You are previewing Computer Security Handbook, Fifth Edition.
O'Reilly logo
Computer Security Handbook, Fifth Edition

Book Description

The classic and authoritative reference in the field of computer security, now completely updated and revised.

With the continued presence of large-scale computers; the proliferation of desktop, laptop, and handheld computers; and the vast international networks that interconnect them, the nature and extent of threats to computer security have grown enormously. Now in its fifth edition, Computer Security Handbook continues to provide authoritative guidance to identify and to eliminate these threats where possible, as well as to lessen any losses attributable to them.

With seventy-seven chapters contributed by a panel of renowned industry professionals, the new edition has increased coverage in both breadth and depth of all ten domains of the Common Body of Knowledge defined by the International Information Systems Security Certification Consortium (ISC).

Of the seventy-seven chapters in the fifth edition, twenty-five chapters are completely new, including:

  1. Hardware Elements of Security

  2. Fundamentals of Cryptography and Steganography

  3. Mathematical models of information security

  4. Insider threats

  5. Social engineering and low-tech attacks

  6. Spam, phishing, and Trojans: attacks meant to fool

  7. Biometric authentication

  8. VPNs and secure remote access

  9. Securing Peer2Peer, IM, SMS, and collaboration tools

  10. U.S. legal and regulatory security issues, such as GLBA and SOX

Whether you are in charge of many computers or just one important one, there are immediate steps you can take to safeguard your computer system and its contents. Computer Security Handbook, Fifth Edition equips you to protect the information and networks that are vital to your organization.

