Encyclopedia of information / Vol. 1 / [Access - Cyber]ENCYCLOPEDIA OF Information Assurance VOLUME...

ENCYCLOPEDIA OF

InformationAssurance

VOLUME I

EDITED BY

Rebecca Herold

Marcus K. Rogers

@CRC PressTaylor & Francis CroupBoca Raton London NewYork

CRC Press is an imprint of the

Taylor & Francis Group, an informa business

AN AUERBACH BOOK

Topical Table of Contents

Data Security

Data ClassificationsData at Rest / Samuel W. Chun, CISSP and Leo Kahng 775

Data Sanitization: SQL Injection / Jonathan Held 798

FTP: Secured Data Transfers / Chris Hare, CISSP, CISA, CISM 1245

Information Classification / JimAppleyard 1462

Mobile Data Security / George G. McBride, CISSP, CISM 1929

Data Centers: Security / John R. Vacca 785

Distributed Computing: Grid Environment / Sasan Hamidi, Ph.D 877

Databases and Data WarehousingData Warehouses: Datamarts and / Mollie E. Krehnke, CISSP, CHS-II, IAM andD. K. Bradley ... 806

Data Warehouses: Security and Privacy / DavidBonewell, CISSP, CISSP/EP, CISA,Karen Gibbs, andAdriaan Veldhuisen 822

Database Integrity / William Hugh Murray, CISSP 837

Relational Database Security / Ravi S. Sandhu and Sushil Jojodia 2477

Encryption and CryptographyAdvanced Encryption Standard (AES) / Ben Rothke, CISSP, QSA 33

Cryptography / Javek Ikbal, CISSP 646

Cryptography: Cryptosystems / Joost Houwen, CISSP, CISA 662

Cryptography: Elliptic Curve / Paul Lambert 672

Cryptography: Encryption and / RonaldA. Gove 678

Cryptography: Key Management: Functions and Principles / William Hugh Murray, CISSP....

692

Cryptography: Key Management: History and Myths / Ralph Spencer Poore, CFE,

CISA, CISSP, CTM/CL 703

Cryptography: Quantum / Ben Rothke, CISSP, QSA 711

Cryptography: Transitions / Ralph Spencer Poore, CFE, CISA, CISSP, CTM/CL 721

Encryption Key Management / Franjo Majstor, CISSP, CCIE and Guy Vancollie 971

Hash Algorithms / Keith Pasley, CISSP 1293

Kerberos / Joe Kovara, CTP and Ray Kaplan, CISSP, CISA, CISM 1744

Kerberos: Management / Joe Kovara, CTP and Ray Kaplan, CISSP, CISA, CISM 1753

Kerberos: Ongoing Development / Joe Kovara, CTP and Ray Kaplan, CISSP, CISA, CISM 1765

Kerberos: Services and Functions / Joe Kovara, CTP and Ray Kaplan, CISSP,

CISA, CISM 1773

Message Digests / Ralph Spencer Poore, CFE, CISA, CISSP, CTM/CL 1923

Quantum Computing / Robby Fussell, CISSP, NSA IAM, GSEC 2434

Steganography / Mark Edmead, CISSP, SSCP, TICSA 2821

Steganography: Detection / Sasan Hamidi, Ph.D 2825


Data Security (cont'd.)

Public Key Infrastructure (PKI)Public Key Hierarchy / Geoffrey C. Grabow, CISSP 2400

Public Key Infrastructure (PKI) / Harry B. DeMaio 2405

Public Key Infrastructure (PKI): E-Business / Douglas C. Merrill and Eran

Feigenbaum 2413

Public Key Infrastructure (PKI): Registration / Alex Golod, CISSP 2424

Digital Forensics

AuditingAccountability / Dean Bushmiller 19

Applications: Auditing / David C. Rice, CISSP and Graham Bucholz 110

Auditing: Self-Hacking / Stephen James 172

Cryptography: Auditing / Steve Stanek 659

Electronic Commerce: Auditing / Chris Hare, CISSP, CISA, CISM 907

Telephony Systems: Auditing / William A. Yarberry, Jr., CPA, CISA 2928

Computer Crime

Bluesnarfing / Mano Paul 255

Computer Abuse / Donn B. Parker 532

Computer Crime / Christopher A. Pilewski, CCSA, CPA/E, FSWCE, FSLCE, MCP 545

Cybercrime: Council ofEurope / Ed Gabrys, CISSP 736

Information Warfare / Gerald L. Kovacich, Ph.D., CISSP, CFE, CPP 1588

Information Warfare: Tactics / Gerald L. Kovacich, Ph.D., CISSP, CFE, CPP, Andy Jones, Ph.D.,MBE, and Perry G. Luzwick 1595

Sploits / Ed Skoudis, CISSP 2774

Incident HandlingDigital Crime Scene Analysis (DCSA) / Marcus Rogers, Ph.D., CISSP, CCCI 855

