THE MAGAZINE

The Internal Revenue Service (IRS) has submitted to the Department of the Treasury and the Office of Management and Budget (OMB) "inaccurate and misleading" information about the state of its information-security programs, according to a report prepared by an assistant inspector general for audit with the Department of the Treasury, who undertook a review of the IRS's process for monitoring its program- and system-level security weaknesses. @ Go to SM Online for more on the report.

The art of phishing has become not only widespread but increasingly sophisticated as well. These scams can bring unwary surfers to identical versions of their online banks that at a casual glance are impossible to tell from the real thing. @ Find out how to get the Netcraft Toolbar at SM Online.

This book is a good place to start. Geier, a consultant and author who is a member of the Wi-Fi Alliance and has served as chairman of the IEEE International Conference on Wireless LAN Implementation, aims the book not at technical staff but at managers. He lays out technical terms and illustrates them with easy-to-understand explanations that are backed up by clear graphics, charts, and photos.

Federal agencies are not consistently implementing the basics of information security, such as performing periodic risk assessments, developing and maintaining up-to-date security plans, creating and testing contingency plans, and evaluating and monitoring the effectiveness of security controls, according to a report from the Government Accountability Office (GAO). @ Protecting the Federal Government's Information Systems and the Nation's Critical Infrastructures is at SM Online.

The IT Governance Institute (ITGI) has released a downloadable publication to help executives prevent data loss resulting from viruses, hacks, or theft. The paper, aimed at senior executives, offers a host of questions that senior executives need to ask about their company's IT security.

If you're planning to roll out a large-scale IT project, you might want to pay heed to some lessons learned from the FBI's troubled Virtual Case File (VCF) software project. @ The testimony before Congress by Fine, Mueller, and Punaro, and the IG's report on Trilogy, are at SM Online.

This 39-page document, from The National Academies Press, provides an overview of RFID technologies and applications, and it outlines common objections, such as privacy concerns, and responses--including strikes, boycotts, and protests against businesses such as Benetton that have decided to implement RFID.

Local law enforcement agencies can address cybercrime more effectively by looking for help from local schools and businesses, according to an article in the FBI Law Enforcement Bulletin by Chief Tony Aeilts, who heads the California State University Police Department in San Luis Obispo, California.

A paper from the National Institute of Standards and Technology (NIST) defines technical acquisition and formatting requirements of biometric credentials for Homeland Security Presidential Directive 12, which calls for identity credentials that are interoperable between agencies. @ Link to NIST Special Publication 800-76, Biometric Data Specification for Personal Identity Verification, at SM Online.

The U.S. Department of Justice has a division devoted to cybercrime issues. The Computer Crime and Intellectual Property Section (CCIPS), in the Criminal Division of the department, provides manuals on searching, seizing, and preserving computer evidence. The site also details policies, cases, guidance, and laws related to hacking and intellectual-property crime, and provides information on teaching cyberethics to children. @ CCIPS is this month's A Site to See. Link to it via SM Online.

The heart of the book details the fundamental elements of a retail loss prevention program. It considers internal and external investigations, audits, and special issues such as dealing with criminal justice agencies.

Test your knowledge of tech terms by guessing what the following defines.

These programs lurk in the background, remaining invisible until some other specified activity takes place. Then they snap into action, performing some specific task such as getting a document to the printer when the user presses the print icon to print a Word document. Rather than the file having to understand how to get into the print queue, these programs decide what needs to be done, and take care of it.

Hint: With these programs doing the hard work, users are not bedeviled by a host of arcane steps every time they want to print or e-mail a document.

Answer:> Daemon.

A bill (H.R. 285) introduced by Rep. Mac Thornberry (R-TX) would establish a national cybersecurity response team that could analyze threat information and provide early warning of attacks on the cybersecurity infrastructure. The team would also be tasked with providing information and assistance to restore the infrastructure after an attack.

A casino in upstate New York bets on digital video.

Spam is no longer a nuisance. It has developed into a huge problem for organizations that have to deal with the millions of e-mails that flood their mailboxes, often delivering scams or viruses.

Information from interviews is presented as Q&A, then discussed. The author interviews an Israeli CEO, for example, then discusses the main points. A summary follows. The book proceeds like this through three sectors: hotel/tourism, high technology, and transportation.

From a technical perspective, the book shows how to determine where a spam e-mail originates and how to read e-mail headers to determine a message's path. Inside the Spam Cartel also explains various phishing scams and how they are propagated. Spam is an enormous irritant, but phishing is so nefarious that it has the potential to disrupt a large sector of the economy.

Scholarly books are dry--it's almost inevitable. Luckily, this book, a compilation of articles on terrorism intervention strategies, is an exception. Though erudite, the book is captivating and easy to read, offering something for almost anyone with an interest in terrorism or in preparing for mitigation and emergency response. By placing problems, issues, and incidents in a highly relational situational context, it promotes reader understanding.

Sennewald divides security consulting into three specialties: security management consulting (covering issues such as organizational change and policy development), forensic consulting (such as analyzing evidence for lawsuits), and security technical or engineering consulting (which includes recommending equipment or hardware). The book explicitly focuses on the first two--Sennewald admits to having no technical experience--but the lessons from the book could apply to all three.

That's where Network Security Assessment comes in. This well-organized book presents the tools and techniques necessary to identify and assess risks in computer networks. A professional security tester who has successfully penetrated many networks, the author explains how to conduct a structured and logical network security assessment.

Disaster planning need not be merely a necessary administrative burden. It can be a marketing tool. As the authors of The Disaster Recovery Handbook shrewdly observe, disaster preparedness and recovery is really a service for the client. Customers in effect enter into a partnership with their suppliers for their business essentials, so a disruption in supply can be catastrophic to a customer. Thus, disaster planning can be sold to customers as a pledge that the provider will keep their businesses going even in adverse situations.