Table of Contents

  1. Volume I: Computer Security Handbook
    1. Title Page
    2. Copyright
    3. Contents
    4. PREFACE
    5. ACKNOWLEDGMENTS
    6. ABOUT THE EDITORS
    7. ABOUT THE CONTRIBUTORS
    8. A NOTE TO INSTRUCTORS
    9. INTRODUCTION TO PART I: FOUNDATIONS OF COMPUTER SECURITY
      1. CHAPTER 1: BRIEF HISTORY AND MISSION OF INFORMATION SYSTEM SECURITY
        1. 1.1 INTRODUCTION TO INFORMATION SYSTEM SECURITY.
        2. 1.2 EVOLUTION OF INFORMATION SYSTEMS.
        3. 1.3 GOVERNMENT RECOGNITION OF INFORMATION ASSURANCE.
        4. 1.4 RECENT DEVELOPMENTS.
        5. 1.5 ONGOING MISSION FOR INFORMATION SYSTEM SECURITY.
        6. 1.6 NOTES
      2. CHAPTER 2: HISTORY OF COMPUTER CRIME
        1. 2.1 WHY STUDY HISTORICAL RECORDS?
        2. 2.2 OVERVIEW.
        3. 2.3 1960S AND 1970S: SABOTAGE.
        4. 2.4 IMPERSONATION.
        5. 2.5 PHONE PHREAKING.
        6. 2.6 DATA DIDDLING.
        7. 2.7 SALAMI FRAUD.
        8. 2.8 LOGIC BOMBS.
        9. 2.9 EXTORTION.
        10. 2.10 TROJAN HORSES.
        11. 2.11 NOTORIOUS WORMS AND VIRUSES.
        12. 2.12 SPAM.
        13. 2.13 DENIAL OF SERVICE.
        14. 2.14 HACKER UNDERGROUND OF THE 1980S AND 1990S.
        15. 2.15 CONCLUDING REMARKS.
        16. 2.16 FURTHER READING
        17. 2.17 NOTES
      3. CHAPTER 3: TOWARD A NEW FRAMEWORK FOR INFORMATION SECURITY*
        1. 3.1 PROPOSAL FOR A NEW INFORMATION SECURITY FRAMEWORK.
        2. 3.2 SIX ESSENTIAL SECURITY ELEMENTS.
        3. 3.3 WHAT THE DICTIONARIES SAY ABOUT THE WORDS WE USE.
        4. 3.4 COMPREHENSIVE LISTS OF SOURCES AND ACTS CAUSING INFORMATION LOSSES.
        5. 3.5 FUNCTIONS OF INFORMATION SECURITY.
        6. 3.6 SELECTING SAFEGUARDS USING A STANDARD OF DUE DILIGENCE.
        7. 3.7 THREATS, ASSETS, VULNERABILITIES MODEL.
        8. 3.8 CONCLUSION.
      4. CHAPTER 4: HARDWARE ELEMENTS OF SECURITY
        1. 4.1 INTRODUCTION.
        2. 4.2 BINARY DESIGN.
        3. 4.3 PARITY.
        4. 4.4 HARDWARE OPERATIONS.
        5. 4.5 INTERRUPTS.
        6. 4.6 MEMORY AND DATA STORAGE.
        7. 4.7 TIME.
        8. 4.8 NATURAL DANGERS.
        9. 4.9 DATA COMMUNICATIONS.
        10. 4.10 CRYPTOGRAPHY.
        11. 4.11 BACKUP.
        12. 4.12 RECOVERY PROCEDURES.
        13. 4.13 MICROCOMPUTER CONSIDERATIONS.
        14. 4.14 CONCLUSION.
        15. 4.15 HARDWARE SECURITY CHECKLIST
        16. 4.16 FURTHER READING
      5. CHAPTER 5: DATA COMMUNICATIONS AND INFORMATION SECURITY
        1. 5.1 INTRODUCTION.
        2. 5.2 SAMPLING OF NETWORKS.
        3. 5.3 NETWORK PROTOCOLS AND VULNERABILITIES.
        4. 5.4 STANDARDS.
        5. 5.5 INTERNET PROTOCOL (IP).
        6. 5.6 TRANSMISSION CONTROL PROTOCOL (TCP).
        7. 5.7 USER DATAGRAM PROTOCOL.
        8. 5.8 TCP/IP SUPERVISORY STANDARDS.
        9. 5.9 APPLICATION STANDARDS.
        10. 5.10 CONCLUDING REMARKS.
        11. 5.11 FURTHER READING
        12. 5.12 NOTES
      6. CHAPTER 6: NETWORK TOPOLOGIES, PROTOCOLS, AND DESIGN
        1. 6.1 OVERVIEW.
        2. 6.2 LAN TOPOLOGY.
        3. 6.3 MEDIA.
        4. 6.4 MEDIA ACCESS CONTROL.
        5. 6.5 LAN PROTOCOLS AND STANDARDS.
        6. 6.6 INTERCONNECTION DEVICES.
        7. 6.7 NETWORK OPERATING SYSTEMS.
        8. 6.8 SUMMARY.
        9. 6.9 WEB SITES
        10. 6.10 FURTHER READING
        11. 6.11 NOTES
      7. CHAPTER 7: ENCRYPTION
        1. 7.1 INTRODUCTION TO CRYPTOGRAPHY.
        2. 7.2 BASIC CRYPTOGRAPHY.
        3. 7.3 DES AND MODERN ENCRYPTION.
        4. 7.4 PUBLIC KEY ENCRYPTION.
        5. 7.5 PRACTICAL ENCRYPTION.
        6. 7.6 BEYOND RSA AND DES.
        7. 7.7 FURTHER READING.
        8. 7.8 NOTES
      8. CHAPTER 8: USING A COMMON LANGUAGE FOR COMPUTER SECURITY INCIDENT INFORMATION
        1. 8.1 INTRODUCTION.
        2. 8.2 WHY A COMMON LANGUAGE IS NEEDED.
        3. 8.3 DEVELOPMENT OF THE COMMON LANGUAGE.
        4. 8.4 COMPUTER SECURITY INCIDENT INFORMATION TAXONOMY.
        5. 8.5 ADDITIONAL INCIDENT INFORMATION TERMS.
        6. 8.6 HOW TO USE THE COMMON LANGUAGE.
        7. 8.7 NOTES
      9. CHAPTER 9: MATHEMATICAL MODELS OF COMPUTER SECURITY
        1. 9.1 WHY MODELS ARE IMPORTANT.
        2. 9.2 MODELS AND SECURITY.
        3. 9.3 MODELS AND CONTROLS.
        4. 9.4 CLASSIC MODELS.
        5. 9.5 OTHER MODELS.
        6. 9.6 CONCLUSION.
        7. 9.7 FURTHER READING
        8. 9.8 NOTES
      10. CHAPTER 10: UNDERSTANDING STUDIES AND SURVEYS OF COMPUTER CRIME
