Announcement

Collapse
No announcement yet.

Research on Information Assurance

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Research on Information Assurance

    Hey all.

    I'm new to this community and I am also a newly enrolled (older) college student. Long story short, I have to come up with a topic (read: issue/problem in the IT area) for an IT Research Paper/Project that is in my area of interest. Since I'm going for a BS in IT, leaning toward the side of Information Assurance, I decided to search the 'net. Unfortunately all I get is a slew of blah.

    Since most of the community here works in the industry, I figured the best place to get insight on the IT/Information Security field and the problems it faces would e here.

    I was wondering if anyone had some pointers on where to search or even some reasonable thoughts on the subject of Information Assurance. My searches have only brought hits on articles that simply point out that IT is a necessary part of business, but not what any current issues in that area are.

    Help??

    Thanks to any and all who read this and many more thanks to any who respond. :)

    D
    Last edited by Drauko; December 16, 2009, 20:23.

  • #2
    Re: New Communiy Member Looking for Insight

    Well....

    I stumbled into AgentDarkApple's post that falls along the same lines, so I think I'll start in there, but anything someone happens to feel like adding here would still be greatly appreciated.

    D

    Comment


    • #3
      Re: New Communiy Member Looking for Insight

      Originally posted by Drauko View Post
      Hey all.

      I'm new to this community and I am also a newly enrolled (older) college student. Long story short, I have to come up with a topic (read: issue/problem in the IT area) for an IT Research Paper/Project that is in my area of interest. Since I'm going for a BS in IT, leaning toward the side of Information Assurance, I decided to search the 'net. Unfortunately all I get is a slew of blah.

      Since most of the community here works in the industry, I figured the best place to get insight on the IT/Information Security field and the problems it faces would e here.

      I was wondering if anyone had some pointers on where to search or even some reasonable thoughts on the subject of Information Assurance. My searches have only brought hits on articles that simply point out that IT is a necessary part of business, but not what any current issues in that area are.

      Help??

      Thanks to any and all who read this and many more thanks to any who respond. :)

      D
      What have you gotten so far?

      xor

      Are you focusing on government or commercial?
      Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

      Comment


      • #4
        Re: New Communiy Member Looking for Insight

        When I have a research paper or project, I often use Safari Online to find relevant books. Depending on the specific focus of your research, there is a lot out there - books, reports to Congress, documentation of government and military info assurance standards, Master's thesis papers that can lead you to good sources, etc. Also, try looking for information security books, as most of them have a chapter (or several) dedicated to information assurance principles.

        If you are looking for specific problems and how to apply info assurance principles to those problems, then I may be able to help. I'm guessing you already know that the major principles of information assurance are the "CIA triad" - confidentiality, integrity, availability. As for "issues", one of the big ones right now is network-centric information warfare and cyber terrorism (my favorite area of study). Other big issues as of late are wireless security, online banking security (two part authentication has proven to not be enough), and issues that surround developing more stringent info assurance standards for government and critical infrastructure systems.

        Here are a few sites I read to keep up with what is going on with IT security and IT in general:

        http://news.cnet.com/
        http://www.sans.org/
        http://darkreading.com/index.jhtml
        http://www.wired.com/
        http://www.wired.com/threatlevel/

        Often articles from those sites end up in my research papers.
        "Why is it drug addicts and computer afficionados are both called users? " - Clifford Stoll

        Comment


        • #5
          Re: Research on Information Assurance

          A thread topic of "New Communiy Member Looking for Insight" is useless to people looking at thread titles to determine the topic of discussion.

          Title of thread changed to "Research on Information Assurance"

          Carry on...

          Comment


          • #6
            Re: Research on Information Assurance

            Thanks, to TheCotMan for the title edit.

            Xor - I have no real research completed to date as I'm still trying to pin down a topic.

            AgentDarkApple - Thanks for the lengthy response. My professor is requiring us to address a 'problem/issue' in the IT field. I want to go the route of Information Assurance as it is the specialization I'm going for as well. Just from what I've seen here, it looks like a very wide ranging topic. I'll start with what you guys have provided so far and try to narrow down a problem to go deeper with.

            You guys are awesome, and prompt, but I knew you were awesome when I registered here. :P

            Comment


            • #7
              Re: Research on Information Assurance

              First, and just to be clear I'm not trying to be a dick.

              What books have you read? What are the texts you guys are using in your classroom? I'm sure they didn't start off with Information Assurance. When I do a search on Information Assurance I get a lot of relevant information. Do you know how to use google? Do you know how to use the [site:] directive? You realize we can't write your paper for you, right? Well that is, unless you offer us sexual favors first .

              Just FYI, I'm not an enforcer of the rules, but reading the forum rules it like reading the manual. You should really do it to stay out of trouble.

              It would really help if you could narrow down your topic.

              xor
              Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

              Comment


              • #8
                Re: Research on Information Assurance

                Here's where I start every morning: http://pauldotcom.com/ I also encourage all my students to check it out, too.

                I would strongly urge you to pick a VERY specific idea that interests you. It may be something in software (web or system), networking, operating systems, hardware/infrastructure, or others, but they are all part of IT. Once you have the general area that you want to work in, then zero in on an exact security problem within that area.

