THE MAGAZINE

Home computers are used to store personal information, such as health records, and to perform sensitive transactions, such as banking. But the security of these computers is weak at best, a new study shows. Almost two-thirds of the 329 users polled have been infected by a virus, and another 18 percent didn't know whether they had been; half the users weren't sure whether they currently were infected. Eighty percent admitted having spyware installed, with an average of 93 components on each computer (the most spyware components found during a scan was 1,059). And 63 percent don't use a firewall. @ More from the America Online and National Cyber Security Alliance Online Safety Study

You get a brand-new e-mail address, and within a few days--if not hours--you're already getting spammed. How did the spammers find out your address so quickly? How can you protect yourself in the future? And if you're on a spamming list, are there ways to get off? These questions and more are addressed on a Web page authored by software programmer Uri Raz.

Link to this month's A Site to See, "How do spammers harvest e-mail addresses?"

Almost one-third of companies outsource application-development tasks, as well as Web-site development and management, according to a new survey of 744 organizations carried out by Enterprise Systems, a provider of business and technology information for IT managers.

Almost one-third of companies outsource application-development tasks, as well as Web-site development and management, according to a new survey of 744 organizations carried out by Enterprise Systems, a provider of business and technology information for IT managers. Outsourcing: Who, Where, and Why? The 2004 Enterprise Strategies Outsourcing Survey is available at SM Online.

The Department of Homeland Security has awarded $9 million in grants to 12 information technology projects under the Information Technology and Evaluation Program (ITEP), which aims to improve information-sharing capabilities. The projects, selected from 113 proposals, include an Arizona program to enhance wireless security for first responders, a port security communications network in Rhode Island, and an XML-based facial imaging system for use by law enforcement and other first responders in North Carolina. @ Learn more about ITEP by visiting SM Online.

Protecting intellectual property rights may sound like arcana of interest to corporate attorneys rather than to law enforcement agents. After all, tracking down the sellers of fake watches or designer purses appears to pale in comparison to catching a murderer.

A large IT project that ran into problems offers lessons for others who might want to embark on a similar journey. The project was called the Citizen and Law Enforcement Analysis and Reporting (CLEAR) system developed by the Chicago Police Department (CPD) and Oracle Corporation.

High-tech companies are working on technical systems that can verify whether the "From" address of an e-mail has been spoofed. Such a system, if widely adopted by Internet service providers, could make it harder for criminals to "phish," or send out bogus e-mails that appear to be from banks and other businesses.

Hackers steal customer information and then demand money in return for not disclosing the compromise. How common is this scenario? A recent study shows that 17 of 100 companies surveyed have been so threatened, and many of those threats came from insiders. Almost a quarter of respondents said they would contact their legal department if so threatened, yet 59 percent were unsure whether their legal counsels were qualified to give advice (another 12 percent said they definitely were not). @ The Carnegie Mellon study, Enumerating and Reducing the Threat of Transnational Cyber Extortion against Small and Medium Size Organizations.

Setting up a home network has become a necessity for any family with more than one computer. A home network allows everyone to share an Internet connection, share files, and even use the same printer. The thought of setting up such a network, however, is intimidating, given the amount of software and hardware involved.

The National Institute of Standards and Technology (NIST) has released a suite of updated software tools designed to evaluate the quality of fingerprint scans. NIST Fingerprint Image Software--Version 2 helps users ensure that fingerprints collected from criminal suspects, employees, visa applicants, and others are clear and distinct enough to be matched against fingerprints on file.

In Colorado, a new law (formerly H.B. 1134) establishes an investigations department within the state's motor vehicles administration to investigate and prevent fraud committed by using driver's licenses, identification cards, motor vehicle titles and registrations, or other documents issued by the administration.

How one facility in New York City managed to stop its laptops from walking away by updating its access control system.

Ensuing chapters go from the network layer to various software platforms, detailing the precise steps that an attacker will take to enter a network or software application. The vulnerabilities are clearly defined, but the book really shines when it provides detailed instructions on how systems can be protected.

Be forewarned: This book does not contain specific security advice. Don't be put off, however. Author Dean C. Alexander has written an effective high-level overview of how terrorist organizations have infiltrated modern society and turned society's apparatuses against the very people who helped develop them.

Written by two police crime analysts, the book is replete with resources to assist in gathering evidence for analyzing crime. Moreover, the authors explain the "Ten Commandments" of crime analysis as a way to inculcate best practices in the reader. The first commandment, for example, is "Thy Task is Crime Analysis. Thou Shalt Have No Other Tasks Before It," and the sixth commandment is "Thou Shalt Know Thy Jurisdiction from One End Unto the Other."

Homeland Security Techniques and Technologies also describes methodologies useful for detecting crime associated with terrorism. Data mining is the key technology in the battle against terrorism, Mena states, in that such analysis can help predict specific human behavior.

The book reflects a systematic and pragmatic approach based on Sageman's personal experiences and research. Blending his training as a forensic psychiatrist, his experience as a diplomat dealing with Afghani mujaheddin, and his proficiency with various social science methodologies, Sageman has put together an excellent snapshot of the dangers posed by contemporary Islamic terrorists that is a blend of network theory, modeling, empirical analysis, and historical review.

Whoever titled this book Principles of Security Management may have been overly ambitious. With such a broad title, readers could reasonably expect coverage of such issues as leadership, security surveys, and budgeting. Instead, fully half of the book is devoted to personnel issues. That's fine in and of itself, but a more apt title for this work might have been Personnel Issues in Security Management.