        1. 10.1 INTRODUCTION.
        2. 10.2 BASIC RESEARCH METHODOLOGY.
        3. 10.3 SUMMARY.
        4. 10.4 FURTHER READING
        5. 10.5 NOTES
      11. CHAPTER 11: FUNDAMENTALS OF INTELLECTUAL PROPERTY LAW
        1. 11.1 INTRODUCTION.
        2. 11.2 THE MOST FUNDAMENTAL BUSINESS TOOL FOR PROTECTION OF TECHNOLOGY IS THE CONTRACT.
        3. 11.3 PROPRIETARY RIGHTS AND TRADE SECRETS.
        4. 11.4 COPYRIGHT LAW AND SOFTWARE.
        5. 11.5 DIGITAL MILLENNIUM COPYRIGHT ACT.
        6. 11.6 CIRCUMVENTING TECHNOLOGY MEASURES.
        7. 11.7 PATENT PROTECTION.
        8. 11.8 PIRACY AND OTHER INTRUSIONS.
        9. 11.9 OTHER TOOLS TO PREVENT UNAUTHORIZED INTRUSIONS.
        10. 11.10 OPEN SOURCE.
        11. 11.11 APPLICATION INTERNATIONALLY.
        12. 11.12 CONCLUDING REMARKS.
        13. 11.13 FURTHER READING
        14. 11.14 NOTES
    10. INTRODUCTION TO PART II: THREATS AND VULNERABILITIES
      1. CHAPTER 12: THE PSYCHOLOGY OF COMPUTER CRIMINALS
        1. 12.1 INTRODUCTION.
        2. 12.2 SELF-REPORTED MOTIVATIONS.
        3. 12.3 PSYCHOLOGICAL PERSPECTIVES ON COMPUTER CRIME.
        4. 12.4 SOCIAL DISTANCE, ANONYMITY, AGGRESSION, AND COMPUTER CRIME.
        5. 12.5 INDIVIDUAL DIFFERENCES AND COMPUTER CRIMINALS.
        6. 12.6 ETHICS AND COMPUTER CRIME.
        7. 12.7 CLASSIFICATIONS OF COMPUTER CRIMINALS.
        8. 12.8 SUMMARY AND CONCLUSIONS.
        9. 12.9 NOTES
      2. CHAPTER 13: THE DANGEROUS INFORMATION TECHNOLOGY INSIDER: PSYCHOLOGICAL CHARACTERISTICS AND CAREER PATTERNS1
        1. 13.1 COMPUTER INFORMATION TECHNOLOGY INSIDERS.
        2. 13.2 PSYCHOLOGICAL CHARACTERISTICS OF INFORMATION TECHNOLOGY SPECIALISTS.
        3. 13.3 CHARACTERISTICS OF THE DANGEROUS COMPUTER INFORMATION TECHNOLOGY INSIDER (CITI).
        4. 13.4 ESCALATING PATHWAY TO MAJOR COMPUTER CRIME.
        5. 13.5 STRESS AND ATTACKS ON COMPUTER SYSTEMS.
        6. 13.6 TYPOLOGY OF COMPUTER CRIME PERPETRATORS.
        7. 13.7 CONCLUSION AND IMPLICATIONS.
        8. 13.8 NOTE
      3. CHAPTER 14: INFORMATION WARFARE
        1. 14.1 INTRODUCTION.
        2. 14.2 VULNERABILITIES.
        3. 14.3 GOALS AND OBJECTIVES.
        4. 14.4 SOURCES OF THREATS AND ATTACKS.
        5. 14.5 WEAPONS OF CYBERWAR.
        6. 14.6 DEFENSES.
        7. 14.7 FURTHER READING
        8. 14.8 NOTES
      4. CHAPTER 15: PENETRATING COMPUTER SYSTEMS AND NETWORKS
        1. 15.1 MULTIPLE FACTORS INVOLVED IN SYSTEM PENETRATION.
        2. 15.2 NONTECHNICAL PENETRATION TECHNIQUES.
        3. 15.3 TECHNICAL PENETRATION TECHNIQUES.
        4. 15.4 POLITICAL AND LEGAL ISSUES.
        5. 15.5 SUMMARY
        6. 15.6 FURTHER READING
        7. 15.7 NOTES
      5. CHAPTER 16: MALICIOUS CODE
        1. 16.1 INTRODUCTION.
        2. 16.2 MALICIOUS CODE THREAT MODEL.
        3. 16.3 SURVEY OF MALICIOUS CODE
        4. 16.4 DETECTION OF MALICIOUS CODE.
        5. 16.5 PREVENTION OF MALICIOUS CODE ATTACKS
        6. 16.6 CONCLUSION.
        7. 16.7 FURTHER READING
        8. 16.8 NOTES
      6. CHAPTER 17: MOBILE CODE
        1. 17.1 INTRODUCTION.
        2. 17.2 SIGNED CODE.
        3. 17.3 RESTRICTED OPERATING ENVIRONMENTS.
        4. 17.4 DISCUSSION.
        5. 17.5 SUMMARY.
        6. 17.6 FURTHER READING
        7. 17.7 NOTES
      7. CHAPTER 18: DENIAL-OF-SERVICE ATTACKS
        1. 18.1 INTRODUCTION.
        2. 18.2 DENIAL-OF-SERVICE ATTACKS.
        3. 18.3 DISTRIBUTED DENIAL-OF-SERVICE ATTACKS.
        4. 18.4 MANAGEMENT ISSUES.
        5. 18.5 FURTHER READING
        6. 18.6 NOTE
      8. CHAPTER 19: SOCIAL ENGINEERING AND LOW-TECH ATTACKS
        1. 19.1 INTRODUCTION.
        2. 19.2 BACKGROUND AND HISTORY.
        3. 19.3 SOCIAL ENGINEERING METHODS.
        4. 19.4 PSYCHOLOGY AND SOCIAL PSYCHOLOGY OF SOCIAL ENGINEERING.
        5. 19.5 DANGERS OF SOCIAL ENGINEERING AND ITS IMPACT ON BUSINESSES.
        6. 19.6 DETECTION.
        7. 19.7 RESPONSE.
        8. 19.8 DEFENSE AND MITIGATION.
        9. 19.9 CONCLUSION.
        10. 19.10 FURTHER READING
        11. 19.11 NOTES
      9. CHAPTER 20: SPAM, PHISHING, AND TROJANS: ATTACKS MEANT TO FOOL
        1. 20.1 UNWANTED E-MAIL AND OTHER PESTS: A SECURITY ISSUE.
        2. 20.2 E-MAIL: AN ANATOMY LESSON.
        3. 20.3 SPAM DEFINED.
        4. 20.4 FIGHTING SPAM.
        5. 20.5 PHISHING.
        6. 20.6 TROJAN CODE.
        7. 20.7 CONCLUDING REMARKS.
        8. 20.8 FURTHER READING
        9. 20.9 NOTES