                For example, if you are interested in web software and are just starting out, I think a really good starting paper is to look at the issue of client-side vs. server-side validation routines. This investigation will lead you to looking at web proxies (BurpSuite, Paros, Tamper Data, and all the rests) and how you can monkey with input after it leaves your browser, but hasn't reached the server application. The goal of a web application is to make sure that it validates everything when it reaches the server and to NOT rely on client-side validation because it can be bypassed so trivially. So the gist of your paper becomes a "Defensive Programming for Web Applications"-type vibe. Web Software is obviously a big part of IT and you get to take the security angle with something as simple as looking at how proxies work, what they are capable of, and what that actually means for your server application.

                That's just one example. The point is to find one general area that you want to explore and find one detailed problem.

                From the professorial point of view: PLEASE PLEASE PLEASE don't give me the general, "Security is hard to measure. Security is vital to IT. Security is really important. Security has to be considered right away on projects" and other related general statements. Dive deep into one issue that interests you right now.

                Comment


                • #9
                  Re: Research on Information Assurance

                  Drauko, if you are stuck, then read my Information Warfare paper to get an idea of selecting an issue and applying information assurance principles to remedy the issue. I am not saying it is the best example, but it was written for my information assurance class last semester. You should pick a problem or issue, explain it in as much detail as necessary, then apply both general and specific information assurance and security measures to the problem. My topic was a bit broad, but Information Warfare is an ongoing area of research and interest for me, so I try to incorporate it into my term papers when possible. If nothing else, check the bibliography to see if there are any sources that may be of use to you.
                  "Why is it drug addicts and computer afficionados are both called users? " - Clifford Stoll

                  Comment


                  • #10
                    Re: Research on Information Assurance

                    Here's a suggestion that I know I have personally wanted to see addressed:

                    How do you architect, deploy, and maintain a secure network infrastructure while addressing the issue of increasingly complex and undefined security boundaries?

                    In the good 'ol days you had a network. That network had ingress and egress points, usually along its perimeter that you controlled. Sure you had some things like modems and RAS, but you knew about them and kept that shit in check.

                    Now, you have networks that have no defined edge. Users have corporate network access on their mobile phones, corporate data is stored off-site 'in the cloud', corporate data walks around every day in pockets on solid state media, and users want to be able to access corporate resources anytime, anywhere, from any device. The ingress/egress points for your network are now virtually impossible to catalog and monitor.

                    So far the best solution I have seen to address the issue it to place your index fingers in your ears and loudly shout 'LALALALALALALALALALALALALALAICANTHEARYOULALALALAL ALA'

                    So riddle me this, Batman...how would you propose to fix that problem? (this should get you going..or at least thinking hard..)

                    I return whatever i wish . Its called FREEDOWM OF RANDOMNESS IN A HECK . CLUSTERED DEFEATED CORn FORUM . Welcome to me

                    Comment


                    • #11
                      Re: Research on Information Assurance

                      Originally posted by noid View Post
                      So riddle me this, Batman...how would you propose to fix that problem? (this should get you going..or at least thinking hard..)
                      Stone tablets...? Firing squads for people who lost data? Write better more secure code? Everyone must use BSD? Place Cotman is charge of testing people before they are allowed to use a computer? Virtual Internets.

                      He could always do a paper on Global Warming and what not to place in e-mail.

                      xor
                      Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

                      Comment


                      • #12
                        Re: Research on Information Assurance

                        Originally posted by noid View Post
                        So far the best solution I have seen to address the issue it to place your index fingers in your ears and loudly shout 'LALALALALALALALALALALALALALAICANTHEARYOULALALALAL ALA'

                        So riddle me this, Batman...how would you propose to fix that problem? (this should get you going..or at least thinking hard..)
                        While your first suggestion is normally the preferred method. At the SCADA conference I was at last week, I proposed that the actual problem is not with computers, but with people. If we could eliminate the people from the equation, computers really wouldn't have a problem.
                        A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

                        Comment


                        • #13
                          Re: Research on Information Assurance

                          Originally posted by streaker69 View Post
                          ... If we could eliminate the people from the equation, computers really wouldn't have a problem.
                          I couldn't agree more, the human factor is the number one risk in any equation, in any field. Though "fully" automated systems will always require some degree of maintenance or upkeep, there is still one lingering problem... If we give the computers control, eventually we all have to deal with Hugo Weaving running amok bitching about the smell.
                          "You have cubed asscheeks?"... "Do you not?"

                          Comment


                          • #14
                            Re: Research on Information Assurance

                            Originally posted by sintax_error View Post
                            ... If we give the computers control, eventually we all have to deal with Hugo Weaving running amok bitching about the smell.
                            Or Skynet. Don't forget Skynet and the T1.
                            Thorn
                            "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                            Comment


                            • #15
                              Re: Research on Information Assurance

                              Originally posted by sintax_error View Post
                              I couldn't agree more, the human factor is the number one risk in any equation, in any field. Though "fully" automated systems will always require some degree of maintenance or upkeep, there is still one lingering problem... If we give the computers control, eventually we all have to deal with Hugo Weaving running amok bitching about the smell.
                              Or dressing in drag..

                              wait..I'm thinking of another movie..

                              either way, both are no bueno.

                              I return whatever i wish . Its called FREEDOWM OF RANDOMNESS IN A HECK . CLUSTERED DEFEATED CORn FORUM . Welcome to me

                              Comment

                              Working...
                              X