Developing Trust

Although the harrowing number of Internet-based attacks in recent years has elevated the importance of maintaining secure electronic networks, many developers continue to employ passive security administration strategies, addressing issues by using patches in a non-systematic fashion. This counterproductive strategy can be largely attributed to a lack of knowledge regarding the general concepts required to effectively prevent the attack and potential compromise of networked systems.

Developing Trust: Online Privacy and Security is an indispensable resource for system administrators and application developers, providing a means to understand, create, and maintain secure Internet systems. Matt Curtin's instructional approach facilitates a comprehensive understanding of online security by separating the core material into three sections:

• Understanding Security and Privacy introduces attack models, general privacy theory and policy, online privacy concepts, and provides a synopsis of the mechanics of threats to privacy.
• Prevention delves into secure design principles and deployment environments, closing with several case studies of major security problems uncovered by the author himself.
• The Cure investigates the mechanics of identifying and repairing flawed security design techniques before they are incorporated into the final product. Discussion regarding the failure of "opt-out" systems to protect privacy is also included in this section.

Matt Curtin is the founder of Interhack Corporation and is responsible for the leadership of Interhack's research, development, and consulting efforts. His present focus is to understand how complex systems interact "in the large," and how that affects security, privacy, and reliability. Findings of this work have been widely covered in major news media around the world. A frequent lecturer and author, Matt also tries to help developers understand how they can avoid the mistakes that undermine the trustworthiness of the systems on which we depend. Some of his recent audiences have included Columbus ITEC, Columbus INFOSEC Forum, Privacy 2002, Columbus and Dayton chapters of InfraGard, the Northeast Ohio chapter of ISACA, and the Wellington School, in addition to local, national, and trade media. He holds the National Security Agency's INFOSEC Assessment Methodology (IAM) certification and is a certified information systems security professional (CISSP).