      10. CHAPTER 21: WEB-BASED VULNERABILITIES
        1. 21.1 INTRODUCTION.
        2. 21.2 BREAKING E-COMMERCE SYSTEMS.
        3. 21.3 CASE STUDY OF BREAKING AN E-BUSINESS.
        4. 21.4 WEB APPLICATION SYSTEM SECURITY.
        5. 21.5 PROTECTING WEB APPLICATIONS.
        6. 21.6 COMPONENTS AND VULNERABILITIES IN E-COMMERCE SYSTEMS.
        7. 21.7 SUMMARY.
        8. 21.8 FURTHER READING
        9. 21.9 NOTES
      11. CHAPTER 22: PHYSICAL THREATS TO THE INFORMATION INFRASTRUCTURE
        1. 22.1 INTRODUCTION.
        2. 22.2 BACKGROUND AND PERSPECTIVE.
        3. 22.3 THREAT ASSESSMENT PROCESS.
        4. 22.4 GENERAL THREATS.
        5. 22.5 WORKPLACE VIOLENCE AND TERRORISM.
        6. 22.6 OTHER THREAT SITUATIONS
        7. 22.7 CONFIDENTIAL THREAT INFORMATION.
        8. 22.8 SUMMARY.
        9. 22.9 FURTHER READING
        10. 22.10 NOTES
    11. INTRODUCTION TO PART III: PREVENTION: TECHNICAL DEFENSES
      1. CHAPTER 23: PROTECTING THE INFORMATION INFRASTRUCTURE
        1. 23.1 INTRODUCTION.
        2. 23.2 SECURITY PLANNING AND MANAGEMENT.
        3. 23.3 STRATEGIC PLANNING PROCESS.
        4. 23.4 ELEMENTS OF GOOD PROTECTION.
        5. 23.5 OTHER CONSIDERATIONS.
        6. 23.6 ACCESS CONTROL.
        7. 23.7 SURVEILLANCE SYSTEMS.
        8. 23.8 OTHER DESIGN CONSIDERATIONS.
        9. 23.9 MITIGATING SPECIFIC THREATS.
        10. 23.10 INFORMATION NOT PUBLICLY AVAILABLE.
        11. 23.11 COMPLETING THE SECURITY PLANNING PROCESS.
        12. 23.12 SUMMARY AND CONCLUSIONS.
        13. 23.13 FURTHER READING
        14. 23.14 NOTES
      2. CHAPTER 24: OPERATING SYSTEM SECURITY
        1. 24.1 INFORMATION PROTECTION AND SECURITY.
        2. 24.2 REQUIREMENTS FOR OPERATING SYSTEM SECURITY
        3. 24.3 PROTECTION MECHANISMS.
        4. 24.4 FILE SHARING.
        5. 24.5 TRUSTED SYSTEMS.
        6. 24.6 WINDOWS 2000 SECURITY.
        7. 24.7 FURTHER READING
        8. 24.8 NOTES
      3. CHAPTER 25: LOCAL AREA NETWORKS
        1. 25.1 INTRODUCTION.
        2. 25.2 POLICY AND PROCEDURE ISSUES.
        3. 25.3 PHYSICAL SITE SECURITY.
        4. 25.4 PHYSICAL LAYER ISSUES.
        5. 25.5 NETWORK OPERATING SYSTEM ISSUES.
        6. 25.6 CONCLUSION.
        7. 25.7 FURTHER READING
        8. 25.8 NOTES
      4. CHAPTER 26: GATEWAY SECURITY DEVICES
        1. 26.1 INTRODUCTION.
        2. 26.2 HISTORY AND BACKGROUND.
        3. 26.3 NETWORK SECURITY MECHANISMS.
        4. 26.4 DEPLOYMENT.
        5. 26.5 NETWORK SECURITY DEVICE EVALUATION.
        6. 26.6 CONCLUDING REMARKS.
        7. 26.7 FURTHER READING
      5. CHAPTER 27: INTRUSION DETECTION AND INTRUSION PREVENTION DEVICES
        1. 27.1 SECURITY BEHIND THE FIREWALL.
        2. 27.2 MAIN CONCEPTS.
        3. 27.3 INTRUSION PREVENTION.
        4. 27.4 INFORMATION SOURCES.
        5. 27.5 ANALYSIS SCHEMES.
        6. 27.6 RESPONSE.
        7. 27.7 NEEDS ASSESSMENT AND PRODUCT SELECTION.
        8. 27.8 CONCLUSION.
        9. 27.9 FURTHER READING
        10. 27.10 NOTES
      6. CHAPTER 28: IDENTIFICATION AND AUTHENTICATION
        1. 28.1 INTRODUCTION.
        2. 28.2 FOUR PRINCIPLES OF AUTHENTICATION.
        3. 28.3 PASSWORD-BASED AUTHENTICATION.
        4. 28.4 TOKEN-BASED AUTHENTICATION.
        5. 28.5 BIOMETRIC AUTHENTICATION.
        6. 28.6 CROSS-DOMAIN AUTHENTICATION.
        7. 28.7 RELATIVE COSTS OF AUTHENTICATION TECHNOLOGIES.
        8. 28.8 CONCLUDING REMARKS.
        9. 28.9 SUMMARY.
        10. 28.10 FURTHER READING
        11. 28.11 NOTES
      7. CHAPTER 29: BIOMETRIC AUTHENTICATION
        1. 29.1 INTRODUCTION.
        2. 29.2 IMPORTANCE OF IDENTIFICATION AND VERIFICATION.
        3. 29.3 FUNDAMENTALS AND APPLICATIONS.
        4. 29.4 TYPES OF BIOMETRIC TECHNOLOGIES.
        5. 29.5 TYPES OF ERRORS AND SYSTEM METRICS.
        6. 29.6 DISADVANTAGES AND PROBLEMS
        7. 29.7 RECENT TRENDS IN BIOMETRIC AUTHENTICATION
        8. 29.8 SUMMARY AND RECOMMENDATIONS.
        9. 29.9 FURTHER READING
        10. 29.10 NOTES
      8. CHAPTER 30: E-COMMERCE AND WEB SERVER SAFEGUARDS
        1. 30.1 INTRODUCTION.
        2. 30.2 BUSINESS POLICIES AND STRATEGIES.
        3. 30.3 RULES OF ENGAGEMENT.
        4. 30.4 RISK ANALYSIS.
        5. 30.5 OPERATIONAL REQUIREMENTS.
        6. 30.6 TECHNICAL ISSUES.
        7. 30.7 ETHICAL AND LEGAL ISSUES.
        8. 30.8 SUMMARY.
        9. 30.9 FURTHER READING
        10. 30.10 NOTES
      9. CHAPTER 31: WEB MONITORING AND CONTENT FILTERING
