by

“حرية الصحافة” تشبيحياً

لفت نظري مؤخرا خبر عن نشر مقال بجريدة بلدنا بتاريخ 24/11/2011 ومن ثم سحب العدد من الأسواق بنفس اليوم. المقال بظاهره يبدو براق من النوع الوسطي ذو الإتجاه الإصلاحي والداعي لنبذ الفتنة وحل الأزمة السورية داخليا. المهم يا سادة إنو سعادة وزير الإعلام برر الموضوع بسبب التهجم على حزب البعث الحاكم في سوريا، من باب سب الذات الإلهية وإنتقاص الشخصيات المقدسة.

اللي بيلفت النظر مو المقال بحد ذاتو. بل الأبعاد والضجة اللي حققها سحب المقال، خاصة على مواقع موالية  للنظام: الإقتصادي، شام نيوز، سيريانيوز، أخبار حلب، الرادار، ومع الأسف مواقع معارضة كمان.

الغرابة بالموضوع هو إنو حتى لو نفذ المقال من مقص التحرير، كيف نفذ من مقص الرقيب ونحنا منعرف تماما التغلغل الأمني بالإعلام ونتائجو من جريدة الدومري حتى الإعتداء على صاحبها. الجدير بالذكر إنو صاحب جريدة بلدنا هو الشبيح مجد سليمان إبن القيادة الأمنية المعروفة…. وفهمكم كفاية

يبدو أن النظام داخل على حرب إعلامية من نوع جديد بعد الفشل الذريع لإعلامه ضد إعلام الثورة، من باب فتح باب الحريات للشعب ظاهريا (أمام الرأي العام العربي والعالمي) والتمادي بقمعه للشعب داخليا. لذلك وفي ظل الضغط العربي والعالمي فإن النظام رمى ورقة التسويف والتكذيب وسيتبع استراتيجية قديمة جديدة تتمثل بالظهور بمظهر الإصلاح والوداعة للخارج وتشديد القبضة في الداخل… وربي يسر. على كل حال، الثورة منتصرة بإذن الله

by

C++ Differential Attack on SPN

Differential Attack Cryptanalysis on SPN ciphers is a known plain text attack and depends on the occurrence of similarity (i.e difference) between two cipher texts that correspond to two similar plain texts:

if (x + x* = x’ & e(x) + e(x*) =y’) => y’ is a candidate output.

This similarity can be measured using the XOR operation thanks to its magic property of comparing two bit streams.

The more similarity that occurs for a given pair of outputs the more chances that the difference (i.e. XOR output) is a ciphered output XORed with the unknown key.

Finally, sketch the rounded S-boxes and filter the candidate keys by trailing x’ to y’ aiming for the highest difference ratio (the ones whose ratio is 6 in our example).

The source code for calculating a full difference distribution table is listed below:

#include <iostream>
using namespace std;

int pi_s(int); //S-box function
int main() {
  int x,x_s,x_p,y,y_s,y_p; //x , x* , x' , y , y* , y'
  int b,c; //counters
	int tablue[16][16]; //difference distribution table
	for (b=0;b<16;b++) { // reset table
		for (c=0;c<16;c++) {
			tablue[b][c]=0;
		}
	}
	for (x_p=0;x_p<16;x_p++) {
		for(x=0;x<16;x++) {
		  x_s=x^x_p; // x' = x XOR x* => x* = x XOR x'
		  y=pi_s(x);
		  y_s=pi_s(x_s);
		  y_p=y^y_s;
		  tablue[x_p][y_p]++; //increase frequency of y' for a given x'
		}
	}
	cout << endl << "  ";
	for (b=0;b<16;b++) {
	  cout.width (2);
	  cout << hex << b << " ";
	}
	cout << endl;
	for (b=0;b<16;b++) { //print table
	  cout << hex << b << " ";
		for (c=0;c<16;c++) {
		  cout.width (2);
		  if (tablue[b][c] == 0) {
		    cout <<" - ";
		  } else {
		    cout << dec << tablue[b][c] << " ";
		  }
		}
		cout << endl;
	}
	return 0;
}

