Publishing is an important part of what we do. It is the means by which we help people to understand this technology and how they can use it, communicate with our peers in the research community, and document what we have discovered in the course of looking at the Internet to see how it is used in practice. This is not a complete index of all of our publications, but a selection of some highlights.
Persons interested in a more complete index of our publications are free to visit our research site's publications index.
When looking to answer questions, mobile devices can yield tremendous data that lead to insight.
Preparing for a data breach, there are four questions every chief information officer needs to answer.
How do data in electronic medical records differ from the electronic documents that we're most used to, and what does that mean for discovery? Computer expert C. Matthew Curtin relates his experience as a computer science expert in a wrongful death case that hinged on interpretation of such data. Outside and in-house counsel learn how to prepare their organizations for discovery beyond documents. This information was presented at the Medical Liability and Health Care Law Seminar for the Defense Research Institute (DRI) on March 12, 2009.
Introducing a taxonomy for classifying data loss incidents with public information, Interhack examined publicized data breaches by type and industry and found significant results for Finance, Education, Public Administration, and Health Care. A firm understanding of the rates at which types of breaches occur, proportionate to one another, helps with the distribution of limited security budgets, by helping guide the expenditure of capital to where it will have the greatest impact.
How can Information Technology professionals enjoy long-term success when many of the skills they develop as students and early-stage professionals become obsolete so quickly? This discussion shows how a solid foundation built on computer science theory enables long-term success in IT practice. A practitioner who has nurtured solid theoretical foundations and a disposition toward life-long learning is thereby well-prepared for a long and rewarding career.
Just because a vendor labels software as "forensic" does not make it useful, and just because employees have attended a training class to make them "forensically qualified" does not mean that they know what they are doing. When the outcome of complex legal issues is at stake, what sort of expert would you like to have working on your case? Matt Curtin's article, published in 2006 by ISACA, can help you to decide.
As crime goes high-tech, the criminal justice system must follow. In this presentation, Matt Curtin discusses his work as a forensic computer scientist hired in the defense of a young man charged with several serious crimes because of what police found on his computer.
Cryptography is one of the best tools to avoid the kind of exposure that feeds identity theft and related fraud today. While many organizations struggle to implement cryptographic controls to become compliant with regulation such as GLBA, HIPAA, and the Payment Card Industry data security standard, the situation is improving.
Many organizations and individuals think of security as a step to be taken on the end, “locking down” a system after basic functionality is added. As we demonstrate with real examples, this approach is fraught with trouble. We show another way that security can be addressed effectively.
Spyware has become an increasingly hot topic. What is spyware, how does it work, why does it work, and how can it be managed? These issues are explored in this whitepaper.
In June 2003, several schemes went around the Internet, attempting to lure people into divulging their eBay and Best Buy site credentials and credit card numbers. This is an analysis of the scheme against eBay users.
A crossreferenced hypertext version of the HIPAA Security Rule, available for use online free of charge.
Among purchasers of security services, a great deal of confusion exists about what kinds of services are available and what can be expected of each type of service. Here, we discuss assessment, evaluation, and penetration testing in terms of deliverables and key benefits for achieving the high-order goal of information assurance.
Slides from a presentation on what cryptography can and cannot do in practice, including some discussion on its impact on law enforcement.
A discussion of the basic objectives of information security, written for IT and operational staff in health care and related organizations.
A gentle introduction to the basic issues of secure networking, written for people whose job includes (among other things) making computing technology work.
Malware such as ILOVEYOU, Melissa, and Happy99 are just getting started. All of the anti-virus software and firewalls in the world won't stop it. But there is something that can. The bad news is that it requires effort, which tends not to be a popular option.
A complete discussion of firewalls, their history, and what they can do for you, aimed primarily at system and network administrators.