ENCYCLOPEDIA OF
InformationAssurance
VOLUME I
EDITED BY
Rebecca Herold
Marcus K. Rogers
@CRC PressTaylor & Francis CroupBoca Raton London NewYork
CRC Press is an imprint of the
Taylor & Francis Group, an informa business
AN AUERBACH BOOK
Topical Table of Contents
Data Security
Data ClassificationsData at Rest / Samuel W. Chun, CISSP and Leo Kahng 775
Data Sanitization: SQL Injection / Jonathan Held 798
FTP: Secured Data Transfers / Chris Hare, CISSP, CISA, CISM 1245
Information Classification / JimAppleyard 1462
Mobile Data Security / George G. McBride, CISSP, CISM 1929
Data Centers: Security / John R. Vacca 785
Distributed Computing: Grid Environment / Sasan Hamidi, Ph.D 877
Databases and Data WarehousingData Warehouses: Datamarts and / Mollie E. Krehnke, CISSP, CHS-II, IAM andD. K. Bradley ... 806
Data Warehouses: Security and Privacy / DavidBonewell, CISSP, CISSP/EP, CISA,Karen Gibbs, andAdriaan Veldhuisen 822
Database Integrity / William Hugh Murray, CISSP 837
Relational Database Security / Ravi S. Sandhu and Sushil Jojodia 2477
Encryption and CryptographyAdvanced Encryption Standard (AES) / Ben Rothke, CISSP, QSA 33
Cryptography / Javek Ikbal, CISSP 646
Cryptography: Cryptosystems / Joost Houwen, CISSP, CISA 662
Cryptography: Elliptic Curve / Paul Lambert 672
Cryptography: Encryption and / RonaldA. Gove 678
Cryptography: Key Management: Functions and Principles / William Hugh Murray, CISSP....
692
Cryptography: Key Management: History and Myths / Ralph Spencer Poore, CFE,
CISA, CISSP, CTM/CL 703
Cryptography: Quantum / Ben Rothke, CISSP, QSA 711
Cryptography: Transitions / Ralph Spencer Poore, CFE, CISA, CISSP, CTM/CL 721
Encryption Key Management / Franjo Majstor, CISSP, CCIE and Guy Vancollie 971
Hash Algorithms / Keith Pasley, CISSP 1293
Kerberos / Joe Kovara, CTP and Ray Kaplan, CISSP, CISA, CISM 1744
Kerberos: Management / Joe Kovara, CTP and Ray Kaplan, CISSP, CISA, CISM 1753
Kerberos: Ongoing Development / Joe Kovara, CTP and Ray Kaplan, CISSP, CISA, CISM 1765
Kerberos: Services and Functions / Joe Kovara, CTP and Ray Kaplan, CISSP,
CISA, CISM 1773
Message Digests / Ralph Spencer Poore, CFE, CISA, CISSP, CTM/CL 1923
Quantum Computing / Robby Fussell, CISSP, NSA IAM, GSEC 2434
Steganography / Mark Edmead, CISSP, SSCP, TICSA 2821
Steganography: Detection / Sasan Hamidi, Ph.D 2825
Topical Table of Contents
Data Security (cont'd.)
Public Key Infrastructure (PKI)Public Key Hierarchy / Geoffrey C. Grabow, CISSP 2400
Public Key Infrastructure (PKI) / Harry B. DeMaio 2405
Public Key Infrastructure (PKI): E-Business / Douglas C. Merrill and Eran
Feigenbaum 2413
Public Key Infrastructure (PKI): Registration / Alex Golod, CISSP 2424
Digital Forensics
AuditingAccountability / Dean Bushmiller 19
Applications: Auditing / David C. Rice, CISSP and Graham Bucholz 110
Auditing: Self-Hacking / Stephen James 172
Cryptography: Auditing / Steve Stanek 659
Electronic Commerce: Auditing / Chris Hare, CISSP, CISA, CISM 907
Telephony Systems: Auditing / William A. Yarberry, Jr., CPA, CISA 2928
Computer Crime
Bluesnarfing / Mano Paul 255
Computer Abuse / Donn B. Parker 532
Computer Crime / Christopher A. Pilewski, CCSA, CPA/E, FSWCE, FSLCE, MCP 545
Cybercrime: Council ofEurope / Ed Gabrys, CISSP 736
Information Warfare / Gerald L. Kovacich, Ph.D., CISSP, CFE, CPP 1588
Information Warfare: Tactics / Gerald L. Kovacich, Ph.D., CISSP, CFE, CPP, Andy Jones, Ph.D.,MBE, and Perry G. Luzwick 1595
Sploits / Ed Skoudis, CISSP 2774
Incident HandlingDigital Crime Scene Analysis (DCSA) / Marcus Rogers, Ph.D., CISSP, CCCI 855
Digital Forensics and E-Discovery / Larry R. Leibrock, Ph.D 866
Forensics: Non-Liturgical Examinations / Carol Stucki 1197
Incident Response: Evidence Handling / Marcus Rogers, Ph.D., CISSP, CCCI 1417
Security Incident Response / Leighton Johnson HI, CISSP, CISA, CISM, CSSLP,MBCI, CIFI 2610
Security Information and Event Management (SIEM) / E. Eugene Schultz, Ph.D., CISSP 2617
InvestigationsComputer Crime: Investigations / George Wade 551
Forensics / Kelly J. "KJ" Kuchta, CPP, CFE 1175
Forensics and Legal Proceedings / Thomas Welch, CISSP, CPP 1179
Forensics: Computer Crime Investigation / Thomas Welch, CISSP, CPP 1186
Forensics: Operational / Michael J. Corby, CISSP 1213
Forensics: Rules of Evidence / Thomas Welch, CISSP, CPP 1218
Topical Tabic of Contents
Malicious Code
Internet Mobile Code / Ron Moritz, CISSP 1664
Java / Ben Rothke, CISSP, QSA 1740
Malicious Code / Ralph Hoefelmeyer, CISSP and Theresa E. Phillips,
CISSP 1814
Malicious Code: Fast-Scanning Worms / Paul A. Henry, CISSP, CNE 1826
Malicious Code: Organized Crime / Michael Pike, ITIL, CISSP 1829
Malicious Code: Quasi-Intelligence / Craig A. Schiller, CISSP, ISSMP,1SSAP 1838
Malicious Code: Rootkits / E. Eugene Schultz, Ph.D., CISSP 1853
Penetration TestingIntrusion Prevention Systems / Gildas A. Deograt-Lumy, CISSP and Ray Haldo 1709
Penetration Testing / Chuck Bianco, FTTR, CISA, CISSP 2170
Penetration Testing: Policies / Stephen D. Fried, CISSP 2175
Enterprise Continuity
Business Continuity ManagementBusiness Continuity Management: Maintenance Processes / Ken Doughty 284
Business Continuity Management: Metrics / Carl B. Jackson, CISSP, CBCP 292
Business Continuity Management: Priorities / Kevin Henry, CISA, CISSP 303
Business Continuity Management: Testing / James S. Mitts, CISSP 308
Business Continuity Management: Testing, Maintenance, Training, and Awareness / Carl B.
Jackson, CISSP, CBCP 319
Business Impact Analysis: Business Process Mapping / Carl B. Jackson, CISSP, CBCP 407
Business Impact Analysis: Process / Carl B. Jackson, CISSP, CBCP 420
Critical Business Functions / Bonnie A. Goins Pilewski, MSIS, CISSP, NSAIAM, ISS 633
Business Continuity PlanningBusiness Continuity Planning / Ken M. Shaurette, CISSP, CISA, CISM, IAM and Thomas J.
Schleppenbach 325
Business Continuity Planning: Best Practices and Program Maturity / Timothy R. Stacey,CISSP, CISA, CISM, CBCP, PMP 331
Business Continuity Planning: Case Study / Kevin Henry, CISA, CISSP 344
Business Continuity Planning: Collaborative Approach / Kevin Henry, CISA,
CISSP 351
Business Continuity Planning: Distributed Environment / Steven P. Craig 358
Business Continuity Planning: Enterprise Risk Management Structure / Carl B. Jackson,
CISSP, CBCP 368
Business Continuity Planning: Evolution in Response to Major News Events / Carl B.
Jackson, CISSP, CBCP 377
Business Continuity Planning: Process Reengineering / Carl B. Jackson, CISSP,
CBCP 384
Business Continuity Planning: Restoration Component / John Dorf, ARM and
Martin Johnson 394
Business Continuity Planning: Strategy Selection / Ken Doughty 401
Topical Table of Contents
Incident Management
Attack Methods
Espionage: Counter-Economic / Craig A. Schiller, CISSP, ISSMP, ISSAP 1044
Hackers: Attacks and Defenses / Ed Skoudis, CISSP 1260
Hackers: Tools and Techniques / Ed Skoudis, CISSP 1277
Identity Theft / James S. Tiller, CISM, CISA, CISSP 1397
Insider Threats: System and Application Weaknesses / Sean M. Price, CISSP 1618
Incident HandlingCybercrime: Response, Investigation, and Prosecution / Thomas Akin, CISSP 749
Event Management / Glenn Cater, CISSP 1070
Honeypots and Honeynets / Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA 1355
Incident Response: Exercises / Ken M. Shaurette, CISSP, CISA, CISM, IAM and Thomas J.
