OT, Is this suspicious to you too? (was FW: Graduate Student Surv ey)

["Kayne Ian (Softlab)" <Ian.Kayne () softlab co uk>]

Hey all,

        This turned up in my inbox this morning. Have a read of the "Note to
Participants", and the list of ppl it was sent to. To me, this looks pretty
suspicious. Questions such as

"3.     Please select the top five vulnerabilities to your organization with
1
being the most severe to 5 being the least severe."

smack of social engineering to me. Maybe I'm being overly paranoid, but as
I'm definately not a member of the Computer Security Institute, some warning
bells are going off over here. Theres a few well known email addresses in
that list (ie @securityfocus.com), so no doubt a few people on this list
will have received this too. What's your thoughts? If I'm wrong and this is
a legit enquiry, then fair enough. But any way you look at it, I'm not going
to reveal the "security countermeasures your organisation has implemented"
in the last year. I'm also interested to know why the from is a .mil
address, but the reply-to is hawaii.rr.com.

Have a good day...

Ian Kayne
Technical Specialist - IT Solutions
Softlab Ltd - A BMW Company


-----Message Headers------

Received: from *censored* ([x.x.x.x]) by *censored* with SMTP
        id ZGRQWX59; Thu, 14 Feb 2002 06:31:12 -0000
Received: FROM pescado.nosc.mil BY *censored* ; Thu Feb 14 06:31:11 2002
0000
Received: from j65204u1lhm7lf (a66b8n138client66.hawaii.rr.com
          [66.8.138.66]) by pescado.nosc.mil (Netscape Messaging Server
          4.15) with ESMTP id GRIFFA00.RAL; Wed, 13 Feb 2002 22:30:46 -0800 
From: "Edward L. Jones" <eljones () spawar navy mil>
To: <snipped>
Subject: Graduate Student Survey
Date: Wed, 13 Feb 2002 20:26:45 -0800
Message-ID: <NDENLMGFNMNADOLLBAIGGEAACDAA.eljones () spawar navy mil>
MIME-Version: 1.0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 1 (Highest)
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: High
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000


-----Original Message-----
From: Edward L. Jones [mailto:eljones () spawar navy mil]
Sent: 14 February 2002 04:27
To: a.heinlein () systemtechnik-schreurs de; ABlevins () arrowheadgrp com;
adrian.fruehwirth () gmx net; altaassociates1 () erols com;
Anders.Amandusson () sca com; andrei.pascal () fransmaas ro;
argv () jaskinia eu org; AUsewicz () best-international com;
bfilmer () ims telstra com au; bhodi_jabir () yahoo com; bjoshi () mos com np;
BlueBoar () thievco com; BOBrien () columbia com; BStrauss () feliscatus org;
btw () eniac mine nu; bvi () devco net; bzdrnja () zesoi fer hr; carsten () bang dk;
chandlerchrisc () earthlink net; commorancy () yahoo com;
core () euclid terraplex com; craig () ambrosa dns04 com;
debra () webactive co uk; devdas () worldgatein net; dinger () gslis utexas edu;
ditmar.den.engelsen () accenture com; donovan () paxemail com;
dpuryear () usa net; dward () maidencreek com; eballen1 () qwest net;
estanoln () spawar navy mil; et () c4i org; evgeny () abirnet co il;
faial () rio-de-janeiro sns slb com; fernando.cardoso () whatevernet com;
fh () rcs urz tu-dresden de; francis () gonzaga edu;
franklin_tech_bulletins () yahoo com; freem100 () chapman edu;
gary.porter () matcomcorp com; giuseppe.dani () tin it; Glenn Forbes Fleming
Larratt; grocha () neutraldomain org; gryphonn () austarnet com au;
hamlet_av () ciaoweb it; Ian.Kayne () softlab co uk; isommer () checkpoint com;
izik () tty64 org; Jacques () telemar-ba com br; jason () brvenik com;
javapro13 () hotmail com; jdyson () treachery net; jeff () securityfocus com;
jeremiah () www whitehatsec com; jfasselin () micrologic ca;
jkruser () adelphia net; joe_brown () senet-int com; johannes () verelst net;
john () pmbbs demon co uk; jon () divisionbyzero com; jonathas () lia ufc br;
Joshua_Hiller () aeanet org; jpuckett () ticom com; jullrich () euclidian com;
KEVIN.A.ESTIS () saic com; keydet89 () yahoo com; leon () inyc com;
lists () shortestpath org; loki () fatelabs com; lucian.vanghele () bisnet ro; E.
L. Jones (E-mail); lyeoh () pop jaring my; mailinglist () lasamaria com;
mark () pennies freeserve co uk; marlon () smartidea com;
marshal () marshal-soft com; martin () more net; maxime.rapaille () nbb be;
mayday () cad cj pcnet ro; mdresser () windsormachine com; medgi () evc net;
meinbugtraq () gmx net; meritt_james () bah com; mike.gilles () itmtech com;
mike () rockynet com; mkennedy () symantec com; mlabelle () city coquitlam bc ca;
mnv () alumni princeton edu; moonpup () mediaone net;
narancs () narancs tii matav hu; neil.long () computing-services oxford ac uk;
nick () virus-l demon co uk; nkn () interpactinc com;
open_your_eyes () mindspring com; pedro () ciphertech com br; Peggy () TSIT com;
petrance () di uoa gr; pheh () the whole net; philp () csds uidaho edu;
phosking () networkcountermeasures com; pradeep.kumar () nexsi com;
psydii () yahoo com; quentyn () mx1 fotango com; r.fulton () auckland ac nz;
rabbi () quickie net; ragent () gnuchina org;
ras () slartibartfast magrathea com; rbontuyan () inq7 net;
rclark () texascellular com; reeler () reeler org; rescobar () eglobalreach net;
rhys () xpand com au; rob () robhughes com; ryan () securityfocus com;
sa7ori () tasam com; scottperkins () earthlink net;
security.alert () tataisp com; Security_Technology () bigfoot com;
securityprofneedsjob () hushmail com; shf () equinox tx pl;
sirsyko () mergioo ishiboo com; SLord () iss net; srith () spawar navy mil;
stauph () hotmail com; steve () frij com au; sysadmin () acrilic net;
tcobo () zoomtown com; td () salesint com; teo () gecadsoftware com;
Thomas.Krul () ocipep gc ca; Thor () HammerofGod com; timslighter () home com;
tinberg () securepipe com; Todd.Miller () courtesan com; TripleDES () eSlack org;
tseeker () neptune fr; twhite () yossarian aniota net;
uQ3TdHe0r () earthlink net; utkin () 123mail net; Valdis.Kletnieks () vt edu;
vern () aciri org; walter () securityfocus com; wichert () wiggy net;
woods () weird com; wpark () miller cs uwm edu; zanemcauley () yahoo com;
zen () kill-9 it; zen-parse () gmx net; zesnark () yahoo com;
zorch () totally righteous net
Subject: Graduate Student Survey
Importance: High


A Survey for Exploring the Cost of Correcting Security Vulnerabilities
before they are Exploited.

By

Edward L. Jones
Hawaii Pacific University
11 Dec 2001

Note to Participants:
        You have been selected randomly to provide information concerning
the cost
of correcting network security vulnerabilities before they are exploited.
All information given will be used to complete an exploratory research
project by the author and for these purposes only.  Please answer the
questions to the best of your ability hence you were selected because of
your membership to the Computer Security Institute, and the knowledge you
posses as a member of that professional organization.