int pi_s(int a) { //S-box function
	switch (a) {
	case (0x0) : return 0x7;
	break;
	case (0x1) : return 0xd;
	break;
	case (0x2) : return 0xe;
	break;
	case (0x3) : return 0x3;
	break;
	case (0x4) : return 0x0;
	break;
	case (0x5) : return 0x6;
	break;
	case (0x6) : return 0x9;
	break;
	case (0x7) : return 0xa;
	break;
	case (0x8) : return 0x1;
	break;
	case (0x9) : return 0x2;
	break;
	case (0xa) : return 0x8;
	break;
	case (0xb) : return 0x5;
	break;
	case (0xc) : return 0xb;
	break;
	case (0xd) : return 0xc;
	break;
	case (0xe) : return 0x4;
	break;
	case (0xf) : return 0xf;
	break;
	default : return 0x0;
	}
	return 0;
}

The output should look something like the following:

0  1   2  3  4   5  6  7  8   9  a  b   c  d   e  f
0 16  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0
1   0  0  0  4  0  0  2  2  0  0  2  2  0  4  0  0
2   0  0  0  2  0  0  0  2  0  6  0  0  2  0  2  2
3   0  0  0  2  6  0  0  0  2  0  4  0  0  0  0  2
4   0  0  0  0  0  0  0  4  0  2  4  2  2  0  2  0
5   0  4  0  0  2  0  0  2  0  2  2  0  0  4  0  0
6   0  0  0  2  0  4  0  2  0  2  0  0  0  2  4  0
7   0  0  0  2  4  0  2  0  2  0  0  0  0  2  4  0
8   0  0  0  0  0  2  6  0  0  0  2  2  0  2  0  2
9   0  0  0  0  0  2  2  0  0  0  0  4  4  2  2  0
a   0  2  2  0  2  0  2  0  2  2  0  0  0  0  0  4
b   0  2  6  0  0  4  0  0  0  0  0  0  2  0  0  2
c   0  6  0  0  2  0  0  0  0  0  2  0  4  0  0  2
d  0  2  4  0  0  0  2  4  0  0  0  2  2  0  0  0
e  0  0  2  4  0  2  0  0  6  0  0  0  0  0  0  2
f   0  0  2  0  0  2  0  0  4  2  0  4  0  0  2  0

by

A Framework For Securing an Email System

Nowadays, businesses rely heavily on email systems as a formal and informal communication medium, among other benefits, recorded emails serve in performance auditing, project history management, and conflict resolution.

I will briefly discus the process of securing an email system as a critical communication system for businesses, i’m just mentioning a general framework that I used in many systems and proved to be relatively secure for medium to large businesses that consider data it transmits over the internet confidential but not highly confidential in military definition, this framework tries to take advantage of current available (and free) easy-to-configure tools over the internet.