Digital Forensics and E-Discovery / Larry R. Leibrock, Ph.D 866

Forensics: Non-Liturgical Examinations / Carol Stucki 1197

Incident Response: Evidence Handling / Marcus Rogers, Ph.D., CISSP, CCCI 1417

Security Incident Response / Leighton Johnson HI, CISSP, CISA, CISM, CSSLP,MBCI, CIFI 2610

Security Information and Event Management (SIEM) / E. Eugene Schultz, Ph.D., CISSP 2617

InvestigationsComputer Crime: Investigations / George Wade 551

Forensics / Kelly J. "KJ" Kuchta, CPP, CFE 1175

Forensics and Legal Proceedings / Thomas Welch, CISSP, CPP 1179

Forensics: Computer Crime Investigation / Thomas Welch, CISSP, CPP 1186

Forensics: Operational / Michael J. Corby, CISSP 1213

Forensics: Rules of Evidence / Thomas Welch, CISSP, CPP 1218

Topical Tabic of Contents

Malicious Code

Internet Mobile Code / Ron Moritz, CISSP 1664

Java / Ben Rothke, CISSP, QSA 1740

Malicious Code / Ralph Hoefelmeyer, CISSP and Theresa E. Phillips,

CISSP 1814

Malicious Code: Fast-Scanning Worms / Paul A. Henry, CISSP, CNE 1826

Malicious Code: Organized Crime / Michael Pike, ITIL, CISSP 1829

Malicious Code: Quasi-Intelligence / Craig A. Schiller, CISSP, ISSMP,1SSAP 1838

Malicious Code: Rootkits / E. Eugene Schultz, Ph.D., CISSP 1853

Penetration TestingIntrusion Prevention Systems / Gildas A. Deograt-Lumy, CISSP and Ray Haldo 1709

Penetration Testing / Chuck Bianco, FTTR, CISA, CISSP 2170

Penetration Testing: Policies / Stephen D. Fried, CISSP 2175

Enterprise Continuity

Business Continuity ManagementBusiness Continuity Management: Maintenance Processes / Ken Doughty 284

Business Continuity Management: Metrics / Carl B. Jackson, CISSP, CBCP 292

Business Continuity Management: Priorities / Kevin Henry, CISA, CISSP 303

Business Continuity Management: Testing / James S. Mitts, CISSP 308

Business Continuity Management: Testing, Maintenance, Training, and Awareness / Carl B.

Jackson, CISSP, CBCP 319

Business Impact Analysis: Business Process Mapping / Carl B. Jackson, CISSP, CBCP 407

Business Impact Analysis: Process / Carl B. Jackson, CISSP, CBCP 420

Critical Business Functions / Bonnie A. Goins Pilewski, MSIS, CISSP, NSAIAM, ISS 633

Business Continuity PlanningBusiness Continuity Planning / Ken M. Shaurette, CISSP, CISA, CISM, IAM and Thomas J.

Schleppenbach 325

Business Continuity Planning: Best Practices and Program Maturity / Timothy R. Stacey,CISSP, CISA, CISM, CBCP, PMP 331

Business Continuity Planning: Case Study / Kevin Henry, CISA, CISSP 344

Business Continuity Planning: Collaborative Approach / Kevin Henry, CISA,

CISSP 351

Business Continuity Planning: Distributed Environment / Steven P. Craig 358

Business Continuity Planning: Enterprise Risk Management Structure / Carl B. Jackson,

CISSP, CBCP 368

Business Continuity Planning: Evolution in Response to Major News Events / Carl B.


Business Continuity Planning: Process Reengineering / Carl B. Jackson, CISSP,

CBCP 384

Business Continuity Planning: Restoration Component / John Dorf, ARM and

Martin Johnson 394

Business Continuity Planning: Strategy Selection / Ken Doughty 401


Incident Management

Attack Methods

Espionage: Counter-Economic / Craig A. Schiller, CISSP, ISSMP, ISSAP 1044

Hackers: Attacks and Defenses / Ed Skoudis, CISSP 1260

Hackers: Tools and Techniques / Ed Skoudis, CISSP 1277

Identity Theft / James S. Tiller, CISM, CISA, CISSP 1397

Insider Threats: System and Application Weaknesses / Sean M. Price, CISSP 1618

Incident HandlingCybercrime: Response, Investigation, and Prosecution / Thomas Akin, CISSP 749

Event Management / Glenn Cater, CISSP 1070

Honeypots and Honeynets / Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA 1355

Incident Response: Exercises / Ken M. Shaurette, CISSP, CISA, CISM, IAM and Thomas J.

Schleppenbach 1425

Incident Response: Management / Alan B. Sterneckert, CISA, CISSP, CFE, CCCI 1433

Incident Response: Managing / Michael Vangelos, CISSP 1442

Incident Response: Privacy Breaches / Rebecca Herold, CISM, CISA,

CISSP, FLMI 1450

Security Breaches: Reporting / James S. Tiller, CISM, CISA, CISSP 2591

Security Information Management: Myths and Facts / Sasan Hamidi, Ph.D 2625

Social Engineering: Mitigation / Marcus Rogers, Ph.D., CISSP, CCCI 2751

Spywarc / Ken M. Shaurette, CISSP, CISA, CISM, IAM and Thomas J. Schleppenbach 2788

Spyware: Ethical and Legal Concerns / Janice C. Sipior, Ph.D., Burke T. Ward, and

Georgina R. Roselli 2802

Uniform Resource Locators (URLs): Obscuring / Ed Skoudis, CISSP 2969

Virtualization and Digital Investigations / Marcus Rogers, Ph.D., CISSP, CCCI and

Sean C. Leshney 3044

Intrusion Detection

Artificial Intelligence (AI): Intrusion Analysis / Bryan D. Fish, CISSP 152

Intrusion Detection Systems (IDSs) / KenM. Shaurette, CISSP, CISA, CISM, IAM 1693

Intrusion Detection Systems (IDSs): Implementation / E. Eugene Schultz, Ph.D., CISSP

and Eugene Spajford 1701

Network Security: Trapping Intruders / JeffFlynn 1982

Network Attacks and Countermeasures

Denial-of-Service Attacks / K. Narayanaswamy, Ph.D 849

Domain Name Service (DNS) Attacks / Mark Bell 885

Inspection Technologies: Deep Packets / Anderson Ramos, CISSP 1622

Packet Sniffers / Steve A. Rodgers, CISSP 2124

Phishing / Todd Fitzgerald, CISSP, CISA, CISM 2237

Proxy Servers / Micah Silverman, CISSP 2396

Spoofing and Denial of Service Attacks / Gilbert Held 2784

Wireless Penetration Testing / ChristopherA. Pilewski, CCSA, CPA/E, FSWCE,

FSLCE, MCP 3158


IT Security Training and AwarenessAwareness and Training / Susan D. Hansche, CISSP-ISSEP 177

Awareness and Training: Appendices / Susan D. Hansche, CISSP-ISSEP 187

Awareness and Training: Briefing for the End User / Timothy R. Stacey, CISSP, CISA,

CISM, CBCP, PMP 196

Awareness and Training: Effective Methods / Rebecca Herold, CISM, CISA, CISSP, FLMI 202

Awareness and Training: Framework / Charles R. Hudson, Jr. 212

Awareness and Training: Motivational and Psychological Factors / Samuel W. Chun, CISSP . . . 220

Awareness and Training: Program Elements / Thomas R. Peltier, CISSP, CISM 227

Business Continuity Management: Testing, Maintenance, Training, and Awareness / Carl B.


Configuration Management: Process Stages / Mollie E. Krehnke, CISSP, CHS-II, IAM and

David C Krehnke, CISSP, CISM, IAM 571

Management Commitment / William Tompkins, CISSP, CBCP 1871

Ethics

Ethics / Peter S. Tippett 1055

Ethics: Internet / Micki Krause, CISSP 1062

Software Piracy / Roxanne E. Burkey 2769

PlanningCustomer Relationship Management (CRM) / Chris Hare, CISSP, CISA, CISM 728

Downsizing: Maintaining Information Security / Thomas J. Bray, CISSP 889

Healthcare Industry / Micki Krause, CISSP 1338

High-Tech Trade Secrets / William C. Boni 1347

Information Security Basics: Effective Practices / Ken M. Shaureite, CISSP, CISA, CISM, IAM. . 1508

Management Compliance: Confidential Information / Sanford Sherizen, Ph.D., CISSP 1891

NERC Corporation: Compliance / Bonnie A. Goins Pilewski, MSIS, CISSP, NSA IAM, ISS and

Christopher A. Pilewski, CCSA, CPAJE, FSWCE, FSLCE, MCP 1936

Organization Culture / Don Saracco 2091

Planning for the Future: Challenges / Samantha Thomas, CISSP 2330

Security Management Program: Prioritization / Derek Schatz 2631

Security Teams: Effective Methods / Lynda L. McGhie, CISSP, CISM 2680

Transformation: Department-Level / R. Scott McCoy, CPP, CISSP, CBCP 2956

IT Systems Operations and Maintenance

Configuration Management / Leighton Johnson III, CISSP, CISA, CISM, CSSLP, MBCI, CIFI....

