Early Warning: Keeping on Top of Security Information

May 17, 2001

Ronald L. Mendell

From SecurityPortal

Keeping a pulse on national and international developments that impact computer security is like trying to catch a subway train just leaving the station. You do a lot of running, and you probably still miss the train. If your company does business across multiple political borders, strange questions may arise.

  • What are the Net risks particular to China?

  • With India being a software engineering center, are there unusual virus risks with software originating from that country?

  • How do political and cultural differences in these countries enter into the computer security equation?

These questions and many others arising from the global scale of computer enterprise may tax the resources of you and your computer security specialist. Reviewing numerous magazines, publications and websites for intelligence becomes a full time job in itself. And, with more tasks to do than hours in a week allow, intelligence gathering cannot always be a priority.

To catch political, social, technological, and military actions early is the goal of Internet intelligence work. This process involves obtaining data from diverse sources. These sources include:

  • Print materials (newspapers, magazines, area studies, and whitepapers)

  • Computer security incident reports such as those from CERT, email traffic

  • Internet sources such as Web pages, newsgroups, and the results of search engine inquiries

  • Also, consider Jane's intelligence Web site ( as an extensive resource on international developments.

Larger companies do well to purchase early warning services, but smaller companies do not have to be left out of the intelligence gathering (IG) process because of limited resources.

It is possible through the thoughtful use of an IE or a Netscape browser to create folders for various intelligence sites. Such organization makes for fairly rapid scanning of intelligence news on nearly a daily basis. Some services offer email updates regarding alerts and major security events, although they aren't as timely as early warning services. The organization of emails into folders with appropriate parsing rules (such as are available in Outlook) will create a useful intelligence tool.

With astute use of email organizers and Web browser tools, a computer security specialist can quickly move from the "alert level" to in-depth intelligence information. For example, an alert on SQL vulnerabilities will lead, through Web search engines, to other articles and web pages on SQL. Your email folders may also contain additional links and data to build on the alert's initial information.

Finally, an intelligence database using MS Access or Excel is another useful and quick tool for organizing data from diverse sources. Such a database may contain links to URLs, sources of information, emails, and other internal resources. Look at a spreadsheet as a launching pad to widely diverse intelligence sources; useful data will be only a click away.



What Has the World of Espionage Come To?

Intelligence Gathering by Ronald Mendell


0 Comments (click to add your comment)
Comment and Contribute

Your comment has been submitted and is pending approval.



 (click to add your comment)

Comment and Contribute

Your name/nickname

Your email


(Maximum characters: 1200). You have characters left.