  • Researches suggest that up to 80% of business threats are originated from within the organization, so users must acknowledge that the company’s email system is not meant to be used for personal purposes, and thus email users are enforced to adhere company’s security policy which states that email users have no privacy as opposed to company’s data confidentiality, it also describes email misuse and countermeasures taken to prevent it.
  • Authenticity prevents identity theft, so users must successfully authenticate to the email system before sending an email, but open SMTP relays are popular over the internet and allow people to claim anyone’s identity, so company’s email system must be protected by text DNS records that verify the sender’s identity like SPF and digital signatures (e.g. DKIM).
  • If the company requires confidentiality for emails contents, and data must not be intercepted by a third party, encryption using an internet protocol over SSL/TLS (e.g. HTTPS, POP3S, SMTPS, IMAPS) is helpful, some cases require higher level of confidentiality, such as if email is embedded in a content management system (e.g. MS Share Point 2010), or if the company maintains a central access management system; in this case, VPN must be used to ensure that data is transmitted over a secure channel, it provides the ability to control all connections by the system administrator according to the security policy (e.g. QoS), and maintain access rules (i.e. some roles are not authorized to access the system from outside the company premises). Multiple access rules can be defined within the security policy (e.g. some groups can not send/receive data to/from outside the company, others can send but only after a trust approval). On the other hand, password strength must be compatible with security policy to prevent brute force attacks. And lastly, strong ciphers must be enforced between email servers when transmitting the message to prevent man-in-the-middle attacks.
  • Integrity is crucial in any business, any intended or unintended modification of email contents or settings (e.g. reply-to address) will result in major losses, this can be maintained through virus scanning of emails, verifying sender’s DNS records (e.g. PTR, MX, SPF), digital signatures (e.g. PGP), and sending server’s identity (e.g. FQDN), and by preventing unauthorized access through regularly applying manufacture’s patches and updates.
  • A major secure email system property is availability: firstly, the system must be immune against denial of service attacks, therefore the following values must be properly defined in the system: connection timeout, maximum concurrent connections, open and closed ports, and trusted networks. It must have effective anti-spam mechanisms, like spam rating, RBLs and email content analysis. Secondly, adequate fail-safe and maintenance policy, and redundant hardware (e.g. clustering), software (e.g. virtualization), and internet links (e.g. ETRN) must be present to guarantee high availability.
  • One security issue is the effect of the system on the outside principals, the email system is not supposed to transmit or propagate viruses, spam, or fraud messages, so it has to take measures to keep every inbound and outbound message as clean as possible, as blacklisting the system’s IP addresses will cause a huge impact on the business by limiting the company’s ability to communicate with the outside world.
  • Keeping the system completely secure and free from the above malicious messages is impossible, so it’s quite helpful to append a footer of disclaimer to every outgoing message, this will absolve the sender’s legal liability of any damages that might be caused to recipients.

One last note, it is totally pointless to secure a flawfull system, it is best to migrate/upgrade to system with the mentioned built-in tools.

by

كيف لنا أن ننهض كمعلوماتيين

كيف لنا أن ننهض في هذه الثورة الرقمية، وأن نصبح منتجين بدلا من مستهلكين؛ سأحاول في هذا المقال أن أعرض تجربة شركتي مايكروسوفت وجووجل وكيف لنا أن نستفيد من عبرتهما، وأن أبين أهمية المعلومات كمقوم رئيسي للنهضة، ودورنا كمعلوماتيين فيها.

لطالما كانت شركة مايكروسوفت ابنة الولايات المتحدة المدللة، حتى مطلع الألفية الجديدة كانت مايكروسوفت الشركة الأغنى والأقوى في العالم، وكانت تمثل لجيل التسعينات الحلم الأمريكي الجديد في الثورة الرقمية.

ومن الملاحظ أن خطوط الانتاج في مايكروسوفت تنوعت بشكل كبير خلال تلك الفترة، فمن احتكار أنظمة التشغيل للحواسب المنزلية “ويندوز” ومحرك البحث “ام اس ان” و نظام المحادثة “ام اس ان ماسنجر”، إلى أجهزة اللعب “اكس بوكس”، الى أنظمة تشغيل الهواتف الذكية “ويندوز موبايل”، إلى الشبكات الإجتماعية “ماي سبيس”، حتى إظهار مؤسسها “بيل غيتس” كنجم هوليوودي ومثال للثري الذي حقق حلم العم سام.

ولكن خلال السنوات العشر الأخيرة، تضائلت قوة مايكروسوفت حتى أصبحت اليوم شبه معدومة، تراجعت جودة منتجاتها بشكل كبير وأصبحت عبئ على الحكومة، وتهافتت شركات أخرى (أمريكية) للإستفادة من تركة مايكروسوفت:

* في بداية القرن الحالي، كانت “أبل” على وشك الافلاس، لولا عودة مؤسسها “ستيف جوبز” الذي وضع بعصاه السحرية “أبل” على عرش أجهزة الحاسب المنزلية من تفرعات سلسلة “ماك”،  وتم بناء ثقافة ال”ماك” واقناع المستهلك الغربي بتقديم منتجات “خارقة” من خلال حملات اعلانية مكثفة، وخطف جزء كبير من حصة ويندوز المتراجعة في الأسواق الغربية. كما أن مصنعي الحواسب بدؤوا بفك ارتباطهم عن ويندوز لصالح أنظمة التشغيل المنافسة من عائلة يونكس أو POSIX.

* تضائلت مبيعات اكس بوكس أمام بلاي ستيشن و نيتندو، وأصبح اكس بوكس متدني الشعبية والدعم من شركات الألعاب.

* أما في سوق الشبكات الإجتماعية فقد فشل “ماي سبيس” بشكل ذريع أمام العديد من الشبكات الأخرى مثل “فيس بوك” الذي تربع فجأة على العرش.

* بالنسبة للهواتف الذكية، فحتى العام ٢٠٠٧ كان نظام ويندوز موبايل المفضل لمنتجي الهواتف والوحيد في السوق أمام منافسة ضئيلة من شركات مثل “بالم” و “موتورولا”، أما الأن فويندوز موبايل تم تهميشه كليا عن الدعم من مختلف الشركات البرمجية ومنتجي الهواتف المحمولة.

* أما الحدث الأهم في هذه المعركة فهو ظهور جووجل كمحرك البحث الأول في العالم، ورمي أفضلية مايكروسوفت “الانترنيتية”جانبا بسهولة. فظهور منتجات جديدة ليست فقط منافسة بل قاضية على مايكروسوفت مثل “جي ميل” و “خرائط جووجل” أنهى أي أمل لمايكروسوفت بالتواجد على خريطة التكنولوجيا.

ولجووجل قصة أخرى، فالشركة بدأت بكراج سيارات وهي الآن تمثل قمة الإبداع والنجاح – التاريخ يعيد نفسه – ، إن خرائط جووجل لوحدها تمثل تساؤلا رئيسيا عن مدى قوتها وكيف لشركة خدمات انترنت الحصول على صور أقمار صناعية وأرضية لجميع دول العالم بعيدا عن أي مسائلة دولية أو محلية؟

لولا هذه السلطة الهائلة لجووجل لما سيرت مركباتها في شوارع أوروبا لتصوير كل شاردة وواردة، ولما استطاعت تحدي الصين القوة الإقتصادية المرعبة، ولما استطاعت استحواذ أضخم شركات الانترنت الأخرى مثل يوتيوب، ولما تدخلت سياسيا ومباشرة لدعم الإنتفاضة المصرية تحت شعار حرية التعبير.

قد يعتقد الكثير أني أهول الأمور، وأن كل مايحصل هو من باب المنافسة التجارية وأني أسوق لنظرية المؤامرة، في الحقيقة أن هذه المنتجات المتنافسة و هذه الأحداث قد تبدو متباعدة زمنيا أو سياسيا أو إقتصاديا، ولكن هناك قاسم مشترك واحد وهي أنها كلها تعمل تحت مظلة سلطة واحدة وهي سلطة الولايات المتحدة. وقد تكون الولايات المتحدة من الغباء الشديد بمكان لتجنب استغلال منجم المعلومات الذي يرقد تحت يدها، إن قيمة المعلومة في عصرنا أغلى من أي سلاح أو سلطة إذا ما تم استغلالها وتحويلها بشكل صحيح إلى معرفة، ولا ننسى أنه كما لجووجل حق التصرف ببياناتنا على مخدماتها تحت ذريعة “إدارة النظام”، فإن لحكومة الولايات المتحدة حق التصرف بهذه البيانات تحت مظلة إدارة الصادرات والحرب على الإرهاب.

