Carnegie Mellon University
Browse
- No file added yet -

Three Essays on Information Security Policies

journal contribution
posted on 2008-07-01, 00:00 authored by Yubao Yang
Information security breaches pose a significant and increasing threat to national security and economic well-being. In the Symantec Internet Security Threat Report (2003), companies surveyed experienced an average of about 30 attacks per week. Anecdotal evidence suggests that losses from cyber-attacks can run into millions of dollars. The CSI-FBI survey (2005) estimates that the loss per company was more than $500,000 in 2004 and more than $200,000 in 2005. This research analyzes the information security policies that attempt to address the above issues. In particular, this research focus on the following topics (1) the vulnerability disclosure policy of several major vulnerability information outlets and their implications to the vendors’ patch release behavior (2) the conformance of the software vendors to one of the most important software product security quality certification standard, Common Criteria certification (3) the effectiveness of Common Criteria Certification in improving the security quality of software products.

History

Date

2008-07-01

Usage metrics

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC