Now imagine that Sally has the same laptop.  She has registered her fingerprint on the system.  The next day she tries to use this for authentication. Unfortunately, the system rejects her fingerprint. It returns a negative match as though Sally's fingerprint isn't actually her finger even though it's the same finger she used the day before.

This is when a system inaccurately identifies someone as someone else.  For example, imagine that Attacker Al steals Sally's laptop. The laptop has a fingerprint scanner for authentication with Sally's fingerprint.  Attacker Al tries his fingerprint and it works.  It accepts his fingerprint even though it shouldn't. It returns a positive match as though his fingerprint is the same as Sally's even though this is obviously false.

A type of computer system cooling where individual system components have their own cooling systems in place.

The first major cybersecurity bill to be passed by either house in the 111th Congress, the Cybersecurity Enhancement Act, was approved by a 422-to-5 vote in the House on Thursday. The measure, HR 4061, goes to the Senate.

Rep. Dan Lipinski, the Illinois Democrat who is the bill's main sponsor, said on the House floor that cybersecurity is an important issue that affects people in their everyday lives. "The amount of time all of us spend on the Internet, the vulnerabilities that are out there, hopefully through this work, we can really make things better, make our Internet more secure, so we have fewer problems with attacks, not just on government but on individuals," Lipinski said.

Provisions of the measure, which the Congressional Budget Office estimates would cost $639 million from fiscal years 2010 to 2014 period and $320 million thereafter, would help the federal government develop a skilled cybersecurity workforce, coordinate and prioritize federal cybersecurity research and development, improve the transfer of cybersecurity technologies to the marketplace and promote cybersecurity education and awareness for the public.

If enacted into the law, the measure also would strengthen the role of the National Institute of Standards and Technology in shaping the way the federal government and the nation address cybersecurity. The bill's sponsors contend the vast majority of cybersecurity breaches occur because current best practices aren't followed. The measure orders NIST to develop and implement a public cybersecurity awareness and education program to encourage the more widespread adoption of best practices.

Click to Get Updates on the Latest Information Security News

Also, the sponsors contend, the federal government representation in the development of international cybersecurity technical standards is incomplete and uncoordinated. As recommended in the President Obama's Cyberspace Policy Review, this bill would require NIST to develop a plan to ensure representation in all important international cybersecurity technical standards development initiatives and that this representation works from one coordinated federal government strategy.

The Cybersecurity Enhancement Act also would reauthorize the National Science Foundation's cybersecurity research program and the trustworthy computing initiative that assures safe configuration of government computers as well as formally establish the Scholarship for Service program, which provides funding to colleges and universities to award scholarships to students in the information assurance and computer security fields in exchange for their service in the federal government after they have completed their training.

In addition, the bill would require federal agencies participating in the Networking and Information Technology Research and Development program to implement a strategic plan to guide their cybersecurity research and development efforts. The Networking and Information Technology Research and Development program is the government's primary initiative to coordinate its unclassified networking and IT R&D investments. Thirteen federal agencies, including all of the large science and technology agencies, are formal members of the program while other federal organizations participate in its activities.

HR 4061 also would require the Obama administration to conduct an assessment of cybersecurity workforce needs across the federal government as well as order the director of the White Office of Science and Technology Policy to assemble a university-industry task force to discover new models for implementing collaborative R&D.

Introduction

• Security Program
• Security Controls
• The Elements of Security

Core Information Security Principles

• Confidentiality
• Integrity
• Availability

Information Security Management Governance

• Security Governance
• Security Policies, Procedures, Standards, Guidelines, and Baselines
• Oraganizational Security Models

Organizational Behavior

• Organizational Structure Evolution
• Best Practices
• Security Roles and Responsibilities
• Reporting Model
• Enterprisewide Security Oversight

Security Awareness, Training, and Education

• Conducting A Formal Security Awareness Training
• Awareness Activities and Methods

Information Risk Management

• Risk Management Concepts
• Risk Handling Strategies
• Risk Assessment/Analysis

Information Classification

• Introduction
• Classification Types
• Guidelines for Information Classification
• Criteria for Information Classification
• Data Classification Procedures
• Classification Controls

Ethics

• Basic Concepts
• Professional Code of Ethics
• Example Topics in Computer Ethics
• Common Computer Ethics Fallacies
• Hacking and Hacktivism