إن من يدعو لإحترام الخصوصية يجب أن يستريح بحكم أن الخصوصية منتهكة بالأصل ولا حول لنا ولاقوة لنا إلا بالانجراف مع هذا التيار، إن هذا الخطر متجدد وليس جديدا، إذ حذر منه ريتشارد ستولمان من ثلاثين سنة وبدأ ببناء منظمة البرمجيات الحرة لمواجهته، وأما نحن كمعلوماتيين فنتحمل مسؤولية مواجهة خطر الاحتكار والتلاعب بالمعلومات، وبدلا من الإنجراف مع التيار يجب أن نمتطي هذه الموجة بجعل هذه القوة سلاحنا وأن نحسن استغلالها كما فعلت أمريكا.

إن المعلومة هي الآن القوة الرئيسية الدافعة للسياسة في العالم، وكمعلوماتيين يجب أن لا نفشل بإستغلال هذه القوة كما فشل أسلافنا في استغلال القوة النووية أو دخول الفضاء، إذ أثبتت سياسات تجنب الحصول على القوة والتحول لمستهلكين فشلها تاريخيا، وأنا لا أحاول أن أسيس أو أعولم المعرفة لأنها أصلا تأتينا مسيسة ومعولمة. ولكن أدعو أن نأخذ دورنا كمعلوماتيين بفاعلية، نحن في عصر المعلومات، و أدوات الحصول على قوة هذا العصر أسهل من أي وقت مضى، إذ أن الانترنت وأدوات البرمجة متاحة أصلا للجميع وخاصة في ظل البرمجيات الحرة، وباب الإنتاج مفتوح على مصراعيه، والمورد الرئيسي لهذه القوة لأول مرة في التاريخ هو ليس المال ولكنه الفكر والإبداع، ليس علينا إلا أن نعمل عقولنا وأن نتخلى عن ثقافة الإستهلاك، وأن نوجه طاقاتنا وأن نتشعب في جميع مجالات المعلوماتية لإستغلال ما يمكننا إستغلاله من علم قبل أن يفوتنا ركب التطور ونعود لعادتنا بلوم الغرب على تخلفنا وضعفنا.

by

Responsibilities of Risk Management in new Technology Era

Introduction:

Societies have always had regulations that manage their affairs, operations, and interests, and protect them from disasters and dangers.

This is a law of nature, it does not change but adapts with circumstances and conditions.

I am going to discuss the different roles in society and its responsibility in risk management and the effects of rapidly changing technology on these roles

Technology, Engineering, and Risk:

Technology is the usage and knowledge of tools, techniques, crafts, systems or methods of organization in order to solve a problem or create an artistic perspective. Engineers apply technology, scientific knowledge, mathematics, economics and ingenuity to develop solutions to meet economic and societal needs.

Engineering disciplines started to shape in early 18th century with the industrial revolution, as these disciplines evolved, companies and other organizations had the tendency to finance engineers in order to invest in their technical skills to produce complex and mega projects.

As some projects are hazardous and may thread the public or environment (examples include development of nuclear weapons, extraction of oil), engineering projects became subject to controversy, there is when the need for risk management arose.

As engineering projects seriously affected people’s life (whether positively or negatively), governments started to issue laws and regulations that controls the quality of products (or projects) and manage hazards and accidents that may result from these projects.

Example: invention of the automobiles led to issuance of traffic laws and motor vehicle safety standards.

