Computer Security Handbook
Herausgegeben von Bosworth, Seymour; Kabay, Michel E.; Whyne, Eric
Computer Security Handbook
Herausgegeben von Bosworth, Seymour; Kabay, Michel E.; Whyne, Eric
- Broschiertes Buch
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
Computer security touches every part of our daily lives from our computers and connected devices to the wireless signals around us. Breaches have real and immediate financial, privacy, and safety consequences. This handbook has compiled advice from top professionals working in the real world about how to minimize the possibility of computer security breaches in your systems. Written for professionals and college students, it provides comprehensive best guidance about how to minimize hacking, fraud, human error, the effects of natural disasters, and more. This essential and highly-regarded…mehr
Andere Kunden interessierten sich auch für
![Secrets and Lies]( "Secrets and Lies")
Bruce SchneierSecrets and Lies22,99 €![The Art of Deception]( "The Art of Deception")
Kevin D. MitnickThe Art of Deception41,99 €![Database Hacker's Handbook w/WS]( "Database Hacker's Handbook w/WS")
David LitchfieldDatabase Hacker's Handbook w/WS36,99 €![The Mobile Application Hacker's Handbook]( "The Mobile Application Hacker's Handbook")
Dominic ChellThe Mobile Application Hacker's Handbook67,99 €![Computer Forensics For Dummies]( "Computer Forensics For Dummies")
Linda VoloninoComputer Forensics For Dummies29,99 €![Secrets and Lies]( "Secrets and Lies")
Bruce SchneierSecrets and Lies28,99 €![Computer Forensics Jumpstart]( "Computer Forensics Jumpstart")
Michael G. SolomonComputer Forensics Jumpstart26,99 €-
-
-
Computer security touches every part of our daily lives from our computers and connected devices to the wireless signals around us. Breaches have real and immediate financial, privacy, and safety consequences. This handbook has compiled advice from top professionals working in the real world about how to minimize the possibility of computer security breaches in your systems. Written for professionals and college students, it provides comprehensive best guidance about how to minimize hacking, fraud, human error, the effects of natural disasters, and more. This essential and highly-regarded reference maintains timeless lessons and is fully revised and updated with current information on security issues for social networks, cloud computing, virtualization, and more.
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Produktdetails
- Produktdetails
- Verlag: Wiley & Sons
- Artikelnr. des Verlages: 1W118127060
- 6. Aufl.
- Seitenzahl: 2000
- Erscheinungstermin: 24. März 2014
- Englisch
- Abmessung: 254mm x 177mm x 76mm
- Gewicht: 3440g
- ISBN-13: 9781118127063
- ISBN-10: 1118127064
- Artikelnr.: 40190820
- Verlag: Wiley & Sons
- Artikelnr. des Verlages: 1W118127060
- 6. Aufl.
- Seitenzahl: 2000
- Erscheinungstermin: 24. März 2014
- Englisch
- Abmessung: 254mm x 177mm x 76mm
- Gewicht: 3440g
- ISBN-13: 9781118127063
- ISBN-10: 1118127064
- Artikelnr.: 40190820
SEYMOUR BOSWORTH, CDP, is president of S. Bosworth & Associates, Plainview, New York, a management consulting firm active in computing applications for banking, commerce, and industry. Since 1972 Bosworth has been a contributing editor to all four editions of the Computer Security Handbook , and he has written many articles and lectured extensively about computer security and other technical and managerial subjects. He has been responsible for design and manufacture, system analysis, programming, and operations of both digital and analog computers. M. E. KABAY, PhD, is Associate Professor of Computer Information Systems at Norwich University, where he is also director of the graduate program in Information Assurance. During his career, he has worked as an operating systems internals and database performance specialist for Hewlett-Packard, an operations manager at a large service bureau, and a consultant in operations, performance, and security. ERIC WHYNE is?a Captain in the United States Marine Corps. He has worked as a researcher for the National Center for the Study of Counter-Terrorism and Cyber Crime.
Preface
Acknowledgments
About the Editors
About the Contributors
A Note to Instructors
PART I FOUNDATIONS OF COMPUTER SECURITY
Chapter 1 Brief History and Mission of Information System Security (Seymour
Bosworth and Robert V. Jacobson)
Chapter 2 History of Computer Crime
Chapter 3 Toward a New Framework for Information Security (Donn B. Parker,
CISSP)
Chapter 4 Hardware Elements of Security (Sy Bosworth and Stephen Cobb)
Chapter 5 Data Communications and Information Security (Raymond Panko and
Eric Fisher)
Chapter 6 Local Area Network Topologies, Protocols, and Design (Gary C.
Kessler)
Chapter 7 Encryption (Stephen Cobb and Corinne LeFrançois)
Chapter 8 Using a Common Language for Computer Security Incident
Information (John D. Howard)
Chapter 9 Mathematical Models of Computer Security (Matt Bishop)
Chapter 10 Understanding Studies and Surveys of Computer Crime (M. E.
Kabay)
Chapter 11 Fundamentals of Intellectual Property Law (William A. Zucker and
Scott J. Nathan)
PART II THREATS AND VULNERABILITIES
Chapter 12 The Psychology of Computer Criminals (Q. Campbell and David M.
Kennedy)
Chapter 13 The Insider Threat (Gary L. Tagg, CISSP)
Chapter 14 Information Warfare (Seymour Bosworth)
Chapter 15 Penetrating Computer Systems and Networks (Chey Cobb, Stephen
Cobb, M. E. Kabay, and Tim Crothers)
Chapter 16 Malicious Code (Robert Guess and Eric Salveggio)
Chapter 17 Mobile Code (Robert Gezelter)
Chapter 18 Denial-of-Service Attacks (Gary C. Kessler)
Chapter 19 Social-engineering and low-tech attacks (Karthik Raman, Susan
Baumes, Kevin Beets, and Carl Ness)
Chapter 20 Spam, Phishing, and Trojans: Attacks Meant To Fool (Stephen
Cobb)
Chapter 21 Web-Based Vulnerabilities (Anup K. Ghosh, Kurt Baumgarten,
Jennifer Hadley, and Steven Lovaas)
Chapter 22 Physical Threats to the Information Infrastructure (Franklin
Platt)
PART III PREVENTION: TECHNICAL DEFENSES
Chapter 23 Protecting the Physical Information Infrastructure (Franklin
Platt)
Chapter 24 Operating System Security (William Stallings)
Chapter 25 Local Area Networks (N. Todd Pritsky, Joseph R. Bumblis, and
Gary C. Kessler)
Chapter 26 Gateway Security Devices (Justin Opatrny)
Chapter 27 Intrusion Detection and Intrusion Prevention Devices (Rebecca
Gurley Bace)
Chapter 28: Identification and Authentication (Ravi Sandhu, Jennifer
Hadley, Steven Lovaas, and Nicholas Takacs)
Chapter 29: Biometric Authentication (Eric Salveggio, Steven Lovaas, David
R. Lease, and Robert Guess)
Chapter 30: E-Commerce and Web Server Safeguards (Robert Gezelter)
Chapter 31: Web Monitoring and Content Filtering (Steven Lovaas)
Chapter 32 Virtual Private Networks and Secure Remote Access (Justin
Opatrny and Carl Ness
Chapter 33 802.11 Wireless LAN Security (Gary L. Tagg, CISSP and Jason
Sinchak, CISSP)
Chapter 34 Securing VoIP (Christopher Dantos and John Mason)
Chapter 35 Securing P2P, IM, SMS, and Collaboration Tools (Carl Ness)
Chapter 36 Securing Stored Data (David J. Johnson, Nicholas Takacs,
Jennifer Hadley, and M. E. Kabay)
Chapter 37: PKI and Certificate Authorities (Santosh Chokhani, Padgett
Peterson, and Steven Lovaas)
Chapter 38: Writing Secure Code (Lester E. Nichols, M. E. Kabay, and
Timothy Braithwaite)
Chapter 39 Software Development and Quality Assurance (Diane E. Levine,
John Mason, and Jennifer Hadley)
Chapter 40: Managing Software Patches and Vulnerabilities (Karen Scarfone,
Peter Mell, and Murugiah Souppaya)
Chapter 41: Antivirus Technology (Chey Cobb and Allysa Myers)
Chapter 42: Protecting Digital Rights: Technical Approaches (Robert Guess,
Jennifer Hadley, Steven Lovaas, and Diane E. Levine)
PART IV PREVENTION: HUMAN FACTORS
Chapter 43 Ethical Decision Making and High Technology (James Landon
Linderman)
Chapter 44: Security Policy Guidelines (M. E. Kabay and Bridgitt Robertson)
Chapter 45: Employment Practices and Policies (M. E. Kabay and Bridgitt
Robertson)
Chapter 46 Vulnerability Assessment (Rebecca Gurley Bace and Jason Sinchak)
Chapter 47: Operations Security and Production Controls (M. E. Kabay, Don
Holden, and Myles Walsh)
Chapter 48: E-Mail and Internet Use Policies (M. E. Kabay and Nicholas
Takacs)
Chapter 49: Implementing a Security-Awareness Program (K. Rudolph)
Chapter 50 Using Social Psychology to Implement Security Policies (M. E.
Kabay, Bridgitt Robertson, Mani Akella, and D. T. Lang)
Chapter 51: Security Standards for Products (Paul Brusil and Noel Zakin)
PART V DETECTING SECURITY BREACHES
Chapter 52: Application Controls (Myles Walsh & Susan Baumes)
Chapter 53: Monitoring and Control Systems (Caleb S. Coggins and Diane E.