Schleppenbach 1425
Incident Response: Management / Alan B. Sterneckert, CISA, CISSP, CFE, CCCI 1433
Incident Response: Managing / Michael Vangelos, CISSP 1442
Incident Response: Privacy Breaches / Rebecca Herold, CISM, CISA,
CISSP, FLMI 1450
Security Breaches: Reporting / James S. Tiller, CISM, CISA, CISSP 2591
Security Information Management: Myths and Facts / Sasan Hamidi, Ph.D 2625
Social Engineering: Mitigation / Marcus Rogers, Ph.D., CISSP, CCCI 2751
Spywarc / Ken M. Shaurette, CISSP, CISA, CISM, IAM and Thomas J. Schleppenbach 2788
Spyware: Ethical and Legal Concerns / Janice C. Sipior, Ph.D., Burke T. Ward, and
Georgina R. Roselli 2802
Uniform Resource Locators (URLs): Obscuring / Ed Skoudis, CISSP 2969
Virtualization and Digital Investigations / Marcus Rogers, Ph.D., CISSP, CCCI and
Sean C. Leshney 3044
Intrusion Detection
Artificial Intelligence (AI): Intrusion Analysis / Bryan D. Fish, CISSP 152
Intrusion Detection Systems (IDSs) / KenM. Shaurette, CISSP, CISA, CISM, IAM 1693
Intrusion Detection Systems (IDSs): Implementation / E. Eugene Schultz, Ph.D., CISSP
and Eugene Spajford 1701
Network Security: Trapping Intruders / JeffFlynn 1982
Network Attacks and Countermeasures
Denial-of-Service Attacks / K. Narayanaswamy, Ph.D 849
Domain Name Service (DNS) Attacks / Mark Bell 885
Inspection Technologies: Deep Packets / Anderson Ramos, CISSP 1622
Packet Sniffers / Steve A. Rodgers, CISSP 2124
Phishing / Todd Fitzgerald, CISSP, CISA, CISM 2237
Proxy Servers / Micah Silverman, CISSP 2396
Spoofing and Denial of Service Attacks / Gilbert Held 2784
Wireless Penetration Testing / ChristopherA. Pilewski, CCSA, CPA/E, FSWCE,
FSLCE, MCP 3158
Topical Table of Contents
IT Security Training and AwarenessAwareness and Training / Susan D. Hansche, CISSP-ISSEP 177
Awareness and Training: Appendices / Susan D. Hansche, CISSP-ISSEP 187
Awareness and Training: Briefing for the End User / Timothy R. Stacey, CISSP, CISA,
CISM, CBCP, PMP 196
Awareness and Training: Effective Methods / Rebecca Herold, CISM, CISA, CISSP, FLMI 202
Awareness and Training: Framework / Charles R. Hudson, Jr. 212
Awareness and Training: Motivational and Psychological Factors / Samuel W. Chun, CISSP . . . 220
Awareness and Training: Program Elements / Thomas R. Peltier, CISSP, CISM 227
Business Continuity Management: Testing, Maintenance, Training, and Awareness / Carl B.
Jackson, CISSP, CBCP 319
Configuration Management: Process Stages / Mollie E. Krehnke, CISSP, CHS-II, IAM and
David C Krehnke, CISSP, CISM, IAM 571
Management Commitment / William Tompkins, CISSP, CBCP 1871
Ethics
Ethics / Peter S. Tippett 1055
Ethics: Internet / Micki Krause, CISSP 1062
Software Piracy / Roxanne E. Burkey 2769
PlanningCustomer Relationship Management (CRM) / Chris Hare, CISSP, CISA, CISM 728
Downsizing: Maintaining Information Security / Thomas J. Bray, CISSP 889
Healthcare Industry / Micki Krause, CISSP 1338
High-Tech Trade Secrets / William C. Boni 1347
Information Security Basics: Effective Practices / Ken M. Shaureite, CISSP, CISA, CISM, IAM. . 1508
Management Compliance: Confidential Information / Sanford Sherizen, Ph.D., CISSP 1891
NERC Corporation: Compliance / Bonnie A. Goins Pilewski, MSIS, CISSP, NSA IAM, ISS and
Christopher A. Pilewski, CCSA, CPAJE, FSWCE, FSLCE, MCP 1936
Organization Culture / Don Saracco 2091
Planning for the Future: Challenges / Samantha Thomas, CISSP 2330
Security Management Program: Prioritization / Derek Schatz 2631
Security Teams: Effective Methods / Lynda L. McGhie, CISSP, CISM 2680
Transformation: Department-Level / R. Scott McCoy, CPP, CISSP, CBCP 2956
IT Systems Operations and Maintenance
Configuration Management / Leighton Johnson III, CISSP, CISA, CISM, CSSLP, MBCI, CIFI....