Risk Responsibility in an Engineering Company:

engineering companies (or companies that contain engineering activities) have a typical responsibility/duty system, we will review this system considering roles and risks:

  • Owner: at the top of the organizational hierarchy, responsible for providing the capital required to run the company, owners are usually represented by a board which has the authority to take decisions that guide the organization as a whole towards sustainable development. Risk impacts for owners are massive and include capital loss, but usually have low rate of occurrence which lessens risk overall measure. Owners are responsible for enforcing safety policies and practices.
  • Scientist: is the key motive to sustain company’s progress, scientists role is trivial but very essential: providing knowledge that drives higher profit or greater market share. Scientists role has remarkable importance in high-tech companies, but still risk responsibility is very low as they are not directly interfering in company’s business.
  • Engineer: engineer’s main objective is to deliver a product that meets the specifications set by management. Engineers role is involved with all technical activities throughout a product’s life cycle. Engineers can also be technical project managers. Ideally, engineers are not blamed for faults when product meets specifications; but in the real world engineering mistakes play a major role in accidents, these mistakes (faults) can be reduced through proper management of projects and producing safe designs.
  • Technician: are the workforce and responsible for delivering tasks as requested by engineers.
  • Worker: is involved in routines that do not require high skills and thus has a minor effect on the business.
  • Manager: is the role who’s partially or totally responsible for managing all internal and external operations, as well as controlling profit, cost, and risk. With great power given to managers to perform their duties comes great responsibility: managers are usually responsible for company’s activities and image in the public and the government, they have the culture of ‘doing the right thing’ [Kytle and Ruggie 2005]. And therefore manager’s role is very hazardous and they’re usually liable for accidents caused by the company.

On 11/Jan/2011, the White House oil spill commission released its final report detailing faults by the companies that led to the Deepwater Horizon oil spill in the Golf of Mexico (AKA Mocondo accident), it concluded with the following statement blaming the management of Macondo well: “Better management of decision-making processes within BP and other companies, better communication within and between BP and its contractors and effective training of key engineering and rig personnel would have prevented the Macondo accident”.

Risk Responsibility in society:

a society is a subset of people who are associated in some sense, it is driven by both economy and politics, which are controlled by a government.

Roles within a society are quite similar to roles within a company that we have discussed earlier, each has it’s hazards and benefits, these roles include [Kytle and Ruggie 2005]:

  • government: it is the agency through which a political unit exercises its authority, controls and administers public policy, and directs and controls the actions of its members or subjects. People in a community create and submit to government for the purpose of establishing for themselves safety and public order. [Hobbes 1651a]. Thus, a government is responsible for applying the tools required to establish and maintain public safety, which includes full risk management. The government is usually constituted by three authorities:
    • Executive Authority: executes laws by forming regulations and applying them.
    • Legislative Authority: represents the people, forms laws, and audits the performance of government.
    • Judiciary Authority: the highest authority within a society, ensures that justice is maintained within society.

    An example is the recent US government risk mis-management that led to the global financial crisis: According to left-wing ideologists, government deregulation and failed regulation of Wall Street’s investment banks were important contributors to the subprime mortgage crisis. [Stiglitz 2008]

  • Engineering Company: drives the economy by providing solutions to people (e.g. bridges, technology, vehicles), it’s solutions must be checked by the government throughout their lifecycle to insure that they meet safety standards set by the government.
  • Public Lobbies and NGOs (non-governmental organizations): they can influence decision makers like legislators or officials (e.g.: Greenpeace) , but the responsibility of safety maintenance is still owned by government.
  • Consumer: is an individual that use services or products of the engineering company, a consumer generally depends on government’s assurance that the product he is consuming is safe. Thus consumer’s role in risk management is minor and is limited to reporting any incident or accident to the government.
  • Media: media plays an essential role in consumer awareness, education, and early alarming. And thus minimising a damage caused by risk.

The following diagram represents the responsibilities of major roles mentioned before:

Changing Technology:

Digital revolution has taken place since 1980 and continues to the present day, it has increased the reliance of people on technology like never before.

This chart shows the massive growth in technology reliance through twenty years only, through these numbers, we can conclude that information is the new goldmine that companies rely on, it has a huge impact on today’s businesses and economies. And individuals now have the ability to transfer information freely [Williams 2002-3], and have instant access to knowledge that would have been difficult or impossible to find previously.

