INTRODUCTION TO PART II

THREATS AND VULNERABILITIES

What are the practical, technical problems faced by security practitioners? Readers are introduced to what is known about the psychological profiles of computer criminals and employees who commit insider crime. The focus is then widened to look at national security issues involving information assurance—critical infrastructure protection in particular. After a systematic review of how criminals penetrate security perimeters—essential for developing proper defensive mechanisms—readers can study a variety of programmatic attacks (widely used by criminals) and methods of deception, such as social engineering. The section ends with a review of widespread problems such as spam, phishing, Trojans, Web-server security problems, and physical facility vulnerabilities (an important concern for security specialists, but one that is often overlooked by computer-oriented personnel).

The chapter titles and topics in Part II include:

• 12. The Psychology of Computer Criminals. Psychological insights into motivations and behavioral disorders of criminal hackers and virus writers
• 13. The Dangerous Technology Insider: Psychological Characteristics and Career Patterns. Identifying potential risks among employees and other authorized personnel
• 14. Information Warfare. Cyberconflict and protection of national infrastructures
• 15. Penetrating Computer Systems and Networks. Widely used penetration techniques for breaching security perimeters
• 16. Malicious ...