563
Directory Security / Ken Buszta, CISSP 870
Operations Security: Abuses / Michael Pike, ITIL, CISSP 2068
Operations Security: Controls / Patricia A.P. Fisher 2077
Operations Security: Support and Control / Kevin Henry, CISA, CISSP 2086
Patch Management / Lynda L. McGhie, CISSP, CISM 2149
Patch Management: Process / Felicia M. Nicastro, CISSP, CHSP 2153
Portable Computing Environments / Phillip Q. Maier 2357
Redundant Arrays of Independent Disks (RAID) / Tyson Heyn 2463
Storage Area Networks / Franjo Majstor, CISSP, CCIE 2829
Topical Table of Contents
IT Systems Operations and Maintenance {cont'd.)Systems Management: Third Party Applications and Systems / William Stackpole, CISSP and
Man Nguyen, CISSP 2898
Tape Backups: Validation / Sandy Batik 2911
mm^m^^mmmmmmmmma^^mm^mtmmmm^m^^mmm^^mm^^^^^i^mmmmm^m^mmm^imamm^^^mmm^^^mmKmmtm^^^^ma^^mmmm^^
Network and Telecommunications Security
Access Control
End Node Security and Network Access Management / Franjo Majstor, CISSP, CCIE 976
Identity Management / Lynda L. McGhie, CISSP, CISM 1376
Identity Management Systems: Components / Kevin Castellow 1390
Passwords and Policy Threat Analysis / Daniel D. Houser, CISSP, MBA, e-Biz+ 2131
Access Controls: Implementation / Stanley Kurzban 1
Centralized Authentication Services / William Stackpole, CISSP 453
Relational Database Access Controls: SQL / Ravi S. Sandhu 2468
Remote Access: Secure / Christina M. Bird, Ph.D., CISSP 2487
Access Control TechniquesAccess Controls: PKI-Based / Alex Golod, CISSP 9
Biometrics: New Methods / Judith M. Myerson 251
Controls: CISSP and Common Body of Knowledge (CBK) / Chris Hare, CISSP, CISA, CISM ... 584
Data Access Controls: Sensitive or Critical / Mollie E. Krehnke, CISSP, CHS-II, IAM and
David C. Krehnke, CISSP, CISM, IAM 767
Radio Frequency Identification (RFID) / Ben Rothke, CISSP, QSA 2439
Role-Based Access Control / Ian Clark 2558
Smartcards / James S. Tiller, CISM, CISA, CISSP 2743
Tokens: Authentication / Paul A. Henry, CISSP, CNE 2938
Tokens: Evaluation / Joseph T. Hootman 2942
Tokens: Role and Authentication / Jeffrey Davis, CISSP 2950
Architecture and DesignArchitecture: Biological Cells / Kenneth J. Knapp, Ph.D. and R. Franklin Morris, Jr. 117
Architecture: Models / Foster J. Henderson, CISSP, MCSE, CRP, CAN and Kellina M.
Craig-Henderson, Ph.D 132
Architecture: Secure / Christopher A. Pilewski, CCSA, CPA/E, FSWCE, FSLCE, MCP and
Bonnie A. Goins Pilewski, MSIS, CISSP, NSA IAM, ISS 144
Database Integrity / William Hugh Murray, CISSP 837
Enterprise Information Assurance: Framework / Bonnie A. Goins Pilewski, MSIS, CISSP,NSA IAM, ISS 991
Enterprise Information Security: Architectural Design and Deployment / Mollie E. Krehnke,CISSP, CHS-II, IAM and David C. Krehnke, CISSP, CISM, IAM 1005
Enterprise Security Capability: Common Models / Matthew J. Decker, CISSP, CISA, CISM, CBCP 1019
Service Oriented Architecture (SOA) / Glenn Cater, CISSP 2709
System Design Flaws / William Hugh Murray, CISSP 2847
Systems Integrity Engineering: Distributed Processing Concepts and CorrespondingSecurity-Relevant Issues / Don Evans 2877
Topical Table of Contents
Systems Integrity Engineering: Interoperable Risk Accountability Concepts / Don Evans 2884
Systems Integrity Engineering: Methodology and Motivational Business Values and Issues /
Don Evans 2888
UNIX Security / Jejfery J. Lowder, CISSP 2978
Virtual Network Computing (VNC) Systems / Chris Hare, CISSP, CISA, CISM 2983
Wireless Local Area Networks (WLANs): Vulnerabilities / Gilbert Held 3154
Communications and Network SecurityAdaptable Protocol Framework / Robby Fussell, CISSP, NSAIAM, GSEC 26
Asynchronous Transfer Mode (ATM): Integrity and Security / Steven F. Blanding, CIA, CISA,
CSP, CFE, CQA 163
External Networks: Secured Connections / Steven F. Blanding, CIA, CISA, CSP, CFE, CQA ....1080
Fax Machines / Ben Rotklce, CISSP, QSA 1099
Intelligent Agents: Network Security / Robby Fussell, CISSP, NSA IAM, GSEC 1647
Network and Telecommunications: Media / Samuel W. Chun, CISSP 1948
Network Content Filtering and Leak Prevention / Georges J. Jahchan 1959
Network Layer Security / Steven F. Blanding, CIA, CISA, CSP, CFE, CQA 1962
Network Router Security / Steven F. Blanding, CIA, CISA, CSP, CFE, CQA 1967
Network Security / Bonnie A. Goins Pilewski, MSIS, CISSP, NSA IAM, ISS and Christopher A.
Pilewski, CCSA, CPA/E, FSWCE, FSLCE, MCP 1975
Network Technologies / Chris Hare, CISSP, CISA, CISM 1986
Open Standards / David 0'Berry 2060
Physical Layer Security: Networks / Matthew J. Decker, CISSP, CISA, CISM, CBCP 2256
Physical Layer Security: Wired and Wireless Connections / James Trulove 2262
RADIUS: Access Control / Chris Hare, CISSP, CISA, CISM 2443
Secure Socket Layer (SSL) / Chris Hare, CISSP, CISA, CISM 2582
Security Controls: Dial-Up / Alan Berman and Jeffrey L. Ott 2598
Simple Network Management Protocol (SNMP) / Chris Hare, CISSP, CISA, CISM 2721
Transport Layer Security (TLS) / Chris Hare, CISSP, CISA, CISM 2962
E-Mail SecurityE-Mail and Data Communications: Dial-In Hazards / Leo A. Wrobel 920
E-Mail Retention Policy: Legal Requirements / Stephen D. Fried, CISSP 926
E-Mail: Pretty Good Privacy / William Stallings 934
E-Mail: Security / Bruce A. Lobree, CISSP, CIPP, ITIL, CISM 943
E-Mail: Spam / Al Bredenberg 958
Instant Messaging / William Hugh Murray, CISSP 1628
Firewalls
Architecture: Firewalls / Chris Hare, CISSP, CISA, CISM 122
Firewall Architectures / Paul A. Henry, CISSP, CNE 1106
Firewall Architectures: Other Issues / Paul A. Henry, CISSP, CNE 1126
Firewall Architectures: Platforms / Paul A. Henry, CISSP, CNE 1132
Firewall Architectures: Viruses and Worms / Paul A. Henry, CISSP, CNE 1144
Firewall Technologies: Comparison / Per Thorsheim 1149
Firewalls: Checkpoint Security Review / Ben Rothke, CISSP, QSA 1157
Firewalls: Internet Security / E. Eugene Schultz, Ph.D., CISSP 1170
Topical Table of Contents
Network and Telecommunications Security (cont'd.)Host-Based Firewalls: Case Study / Jeffery J. Lowder, CISSP 1360
PBX Firewalls / William A. Yarberry, Jr., CPA, CISA 2165
Web Applications: Firewalls / Georges J. Jahchan 3096
Identification and Authentication
Biometrics: Identification / Donald R. Richards, CPP 239
Identity-Based Self-Defending Network: 5W Network / Samuel W. Chun, CISSP 1409
Reduced Sign-On / Maria Schuett 2451
Single Sign-On: Enterprise / Ross A. Leo, CISSP 2728
Information Flow and Covert Channels
Covert Channels / Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA 615
Covert Channels: Analysis and Recommendations / Ralph Spencer Poore, CFE, CISA,CISSP, CTM/CL 621
Information Flow / Sean M. Price, CISSP 1471
Information Flow: Emerging and Potential Techniques and Covert Channels / Sean M. Price, CISSP 1481
Information Flow: Selecting Countermeasures / Sean M. Price, CISSP 1487
Internet SecurityApplets: Network Security / Al Berg 39
Broadband Internet Access / James Trulove 260
Communication Protocols and Services / William Hugh Murray, CISSP 517
Cookies and Web Bugs / William T. Harding, Ph.D., Anita J. Reed, CPA, and Robert L.
Gray, Ph.D 593
Enclaves: Enterprise as Extranet / Bryan T. Koch, CISSP 963
Extranet Access Control / Christopher King, CISSP 1091
International Issues / Michael Losavio, Adel Elmaghraby, and Deborah Keeling 1653
Internet Security / Douglas G. Conorich 1672
IP Security Protocol Working Group (IPSec) / William Stackpole, CISSP 1719
IPv6: Expanding Internet Support / Gilbert Held 1726
Web Services / Lynda L. McGhie, CISSP, C1SM 3106
Wireless Internet Security: Portable Internet Devices / Dennis Seymour Lee 3114
World Wide Web / Lynda L. McGhie, CISSP, CISM and Phillip Q. Maier 3168
Local Area Networks
LAN / WAN Security / Steven F. Blanding, CIA, CISA, CSP, CFE, CQA 1790
Wireless Local Area Networks (WLANs) / Franjo Majstor, CISSP, CCIE 3126
Wireless Local Area Networks (WLANs): Challenges / Frandinata Halim, CISSP, MCSE and
Gildas A. Deograt-Lumy, CISSP 3133
Wireless Local Area Networks (WLANs): Security / Franjo Majstor, CISSP, CCIE 3143
Virtual Private Networks
Virtual Private Networks (VPNs) / James S. Tiller, CISM, CISA, CISSP 2995
Virtual Private Networks (VPNs): Deployment and Evaluation Strategy / Keith Pasley, CISSP. .
3008
Topical Table of Contents
Virtual Private Networks (VPNs): Leverage / James S. Tiller, CISM, CISA, CISSP 3021
Virtual Private Networks (VPNs): Perspectives / Keith Pasley, CISSP 3030
Virtual Private Networks (VPNs): Remote Access / John R. Vacca 3036
Voice Communications
Voice Communications: Voice-over-Internet (Vol) / Valerie Skerpac, CISSP 3053
Voice Communications: Voice-over-IP (VoIP) Protocols / Anthony Bruno, CCIE#2738,
SISSP, CIPTSS, CCDP 3063
Voice Communications: Voice-over-IP (VoIP) Security / George G. McBride, CISSP, CISM .... 3071
Voice over WLAN / Bill Lipiczky 3081
Voice Security / Chris Hare, CISSP, CISA, CISM 3088
Personnel SecurityCorporate Security: IT Organization / Jeffrey Davis, CISSP 607
Human Resources: Issues / Jeffrey H. Fenton, CBCP, CISSP and James M. Wolfe, MSM 1366
Insider Threats / Todd Fitzgerald, CISSP, CISA, CISM 1612
Insider Threats: System and Application Weaknesses / Sean M. Price, CISSP 1618
Personnel: Practices / Edward H. Freeman, JD, MCT 2209
Personnel: Security Screening / Ben Rothke, CISSP, QSA 2225
Physical Security: Threat after September 11th, 2001 / Jaymes Williams, CISSP 2313
Pod Slurping: Concepts / Ben Rothke, CISSP, QSA 2335
Pod-Slurping: Other Vulnerabilities / Kenneth F. Belva 2339
Technology Convergence: People, Process and Technology / Felicia M. Nicastro, CISSP, CHSP . 2915
Workplace Violence / George Richards, CPP 3164
Physical and Environmental SecurityCrime Prevention: Environmental Design / Mollie E. Krehnke, CISSP, CHS-II, IAM 626
Data Centers: Site Selection and Facility Design / Sandy Bacik 794
Halon Fire Suppression Systems / Chris Hare, CISSP, CISA, CISM 1288
Information Security Controls: Types / Harold F. Tipton, CISSP 1518
Perimeter Security / R. Scott McCoy, CPP, CISSP, CBCP 2194
Physical Access Control / Dan M. Bowers, CISSP 2243
Physical Security / Christopher Steinke, CISSP 2268
Physical Security: Controlled Access and Layered Defense / Bruce R. Matthews, CISSP 2275
Physical Security: Facilities / Alan Brusewitz, CISSP, CBCP 2284
Physical Security: Mantraps and Turnstiles / R. Scott McCoy, CPP, CISSP, CBCP 2291
Physical Security: Melding with Information Systems Security / Kevin Henry, CISA, CISSP....
2294
Physical Security: Mission-Critical Facilities and Data Centers / Gerald Bowman 2297
Surveillance: Closed-Circuit Television and Video / David A. Litzau, CISSP 2841
Procurement
Managed Security Service Providers (MSSPs) / James S. Tiller, CISM, CISA, CISSP 1861
Offshore Development / Stephen D. Fried, CISSP 2037
Outsourcing / Michael J. Corby, CISSP 2107
Return on Investment (ROI) / Carl F. Endorf, CISSP 2496
Service Level Agreements / Gilbert Held 2705
Topical Table of Contents
Regulatory Standards Compliance
Health Insurance Portability and Accountability Act (HIPAA)Health Insurance Portability and Accountability Act (HIPAA) / Lynda L. McGhie,
CISSP, CISM 1299
Health Insurance Portability and Accountability Act (HIPAA): Requirements / Todd Fitzgerald,CISSP, CISA, CISM 1310
Health Insurance Portability and Accountability Act (HIPAA): Security Readiness / David
MacLeod, Ph.D., CISSP, Brian T. Geffert, CISSP, CISA, and David Decider, CISSP 1323
Health Insurance Portability and Accountability Act (HIPAA): Security Requirements / Brian T.
