Selected Reports Compiled by NSI

Keep up with the latest security threats, trends and best practices by reading the following reports – no registration required. Feel free to use this complimentary resource and check back from time to time for important updates.

The Value Of Corporate Secrets
How Compliance And Collaboration Affect Enterprise Perceptions Of Risk
Forrester Research, Inc.

Enterprises’ chief information security officers (CISOs) face increasing demands from their business units, regulators, and business partners to safeguard their information assets. We found that enterprises are overly focused on compliance and not focused enough on protecting their secrets.

Trial by Fire*
What global executives expect of information security—in the middle of the world’s worst economic downturn in thirty years.
PriceWaterhouseCoopers

Today, in the middle of the worst economic downturn in thirty years, information security has an enormously important role to play.

Targeting U.S. Technologies
Defense Security Service

A summation of defense industry reporting for fiscal year 2008 by the Defense Security Service, this report analyzes possible foreign targeting of information and technologies developed or maintained within the cleared defense contractor community.

Guidelines on Cell Phone and PDA Security
National Institute of Standards and Technology

This report provides an overview of cell phone and PDA devices in use today and offers insights into making informed information technology security decisions on their treatment. The document gives details about the threats and technology risks associated with the use of these devices and the available safeguards to mitigate them.

Spy Profile: Changes in Espionage by Americans 1947-2007
Defense Personnel Security Research Center

Since 1990 American spies have been far older than earlier cohorts and recent spies have had more years of schooling and held more advanced degrees than earlier cohorts. In this report you’ll learn about the 11 most recent instances of espionage-related activities by American citizens.

Tracking GhostNet: Investigating a Cyber Espionage Network
The Information Warfare Monitor

In this report, Information Warfare Monitor lays out the findings of a 10-month investigation of alleged Chinese cyber spying against Tibetan institutions. The investigation ultimately uncovered a network of over 1,295 infected hosts in 103 countries. Up to 30% of the infected hosts are considered high-value targets and include computers located at ministries of foreign affairs, embassies, international organizations, news media, and NGOs. These are major disruptive capabilities that the professional information security community, as well as policymakers, need to come to terms with rapidly.

Information Security: Cyber Threats and Vulnerabilities Place Federal Systems at Risk
U.S. Government Accountability Office

Cyber threats to federal information systems and cyber-based critical infrastructures are evolving and growing. These threats can be unintentional and intentional, targeted or nontargeted, and can come from a variety of sources, such as foreign nations engaged in espionage and information warfare, criminals, hackers, virus writers, and disgruntled employees an contractors working within an organization. This report discusses these and other threats and why government officials have become increasingly concerned about the potential for a cyber attack.

Annual Report to Congress on Foreign Economic Collection and Industrial Espionage
Office of the National Counterintelligence Executive

The threat to the United States from foreign economic intelligence collection and industrial espionage has continued unabated since the publication of the Annual Report to Congress on Foreign Economic Collection and Industrial Espionage, 2007. This report discusses the new uncharted opportunities for transferring information and spying on the part of enterprising foreign intelligence services.

Phishing Activity Trends Report
Anti-Phishing Working Group

Phishing is a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. The quarterly APWG Phishing Activity Trends Report analyzes phishing attacks reported to the Anti-Phishing Working Group (APWG) by its member companies, its Global Research Partners. APWG also measures the evolution, proliferation and propagation of crimeware drawing from the research of our member companies. In the last half of this report you will find tabulations of crimeware statistics and related analyses.

Identity Theft Trends and Issues
Congressional Research Service

Identity theftt is the fastest growing type of fraud in the United States; in 2008 about 9.9 million Americans were reportedly victims of identity theft, an increase of 22% from the number of cases in 2007. In addition, the Federal Trade Commission (FTC) estimates that it costs consumers about $50 billion annually. This report discusses identity theft and how it can affect not only the nation’s economy but its security.

Insider Risk Evaluation and Audit
Defense Personnel Security Research Center

The purpose of this study is to provide security managers and their counterparts in human resource departments with a management tool for evaluating the effectiveness of their personnel security programs and organizational policies and processes for minimizing the risk of adverse insider behavior. Insider risk continues to be a significant threat to national and corporate security. While arrests for espionage have decreased in recent years, the theft of classified and sensitive information and technology by trusted insiders, often on behalf offoreign adversaries and competitors, continues to be a serious problem.

System and Network Security Acronyms and Abbreviations
National Institute of Standards and Technology

This report contains a list of selected acronyms and abbreviations for system and network security terms with their generally accepted or preferred definitions. It is intended as a resource for federal agencies and other users of system and network security publications and is meant to help reduce errors and confusion by providing the generally accepted or preferred definitions of a list of frequently used acronyms and abbreviations. The list does not include all system and network security terms, nor is it a compendium of every acronym and abbreviation found in system and network security documents published by NIST.

Traveling Overseas with Mobile Phones, Laptops, PDAs, and other Electronic Devices
Office of the National Counterintelligence Executive

In most countries you have no expectation of privacy in Internet cafes, hotels, offices, or public places, and in many countries, hotel business centers and phone networks are regularly monitored. The Office of the National Counterintelligence Executive tip sheet offers advice for traveling with mobile phones, laptops, PDAs and other mobile devices. The document summarizes the information in four sections: “You Should Know,” “Before You Travel,” “While You’re Away,” and “When You Return.” The first section is really a series of “worst case” scenarios involving travel abroad; monitored phone calls, searched hotel rooms, intercepted messages, tracked movements, etc. However, the other sections provide valuable tips that all travelers should consider.