        1. 31.1 INTRODUCTION.
        2. 31.2 SOME TERMINOLOGY
        3. 31.3 MOTIVATION.
        4. 31.4 GENERAL TECHNIQUES.
        5. 31.5 IMPLEMENTATION.
        6. 31.6 ENFORCEMENT.
        7. 31.7 VULNERABILITIES.
        8. 31.8 THE FUTURE.
        9. 31.9 SUMMARY.
        10. 31.10 FURTHER READING
        11. 31.11 NOTES
      10. CHAPTER 32: VIRTUAL PRIVATE NETWORKS AND SECURE REMOTE ACCESS
        1. 32.1 INTRODUCTION.
        2. 32.2 SECURE CLIENT VPNs.
        3. 32.3 TRUSTED VPNs.
        4. 32.4 EXTRANETS.
        5. 32.5 CONCLUSION.
        6. 32.6 FURTHER READING
      11. CHAPTER 33: 802.11 WIRELESS LAN SECURITY
        1. 33.1 INTRODUCTION.
        2. 33.2 802.11 ARCHITECTURE AND PRODUCT TYPES.
        3. 33.3 WIRELESS LAN SECURITY THREATS.
        4. 33.4 ORIGINAL 802.11 SECURITY FUNCTIONALITY.
        5. 33.5 IEEE 802.11I.
        6. 33.6 802.11 SECURITY AUDITING TOOLS.
        7. 33.7 CONCLUSION.
        8. 33.8 APPENDIX 33A–802.11 STANDARDS.
        9. 33.9 APPENDIX 33B: ABBREVIATIONS, TERMINOLOGY, AND DEFINITIONS.
        10. 33.10 FURTHER READING
        11. 33.11 NOTES
      12. CHAPTER 34: SECURING VOIP
        1. 34.1 INTRODUCTION.
        2. 34.2 REGULATORY COMPLIANCE AND RISK ANALYSIS.
        3. 34.3 TECHNICAL ASPECTS OF VOIP SECURITY.
        4. 34.4 PROTECTING THE INFRASTRUCTURE.
        5. 34.5 ENCRYPTION.
        6. 34.6 CONCLUDING REMARKS.
        7. 34.7 FURTHER READING
        8. 34.8 NOTES
      13. CHAPTER 35: SECURING P2P, IM, SMS, AND COLLABORATION TOOLS
        1. 35.1 INTRODUCTION.
        2. 35.2 GENERAL CONCEPTS AND DEFINITIONS.
        3. 35.3 PEER-TO-PEER NETWORKS.
        4. 35.4 SECURING INSTANT MESSAGING.
        5. 35.5 SECURING SMS.
        6. 35.6 SECURING COLLABORATION TOOLS.
        7. 35.7 CONCLUDING REMARKS.
        8. 35.8 FURTHER READING
        9. 35.9 NOTES
      14. CHAPTER 36: SECURING STORED DATA
        1. 36.1 INTRODUCTION TO SECURING STORED DATA.
        2. 36.2 FIBER CHANNEL WEAKNESS AND EXPLOITS.
        3. 36.3 NFS WEAKNESS AND EXPLOITS.
        4. 36.4 CIFS EXPLOITS.
        5. 36.5 ENCRYPTION.
        6. 36.6 DATA DISPOSAL.
        7. 36.7 CONCLUDING REMARKS.
        8. 36.8 FURTHER READING
        9. 36.9 NOTES
      15. CHAPTER 37: PKI AND CERTIFICATE AUTHORITIES
        1. 37.1 INTRODUCTION.
        2. 37.2 NEED FOR PUBLIC KEY INFRASTRUCTURE.
        3. 37.3 PUBLIC KEY CERTIFICATE.
        4. 37.4 ENTERPRISE PUBLIC KEY INFRASTRUCTURE.
        5. 37.5 CERTIFICATE POLICY.
        6. 37.6 GLOBAL PUBLIC KEY INFRASTRUCTURE.
        7. 37.7 FORMS OF REVOCATION.
        8. 37.8 REKEY.
        9. 37.9 KEY RECOVERY.
        10. 37.10 PRIVILEGE MANAGEMENT.
        11. 37.11 TRUSTED ARCHIVAL SERVICES AND TRUSTED TIME STAMPS.
        12. 37.12 COST OF PUBLIC KEY INFRASTRUCTURE.
        13. 37.13 FURTHER READING
        14. 37.14 NOTES
      16. CHAPTER 38: WRITING SECURE CODE
        1. 38.1 INTRODUCTION.
        2. 38.2 POLICY AND MANAGEMENT ISSUES.
        3. 38.3 TECHNICAL AND PROCEDURAL ISSUES.
        4. 38.4 TYPES OF SOFTWARE ERRORS.
        5. 38.5 ASSURANCE TOOLS AND TECHNIQUES.
        6. 38.6 CONCLUDING REMARKS.
        7. 38.7 FURTHER READING
      17. CHAPTER 39: SOFTWARE DEVELOPMENT AND QUALITY ASSURANCE
        1. 39.1 INTRODUCTION.
        2. 39.2 GOALS OF SOFTWARE QUALITY ASSURANCE.
        3. 39.3 SOFTWARE DEVELOPMENT LIFE CYCLE.
        4. 39.4 TYPES OF SOFTWARE ERRORS
        5. 39.5 DESIGNING SOFTWARE TEST CASES
        6. 39.6 BEFORE GOING INTO PRODUCTION
        7. 39.7 MANAGING CHANGE.
        8. 39.8 SOURCES OF BUGS AND PROBLEMS.
        9. 39.9 CONCLUSION.
        10. 39.10 FURTHER READING
      18. CHAPTER 40: MANAGING SOFTWARE PATCHES AND VULNERABILITIES
        1. 40.1 INTRODUCTION.
        2. 40.2 MOTIVATION FOR USING AUTOMATED PATCHING SOLUTIONS.
        3. 40.3 PATCH AND VULNERABILITY MANAGEMENT PROCESS.
        4. 40.4 PATCH AND VULNERABILITY MANAGEMENT ISSUES.
        5. 40.5 CONCLUSION AND SUMMARY OF MAJOR RECOMMENDATIONS.
        6. 40.6 FURTHER READING
        7. 40.7 NOTES
      19. CHAPTER 41: ANTIVIRUS TECHNOLOGY
        1. 41.1 INTRODUCTION.
        2. 41.2 HISTORY OF VIRAL CHANGES.
        3. 41.3 ANTIVIRUS BASICS.
        4. 41.4 SCANNING METHODOLOGIES.
        5. 41.5 CONTENT FILTERING.
        6. 41.6 ANTIVIRUS DEPLOYMENT.
        7. 41.7 POLICIES AND STRATEGIES.
        8. 41.8 CONCLUDING REMARKS.
