ABSTRACT
Just in January 2001, our installment of ‘‘Your Internet Connection’’ (http:==www.comsoc.org=ci=public=2001=jan= ciint.html) was dedicated to security standardization. So why did we decide to have yet another discussion on Internet security shortly after? Simply, because the issue of security becomes more important and critical, recently gaining additional exposure not just to the technical audience but to the general public as well. Let us face it: unless caught and forced
to do so, companies would very rarely disclose the fact that their security was compromised. With this in mind, according to statistics published by Carnegie Mellons’s CERT Coordination Center a total of 82,094 security incidents were reported last year in 2002 (which represents almost 45% of the 182,463 total number of incidents reported during last 15 years (!) between 1988 and 2002). The number of vulnerabilities reported also grew in geometrical proportion in the last 3 years: from 1090 in 2000 to 2437 in 2001, to 4129 in 2002. Other disturbing statistical data come from a survey of 503 security practitioners by the FBI and the Computer Security Institute (CSI), published in April of last year cost of Internet-related crimes have a costly effect on government, academia, and business institutions. Following are some of the highlights of the CSI ‘‘2002 Computer Crime and Security Survey’’:
90% of respondents detected computer security breaches within the last year.