Geffert, CISSP, CISA 1332
Healthcare Industry / Micki Krause, CISSP 1338
Privacy: Healthcare Industry / Kate Borten, CISSP 2381
Information LawBally v. Faber I Edward H. Freeman, JD, MCT 236
Compliance Assurance / Todd Fitzgerald, CISSP, CISA, CISM 524
Due Care: Minimum Security Standards / Robert Braun and Stan Stahl, Ph.D 893
Global Transmissions: Jurisdictional Issues / Ralph Spencer Poore, CFE, CISA, CISSP, CTM/CL.
1255
Internet Service Providers (ISPs): Accountability / Lee Imrey, CISSP, CISA, CPP 1679
Laws and Regulations: e-Discovery / Faith M. Heikkila, Ph.D., CISM, CIPP 1805
Privacy: Legal Issues / Edward H. Freeman, JD, MCT 2389
Privacy: Policy Formation / Michael J. Corby, CISSP 2392
Sarbanes-Oxley Act of 2002 (SOX) / Ken M. Shaurette, CISSP, CISA, CISM, 1AM 2567
Sarbanes-Oxley Act of 2002 (SOX): Compliance / Bonnie A. Goins Pilewski, MSIS, CISSP,
NSAIAM, rSS 2575
State of Washington v. Heckel I Edward H. Freeman, JD, MCT 2817
Policies, Standards, Procedures and Guidelines
Committee of Sponsoring Organizations (COSO) J Mignona Cote, CISA, CISM 491
DoD Information Assurance Certification and Accreditation Process (DIACAP) / Robert B.
Batie, Jr., CISSP-ISSAP, ISSEP, ISSMP, CAP 881
E-Mail Retention Policy: Legal Requirements / Stephen D. Fried, CISSP 926
Fraud: Employee Identification / Rebecca Herold, CISM, CISA, CISSP, FLMI 1229
Hackers: Hiring Ex-Criminal / Ed Skoudis, CISSP 1268
Information Protection / Rebecca Herold, CISM, CISA, CISSP, FLMI 1495
Information Security Policies / Brian Shorten, CISSP, CISA 1563
Information Systems Security Engineering Professional (ISSEP) / Robert B. Batie, Jr.,
CISSP-ISSAP, ISSEP, ISSMP, CAP 1570
Information Systems Security Officer: Roles and Responsibilities / Carl Burney, CISSP 1574
ISO Standards and Certification / Scott Erkonen 1731
Ownership and Custody of Data / William Hugh Murray, CISSP 2118
Personal Accountability: Corporate Information Security Policy / John O. Wylder, CISSP 2203
Policy Development: Needs / Chris Hare, CISSP, CISA, CISM 2341
Privacy Breaches: Policies, Procedures, and Notification / Rebecca Herold, CISM, CISA,
CISSP, FLMI 2362
Privacy Governance: Effective Methods / Rebecca Herold, CISM, CISA, CISSP, FLMI 2372
Topical Table of Contents
Security Policy Development and Distribution: Web-Based / Todd Fitzgerald, CISSP,
CISA, CISM 2647
Security Policy Lifecycle: Functions and Responsibilities / Patrick D. Howard, CISSP 2659
Server Security Policies / Jon David 2699
Standards / Bonnie A. Goins Pilewski, MSIS, CISSP, NSA IAM, ISS 2812
Security Risk ManagementBusiness Continuity Planning: Enterprise Risk Management Structure / Carl B. Jackson,
CFSSP, CBCP 368
Cyber-Risk Management: Enterprise-Level Security / Carol A. Siegel, CISA, Ty R. Sagalow,and Paul Serritella 754
Enterprise Information Assurance: Key Components / Duane E. Sharp 996
Enterprise Security Information / Matunda Nyanchama, Ph.D., CISSP and Anna Wilson,
CISSP, CISA 1031
Information Security Management Systems (ISMSs): Risk Diagnosis and Treatment / Nick
Halvorson 1550
Insider Threats / Todd Fitzgerald, CISSP, CISA, CISM 1612
Intranets: Risk / Ralph L. Kliem, PMP 1689
Pod Slurping: Concepts / Ben Rothke, CISSP, QSA 2335
Pod-Slurping: Other Vulnerabilities / Kenneth F. Belva 2339
Risk Analysis and Assessment: Risk Assessment Tasks / Will Ozier 2499
Risk Analysis and Assessment: Risk Management Tasks / Will Ozier 2507
Risk Analysis and Assessment: Terms and Definitions / Will Ozier 2516
Risk Assessment / Samantha Thomas, CISSP 2519
Risk Management / Ron Woerner, CISSP 2525
Risk Management and Analysis / Kevin Henry, CISA, CISSP 2531
Risk Management Model: Technology Convergence / KenM. Shaurette, CISSP, CISA, CISM, IAM 2537
Risk Management: Enterprise / Carl B. Jackson, CISSP, CBCP and Mark Carey 2543
Risk Management: Trends / Brett Regan Young, CISSP, CBCP, MCSE, CNE 2553
Security Risk: Goals Assessment / Mike Buglewicz, MsIA, CISSP 2668
Security Test and Evaluation / Sean M. Price, CISSP 2691
Systems Integrity Engineering: Interoperable Risk Accountability Concepts / Don Evans 2884
Strategic Security ManagementBusiness Partnerships: Validation / JeffMisrahi, CISSP 432
Career Management / Micki Krause, CISSP 449
Common Criteria / Ben Rothke, CISSP, QSA 499
Common Criteria: IT Security Evaluation / Debra S. Herrmann 506
Corporate Governance / David C. Krehnke, CISSP, CISM, IAM 600
Defense in Depth: Network, Systems, and Applications Controls / Jeffrey Davis, CISSP 842
E-Mail: Pretty Good Privacy / William Stallings 934
Health Insurance Portability and Accountability Act (HIPAA): Security Requirements / Brian T.
