Boxes

P.1

 

Statement of Task,

 

ix

2.1

 

Lack of Exploitation Does Not Indicate Nonvulnerability,

 

30

2.2

 

Major Sources of Data Characterizing the Cyberthreat,

 

36

2.3

 

On Botnets,

 

40

2.4

 

Possible Points of Vulnerability in Information Technology Systems and Networks,

 

44

2.5

 

Foreign Sourcing of Information Technology Used in the United States,

 

47

2.6

 

The Silence of a Successful Cyberattack,

 

48

3.1

 

What Firewalls and Antivirus Products Protect Against,

 

59

3.2

 

Lessons Learned from the Technology-Transfer Effort Associated with Microsoft’s Static Driver Verifier,

 

64

4.1

 

The Saltzer-Schroeder Principles of Secure System Design and Development,

 

86

6.1

 

Fluency with Information Technology (and Cybersecurity),

 

126

6.2

 

Bug Bounties and Whistle-Blowers,

 

156

8.1

 

Issues in System Migration,

 

183

8.2

 

Secrecy of Design,

 

186

8.3

 

Attack Diffusion,

 

204

10.1

 

A Model Categorization for Understanding Budgets,

 

240



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement