The Center for Education and Research in Information Assurance and Security (CERIAS)
The Center for Education and Research inInformation Assurance and Security (CERIAS)
Data security scholar Eugene Spafford argues that the subject needs to be taken more seriously at the highest levels of companies.
The repeated incidents should have warned Sony its online network was vulnerable, said Eugene Spafford, a computer science professor at Purdue University in West Lafayette, Indiana. The failure to enact safeguards such as appointing a single chief of security may show Sony misunderstands the risks inherent in Chairman and Chief Executive Officer Howard Stringer’s networked strategy, he said.
The sensor research is looking at ways to place sensors in a network “so you don’t slow it down, you don’t generate too many false alarms, and you don’t have to spend too much on sensors,” added Eugene Spafford, a computer science professor at Purdue.
Three problems face anyone trying to justify retaliation for a cyber attack: where did it come from, who did it and what response is appropriate, explained Eugene H. Spafford, a computer science professor at Purdue University in West Lafayette, IN, and director of the school’s Center for Education and Research in Information Assurance and Security.
WASHINGTON, June 1, 2011 (GLOBE NEWSWIRE) — Northrop Grumman Corporation (NYSE:NOC) and three of the nation’s leading cybersecurity research universities, Carnegie Mellon University, The Massachusetts Institute of Technology (MIT) and Purdue University, announced today the progress they have made in developing solutions for pressing cybersecurity threats during a briefing at the National Press Club.
Eugene Spafford, a security expert and professor at Purdue University, told a House subcommittee last week that computer security experts had been aware for months that the PlayStation’s Web servers were outdated and that the company’s network lacked sufficient security — which he said Sony must have also known. But Professor Spafford does not see any new legislation in the near future that would force companies to take security more seriously. “Over the last five years there have been several bills that have been introduced through committees but never made it all the way through Congress,” he said in an interview. “Companies tend to fight the bills, saying it would be too expensive or onerous to implement better security.”
