational courses, as well as what our students are learning. We also advocate the use of an outcomes-based approach when developing IA courses and curricula. We have found that focusing on the desired educational outcomes from the outset has made it easier to identify what is working and what is not, and we wish to share our experiences.

Information Operations – A Swedish View

ABSTRACT

This paper touches upon Swedish views of how to organize traditional domestic responsibilities to better catch up with emerging IT-related threats. This paper stresses the need for developed forms of public-private co-operation. It also discusses new ways of handling crises and conflicts, as well as of enforcing sanctions in the international arena.

Developing an Academic Curriculum in Information Operations: The First Steps

ABSTRACT

Increasingly the realm of Information Operations (IO) and Cyber Warfare are seen as crucial to the success of the Department of Defense’s ability to conduct military missions, yet the training and education efforts associated with these areas are often disjointed and uncoordinated. Whilst a large number of universities have developed more specialized Information Assurance (IA) or computer security programs, the broader aspects of IO are still not seen as worthy of study by the academic community.  In this paper, the authors outline the need for an academic response to develop a better methodology of an Information Operations Education program, to include research and recommendations for future efforts to develop standards and metrics in the IO training and education realm.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.234.6664
  • jiw@gbpts.com