        9. 41.9 FURTHER READING
        10. 41.10 NOTE
      20. CHAPTER 42: PROTECTING DIGITAL RIGHTS: TECHNICAL APPROACHES
        1. 42.1 INTRODUCTION.
        2. 42.2 SOFTWARE-BASED ANTIPIRACY TECHNIQUES.
        3. 42.3 HARDWARE-BASED ANTIPIRACY TECHNIQUES.
        4. 42.4 DIGITAL RIGHTS MANAGEMENT.
        5. 42.5 PRIVACY-ENHANCING TECHNOLOGIES.
        6. 42.6 FUNDAMENTAL PROBLEMS.
        7. 42.7 SUMMARY.
        8. 42.8 GLOSSARY.
        9. 42.9 FURTHER READING
        10. 42.10 NOTES
  2. Volume II: Computer Security Handbook
    1. Title Page
    2. Copyright
    3. Contents
    4. PREFACE
    5. ACKNOWLEDGMENTS
    6. INTRODUCTION TO PART IV: PREVENTION: HUMAN FACTORS
      1. CHAPTER 43: ETHICAL DECISION MAKING AND HIGH TECHNOLOGY
        1. 43.1 INTRODUCTION: THE ABCs OF COMPUTER ETHICS
        2. 43.2 AWARENESS.
        3. 43.3 BASICS.
        4. 43.4 CONSIDERATIONS.
        5. 43.5 CONCLUDING REMARKS.
        6. 43.6 FURTHER READING.
      2. CHAPTER 44: SECURITY POLICY GUIDELINES
        1. 44.1 INTRODUCTION.
        2. 44.2 TERMINOLOGY.
        3. 44.3 RESOURCES FOR POLICY WRITERS.
        4. 44.4 WRITING THE POLICIES.
        5. 44.5 ORGANIZING THE POLICIES.
        6. 44.6 PRESENTING THE POLICIES.
        7. 44.7 MAINTAINING POLICIES.
        8. 44.8 SUMMARY.
        9. 44.9 FURTHER READING
        10. 44.10 NOTES
      3. CHAPTER 45: EMPLOYMENT PRACTICES AND POLICIES
        1. 45.1 INTRODUCTION.
        2. 45.2 HIRING.
        3. 45.3 MANAGEMENT.
        4. 45.4 TERMINATION OF EMPLOYMENT.
        5. 45.5 SUMMARY.
        6. 45.6 FURTHER READING
        7. 45.7 NOTES
      4. CHAPTER 46: VULNERABILITY ASSESSMENT
        1. 46.1 SCOREKEEPER OF SECURITY MANAGEMENT.
        2. 46.2 TAXONOMY OF VULNERABILITY ASSESSMENT TECHNOLOGIES.
        3. 46.3 PENETRATION TESTING.
        4. 46.4 FURTHER READING
        5. 46.5 NOTES
      5. CHAPTER 47: OPERATIONS SECURITY AND PRODUCTION CONTROLS
        1. 47.1 INTRODUCTION.
        2. 47.2 OPERATIONS MANAGEMENT.
        3. 47.3 PROVIDING A TRUSTED OPERATING SYSTEM.
        4. 47.4 PROTECTION OF DATA
        5. 47.5 DATA VALIDATION.
        6. 47.6 CONCLUDING REMARKS.
        7. 47.7 FURTHER READING
        8. 47.8 NOTES
      6. CHAPTER 48: E-MAIL AND INTERNET USE POLICIES
        1. 48.1 INTRODUCTION.
        2. 48.2 DAMAGING THE REPUTATION OF THE ENTERPRISE.
        3. 48.3 THREATS TO PEOPLE AND SYSTEMS.
        4. 48.4 THREATS TO PRODUCTIVITY.
        5. 48.5 LEGAL LIABILITY.
        6. 48.6 RECOMMENDATIONS.
        7. 48.7 CONCLUDING REMARKS.
        8. 48.8 FURTHER READING
        9. 48.9 NOTES
      7. CHAPTER 49: IMPLEMENTING A SECURITY AWARENESS PROGRAM
        1. 49.1 INTRODUCTION.
        2. 49.2 AWARENESS AS A SURVIVAL TECHNIQUE.
        3. 49.3 CRITICAL SUCCESS FACTORS.
        4. 49.4 OBSTACLES AND OPPORTUNITIES.
        5. 49.5 APPROACH.
        6. 49.6 CONTENT.
        7. 49.7 TECHNIQUES AND PRINCIPLES.
        8. 49.8 TOOLS.
        9. 49.9 MEASUREMENT AND EVALUATION.
        10. 49.10 CONCLUSION.
        11. 49.11 GLOSSARY
        12. 49.12 FURTHER READING
        13. 49.13 NOTES
      8. CHAPTER 50: USING SOCIAL PSYCHOLOGY TO IMPLEMENT SECURITY POLICIES
        1. 50.1 INTRODUCTION.
        2. 50.2 RATIONALITY IS NOT ENOUGH.
        3. 50.3 BELIEFS AND ATTITUDES.
        4. 50.4 ENCOURAGING INITIATIVE.
        5. 50.5 GROUP BEHAVIOR.
        6. 50.6 TECHNOLOGICAL GENERATION GAPS.
        7. 50.7 SUMMARY OF RECOMMENDATIONS.
        8. 50.8 FURTHER READING
        9. 50.9 NOTES
      9. CHAPTER 51: SECURITY STANDARDS FOR PRODUCTS
        1. 51.1 INTRODUCTION.
        2. 51.2 NONSTANDARD PRODUCT ASSESSMENT ALTERNATIVES.
        3. 51.3 SECURITY ASSESSMENT STANDARDS FOR PRODUCTS.
        4. 51.4 STANDARDS FOR ASSESSING PRODUCT BUILDERS.
        5. 51.5 COMBINED PRODUCT AND PRODUCT BUILDER ASSESSMENT STANDARDS.
        6. 51.6 COMMON CRITERIA PARADIGM OVERVIEW.
        7. 51.7 DETAILS ABOUT THE COMMON CRITERIA STANDARD.
        8. 51.8 USING THE CC TO DEFINE SECURITY REQUIREMENTS AND SECURITY SOLUTIONS.
        9. 51.9 COMMON TEST METHODOLOGY FOR CC TESTS AND EVALUATIONS.
        10. 51.10 GLOBAL RECOGNITION OF CEM/CC-BASED ASSESSMENTS.
        11. 51.11 EXAMPLE NATIONAL SCHEME: CCEVS.
        12. 51.12 VALIDATED PROFILES AND PRODUCTS.
        13. 51.13 BENEFITS OF CC EVALUATION.
        14. 51.14 CONCLUDING REMARKS.
        15. 51.15 NOTES
    7. INTRODUCTION TO PART V: DETECTING SECURITY BREACHES
      1. CHAPTER 52: APPLICATION CONTROLS
        1. 52.1 PROTECTION IN APPLICATION DEVELOPMENT.
        2. 52.2 PROTECTING ONLINE FILES.
        3. 52.3 PROTECTING BATCH FILES
        4. 52.4 ENSURING THAT INFORMATION IN THE SYSTEM IS VALID.
        5. 52.5 CONCLUDING REMARKS.
        6. 52.6 FURTHER READING
        7. 52.7 NOTE
      2. CHAPTER 53: MONITORING AND CONTROL SYSTEMS
        1. 53.1 INTRODUCTION.
        2. 53.2 CHANGE AND SECURITY IMPLICATIONS
        3. 53.3 SYSTEM MODELS
        4. 53.4 TARGETS AND METHODS.
        5. 53.5 LOG MANAGEMENT
        6. 53.6 DATA AGGREGATION AND REDUCTION
        7. 53.7 NOTIFICATIONS AND REPORTING
        8. 53.8 MONITORING AND CONTROL CHALLENGES
        9. 53.9 SUMMARY.
        10. 53.10 REFERENCES
        11. 53.11 NOTES
      3. CHAPTER 54: SECURITY AUDITS, STANDARDS, AND INSPECTIONS
        1. 54.1 INTRODUCTION.
        2. 54.2 AUDITING STANDARDS.
        3. 54.3 SAS 70 AUDITS.
        4. 54.4 SARBANES-OXLEY
        5. 54.5 ADDRESSING MULTIPLE REGULATIONS FOR INFORMATION SECURITY.
        6. 54.6 TECHNICAL FRAMEWORKS FOR IT AUDITS.
        7. 54.7 FURTHER READING
        8. 54.8 NOTES
      4. CHAPTER 55: CYBER INVESTIGATION1
        1. 55.1 INTRODUCTION.
        2. 55.2 END-TO-END DIGITAL INVESTIGATION.
        3. 55.3 APPLYING THE FRAMEWORK AND EEDI.
        4. 55.4 USING EEDI AND THE FRAMEWORK.
        5. 55.5 MOTIVE, MEANS, AND OPPORTUNITY: PROFILING ATTACKERS.
        6. 55.6 SOME USEFUL TOOLS.
        7. 55.7 CONCLUDING REMARKS.
        8. 55.8 FURTHER READING
        9. 55.9 NOTES
    8. INTRODUCTION TO PART VI: RESPONSE AND REMEDIATION
      1. CHAPTER 56: COMPUTER SECURITY INCIDENT RESPONSE TEAMS1
        1. 56.1 OVERVIEW.
        2. 56.2 PLANNING THE TEAM.
        3. 56.3 SELECTING AND BUILDING THE TEAM.
        4. 56.4 PRINCIPLES UNDERLYING EFFECTIVE RESPONSE TO COMPUTER SECURITY INCIDENTS.
        5. 56.5 RESPONDING TO COMPUTER EMERGENCIES.
        6. 56.6 MANAGING THE CSIRT.
        7. 56.7 POSTINCIDENT ACTIVITIES.
        8. 56.8 CONCLUDING REMARKS.
        9. 56.9 FURTHER READING
        10. 56.10 NOTES
      2. CHAPTER 57: DATA BACKUPS AND ARCHIVES
        1. 57.1 INTRODUCTION.
        2. 57.2 MAKING BACKUPS.
        3. 57.3 BACKUP STRATEGIES.
        4. 57.4 DATA LIFE CYCLE MANAGEMENT.
        5. 57.5 SAFEGUARDING BACKUPS.
        6. 57.6 DISPOSAL.
        7. 57.7 COSTS.
        8. 57.8 OPTIMIZING FREQUENCY OF BACKUPS.
        9. 57.9 CONCLUDING REMARKS.
        10. 57.10 FURTHER READING
        11. 57.11 NOTES
      3. CHAPTER 58: BUSINESS CONTINUITY PLANNING
        1. 58.1 INTRODUCTION.
        2. 58.2 DEFINING THE GOALS.
        3. 58.3 PERFORMING A BUSINESS IMPACT ANALYSIS.
        4. 58.4 BUSINESS IMPACT ANALYSIS MATRIX ANALYSIS.
        5. 58.5 JUSTIFYING THE COSTS.
        6. 58.6 PLAN PRESENTATION.
        7. 58.7 CONCLUDING REMARKS.
        8. 58.8 FURTHER READING
      4. CHAPTER 59: DISASTER RECOVERY
        1. 59.1 INTRODUCTION.
        2. 59.2 IDENTIFYING THREATS AND DISASTER SCENARIOS.
        3. 59.3 DEVELOPING RECOVERY STRATEGIES.
        4. 59.4 DESIGNING RECOVERY TASKS.
        5. 59.5 IMPLEMENTATION AND READINESS.
        6. 59.6 CONCLUDING REMARKS.
        7. 59.7 FURTHER READING
      5. CHAPTER 60: INSURANCE RELIEF
        1. 60.1 INTRODUCTION.
        2. 60.2 INTELLECTUAL PROPERTY COVERAGE.
        3. 60.3 PROPERTY COVERAGE.
        4. 60.4 CRIME/FIDELITY COVERAGE.
        5. 60.5 E-COMMERCE POLICIES.
        6. 60.6 PRIVACY AND IDENTITY THEFT EXPOSURES.
        7. 60.7 CONCLUDING REMARKS.
        8. 60.8 FURTHER READING
        9. 60.9 NOTES
      6. CHAPTER 61: WORKING WITH LAW ENFORCEMENT
        1. 61.1 INTRODUCTION.
        2. 61.2 RELEVANT LAWS.
        3. 61.3 PLAN AHEAD.
        4. 61.4 MEMORANDUM OF AGREEMENT.
        5. 61.5 HANDLING EVIDENCE AND THE CHAIN OF CUSTODY.
        6. 61.6 ISSUES OF LIABILITY.
        7. 61.7 ASK LAW ENFORCEMENT TO GIVE BACK.
        8. 61.8 THE KNOCK AT THE DOOR.
        9. 61.9 KEEPING YOUR OPERATION RUNNING DURING AN INVESTIGATION.
        10. 61.10 NONELECTRONIC RECORDS AND THE INSIDER THREAT
        11. 61.11 INFORMATION SHARING (THE HUMAN FACTOR).
        12. 61.12 CONCLUSION.
        13. 61.13 FURTHER READING
        14. 61.14 NOTES
    9. INTRODUCTION TO PART VII: MANAGEMENT'S ROLE IN SECURITY
      1. CHAPTER 62: RISK ASSESSMENT AND RISK MANAGEMENT