Levine)
Chapter 54: Security Audits (Donald Glass, Richard O. Moore III, Chris
Davis, John Mason, David Gursky, James Thomas, Wendy Carr, M. E. Kabay and
Diane Levine)
Chapter 55: Cyber Investigation1 (Peter Stephenson)
PART VI RESPONSE AND REMEDIATION
Chapter 56: Computer Security Incident Response Teams1 (Michael Miora, M.
E. Kabay, and Bernie Cowens)
Chapter 57: Data Backups and Archives (M. E. Kabay and Don Holden)
Chapter 58: Business Continuity Planning (Michael Miora)
Chapter 59: Disaster Recovery (Michael Miora)
Chapter 60: Insurance Relief (Robert A. Parisi, Jr., John F. Mullen and
Kevin Apollo)
Chapter 61 Working with Law Enforcement (David A. Land)
PART VII MANAGEMENT'S ROLE IN SECURITY
Chapter 62 Quantitative Risk Assessment and Risk Management (Robert V.
Jacobson & Susan Baumes)
Chapter 63: Management Responsibilities and Liabilities (Carl Hallberg, M.
E. Kabay, Bridgitt Robertson, and Arthur E. Hutt)
Chapter 64: US Legal and Regulatory Security Issues (Timothy Virtue)
Chapter 65: The Role of the CISO (Karen F. Worstell)
Chapter 66: Developing Security Policies (M. E. Kabay and Sean Kelley)
Chapter 67 Developing Classification Policies For Data (Karthik Raman,
Kevin Beets, And M. E. Kabay)
Chapter 68: Outsourcing and Security (Kip Boyle, Michael Buglewicz, and
Steven Lovaas)
PART VIII PUBLIC POLICY AND OTHER CONSIDERATIONS
Chapter 69: Privacy in Cyberspace: US and European Perspectives (Henry L.
Judy, Scott L. David, Benjamin S. Hayes, Jeffrey B. Ritter, Marc Rotenberg
and M. E. Kabay)
Chapter 70: Anonymity and Identity in Cyberspace (M. E. Kabay, Eric
Salveggio, Robert Guess, and Russell D. Rosco)
Chapter 71: Healthcare Security and Privacy (Paul Brusil)
Chapter 72: Legal and Policy Issues of Censorship and Content Filtering
(Lee Tien, Seth Finkelstein, and Steven Lovaas)
Chapter 73: Expert Witnesses and the Daubert Challenge (Chey Cobb)
Chapter 74: Professional Certification and Training in Information
Assurance (M. E. Kabay, Christopher Christian, Kevin Henry and Sondra
Schneider)
Chapter 75 Undergraduate and Graduate Education in Information Assurance
(Vic Maconachy and Seymour Bosworth)
Chapter 76: The Future of Information Assurance (Jeremy A. Hansen)
Index
Acknowledgments
About the Editors
About the Contributors
A Note to Instructors
PART I FOUNDATIONS OF COMPUTER SECURITY
Chapter 1 Brief History and Mission of Information System Security (Seymour
Bosworth and Robert V. Jacobson)
Chapter 2 History of Computer Crime
Chapter 3 Toward a New Framework for Information Security (Donn B. Parker,
CISSP)
Chapter 4 Hardware Elements of Security (Sy Bosworth and Stephen Cobb)
Chapter 5 Data Communications and Information Security (Raymond Panko and
Eric Fisher)
Chapter 6 Local Area Network Topologies, Protocols, and Design (Gary C.
Kessler)
Chapter 7 Encryption (Stephen Cobb and Corinne LeFrançois)
Chapter 8 Using a Common Language for Computer Security Incident
Information (John D. Howard)
Chapter 9 Mathematical Models of Computer Security (Matt Bishop)
Chapter 10 Understanding Studies and Surveys of Computer Crime (M. E.
Kabay)
Chapter 11 Fundamentals of Intellectual Property Law (William A. Zucker and
Scott J. Nathan)
PART II THREATS AND VULNERABILITIES
Chapter 12 The Psychology of Computer Criminals (Q. Campbell and David M.
Kennedy)
Chapter 13 The Insider Threat (Gary L. Tagg, CISSP)
Chapter 14 Information Warfare (Seymour Bosworth)
Chapter 15 Penetrating Computer Systems and Networks (Chey Cobb, Stephen
Cobb, M. E. Kabay, and Tim Crothers)
Chapter 16 Malicious Code (Robert Guess and Eric Salveggio)
Chapter 17 Mobile Code (Robert Gezelter)
Chapter 18 Denial-of-Service Attacks (Gary C. Kessler)
Chapter 19 Social-engineering and low-tech attacks (Karthik Raman, Susan
Baumes, Kevin Beets, and Carl Ness)
Chapter 20 Spam, Phishing, and Trojans: Attacks Meant To Fool (Stephen
Cobb)
Chapter 21 Web-Based Vulnerabilities (Anup K. Ghosh, Kurt Baumgarten,
Jennifer Hadley, and Steven Lovaas)
Chapter 22 Physical Threats to the Information Infrastructure (Franklin
Platt)
PART III PREVENTION: TECHNICAL DEFENSES
Chapter 23 Protecting the Physical Information Infrastructure (Franklin
Platt)
Chapter 24 Operating System Security (William Stallings)
Chapter 25 Local Area Networks (N. Todd Pritsky, Joseph R. Bumblis, and
Gary C. Kessler)
Chapter 26 Gateway Security Devices (Justin Opatrny)
Chapter 27 Intrusion Detection and Intrusion Prevention Devices (Rebecca
Gurley Bace)
Chapter 28: Identification and Authentication (Ravi Sandhu, Jennifer
Hadley, Steven Lovaas, and Nicholas Takacs)
Chapter 29: Biometric Authentication (Eric Salveggio, Steven Lovaas, David
R. Lease, and Robert Guess)
Chapter 30: E-Commerce and Web Server Safeguards (Robert Gezelter)
Chapter 31: Web Monitoring and Content Filtering (Steven Lovaas)
Chapter 32 Virtual Private Networks and Secure Remote Access (Justin
Opatrny and Carl Ness
Chapter 33 802.11 Wireless LAN Security (Gary L. Tagg, CISSP and Jason
Sinchak, CISSP)
Chapter 34 Securing VoIP (Christopher Dantos and John Mason)
Chapter 35 Securing P2P, IM, SMS, and Collaboration Tools (Carl Ness)
Chapter 36 Securing Stored Data (David J. Johnson, Nicholas Takacs,
Jennifer Hadley, and M. E. Kabay)
Chapter 37: PKI and Certificate Authorities (Santosh Chokhani, Padgett
Peterson, and Steven Lovaas)
Chapter 38: Writing Secure Code (Lester E. Nichols, M. E. Kabay, and
Timothy Braithwaite)
Chapter 39 Software Development and Quality Assurance (Diane E. Levine,
John Mason, and Jennifer Hadley)
Chapter 40: Managing Software Patches and Vulnerabilities (Karen Scarfone,
Peter Mell, and Murugiah Souppaya)
Chapter 41: Antivirus Technology (Chey Cobb and Allysa Myers)
Chapter 42: Protecting Digital Rights: Technical Approaches (Robert Guess,
Jennifer Hadley, Steven Lovaas, and Diane E. Levine)
PART IV PREVENTION: HUMAN FACTORS
Chapter 43 Ethical Decision Making and High Technology (James Landon
Linderman)
Chapter 44: Security Policy Guidelines (M. E. Kabay and Bridgitt Robertson)
Chapter 45: Employment Practices and Policies (M. E. Kabay and Bridgitt
Robertson)
Chapter 46 Vulnerability Assessment (Rebecca Gurley Bace and Jason Sinchak)
Chapter 47: Operations Security and Production Controls (M. E. Kabay, Don
Holden, and Myles Walsh)
Chapter 48: E-Mail and Internet Use Policies (M. E. Kabay and Nicholas
Takacs)
Chapter 49: Implementing a Security-Awareness Program (K. Rudolph)
Chapter 50 Using Social Psychology to Implement Security Policies (M. E.
Kabay, Bridgitt Robertson, Mani Akella, and D. T. Lang)
Chapter 51: Security Standards for Products (Paul Brusil and Noel Zakin)
PART V DETECTING SECURITY BREACHES
Chapter 52: Application Controls (Myles Walsh & Susan Baumes)
Chapter 53: Monitoring and Control Systems (Caleb S. Coggins and Diane E.
Levine)
Chapter 54: Security Audits (Donald Glass, Richard O. Moore III, Chris
Davis, John Mason, David Gursky, James Thomas, Wendy Carr, M. E. Kabay and
Diane Levine)
Chapter 55: Cyber Investigation1 (Peter Stephenson)
PART VI RESPONSE AND REMEDIATION
Chapter 56: Computer Security Incident Response Teams1 (Michael Miora, M.
E. Kabay, and Bernie Cowens)
Chapter 57: Data Backups and Archives (M. E. Kabay and Don Holden)
Chapter 58: Business Continuity Planning (Michael Miora)
Chapter 59: Disaster Recovery (Michael Miora)
Chapter 60: Insurance Relief (Robert A. Parisi, Jr., John F. Mullen and
Kevin Apollo)
Chapter 61 Working with Law Enforcement (David A. Land)
PART VII MANAGEMENT'S ROLE IN SECURITY
Chapter 62 Quantitative Risk Assessment and Risk Management (Robert V.
Jacobson & Susan Baumes)
Chapter 63: Management Responsibilities and Liabilities (Carl Hallberg, M.
E. Kabay, Bridgitt Robertson, and Arthur E. Hutt)
Chapter 64: US Legal and Regulatory Security Issues (Timothy Virtue)
Chapter 65: The Role of the CISO (Karen F. Worstell)
Chapter 66: Developing Security Policies (M. E. Kabay and Sean Kelley)
Chapter 67 Developing Classification Policies For Data (Karthik Raman,
Kevin Beets, And M. E. Kabay)
Chapter 68: Outsourcing and Security (Kip Boyle, Michael Buglewicz, and
Steven Lovaas)
PART VIII PUBLIC POLICY AND OTHER CONSIDERATIONS
Chapter 69: Privacy in Cyberspace: US and European Perspectives (Henry L.
Judy, Scott L. David, Benjamin S. Hayes, Jeffrey B. Ritter, Marc Rotenberg
and M. E. Kabay)
Chapter 70: Anonymity and Identity in Cyberspace (M. E. Kabay, Eric
Salveggio, Robert Guess, and Russell D. Rosco)
Chapter 71: Healthcare Security and Privacy (Paul Brusil)
Chapter 72: Legal and Policy Issues of Censorship and Content Filtering
(Lee Tien, Seth Finkelstein, and Steven Lovaas)
Chapter 73: Expert Witnesses and the Daubert Challenge (Chey Cobb)
Chapter 74: Professional Certification and Training in Information
Assurance (M. E. Kabay, Christopher Christian, Kevin Henry and Sondra
Schneider)
Chapter 75 Undergraduate and Graduate Education in Information Assurance
(Vic Maconachy and Seymour Bosworth)
Chapter 76: The Future of Information Assurance (Jeremy A. Hansen)
Index
Preface
Acknowledgments
About the Editors
About the Contributors
A Note to Instructors
PART I FOUNDATIONS OF COMPUTER SECURITY
Chapter 1 Brief History and Mission of Information System Security (Seymour
Bosworth and Robert V. Jacobson)
Chapter 2 History of Computer Crime
Chapter 3 Toward a New Framework for Information Security (Donn B. Parker,
CISSP)
Chapter 4 Hardware Elements of Security (Sy Bosworth and Stephen Cobb)
Chapter 5 Data Communications and Information Security (Raymond Panko and
Eric Fisher)
Chapter 6 Local Area Network Topologies, Protocols, and Design (Gary C.
Kessler)
Chapter 7 Encryption (Stephen Cobb and Corinne LeFrançois)
Chapter 8 Using a Common Language for Computer Security Incident
Information (John D. Howard)
Chapter 9 Mathematical Models of Computer Security (Matt Bishop)
Chapter 10 Understanding Studies and Surveys of Computer Crime (M. E.
Kabay)
Chapter 11 Fundamentals of Intellectual Property Law (William A. Zucker and
Scott J. Nathan)
PART II THREATS AND VULNERABILITIES
Chapter 12 The Psychology of Computer Criminals (Q. Campbell and David M.
Kennedy)
Chapter 13 The Insider Threat (Gary L. Tagg, CISSP)
Chapter 14 Information Warfare (Seymour Bosworth)
Chapter 15 Penetrating Computer Systems and Networks (Chey Cobb, Stephen
Cobb, M. E. Kabay, and Tim Crothers)
Chapter 16 Malicious Code (Robert Guess and Eric Salveggio)
Chapter 17 Mobile Code (Robert Gezelter)
Chapter 18 Denial-of-Service Attacks (Gary C. Kessler)
Chapter 19 Social-engineering and low-tech attacks (Karthik Raman, Susan
Baumes, Kevin Beets, and Carl Ness)
Chapter 20 Spam, Phishing, and Trojans: Attacks Meant To Fool (Stephen
Cobb)
Chapter 21 Web-Based Vulnerabilities (Anup K. Ghosh, Kurt Baumgarten,
Jennifer Hadley, and Steven Lovaas)
Chapter 22 Physical Threats to the Information Infrastructure (Franklin
Platt)
PART III PREVENTION: TECHNICAL DEFENSES
Chapter 23 Protecting the Physical Information Infrastructure (Franklin
Platt)
Chapter 24 Operating System Security (William Stallings)
Chapter 25 Local Area Networks (N. Todd Pritsky, Joseph R. Bumblis, and
Gary C. Kessler)
Chapter 26 Gateway Security Devices (Justin Opatrny)
Chapter 27 Intrusion Detection and Intrusion Prevention Devices (Rebecca
Gurley Bace)
Chapter 28: Identification and Authentication (Ravi Sandhu, Jennifer
Hadley, Steven Lovaas, and Nicholas Takacs)
Chapter 29: Biometric Authentication (Eric Salveggio, Steven Lovaas, David
R. Lease, and Robert Guess)
Chapter 30: E-Commerce and Web Server Safeguards (Robert Gezelter)
Chapter 31: Web Monitoring and Content Filtering (Steven Lovaas)
Chapter 32 Virtual Private Networks and Secure Remote Access (Justin
Opatrny and Carl Ness
Chapter 33 802.11 Wireless LAN Security (Gary L. Tagg, CISSP and Jason
Sinchak, CISSP)
Chapter 34 Securing VoIP (Christopher Dantos and John Mason)
Chapter 35 Securing P2P, IM, SMS, and Collaboration Tools (Carl Ness)
Chapter 36 Securing Stored Data (David J. Johnson, Nicholas Takacs,
Jennifer Hadley, and M. E. Kabay)
Chapter 37: PKI and Certificate Authorities (Santosh Chokhani, Padgett
Peterson, and Steven Lovaas)
Chapter 38: Writing Secure Code (Lester E. Nichols, M. E. Kabay, and
Timothy Braithwaite)
Chapter 39 Software Development and Quality Assurance (Diane E. Levine,
John Mason, and Jennifer Hadley)
Chapter 40: Managing Software Patches and Vulnerabilities (Karen Scarfone,
Peter Mell, and Murugiah Souppaya)
Chapter 41: Antivirus Technology (Chey Cobb and Allysa Myers)
Chapter 42: Protecting Digital Rights: Technical Approaches (Robert Guess,
Jennifer Hadley, Steven Lovaas, and Diane E. Levine)
PART IV PREVENTION: HUMAN FACTORS
Chapter 43 Ethical Decision Making and High Technology (James Landon
Linderman)
Chapter 44: Security Policy Guidelines (M. E. Kabay and Bridgitt Robertson)
Chapter 45: Employment Practices and Policies (M. E. Kabay and Bridgitt
Robertson)
Chapter 46 Vulnerability Assessment (Rebecca Gurley Bace and Jason Sinchak)
Chapter 47: Operations Security and Production Controls (M. E. Kabay, Don
Holden, and Myles Walsh)
Chapter 48: E-Mail and Internet Use Policies (M. E. Kabay and Nicholas
Takacs)
Chapter 49: Implementing a Security-Awareness Program (K. Rudolph)
Chapter 50 Using Social Psychology to Implement Security Policies (M. E.
Kabay, Bridgitt Robertson, Mani Akella, and D. T. Lang)
Chapter 51: Security Standards for Products (Paul Brusil and Noel Zakin)
PART V DETECTING SECURITY BREACHES
Chapter 52: Application Controls (Myles Walsh & Susan Baumes)
Chapter 53: Monitoring and Control Systems (Caleb S. Coggins and Diane E.
Levine)
Chapter 54: Security Audits (Donald Glass, Richard O. Moore III, Chris
Davis, John Mason, David Gursky, James Thomas, Wendy Carr, M. E. Kabay and
Diane Levine)
Chapter 55: Cyber Investigation1 (Peter Stephenson)
PART VI RESPONSE AND REMEDIATION
Chapter 56: Computer Security Incident Response Teams1 (Michael Miora, M.
E. Kabay, and Bernie Cowens)
Chapter 57: Data Backups and Archives (M. E. Kabay and Don Holden)
Chapter 58: Business Continuity Planning (Michael Miora)
Chapter 59: Disaster Recovery (Michael Miora)
Chapter 60: Insurance Relief (Robert A. Parisi, Jr., John F. Mullen and
Kevin Apollo)
Chapter 61 Working with Law Enforcement (David A. Land)
PART VII MANAGEMENT'S ROLE IN SECURITY
Chapter 62 Quantitative Risk Assessment and Risk Management (Robert V.
Jacobson & Susan Baumes)
Chapter 63: Management Responsibilities and Liabilities (Carl Hallberg, M.
E. Kabay, Bridgitt Robertson, and Arthur E. Hutt)
Chapter 64: US Legal and Regulatory Security Issues (Timothy Virtue)
Chapter 65: The Role of the CISO (Karen F. Worstell)
Chapter 66: Developing Security Policies (M. E. Kabay and Sean Kelley)
Chapter 67 Developing Classification Policies For Data (Karthik Raman,
Kevin Beets, And M. E. Kabay)
Chapter 68: Outsourcing and Security (Kip Boyle, Michael Buglewicz, and
Steven Lovaas)
PART VIII PUBLIC POLICY AND OTHER CONSIDERATIONS
Chapter 69: Privacy in Cyberspace: US and European Perspectives (Henry L.
Judy, Scott L. David, Benjamin S. Hayes, Jeffrey B. Ritter, Marc Rotenberg
and M. E. Kabay)
Chapter 70: Anonymity and Identity in Cyberspace (M. E. Kabay, Eric
Salveggio, Robert Guess, and Russell D. Rosco)
Chapter 71: Healthcare Security and Privacy (Paul Brusil)
Chapter 72: Legal and Policy Issues of Censorship and Content Filtering
(Lee Tien, Seth Finkelstein, and Steven Lovaas)
Chapter 73: Expert Witnesses and the Daubert Challenge (Chey Cobb)
Chapter 74: Professional Certification and Training in Information
Assurance (M. E. Kabay, Christopher Christian, Kevin Henry and Sondra
Schneider)
Chapter 75 Undergraduate and Graduate Education in Information Assurance
(Vic Maconachy and Seymour Bosworth)
Chapter 76: The Future of Information Assurance (Jeremy A. Hansen)
Index
Acknowledgments
About the Editors
About the Contributors
A Note to Instructors
PART I FOUNDATIONS OF COMPUTER SECURITY
Chapter 1 Brief History and Mission of Information System Security (Seymour
Bosworth and Robert V. Jacobson)
Chapter 2 History of Computer Crime
Chapter 3 Toward a New Framework for Information Security (Donn B. Parker,
CISSP)
Chapter 4 Hardware Elements of Security (Sy Bosworth and Stephen Cobb)
Chapter 5 Data Communications and Information Security (Raymond Panko and
Eric Fisher)
Chapter 6 Local Area Network Topologies, Protocols, and Design (Gary C.
Kessler)
Chapter 7 Encryption (Stephen Cobb and Corinne LeFrançois)
Chapter 8 Using a Common Language for Computer Security Incident
Information (John D. Howard)
Chapter 9 Mathematical Models of Computer Security (Matt Bishop)
Chapter 10 Understanding Studies and Surveys of Computer Crime (M. E.
Kabay)
Chapter 11 Fundamentals of Intellectual Property Law (William A. Zucker and
Scott J. Nathan)
PART II THREATS AND VULNERABILITIES
Chapter 12 The Psychology of Computer Criminals (Q. Campbell and David M.
Kennedy)
Chapter 13 The Insider Threat (Gary L. Tagg, CISSP)
Chapter 14 Information Warfare (Seymour Bosworth)
Chapter 15 Penetrating Computer Systems and Networks (Chey Cobb, Stephen
Cobb, M. E. Kabay, and Tim Crothers)
Chapter 16 Malicious Code (Robert Guess and Eric Salveggio)
Chapter 17 Mobile Code (Robert Gezelter)
Chapter 18 Denial-of-Service Attacks (Gary C. Kessler)
Chapter 19 Social-engineering and low-tech attacks (Karthik Raman, Susan
Baumes, Kevin Beets, and Carl Ness)
Chapter 20 Spam, Phishing, and Trojans: Attacks Meant To Fool (Stephen
Cobb)
Chapter 21 Web-Based Vulnerabilities (Anup K. Ghosh, Kurt Baumgarten,
Jennifer Hadley, and Steven Lovaas)
Chapter 22 Physical Threats to the Information Infrastructure (Franklin
Platt)
PART III PREVENTION: TECHNICAL DEFENSES
Chapter 23 Protecting the Physical Information Infrastructure (Franklin
Platt)
Chapter 24 Operating System Security (William Stallings)
Chapter 25 Local Area Networks (N. Todd Pritsky, Joseph R. Bumblis, and
Gary C. Kessler)
Chapter 26 Gateway Security Devices (Justin Opatrny)
Chapter 27 Intrusion Detection and Intrusion Prevention Devices (Rebecca
Gurley Bace)
Chapter 28: Identification and Authentication (Ravi Sandhu, Jennifer
Hadley, Steven Lovaas, and Nicholas Takacs)
Chapter 29: Biometric Authentication (Eric Salveggio, Steven Lovaas, David
R. Lease, and Robert Guess)
Chapter 30: E-Commerce and Web Server Safeguards (Robert Gezelter)
Chapter 31: Web Monitoring and Content Filtering (Steven Lovaas)
Chapter 32 Virtual Private Networks and Secure Remote Access (Justin
Opatrny and Carl Ness
Chapter 33 802.11 Wireless LAN Security (Gary L. Tagg, CISSP and Jason
Sinchak, CISSP)
Chapter 34 Securing VoIP (Christopher Dantos and John Mason)
Chapter 35 Securing P2P, IM, SMS, and Collaboration Tools (Carl Ness)
Chapter 36 Securing Stored Data (David J. Johnson, Nicholas Takacs,
Jennifer Hadley, and M. E. Kabay)
Chapter 37: PKI and Certificate Authorities (Santosh Chokhani, Padgett
Peterson, and Steven Lovaas)
Chapter 38: Writing Secure Code (Lester E. Nichols, M. E. Kabay, and
Timothy Braithwaite)
Chapter 39 Software Development and Quality Assurance (Diane E. Levine,
John Mason, and Jennifer Hadley)
Chapter 40: Managing Software Patches and Vulnerabilities (Karen Scarfone,
Peter Mell, and Murugiah Souppaya)
Chapter 41: Antivirus Technology (Chey Cobb and Allysa Myers)
Chapter 42: Protecting Digital Rights: Technical Approaches (Robert Guess,
Jennifer Hadley, Steven Lovaas, and Diane E. Levine)
PART IV PREVENTION: HUMAN FACTORS
Chapter 43 Ethical Decision Making and High Technology (James Landon
Linderman)
Chapter 44: Security Policy Guidelines (M. E. Kabay and Bridgitt Robertson)
Chapter 45: Employment Practices and Policies (M. E. Kabay and Bridgitt
Robertson)
Chapter 46 Vulnerability Assessment (Rebecca Gurley Bace and Jason Sinchak)
Chapter 47: Operations Security and Production Controls (M. E. Kabay, Don
Holden, and Myles Walsh)
Chapter 48: E-Mail and Internet Use Policies (M. E. Kabay and Nicholas
Takacs)
Chapter 49: Implementing a Security-Awareness Program (K. Rudolph)
Chapter 50 Using Social Psychology to Implement Security Policies (M. E.
Kabay, Bridgitt Robertson, Mani Akella, and D. T. Lang)
Chapter 51: Security Standards for Products (Paul Brusil and Noel Zakin)
PART V DETECTING SECURITY BREACHES
Chapter 52: Application Controls (Myles Walsh & Susan Baumes)
Chapter 53: Monitoring and Control Systems (Caleb S. Coggins and Diane E.
Levine)
Chapter 54: Security Audits (Donald Glass, Richard O. Moore III, Chris
Davis, John Mason, David Gursky, James Thomas, Wendy Carr, M. E. Kabay and
Diane Levine)
Chapter 55: Cyber Investigation1 (Peter Stephenson)
PART VI RESPONSE AND REMEDIATION
Chapter 56: Computer Security Incident Response Teams1 (Michael Miora, M.
E. Kabay, and Bernie Cowens)
Chapter 57: Data Backups and Archives (M. E. Kabay and Don Holden)
Chapter 58: Business Continuity Planning (Michael Miora)
Chapter 59: Disaster Recovery (Michael Miora)
Chapter 60: Insurance Relief (Robert A. Parisi, Jr., John F. Mullen and
Kevin Apollo)
Chapter 61 Working with Law Enforcement (David A. Land)
PART VII MANAGEMENT'S ROLE IN SECURITY
Chapter 62 Quantitative Risk Assessment and Risk Management (Robert V.
Jacobson & Susan Baumes)
Chapter 63: Management Responsibilities and Liabilities (Carl Hallberg, M.
E. Kabay, Bridgitt Robertson, and Arthur E. Hutt)
Chapter 64: US Legal and Regulatory Security Issues (Timothy Virtue)
Chapter 65: The Role of the CISO (Karen F. Worstell)
Chapter 66: Developing Security Policies (M. E. Kabay and Sean Kelley)
Chapter 67 Developing Classification Policies For Data (Karthik Raman,
Kevin Beets, And M. E. Kabay)
Chapter 68: Outsourcing and Security (Kip Boyle, Michael Buglewicz, and
Steven Lovaas)
PART VIII PUBLIC POLICY AND OTHER CONSIDERATIONS
Chapter 69: Privacy in Cyberspace: US and European Perspectives (Henry L.
Judy, Scott L. David, Benjamin S. Hayes, Jeffrey B. Ritter, Marc Rotenberg
and M. E. Kabay)
Chapter 70: Anonymity and Identity in Cyberspace (M. E. Kabay, Eric
Salveggio, Robert Guess, and Russell D. Rosco)
Chapter 71: Healthcare Security and Privacy (Paul Brusil)
Chapter 72: Legal and Policy Issues of Censorship and Content Filtering
(Lee Tien, Seth Finkelstein, and Steven Lovaas)
Chapter 73: Expert Witnesses and the Daubert Challenge (Chey Cobb)
Chapter 74: Professional Certification and Training in Information
Assurance (M. E. Kabay, Christopher Christian, Kevin Henry and Sondra
Schneider)
Chapter 75 Undergraduate and Graduate Education in Information Assurance
(Vic Maconachy and Seymour Bosworth)
Chapter 76: The Future of Information Assurance (Jeremy A. Hansen)
Index