1.      How confident are you that your organization's network is protected
from
attack?
a.      Extremely Confident
b.      Very Confident
c.      Somewhat Confident
d.      Not very Confident



2.      How would you rate the importance of network security to your
organization?
a.      Extremely Important
b.      Very Important
c.      Somewhat Important
d.      Not Important






3.      Please select the top five vulnerabilities to your organization with
1
being the most severe to 5 being the least severe.
1.
2.
3.
4.
5.





4.      In the past year, what type of security countermeasures has your
organization implemented? (Circle all that apply)
a.      System security tools
b.      Security policy
c.      Physical security tools
d.      Risk analysis
e.      Security awareness and training
f.      Vulnerability assessments
g.      Incident handling and recovery plans



5.      What is the size of your organization?
a.      1 thru 14,999
b.      15,000 thru 24,999
c.      25,000



6.      What is your organization's estimated annual security budget?
a.      Less than 100k
b.      Between 100-300k
c.      Between 301-600k
d.      Greater than 600k


7.      What security technologies is your organization using? (Circle all
that
apply)
a.      Firewalls
b.      Vulnerability assessment software
c.      Intrusion detection systems
d.      Network monitoring tools



8.      How large is your security section?
a.      1-5 personnel
b.      5-10 personnel
c.      10> personnel



9.      How much does your company spend on personnel training annually?
a.      10-25k
b.      25-40k
c.      40-55k
d.      55 or greater



10.     What is your organizations primary industry?
a.      Aerospace/Engineering
b.      Agriculture
c.      Banking
d.      Education
e.      Energy/Utilities
f.      Financial
g.      Government
h.      Health care
i.      High Tech
j.      Insurance
k.      Manufacturing
l.      Oil/Petroleum
m.      Professional Services
n.      Real Estate/Construction
o.      Retail
p.      Transportation
q.      Telecommunications
r.      Other



11.     Please rank the following according to how your organization spends
it's
security budget? Personnel training, Hardware, Software.



12.     What are you annual losses due to internet based security threats
such
as exploits against vulnerabilities, virus, and other threats? ( You can
take into account man hours and etc..)

a.      100-500k
b.      500-1million
c.      Greater than 1 million (Please Specify)







13.     How would you categorize the approach that your organization takes
in
correcting network security vulnerabilities.
a.      Proactive
b.      Reactive



14.     What is the greatest threat to your organization security?
a.      Exploitation of vulnerabilities
b.      Lack of skilled security personnel
c.      Lack of organizational support of security issues
d.      Insider security breaches
e.      Outsider security threats


15.     One financial institution has said it will "Use every means at our
disposal to protect our assets." They have built strike-back offensive
capabilities. Does your company use such techniques? Would you be willing
to? What event would send you over the edge to adapt this position?


16.     How effective is information security in your organization?
a.      Poor
b.      Sub-Par
c.      Adequate
d.      Good
e.      Excellent

17.     Of the following what constraints does your company face?
a.      Budgetary
b.      Security personnel Skills
c.      Inadequate end user awareness
d.      Commitment from management
e.      Inadequate internal security policy
f.      Lack of security products
g.      Unclear security responsibilities


18.     Of the following please rank the threats to your organization.
___ Virus
___ Worms
___ Default Installation security concerns
___ Buffer Overflows
___ Weak Passwords
___ Trojans
___ Net Bios
___ DDoS
___ Insider Threat
___ Competitors
___ Foreign Countries


Please Send Responses to mailto:Lydale07 () hawaii rr com or simply reply

E.L. Jones


******************************************************************** 
This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom 
they are addressed. 

If you are not the intended recipient or the person responsible for 
delivering to the intended recipient, be advised that you have received 
this email in error and that any use of the information contained within 
this email or attachments is strictly prohibited. 

Internet communications are not secure and Softlab does not accept 
any legal responsibility for the content of this message. Any opinions 
expressed in the email are those of the individual and not necessarily 
those of the Company. 

If you have received this email in error, or if you are concerned with 
the content of this email please notify the IT helpdesk by telephone 
on +44 (0)121 788 5480. 

********************************************************************