|
Since 9/11
terrorism has become an international focus. However, the issue terrorism has been a concern for pockets of intelligence,
military, law enforcement and various civil and private entities for some time. Among the first of these concerned entities
were the airlines since they have been targets for hijacking and terror-related incidents as far back as the early 1970s.
In 1980 the International Civil Aviation Organization (ICAO) released what is known as Document 9303, which has formed
the basis for the US INS and Homeland Security initiative for biometric passports. Document 9303 (and its subsequent annexes)
contains specifications for machine-readable passports or MRP. Through several revisions, these specifications have been adopted
by international Member States.
A press release issued on June 15, 2005 by the Department of Homeland
Security stated that “Visa Waiver Program (VWP) countries will be required to produce passports with digital photographs...
all VWP countries must also present an acceptable plan to begin issuing integrated circuit chips, or e-passports.”
This announcement relates to the Enhanced Border Security and Visa Entry Reform Act of 2002 requirement that any passport
issued after October 26, 2005 and used for Visa Waiver Program (VWP) travel to the United States must include a biometric
identifier based on applicable standards established by the ICAO.
Today, the need for universal implementation
of MRP has become pressing, and earlier this year the ICAO adopted a new standard in Annex 9 by which all Contracting States
will begin issuing MRP and ICAO's 188 Contracting States have agreed to issue only ICAO-standard MRP by the first of April
2010. While about 110 States currently do so, more than 40 are planning to upgrade to the biometrically enhanced version,
or e-Passport, sooner than 2010.
The US has also announced that in order for countries to comply with its e-passport
requirements, Department of Homeland Security will create a validation process for VWP countries to test their e-passport
prior to issuance. An upcoming technical conference with VWP countries and the United States government will clarify the details
of this validation process.
Technological issues include not only the protection of the integrity of the devices
and data used in the information capture and verification process (e.g. attending to tamper-proof materials and maintaining
accurate databases), but also in securing the information as it is stored and accessed.
Among the socio-political
issues this raises includes the argument that the use of RFID may make Americans less secure as they travel since terrorists
can also read the RFID signals. Domestically, this raises all sorts of questions about rights to privacy, as well as maintaining
human dignity and encouraging the kinds of travel and immigration vital to the Country.
Concurrently with the biometric
passport initiative, the visa issuance process (US Visit program) includes the use of biometrics in checking the identity
of foreign students and is to be tied with the Student and Exchange Visitor Information System used in tracking and reporting
foreign student activity in the United States.
Beyond the national security issues raised by these efforts and
given recent security breaches at information repositories, the collection and dissemination of information about individuals
carries with it additional risks. For instance, the U.S. Department of Justice estimates that 1 in 3 people will become victims
of identity theft at some point in their lifetime, and leakage of personal information from these central information repositories
continues to exacerbate both the potential and severity of the damage to persons and industry.
|
|
Organizational Security Behavior
Research: Organizations are increasingly impacted by employee failures to implement readily available systems security
countermeasures that result in security lapses. An area where this is most intriguing is among those organizational members
who know how to implement security measures but do not do so. Important suggestions have been made in the literature, but
despite them, the problem continues, and even grows worse. Most of the research into these security behaviors to date have
been either purely self-report perceptions (many with low response rates) or have consisted of theory and model building and
testing. In addition, the extant research has concentrated on either individual or organizational factors. We have been interested
in addressing two literature gaps: (1) determining how well perceptions of security behaviors translated into the world of
practice, and (2) understanding the relationships between individual and organizational factors. With our research (Workman,
Bommer, & Straub, 2008; 2009), we found that individual factors outlined our threat control model (based on Roger's protection
motivation theory) amplified with high perceptions of organizational procedural justice on taking specified security countermeasures.
See for example, Workman, M., Bommer, W., & Straub, D. (2008). Security lapses and the omission of information security
measures: An empirical test of the threat control model, Journal of Computers in Human Behavior, 24, 2799–2816.
- CINSec Conference! - March 2nd
and 3rd - The international conference of the Centers for Information and National Security (CINSec) will be held
at the AMSTEL 144, Amsterdam NE. See the conference announcement on our main Website for details!
-Legal Notices- Copyright (c) 2007-2010. The Security Policy Institute is a Registered Trademark: Security
Policy Institute #77/364698, CINSec is a Registered Trademark: CINSec #77/474141
General Counsel: James Beadle - Spira, Beadle & McGarrell: http://www.realpagessites.com/spirabeadlemcgarrell/fl-location-map.htmlIP Attorney: Chad Nydegger - Workman, Nydegger & Jensen: http://www.wnlaw.com Commercialization Counsel: Brent T Winder: Jones, Waldo, Holbrook &
McDonough: http://www.joneswaldo.com
|
Cyber Defamation: Companies
and people are increasingly the targets of personal attacks on social network sites and in blog postings by “trolls”
and “cyber bullies.” Research shows that people who defame others in this way rank high on narcissism
and neuroticism, and have exploitive tendencies. We are interested in this subject as well as countermeasures, and as special
edition editor of the International Journal of Management and Decision Making, I am soliciting scholarly research manuscripts
for a special issue on "Cyber Harassment Impacts on Corporations and Corporate Valuation" See the
solicitation at the following link: http://www.inderscience.com/browse/callpaper.php?callID=1276 The IJMDM is a top-tier reviewed research journal: http://www.inderscience.com/browse/index.php?journalID=19
|
|
Commentary: In my manuscript published in the Information Security Journal titled, "Fear Commerce:
Inflationary Effects of Global Security Initiatives," I laid out a thesis that the media tends to send panicked people
off into the wrong directions in comparison to the threat level (I drew from the well supported "terror management theory").
In the news recently, we noted that law enforcement and the intelligence communities may have thwarted an attack against mass-transit
systems in New York. If so, this result was from good old-fashioned police work (with
a technological edge). However, we are outspending what we can afford (see the GAO study I cited in my manuscript). We need
more targeted and focused efforts. Footnote: The U.S. government
plans to begin issuing electronic passports in December that feature a built-in chip that contains information about the passport
holder and facial-recognition capabilities. PCWorld Read
More.
|
|
There is a difference between knowing about something and knowing
how to DO something! With the CINSec and the Security Policy Institute, you get hands-on training and experience
with your academic certificate in security -and not just a paper-quiz certification! - Announcing
the Security Policy Institute and Centers for Information and National Security (CINSec) Laboratory for Information Studies. In our lab, we have a cloud computing environment, semantic fusion technologies,
several virtual subnetworks and virtual machines for creating defenses, mounting simulated attacks, and monitoring (intrusion
detection). The lab is located in the LINK Building, or through VPN for virtual instruction.
|
