Do You Know Your Cyberthreats?

The watchdogs at the Government Accountability Office this week issued a report that takes a look at what information, or guidance as they call it, is available to help government agencies and public sector companies bulk up their cybersecurity efforts.

By Michael Cooney
Mon, January 09, 2012
. What's this?

Network World — The watchdogs at the Government Accountability Office this week issued a report that takes a look at what information, or guidance as they call it, is available to help government agencies and public sector companies bulk up their cybersecurity efforts.

Slideshow: Quiz: Separate Cyber Security Fact From Fiction

Since a GAO report late last year showed reports of security incidents from federal agencies have increased more than 650% over the past five years, the need for a community of help on the cybersecurity front is needed.

MORE ON SECURITY: IRS: Top 10 things every taxpayer should know about identity theft

Inside the current report, the GAO included a list and definitions of some of the more common, and perhaps some not-so-common, security exploits that federal agencies and private firms are hit with. Here's the list:

Cross-site scripting: An attack that uses third-party web resources to run script within the victim's web browser or scriptable application. This occurs when a browser visits a malicious website or clicks a malicious link. The most dangerous consequences occur when this method is used to exploit additional vulnerabilities that may permit an attacker to steal cookies (data exchanged between a web server and a browser), log key strokes, capture screen shots, discover and collect network information, and remotely access and control the victim's machine.

Denial-of-service: An attack that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources.

Distributed denial-of-service: A variant of the denial-of-service attack that uses numerous hosts to perform the attack.

Logic bomb: A piece of programming code intentionally inserted into a software system that will cause a malicious function to occur when one or more specified conditions are met.

Phishing: A digital form of social engineering that uses authentic-looking -- but fake -- e-mails to request information from users or direct them to a fake website that requests information.

Passive wiretapping: The monitoring or recording of data, such as passwords transmitted in clear text, while they are being transmitted over a communications link. This is done without altering or affecting the data.

SQL injection: An attack that involves the alteration of a database search in a web-based application, which can be used to obtain unauthorized access to sensitive information in a database.

Trojan horse: A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms by, for example, masquerading as a useful program that a user would likely execute.

Continue Reading

Originally published on www.networkworld.com. Click here to read the original story.
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
White Papers »
Measuring the Business Value of CI in the Data Center
One of the key strategies that IT teams are pursuing to reduce capital costs while boosting asset utilization and employee productivity is the transition to highly virtualized data centers. However, IDC finds that expectations for further boosts in IT asset use and operational efficiency often surpass the actual results for a variety of reasons. These problems can quickly overwhelm any hoped-for benefits as the scope of virtual server deployment expands.

Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
The CFO Guide to Budgeting Software
A mid-sized business needs the same financial performance control and measurement capabilities as a large corporation, but in a solution that's affordable, easy to implement and scalable. This guide simplifies the search by helping CFOs understand the 10 must-have characteristics of today's best financial performance management solutions.
Better Cash Flow Management: Recession-Proof Your Business
Cash is the lifeblood of most small to mid-sized organizations. So why rely on error-prone spreadsheets for forecasting cash flow and risk making the wrong decisions? This white paper explores what a best-in-class budgeting and planning application could offer in the spreadsheet's place.
Centage/IOMA Budgeting Survey: Benchmarks and Issues
How are other financial professionals dealing with the issues you face? This report offers you an inside peak into what the minds at over 200 financial executives are thinking and doing to impact their own bottom line.
Case Study: Audi-Volkswagen Improves Procurement Control
Audi-Volkswagen required a user-friendly, easy-to-use Business Process Management system that did not require programming skills or high levels of technical expertise in-house. This case study looks at the decision making process that Audi-Volkswagen went through, including a tender involving six companies, and describes why they choose to work with Kofax to supply a Business Process Management system.
AIIM Market Intelligence: The paper-free office, dream or reality?
In this Aiim Market Intelligence report, produced in association with Kofax, we look at the success of paper-elimination projects, where and why paper is still leaking into the business, the features and success of scanning and capture investments, forward plans for document process outsourcing (DPO), and the potential impact of mobile devices.
Webcasts »
Optimizing the world of IT for end-users: Balancing freedom and choice with security and compliance to meet business
Download this eSeminar to hear from experts Ziff Davis Enterprise, VMware and HP and learn how client-side virtualization can improve your organization's performance, while reducing the IT burden of managing and maintaining an increasingly diverse client universe.
Introduction to Virtualization
Have you been thinking about what it would take to start using virtualization? Or do you know the basics and want to find out more? No problem. This webcast is designed for anyone with little to no knowledge of virtualization technology. Attend this webcast to learn:

-A basic overview of the business value of the technology and some key capabilities that make virtualization so valuable to IT and the businesses you serve.
-The basics for creating virtual machines and the key choices that can be made along the route to deployment.
Cloud-based Contact Center: Is it Right for Your Business?
View this on demand webcast to learn if moving business communications to the cloud is right for your business. Featured industry experts DMG Consulting LLC president, Donna Fluss, Frost & Sullivan principal analyst, Michael DeSalles, and Interactive Intelligence senior vice president, Joe Staples discuss this topic and help you answer your pressing questions at the conclusion of this web event.
Must have Tools and Techniques to Optimize the Sales Pipeline and Win more Deals
In this webcast, Vantage Point Performance's Michelle Vazzana will reveal how to coach your reps to better performing pipelines.
Sales Effectiveness in the New Sales Paradigm - A Webcast Featuring the Latest Forrester Research Study
In this webcast produced by the Sales Management Association (SMA), Forrester's Scott Santucci will explore the new sales paradigm and discuss how businesses must transform their selling models into dynamic, communications-intensive systems, empowering individual sellers to define, create and deliver value to customers.
SAP Sales OnDemand Demo: Quick Overview
SAP Sales OnDemand is intuitive, leveraging social collaboration capabilities you already know how to use. It enables fast, effective team collaboration and account management to help you sell more effectively. Watch the video to see how!
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

Measuring the Business Value of CI in the Data Center

The CFO Guide to Budgeting Software

Better Cash Flow Management: Recession-Proof Your Business

Centage/IOMA Budgeting Survey: Benchmarks and Issues

Case Study: Audi-Volkswagen Improves Procurement Control

AIIM Market Intelligence: The paper-free office, dream or reality?

Discover Options for Improving Supplier and Customer Integration

How much security do you really need?

How to Justify the Cost of a TMS by Automating Freight Audit & Payment

Message Maps: Blueprints for Pandemic Preparedness

Broker-Dealer Case Study: Reduced Compliance Burden with Perimeter's Message Archive

Comparing Free Trial and Freemium Models

CSO Insights: Improving Sales Effectiveness In a Buyer's Market

Creating New Business Models Where Digital Meets Physical

Business Execution Buyer's Guide

"IPv6 for Dummies" - A Basic Guide to the Inevitable!

Associated Newspapers Keeps Websites Competitive with VMware vFabric tc Server

Privileged Password Sharing: the "root" of All Evil

Strategic Communications Secrets from a Vice Chief of Information

"Real-World Virtualization for Your Business" eBook
Sponsored Links

High performance. Delivered. Click to see Accenture's client successes

Choose New and manage one device instead of 170

Choose New for 8x the firewall and NAT performance

Check out a smart way of mobilizing your business with enterprise-ready Samsung Mobile.

Redefine your data center with HP servers.

Enhance your business with Windstream IT Solutions. Speak to someone local.

BlackBerry® Mobile Fusion. Different mobile devices. One platform.

Akamai Kona Security. Web security so you can innovate fearlessly

CYBERMARYLAND | Learn Why Maryland is the Epicenter for Cybersecurity

Get Ethernet speeds from 1 Mbps to 10 Gbps - Comcast Business Class

Cognizant. Leading in Business, Application & Technology Services

Collaboration: driving better business outcomes

Managed Hosting Buyer's Guide - Benefits to key considerations

Click to see how Accenture has delivered high performance to clients

Learn how Accenture helps clients become high-performing businesses.

Click to see how Accenture has delivered high performance to clients

Choose New and slash the number of devices you manage

Customized information views & Twitter events at New Fulcrum Point

Splunk translates machine data into "aha" moments for IT and the business.

ManageEngine Desktop Central - Automate and Audit Your Desktop Management! Learn More...

Cloud Readiness Starts with Intel® Technology

Visit the Virtually There Learning Page to learn how to use virtualization to your competitive advantage.

Learn how Accenture helps clients become high-performing businesses

Free: Hunter Muller's "The Transformational CIO."

Join us for an upcoming Microsoft 365 live online demo event.

Discover your easiest path to unified communications

Virtualizing Your Infrastructure Just Got Easier

Gain cutting-edge insights at MIT in 2-5 day executive programs.

See how Accenture helps clients perform at the highest levels

Connect with global CIOs now at Enterprise CIO Forum

Resource Center
buy a link »
Ads by TechWords