563

Directory Security / Ken Buszta, CISSP 870

Operations Security: Abuses / Michael Pike, ITIL, CISSP 2068

Operations Security: Controls / Patricia A.P. Fisher 2077

Operations Security: Support and Control / Kevin Henry, CISA, CISSP 2086

Patch Management / Lynda L. McGhie, CISSP, CISM 2149

Patch Management: Process / Felicia M. Nicastro, CISSP, CHSP 2153

Portable Computing Environments / Phillip Q. Maier 2357

Redundant Arrays of Independent Disks (RAID) / Tyson Heyn 2463

Storage Area Networks / Franjo Majstor, CISSP, CCIE 2829


IT Systems Operations and Maintenance {cont'd.)Systems Management: Third Party Applications and Systems / William Stackpole, CISSP and

Man Nguyen, CISSP 2898

Tape Backups: Validation / Sandy Batik 2911

mm^m^^mmmmmmmmma^^mm^mtmmmm^m^^mmm^^mm^^^^^i^mmmmm^m^mmm^imamm^^^mmm^^^mmKmmtm^^^^ma^^mmmm^^

Network and Telecommunications Security

Access Control

End Node Security and Network Access Management / Franjo Majstor, CISSP, CCIE 976

Identity Management / Lynda L. McGhie, CISSP, CISM 1376

Identity Management Systems: Components / Kevin Castellow 1390

Passwords and Policy Threat Analysis / Daniel D. Houser, CISSP, MBA, e-Biz+ 2131

Access Controls: Implementation / Stanley Kurzban 1

Centralized Authentication Services / William Stackpole, CISSP 453

Relational Database Access Controls: SQL / Ravi S. Sandhu 2468

Remote Access: Secure / Christina M. Bird, Ph.D., CISSP 2487

Access Control TechniquesAccess Controls: PKI-Based / Alex Golod, CISSP 9

Biometrics: New Methods / Judith M. Myerson 251

Controls: CISSP and Common Body of Knowledge (CBK) / Chris Hare, CISSP, CISA, CISM ... 584

Data Access Controls: Sensitive or Critical / Mollie E. Krehnke, CISSP, CHS-II, IAM and

David C. Krehnke, CISSP, CISM, IAM 767

Radio Frequency Identification (RFID) / Ben Rothke, CISSP, QSA 2439

Role-Based Access Control / Ian Clark 2558

Smartcards / James S. Tiller, CISM, CISA, CISSP 2743

Tokens: Authentication / Paul A. Henry, CISSP, CNE 2938

Tokens: Evaluation / Joseph T. Hootman 2942

Tokens: Role and Authentication / Jeffrey Davis, CISSP 2950

Architecture and DesignArchitecture: Biological Cells / Kenneth J. Knapp, Ph.D. and R. Franklin Morris, Jr. 117

Architecture: Models / Foster J. Henderson, CISSP, MCSE, CRP, CAN and Kellina M.

Craig-Henderson, Ph.D 132

Architecture: Secure / Christopher A. Pilewski, CCSA, CPA/E, FSWCE, FSLCE, MCP and

Bonnie A. Goins Pilewski, MSIS, CISSP, NSA IAM, ISS 144

Database Integrity / William Hugh Murray, CISSP 837

Enterprise Information Assurance: Framework / Bonnie A. Goins Pilewski, MSIS, CISSP,NSA IAM, ISS 991

Enterprise Information Security: Architectural Design and Deployment / Mollie E. Krehnke,CISSP, CHS-II, IAM and David C. Krehnke, CISSP, CISM, IAM 1005

Enterprise Security Capability: Common Models / Matthew J. Decker, CISSP, CISA, CISM, CBCP 1019

Service Oriented Architecture (SOA) / Glenn Cater, CISSP 2709

System Design Flaws / William Hugh Murray, CISSP 2847

Systems Integrity Engineering: Distributed Processing Concepts and CorrespondingSecurity-Relevant Issues / Don Evans 2877


Systems Integrity Engineering: Interoperable Risk Accountability Concepts / Don Evans 2884

Systems Integrity Engineering: Methodology and Motivational Business Values and Issues /

Don Evans 2888

UNIX Security / Jejfery J. Lowder, CISSP 2978

Virtual Network Computing (VNC) Systems / Chris Hare, CISSP, CISA, CISM 2983

Wireless Local Area Networks (WLANs): Vulnerabilities / Gilbert Held 3154

Communications and Network SecurityAdaptable Protocol Framework / Robby Fussell, CISSP, NSAIAM, GSEC 26

Asynchronous Transfer Mode (ATM): Integrity and Security / Steven F. Blanding, CIA, CISA,

CSP, CFE, CQA 163

External Networks: Secured Connections / Steven F. Blanding, CIA, CISA, CSP, CFE, CQA ....1080

Fax Machines / Ben Rotklce, CISSP, QSA 1099

Intelligent Agents: Network Security / Robby Fussell, CISSP, NSA IAM, GSEC 1647

Network and Telecommunications: Media / Samuel W. Chun, CISSP 1948

Network Content Filtering and Leak Prevention / Georges J. Jahchan 1959

Network Layer Security / Steven F. Blanding, CIA, CISA, CSP, CFE, CQA 1962

Network Router Security / Steven F. Blanding, CIA, CISA, CSP, CFE, CQA 1967

Network Security / Bonnie A. Goins Pilewski, MSIS, CISSP, NSA IAM, ISS and Christopher A.