Geffert, CISSP, CISA 1332
Information Security Basics: Effective Practices / Ken M. Shaurette, CISSP, CISA, CISM, IAM . .1508
Information Security Governance: Basic Corporate Organization / Ralph Spencer Poore, CFE,
CISA, CISSP, CTM/CL 1525
Information Security Governance: Corporate Organization, Frameworks, and Reporting /
Todd Fitzgerald, CISSP, CISA, CISM 1530
TopicalTable of Contents
Strategic Security Management {cont'd.)Information Security Management Systems (ISMSs) / Tom Carlson 1544
Information Security Management: Purpose / Harold F. Tipton, C1SSP 1556
Integrated Threat Management / George G. McBride, CISSP, CISM 1640
IT Governance Institute (ITGI) / Mollie E. Krehnke, CISSP, CHS-II, IAM 1736
Management Commitment: Security Councils / Todd Fitzgerald, CISSP,CISA, CISM 1878
Management Support of IT: Survey / Kenneth J. Knapp, Ph.D. and
Thomas E. Marshall, Ph.D., CPA 1895
Mergers and Acquisitions / Craig A. Schiller, CISSP, ISSMP, ISSAP 1907
Personnel: Security Roles / Kevin Henry, CISA, CISSP 2213
Security Information and Event Management (SIEM) / E. Eugene Schultz, PhD., CISSP 2617
Security Management Team Organization / Ken Buszta, CISSP 2641
Technology Convergence: Security / Louis B. Fried 2923
System and Application Security
Application Issues
Application Layer Security / Keith Pasley, CISSP 43
Application Layer Security: Network Protocols / William Stackpole, CISSP 50
Application Security / Walter S. Kobus, Jr., CISSP 59
Application Security: World Wide Web / Sean Scanlon 64
Application Service Providers: Information Assurance Considerations / Andres Liana, Jr. 75
Application Service Providers: Secure Relationships / Stephen D. Fried, CISSP 81
Application Systems Development / Lowell Bruce McCulley, CISSP 97
Buffer Overflows: Stack-Based / Jonathan Held 275
Cross-Site Scripting (XSS) / Jonathan Held 638
Format String Vulnerabilities / Mano Paul 1225
Mashups and Composite Applications / Mano Paul 1902
Neural Networks and Information Assurance Uses / Sean M. Price, CISSP 2000
Object-Based Applications: Testing / Polly Ferryman Kuver 2022
Object-Oriented Databases: Security Models / James Cannady 2027
Object-Oriented Programming / Louis B. Fried 2032
Open Source / Ed Skoudis, CISSP 2046
PeopleSoft Security / Satnam Purewal 2185
Web Applications: Security / Mandy Andress, CISSP, SSCP, CPA, CISA 3098
XML / Samuel C. McClintock 3181
XML and Other Metadata Languages / William Hugh Murray, CISSP 3187
Systems Development Controls
Buffer Overflows: Attacks / Sean M. Price, CISSP 266
Capability Maturity Model / MattNelson, CISSP, PMP 439
Certification and Accreditation: Methodology / Mollie E. Krehnke, CISSP, CHS-II, IAM and
David C. Krehnke, CISSP, CISM, IAM 463
Certification Testing / Kevin J. Davidson, CISSP 475
Information Technology Infrastructure Library (ITIL) / David McPhee 1578
Topical Table of Contents
Next-Generation Security Application Development / Robby Fussell, CISSP, NSA IAM GSEC ...2015
Security Development Lifecycle / Kevin Henry, CISA, CISSP 2604
Software Development Litecycles: Security Assessments / George G. McBride, CISSP, C1SM . . .2761
System Development Security: Methodology / Ian Lim, CISSP and Ioana V. Bazavan, CISSP....
2854
Systems Development: Object-Oriented Security Model / Sureerut Inmor, Vatchamporn Esichaikul,
and Dencho TV. Batanov 2866