Joseph S. Sherif

Intrusion detection: systems and models

Organizations more often than not lack comprehensive security policies and are not adequately prepared to protect their systems against intrusions. This paper puts forward a review of the state of the art and state of the applicability of intrusion detection systems and models. The paper also presents a classification of literature pertaining to intrusion detection.

Quality Function Deployment (QFD): an effective technique for requirements acquisition and reuse

This paper proposes Quality Function Deployment (QFD) as an effective tool for the capture and refinement of requirements. When applied to a project, QFD will enable its success. More specifically, QFD will: (1) improve product quality by focusing on customer requirements up-front and throughout the development cycle; (2) improve communications between customers, system engineers, programmers and testers and thus contribute to a better decision-making process; (3) facilitate the management of change, through rigorous rating and systematic traceability of requirements; (4) reduce costs of projects, by enabling concurrent engineering and by reducing costs associated with late-in-the life-cycle rework, (5) enable alignment between customer requirements, product requirements, and cost requirements (or constraints), and (6) enable cataloguing of key performance requirements, for parameter-based modeling of the target application and systematic reuse of requirements across projects.

Intrusion detection: the art and the practice. Part I

Organizations more often than not lack comprehensive security policies and are not adequately prepared to protect their systems against intrusions. This paper puts forward a review of state of the art and state of the applicability of intrusion detection systems and models. The paper also presents a classification of literature pertaining to intrusion detection.

Intrusion detection: methods and systems. Part II

This paper is part II of a previous article of the same title: Intrusion detection. Part II is concerned with intrusion threats, attacks, defense, models, methods and systems.

Deployment of anti‐virus software: a case study

The growth of Inter‐ and intranets and the sharing of software have led to a rise in the transmission of viruses, especially among the PC and MAC platforms. However, maintaining virus protection software and pattern updates for any large organization is a monumental problem, especially when the organization supports multiple platforms and operating systems. The Jet Propulsion Laboratory (JPL) and other National Aeronautics and Space Administration (NASA) Centers have had problems maintaining current virus protection software and pattern files, and so NASA asked the JPL Network and Computer Security (NCS) Group to lead an effort to search for a comprehensive solution. This paper puts forward a study, analysis and recommendations concerning anti‐virus software solutions, problems encountered and their resolutions. One of the key issues was finding a single‐source anti‐virus software solution. Selection and deployment of single‐source anti‐virus software were successful. The lessons learned in the deployment of a software product site‐wide may benefit other organizations facing a similar situation.

Managing homeland security: deployment, vigilance and persistence

Purpose – This paper aims to analyze provisions in the existing US laws and government directives for deployment, vigilance and persistence in managing homeland security.Design/methodology/approach – Within about a year after the September 11 terrorist attacks, the US Congress passed various new laws and the executive branch of the government issued a series of directives to maintain domestic security. The approach of the study is to analyze the provisions of the laws and the directives with an aim of seeing how these will enable risk management considering that the resources are not unlimited.Findings – The existing laws and directives enhance the ability of the USA to manage domestic incidents by establishing a single, comprehensive national incident management system. However, the major impediment to risk management is currently the lack of ability to share critical information among federal, state, local, tribal, public and private sector organizations. The government and private sectors should work t...

MY-STAR: A methodology and system for tracing and analyzing requirements

Abstract This paper describes a methodology developed at the Jet Propulsion Laboratory (JPL), and designed for the process of requirements engineering and management. MY-STAR provides techniques for specifying, refining, allocating, baselining, sharing, changing, storing and reporting on requirements and requirements metrics. In support of MY-STAR, the tool STAFR (System for Tracing and Analyzing Functional Requirements) has been prototyped by the Ground Systems Group (Software Product Assurance) as part of process assurance support to four different projects within the Deep Space Network (DSN) at JPL. The results show that STAFR provides an effective means for capturing in one place requirements, while enabling refinement, analysis, traceability of test cases to requirements, and other trade-off artifacts associated with the specifications, prioritization, allocation and planning of requirements. It does so without the significant overhead typically associated with knowledge-based systems.