Pilewski, CCSA, CPA/E, FSWCE, FSLCE, MCP 1975

Network Technologies / Chris Hare, CISSP, CISA, CISM 1986

Open Standards / David 0'Berry 2060

Physical Layer Security: Networks / Matthew J. Decker, CISSP, CISA, CISM, CBCP 2256

Physical Layer Security: Wired and Wireless Connections / James Trulove 2262

RADIUS: Access Control / Chris Hare, CISSP, CISA, CISM 2443

Secure Socket Layer (SSL) / Chris Hare, CISSP, CISA, CISM 2582

Security Controls: Dial-Up / Alan Berman and Jeffrey L. Ott 2598

Simple Network Management Protocol (SNMP) / Chris Hare, CISSP, CISA, CISM 2721

Transport Layer Security (TLS) / Chris Hare, CISSP, CISA, CISM 2962

E-Mail SecurityE-Mail and Data Communications: Dial-In Hazards / Leo A. Wrobel 920

E-Mail Retention Policy: Legal Requirements / Stephen D. Fried, CISSP 926

E-Mail: Pretty Good Privacy / William Stallings 934

E-Mail: Security / Bruce A. Lobree, CISSP, CIPP, ITIL, CISM 943

E-Mail: Spam / Al Bredenberg 958

Instant Messaging / William Hugh Murray, CISSP 1628

Firewalls

Architecture: Firewalls / Chris Hare, CISSP, CISA, CISM 122

Firewall Architectures / Paul A. Henry, CISSP, CNE 1106

Firewall Architectures: Other Issues / Paul A. Henry, CISSP, CNE 1126

Firewall Architectures: Platforms / Paul A. Henry, CISSP, CNE 1132

Firewall Architectures: Viruses and Worms / Paul A. Henry, CISSP, CNE 1144

Firewall Technologies: Comparison / Per Thorsheim 1149

Firewalls: Checkpoint Security Review / Ben Rothke, CISSP, QSA 1157

Firewalls: Internet Security / E. Eugene Schultz, Ph.D., CISSP 1170


Network and Telecommunications Security (cont'd.)Host-Based Firewalls: Case Study / Jeffery J. Lowder, CISSP 1360

PBX Firewalls / William A. Yarberry, Jr., CPA, CISA 2165

Web Applications: Firewalls / Georges J. Jahchan 3096

Identification and Authentication

Biometrics: Identification / Donald R. Richards, CPP 239

Identity-Based Self-Defending Network: 5W Network / Samuel W. Chun, CISSP 1409

Reduced Sign-On / Maria Schuett 2451

Single Sign-On: Enterprise / Ross A. Leo, CISSP 2728

Information Flow and Covert Channels

Covert Channels / Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA 615

Covert Channels: Analysis and Recommendations / Ralph Spencer Poore, CFE, CISA,CISSP, CTM/CL 621

Information Flow / Sean M. Price, CISSP 1471

Information Flow: Emerging and Potential Techniques and Covert Channels / Sean M. Price, CISSP 1481

Information Flow: Selecting Countermeasures / Sean M. Price, CISSP 1487

Internet SecurityApplets: Network Security / Al Berg 39

Broadband Internet Access / James Trulove 260

Communication Protocols and Services / William Hugh Murray, CISSP 517

Cookies and Web Bugs / William T. Harding, Ph.D., Anita J. Reed, CPA, and Robert L.

Gray, Ph.D 593

Enclaves: Enterprise as Extranet / Bryan T. Koch, CISSP 963

Extranet Access Control / Christopher King, CISSP 1091

International Issues / Michael Losavio, Adel Elmaghraby, and Deborah Keeling 1653

Internet Security / Douglas G. Conorich 1672

IP Security Protocol Working Group (IPSec) / William Stackpole, CISSP 1719

IPv6: Expanding Internet Support / Gilbert Held 1726

Web Services / Lynda L. McGhie, CISSP, C1SM 3106

Wireless Internet Security: Portable Internet Devices / Dennis Seymour Lee 3114

World Wide Web / Lynda L. McGhie, CISSP, CISM and Phillip Q. Maier 3168

Local Area Networks

LAN / WAN Security / Steven F. Blanding, CIA, CISA, CSP, CFE, CQA 1790

Wireless Local Area Networks (WLANs) / Franjo Majstor, CISSP, CCIE 3126

Wireless Local Area Networks (WLANs): Challenges / Frandinata Halim, CISSP, MCSE and

Gildas A. Deograt-Lumy, CISSP 3133

Wireless Local Area Networks (WLANs): Security / Franjo Majstor, CISSP, CCIE 3143

Virtual Private Networks

Virtual Private Networks (VPNs) / James S. Tiller, CISM, CISA, CISSP 2995

Virtual Private Networks (VPNs): Deployment and Evaluation Strategy / Keith Pasley, CISSP. .

