Archive

Archive for January, 2008

A Tribute to James P. Anderson, Jr.

Despite assertions that the practice of information security constitutes a “folk art, ” I have a high regard for this field.  One of the things I like the best about information security is that it is based on an abundance of sound, well thought out ideas, concepts, and models. The pioneers of this field in the late 1960’s through the early 1980’s deserve the preponderance of the credit for coming up with the seminal ideas, concepts and models that have set such a good foundation for information security. It is in this context that I pay tribute to the late James P. Anderson, Jr., who recently passed away.

It is difficult to envision how anyone could have contributed more to the field of information security than James Anderson did. He, for example, contributed substantially to the content of the “Rainbow Series,” particularly the “Orange Book” (Trusted Computer System Evaluation Criteria) and the “Red Book” (Trusted Network Interpretation). He is widely credited with having created the concept of the “Security Reference Monitor,” a component of a trusted computing system that checks to determine whether or not access attempts are legitimate. He is also widely credited with coming up with the concept of intrusion detection, an area that has grown prolifically over the years. Just three years after James Anderson’s now legendary report to the US Government in which he coined the term “intrusion detection” and pointed out the need for it, the first intrusion detection system was built and deployed. James Anderson also worked extensively with the US Government to help establish an agenda and plan for government-funded information security research. Despite all his accomplishments, James Anderson remained a modest, humble person.

The pioneers of the field of information security deserve considerable credit and recognition, and in my mind none deserves more than James Anderson. We can only hope that another generation of bona fide innovators of the caliber of James Anderson will surface and move the field forward to the degree that Richard Anderson did.

Categories: Uncategorized Tags:

T

This blog entry covers the last of my ten predictions about events and trends that I expect to occur in 2008. My final prediction is:

10. International cooperation in dealing with computer crime and information security issues in general will grow substantially due to the increasing realization that the overall lack of cooperation that has been too widespread over the years has gotten law enforcement and countries nowhere.

International cooperation with respect to fighting any kind of crime is almost without exception difficult to achieve. Different laws in different countries, different values concerning what is worth prosecuting, different levels of authority given to various law enforcement entities, lack of up-front agreements, mistakes made during investigations, the elusiveness that criminals can achieve by crossing international borders, and sometimes just plain everyday pettiness within law enforcement entities have all proven to be significant hurdles to prosecuting international crime. Read more…

Categories: Uncategorized Tags:

TJX’s Security Breaches Will Force it to Go out of Business or to Merge with Another Company

This blog entry is the ninth related to my ten predictions concerning events and trends that I have gone on record as saying will happen in 2008. This prediction is:

9. The financial and legal repercussions of TJX’s data security breaches will snowball to the point that this company will be forced to sell itself or to merge with another company just to survive.

TJX experienced the all-time largest data security breach involving payment card information. Somewhere between 46 million (according to TJX) and 94 million (according to credit card-issuing banks) customer credit cards were compromised as the result of a remote computer break-in at TJX that, unbelievably, no one discovered for over 18 months. The incident has led to numerous cases of identity fraud as well as lawsuits by credit card issues and individuals. Read more…

Categories: Uncategorized Tags: