Keeping a pulse on international developments that affect computer
security is like trying to catch a subway train just leaving the station. You
do a lot of running, and you probably still miss the train.
If your company does business across national borders, strange questions may arise, i.e.:
What are the Net risks particular to China?
With India being a software engineering center, are there unusual virus
risks with software originating from that country?
How do political and cultural differences in these countries enter into
the computer security equation?
These questions and many others arising from the global scale of computer enterprise
may tax the resources of you and your computer security specialist. Reviewing relevant
magazines, publications and Web sites for intelligence can become a full time
job. With more tasks to do than hours in a week allow, intelligence
gathering cannot always be a priority.
To catch political, social, technological, and military actions early is the
goal of Internet intelligence work. This process involves obtaining data from
diverse sources, such as:
Print materials (newspapers, magazines, area studies, and white papers)
Computer security incident reports such as those from CERT and e-mail traffic
Internet sources such as Web pages, newsgroups, and the results of search
Also, consider Jane’s intelligence Web site (http://www.janes.com/security)
as an extensive resource covering international developments.
Larger companies do well to purchase early warning services. But smaller companies
do not have to be left out of the intelligence gathering process because
of limited resources.
It is possible through the thoughtful use of an Internet Explorer or a Netscape browser to
create folders for various intelligence sites. Such organization makes for fairly
rapid scanning of intelligence news on nearly a daily basis.
Some services offer
e-mail updates regarding
alerts and major security events, although they aren’t as timely as early warning
services. The organization of e-mails into folders with appropriate parsing rules
(such as are available in Outlook) will create a useful intelligence tool.
With astute use of e-mail organizers and Web browser tools, a computer security
specialist can quickly move from the “alert level” to in-depth intelligence
information. For example, an alert on SQL vulnerabilities will lead, through
Web search engines, to other articles and Web pages on SQL. Your e-mail folders
may also contain additional links and data to build on the alert’s initial information.
Finally, an intelligence database using MS Access or Excel is another useful
and quick tool for organizing data from diverse sources. Such a database may
contain links to URLs, sources of information, e-mails, and other internal resources.
Look at a spreadsheet as a launching pad to widely diverse intelligence sources;
useful data will be only a click away.
What Has the World of Espionage Come To?
Intelligence Gathering by Ronald Mendell