3008


Virtual Private Networks (VPNs): Leverage / James S. Tiller, CISM, CISA, CISSP 3021

Virtual Private Networks (VPNs): Perspectives / Keith Pasley, CISSP 3030

Virtual Private Networks (VPNs): Remote Access / John R. Vacca 3036

Voice Communications

Voice Communications: Voice-over-Internet (Vol) / Valerie Skerpac, CISSP 3053

Voice Communications: Voice-over-IP (VoIP) Protocols / Anthony Bruno, CCIE#2738,

SISSP, CIPTSS, CCDP 3063

Voice Communications: Voice-over-IP (VoIP) Security / George G. McBride, CISSP, CISM .... 3071

Voice over WLAN / Bill Lipiczky 3081

Voice Security / Chris Hare, CISSP, CISA, CISM 3088

Personnel SecurityCorporate Security: IT Organization / Jeffrey Davis, CISSP 607

Human Resources: Issues / Jeffrey H. Fenton, CBCP, CISSP and James M. Wolfe, MSM 1366

Insider Threats / Todd Fitzgerald, CISSP, CISA, CISM 1612

Insider Threats: System and Application Weaknesses / Sean M. Price, CISSP 1618

Personnel: Practices / Edward H. Freeman, JD, MCT 2209

Personnel: Security Screening / Ben Rothke, CISSP, QSA 2225

Physical Security: Threat after September 11th, 2001 / Jaymes Williams, CISSP 2313

Pod Slurping: Concepts / Ben Rothke, CISSP, QSA 2335

Pod-Slurping: Other Vulnerabilities / Kenneth F. Belva 2339

Technology Convergence: People, Process and Technology / Felicia M. Nicastro, CISSP, CHSP . 2915

Workplace Violence / George Richards, CPP 3164

Physical and Environmental SecurityCrime Prevention: Environmental Design / Mollie E. Krehnke, CISSP, CHS-II, IAM 626

Data Centers: Site Selection and Facility Design / Sandy Bacik 794

Halon Fire Suppression Systems / Chris Hare, CISSP, CISA, CISM 1288

Information Security Controls: Types / Harold F. Tipton, CISSP 1518

Perimeter Security / R. Scott McCoy, CPP, CISSP, CBCP 2194

Physical Access Control / Dan M. Bowers, CISSP 2243

Physical Security / Christopher Steinke, CISSP 2268

Physical Security: Controlled Access and Layered Defense / Bruce R. Matthews, CISSP 2275

Physical Security: Facilities / Alan Brusewitz, CISSP, CBCP 2284

Physical Security: Mantraps and Turnstiles / R. Scott McCoy, CPP, CISSP, CBCP 2291

Physical Security: Melding with Information Systems Security / Kevin Henry, CISA, CISSP....

2294

Physical Security: Mission-Critical Facilities and Data Centers / Gerald Bowman 2297

Surveillance: Closed-Circuit Television and Video / David A. Litzau, CISSP 2841

Procurement

Managed Security Service Providers (MSSPs) / James S. Tiller, CISM, CISA, CISSP 1861

Offshore Development / Stephen D. Fried, CISSP 2037

Outsourcing / Michael J. Corby, CISSP 2107

Return on Investment (ROI) / Carl F. Endorf, CISSP 2496

Service Level Agreements / Gilbert Held 2705


Regulatory Standards Compliance

Health Insurance Portability and Accountability Act (HIPAA)Health Insurance Portability and Accountability Act (HIPAA) / Lynda L. McGhie,

CISSP, CISM 1299

Health Insurance Portability and Accountability Act (HIPAA): Requirements / Todd Fitzgerald,CISSP, CISA, CISM 1310

Health Insurance Portability and Accountability Act (HIPAA): Security Readiness / David

MacLeod, Ph.D., CISSP, Brian T. Geffert, CISSP, CISA, and David Decider, CISSP 1323

Health Insurance Portability and Accountability Act (HIPAA): Security Requirements / Brian T.

Geffert, CISSP, CISA 1332

Healthcare Industry / Micki Krause, CISSP 1338

Privacy: Healthcare Industry / Kate Borten, CISSP 2381

Information LawBally v. Faber I Edward H. Freeman, JD, MCT 236

Compliance Assurance / Todd Fitzgerald, CISSP, CISA, CISM 524

Due Care: Minimum Security Standards / Robert Braun and Stan Stahl, Ph.D 893

Global Transmissions: Jurisdictional Issues / Ralph Spencer Poore, CFE, CISA, CISSP, CTM/CL.

1255

Internet Service Providers (ISPs): Accountability / Lee Imrey, CISSP, CISA, CPP 1679

Laws and Regulations: e-Discovery / Faith M. Heikkila, Ph.D., CISM, CIPP 1805

Privacy: Legal Issues / Edward H. Freeman, JD, MCT 2389

Privacy: Policy Formation / Michael J. Corby, CISSP 2392

Sarbanes-Oxley Act of 2002 (SOX) / Ken M. Shaurette, CISSP, CISA, CISM, 1AM 2567

Sarbanes-Oxley Act of 2002 (SOX): Compliance / Bonnie A. Goins Pilewski, MSIS, CISSP,

NSAIAM, rSS 2575

State of Washington v. Heckel I Edward H. Freeman, JD, MCT 2817

Policies, Standards, Procedures and Guidelines

Committee of Sponsoring Organizations (COSO) J Mignona Cote, CISA, CISM 491

DoD Information Assurance Certification and Accreditation Process (DIACAP) / Robert B.

Batie, Jr., CISSP-ISSAP, ISSEP, ISSMP, CAP 881

E-Mail Retention Policy: Legal Requirements / Stephen D. Fried, CISSP 926

Fraud: Employee Identification / Rebecca Herold, CISM, CISA, CISSP, FLMI 1229

Hackers: Hiring Ex-Criminal / Ed Skoudis, CISSP 1268

Information Protection / Rebecca Herold, CISM, CISA, CISSP, FLMI 1495

Information Security Policies / Brian Shorten, CISSP, CISA 1563

Information Systems Security Engineering Professional (ISSEP) / Robert B. Batie, Jr.,

CISSP-ISSAP, ISSEP, ISSMP, CAP 1570

Information Systems Security Officer: Roles and Responsibilities / Carl Burney, CISSP 1574

ISO Standards and Certification / Scott Erkonen 1731

Ownership and Custody of Data / William Hugh Murray, CISSP 2118

Personal Accountability: Corporate Information Security Policy / John O. Wylder, CISSP 2203

Policy Development: Needs / Chris Hare, CISSP, CISA, CISM 2341

Privacy Breaches: Policies, Procedures, and Notification / Rebecca Herold, CISM, CISA,

CISSP, FLMI 2362

Privacy Governance: Effective Methods / Rebecca Herold, CISM, CISA, CISSP, FLMI 2372


Security Policy Development and Distribution: Web-Based / Todd Fitzgerald, CISSP,

CISA, CISM 2647

Security Policy Lifecycle: Functions and Responsibilities / Patrick D. Howard, CISSP 2659

Server Security Policies / Jon David 2699

Standards / Bonnie A. Goins Pilewski, MSIS, CISSP, NSA IAM, ISS 2812

Security Risk ManagementBusiness Continuity Planning: Enterprise Risk Management Structure / Carl B. Jackson,

CFSSP, CBCP 368

Cyber-Risk Management: Enterprise-Level Security / Carol A. Siegel, CISA, Ty R. Sagalow,and Paul Serritella 754

Enterprise Information Assurance: Key Components / Duane E. Sharp 996

Enterprise Security Information / Matunda Nyanchama, Ph.D., CISSP and Anna Wilson,

CISSP, CISA 1031

Information Security Management Systems (ISMSs): Risk Diagnosis and Treatment / Nick

Halvorson 1550

Insider Threats / Todd Fitzgerald, CISSP, CISA, CISM 1612

Intranets: Risk / Ralph L. Kliem, PMP 1689

Pod Slurping: Concepts / Ben Rothke, CISSP, QSA 2335

Pod-Slurping: Other Vulnerabilities / Kenneth F. Belva 2339

Risk Analysis and Assessment: Risk Assessment Tasks / Will Ozier 2499

Risk Analysis and Assessment: Risk Management Tasks / Will Ozier 2507

Risk Analysis and Assessment: Terms and Definitions / Will Ozier 2516

Risk Assessment / Samantha Thomas, CISSP 2519

Risk Management / Ron Woerner, CISSP 2525

Risk Management and Analysis / Kevin Henry, CISA, CISSP 2531

Risk Management Model: Technology Convergence / KenM. Shaurette, CISSP, CISA, CISM, IAM 2537

Risk Management: Enterprise / Carl B. Jackson, CISSP, CBCP and Mark Carey 2543

Risk Management: Trends / Brett Regan Young, CISSP, CBCP, MCSE, CNE 2553

Security Risk: Goals Assessment / Mike Buglewicz, MsIA, CISSP 2668

Security Test and Evaluation / Sean M. Price, CISSP 2691

Systems Integrity Engineering: Interoperable Risk Accountability Concepts / Don Evans 2884

Strategic Security ManagementBusiness Partnerships: Validation / JeffMisrahi, CISSP 432

Career Management / Micki Krause, CISSP 449

Common Criteria / Ben Rothke, CISSP, QSA 499

Common Criteria: IT Security Evaluation / Debra S. Herrmann 506

Corporate Governance / David C. Krehnke, CISSP, CISM, IAM 600

Defense in Depth: Network, Systems, and Applications Controls / Jeffrey Davis, CISSP 842

E-Mail: Pretty Good Privacy / William Stallings 934

Health Insurance Portability and Accountability Act (HIPAA): Security Requirements / Brian T.

Geffert, CISSP, CISA 1332

Information Security Basics: Effective Practices / Ken M. Shaurette, CISSP, CISA, CISM, IAM . .1508

Information Security Governance: Basic Corporate Organization / Ralph Spencer Poore, CFE,

CISA, CISSP, CTM/CL 1525

Information Security Governance: Corporate Organization, Frameworks, and Reporting /

Todd Fitzgerald, CISSP, CISA, CISM 1530

TopicalTable of Contents

Strategic Security Management {cont'd.)Information Security Management Systems (ISMSs) / Tom Carlson 1544

Information Security Management: Purpose / Harold F. Tipton, C1SSP 1556

Integrated Threat Management / George G. McBride, CISSP, CISM 1640

IT Governance Institute (ITGI) / Mollie E. Krehnke, CISSP, CHS-II, IAM 1736

Management Commitment: Security Councils / Todd Fitzgerald, CISSP,CISA, CISM 1878

Management Support of IT: Survey / Kenneth J. Knapp, Ph.D. and

Thomas E. Marshall, Ph.D., CPA 1895

Mergers and Acquisitions / Craig A. Schiller, CISSP, ISSMP, ISSAP 1907

Personnel: Security Roles / Kevin Henry, CISA, CISSP 2213

Security Information and Event Management (SIEM) / E. Eugene Schultz, PhD., CISSP 2617

Security Management Team Organization / Ken Buszta, CISSP 2641

Technology Convergence: Security / Louis B. Fried 2923

System and Application Security

Application Issues

Application Layer Security / Keith Pasley, CISSP 43

Application Layer Security: Network Protocols / William Stackpole, CISSP 50

Application Security / Walter S. Kobus, Jr., CISSP 59

Application Security: World Wide Web / Sean Scanlon 64

Application Service Providers: Information Assurance Considerations / Andres Liana, Jr. 75

Application Service Providers: Secure Relationships / Stephen D. Fried, CISSP 81

Application Systems Development / Lowell Bruce McCulley, CISSP 97

Buffer Overflows: Stack-Based / Jonathan Held 275

Cross-Site Scripting (XSS) / Jonathan Held 638

Format String Vulnerabilities / Mano Paul 1225

Mashups and Composite Applications / Mano Paul 1902

Neural Networks and Information Assurance Uses / Sean M. Price, CISSP 2000

Object-Based Applications: Testing / Polly Ferryman Kuver 2022

Object-Oriented Databases: Security Models / James Cannady 2027

Object-Oriented Programming / Louis B. Fried 2032

Open Source / Ed Skoudis, CISSP 2046

PeopleSoft Security / Satnam Purewal 2185

Web Applications: Security / Mandy Andress, CISSP, SSCP, CPA, CISA 3098

XML / Samuel C. McClintock 3181

XML and Other Metadata Languages / William Hugh Murray, CISSP 3187

Systems Development Controls

Buffer Overflows: Attacks / Sean M. Price, CISSP 266

Capability Maturity Model / MattNelson, CISSP, PMP 439

Certification and Accreditation: Methodology / Mollie E. Krehnke, CISSP, CHS-II, IAM and

David C. Krehnke, CISSP, CISM, IAM 463

Certification Testing / Kevin J. Davidson, CISSP 475

Information Technology Infrastructure Library (ITIL) / David McPhee 1578


Next-Generation Security Application Development / Robby Fussell, CISSP, NSA IAM GSEC ...2015

Security Development Lifecycle / Kevin Henry, CISA, CISSP 2604

Software Development Litecycles: Security Assessments / George G. McBride, CISSP, C1SM . . .2761

System Development Security: Methodology / Ian Lim, CISSP and Ioana V. Bazavan, CISSP....

2854

Systems Development: Object-Oriented Security Model / Sureerut Inmor, Vatchamporn Esichaikul,

and Dencho TV. Batanov 2866

Date post:	24-May-2020
Category:	Documents
Upload:	others
View:	15 times
Download:	0 times

Encyclopedia of information / Vol. 1 / [Access - Cyber]ENCYCLOPEDIA OF Information Assurance VOLUME...

Documents