Find us on
 |
 |
 |
Upcoming Events
 |
My Computer Ate My Data, Changed My Students' Grades and Stole My Money |
Past Programs
 |
Real-Time Crowd Support for People with Disabilities |
 |
Cyber Operations and National Security |
 |
CISO vs. Adversary |
 |
Adventures in SCADA |
Newsletter - Summer/Fall 2010
One important goal of IRIA’s research efforts is to reduce the number of cyber-attacks and related electronic crimes that happen in the first place, thus reducing both the damage to infrastructure elements and the investigative burden on law enforcement personnel. Vulnerability scanners, intrusion-detection systems, and firewalls can help achieve this goal. Although IRIA does not develop commercial versions of such products in-house, it has undertaken an evaluation and certification effort to identify and encourage the use of the best products. Initially, IRIA is focusing on vulnerability scanners, and certifying those scanners that successfully detect the vulnerabilities from the recently updated SANS Top 20 list.
In early 2003, SANS coordinated a detailed enhancement to its Top 20 list. The enhancement included specifications for verification of detection for each vulnerability on the SANS/FBI Top 20 List. These specifications are essentially the same verification details that the IRIA evaluation / certification project was to provide for the Top 20 List. Therefore, IRIA chose not to duplicate this effort and the work on the project was stopped. The modest amount of time that would have been devoted to the project was used to develop enhancements to the Security in the News article-collection and entry tools.