This changing technology radically changed the way individuals and companies interact, companies were given access to much larger markets, and thus to information related to their customers, which raised new concerns like privacy invasion, copyrights pirating, and mass surveillance.

I have conducted a survey to measure how much people rely on technology, the survey questioned 12 technology users from different disciplines of their ability to change their technology provider to another one if they felt that their privacy was threatened:

users can not change technology for the the very same reasons they are attached to it: information, 50% will keep their email service provider even if they felt that their information was misused because they are afraid of losing their information.

Bishop [2003] said that most websites require users to give (implicit or explicit) permission for system administrators to read their files. In some jurisdictions, an explicit exception allows system administrators to access information on their systems without permission in order to protect the quality of service provided or to prevent damage to their systems.

There are some other issues that concern users as well [FSF 2009]:

  • Education: how children will be educated in the new change and what influence it will have on their future.
  • Security: will my information be used to threat my own or my family’s safety?
  • Monopoly: why internet is led by few companies who are cyber attacked by countries? [Drummond 2010]
  • Standards: what standard exist in new technologies (e.g. www), can they be abused? and how will they insure my safety?
  • Information overlapping: which information is true?
  • Human and Moral rights: how do I know that technology that i’m using is not collecting unauthorized information about me? [Becker and Bucknell, 2009]

Now here come the real gap, each of the mentioned points represent a risk or a hazard, now when accidents happen, who will protect him or grants his rights?

With the industrial revolution in the 18th century, UK government faced a challenge like child labour, this issue was dealt with many acts starting from Factories Act 1833.

But now the case is different, companies’ globalisation freed them from local regulations and laws, as technology was changing rapidly, and different online societies were formed, governments have failed to cope with this change, a gap was left between the consumer and technology companies.

Wheeler [2007] argued that consumers gave up their rights to sue if things go wrong, they can not sue software vendors because all software licences forbid lawsuits!

Nearly 13 years after the popularization of the internet, the European Union issued Regulation (EC) No 45/2001 on the protection of individuals with regard to the processing of personal data. US, UK, and other countries also started to issue acts that protect privacy and national security.

The white house, [2011] cyberspace policy review states the following: “with the broad reach of a loose and lightly regulated digital infrastructure, great risks threaten nations, private enterprises, and individual rights. The government has a responsibility to address these strategic vulnerabilities”.

Conclusion:

The risk responsibility system that I have discussed earlier still applies now, information is the new revenue in the new digital era, governments will always have to take the full responsibility of information abuse before their people, even with globalization and outsourcing and all the other pros and cons of technology, people still believe that their governments will still make the right decisions and will enforce companies to comply with regulations and standards that maintain their safety and benefit.

As technology is becoming more complicated, Governments, enterprises, and individuals must collaborate to realize the risks and the full potential of the information technology revolution.

References

  • Becker, A and Bucknell,D 2009. the International Journal of Computer, the Internet and Management, Volume 17 ,Number SP3. December.
  • Bishop, M 2003. Computer Security: Art and Science. Pearson Education Inc. p19.
  • Drummond, D 2010. A new approach to China. Google Inc.. 2010-01-12.
  • Free Software Foundation 2009. windows 7 sins. FSF.org.
  • Hobbes, Thomas 1651a. Leviathan. C.B Macpherson (Editor). London: Penguin Books (1985).
  • Kytle, B and Ruggie, J G 2005. Corporate Social Responsibility as Risk Management: A Model for Multinationals. Social Responsibility Initiative Working Paper No. 10.
  • Stiglitz, J 2008. The Fruit of Hypocrisy. The Guardian. Retrieved on 16/09/2008.
  • The White House 2011. Cyberspace policy review: assuring a trusted and resilient information and communications infrastructure.
  • Wheeler, David A 2007. Why Open Source Software / Free Software. Rev Apr 2007. dwheeler.com.
  • Williams, S 2002-3. Free as in Freedom: Richard Stallman’s Crusade for Free Software. O’Reilly Media.