        1. 62.1 INTRODUCTION TO RISK MANAGEMENT
        2. 62.2 OBJECTIVE OF A RISK ASSESSMENT.
        3. 62.3 LIMITATIONS OF QUESTIONNAIRES IN ASSESSING RISKS.
        4. 62.4 MODEL OF RISK.
        5. 62.5 RISK MITIGATION.
        6. 62.6 RISK ASSESSMENT TECHNIQUES.
        7. 62.7 SUMMARY.
        8. 62.8 FURTHER READING
        9. 62.9 NOTES
      2. CHAPTER 63: MANAGEMENT RESPONSIBILITIES AND LIABILITIES
        1. 63.1 INTRODUCTION.
        2. 63.2 RESPONSIBILITIES.
        3. 63.3 LIABILITIES.
        4. 63.4 COMPUTER MANAGEMENT FUNCTIONS.
        5. 63.5 SECURITY ADMINISTRATION.
        6. 63.6 CONCLUDING REMARKS.
        7. 63.7 FURTHER READING
        8. 63.8 NOTES
      3. CHAPTER 64: U.S. LEGAL AND REGULATORY SECURITY ISSUES
        1. 64.1 INTRODUCTION.
        2. 64.2 SARBANES-OXLEY ACT OF 2002.
        3. 64.3 GRAMM-LEACH-BLILEY ACT.
        4. 64.4 EXAMINATION PROCEDURES TO EVALUATE COMPLIANCE WITH GUIDELINES FOR SAFEGUARDING CUSTOMER INFORMATION.
        5. 64.5 CONCLUDING REMARKS.
        6. 64.6 FURTHER READING
        7. 64.7 NOTES
      4. CHAPTER 65: ROLE OF THE CISO
        1. 65.1 CISO AS CHANGE AGENT.
        2. 65.2 CISO AS STRATEGIST.
        3. 65.3 STRATEGY, GOVERNANCE, AND THE STANDARD OF CARE.
        4. 65.4 SUMMARY OF ACTIONS.
        5. 65.5 RECOMMENDATIONS FOR SUCCESS FOR CISOs.
        6. 65.6 CONCLUDING REMARKS.
        7. 65.7 NOTES
      5. CHAPTER 66: DEVELOPING SECURITY POLICIES
        1. 66.1 INTRODUCTION.
        2. 66.2 COLLABORATING IN BUILDING SECURITY POLICIES.
        3. 66.3 PHASE 1: PRELIMINARY EVALUATION.
        4. 66.4 PHASE 2: MANAGEMENT SENSITIZATION.
        5. 66.5 PHASE 3: NEEDS ANALYSIS.
        6. 66.6 PHASE 4: POLICIES AND PROCEDURES.
        7. 66.7 PHASE 5: IMPLEMENTATION.
        8. 66.8 PHASE 6: MAINTENANCE.
        9. 66.9 CONCLUDING REMARKS.
        10. 66.10 NOTES
      6. CHAPTER 67: DEVELOPING CLASSIFICATION POLICIES FOR DATA
        1. 67.1 INTRODUCTION.
        2. 67.2 WHY DATA CLASSIFICATION IS PERFORMED.
        3. 67.3 DATA CLASSIFICATION'S ROLE IN INFORMATION SECURITY.
        4. 67.4 LEGAL REQUIREMENTS, COMPLIANCE STANDARDS, AND DATA CLASSIFICATION.
        5. 67.5 DESIGNING AND IMPLEMENTING DC.
        6. 67.6 CONCLUDING REMARKS.
        7. 67.7 NOTES
      7. CHAPTER 68: OUTSOURCING AND SECURITY
        1. 68.1 INTRODUCTION.
        2. 68.2 WHY OUTSOURCE?
        3. 68.3 CAN OUTSOURCING FAIL?
        4. 68.4 CONTROLLING THE RISKS.
        5. 68.5 OUTSOURCING SECURITY FUNCTIONS.
        6. 68.6 CONCLUDING REMARKS.
        7. 68.7 FURTHER READING
        8. 68.8 NOTES
    10. INTRODUCTION TO PART VIII: PUBLIC POLICY AND OTHER CONSIDERATIONS
      1. CHAPTER 69: PRIVACY IN CYBERSPACE: U.S. AND EUROPEAN PERSPECTIVES
        1. 69.1 INTRODUCTION: WORLDWIDE TRENDS.
        2. 69.2 EUROPEAN APPROACHES TO PRIVACY
        3. 69.3 UNITED STATES
        4. 69.4 COMPLIANCE MODELS.
        5. 69.5 FURTHER READING
        6. 69.6 NOTES
      2. CHAPTER 70: ANONYMITY AND IDENTITY IN CYBERSPACE
        1. 70.1 INTRODUCTION.
        2. 70.2 DEFINITIONS.
        3. 70.3 SOCIAL PSYCHOLOGY OF ANONYMITY.
        4. 70.4 BALANCING RIGHTS AND DUTIES.
        5. 70.5 SYSTEMS ANALYSIS OF ANONYMITY.
        6. 70.6 IMPLICATIONS AND DISCUSSION.
        7. 70.7 CONCLUDING REMARKS.
        8. 70.8 SUMMARY.
        9. 70.9 FURTHER READING
        10. 70.10 NOTES
      3. CHAPTER 71: MEDICAL RECORDS PROTECTION
        1. 71.1 INTRODUCTION.
        2. 71.2 INFORMATION AND INFORMATION TECHNOLOGY IN HEALTHCARE
        3. 71.3 INFORMATION PRIVACY AND SECURITY ARE IMPORTANT IN HEALTHCARE.
        4. 71.4 NONMEDICAL DRIVERS FOR HEALTHCARE INFORMATION PROTECTION.
        5. 71.5 UNITED STATES LAWS AND GOVERNMENT POLICIES.
        6. 71.6 HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT.
        7. 71.7 SUMMARY.
        8. 71.8 FURTHER READING
        9. 71.9 NOTES
      4. CHAPTER 72: LEGAL AND POLICY ISSUES OF CENSORSHIP AND CONTENT FILTERING
        1. 72.1 INTRODUCTION
        2. 72.2 U.S. CONTEXT: FIRST AMENDMENT RIGHTS.
        3. 72.3 PARENTAL INVOLVEMENT/RESPONSIBILITY.
        4. 72.4 SUMMARY.
        5. 72.5 FURTHER READING
        6. 72.6 NOTES
      5. CHAPTER 73: EXPERT WITNESSES AND THE DAUBERT CHALLENGE
        1. 73.1 INTRODUCTION.
        2. 73.2 DAUBERT .
        3. 73.3 WHETHER THE DAUBERT CHALLENGE IS APPLICABLE: REFINING DAUBERT .
        4. 73.4 DIVIDED WE FALL?
        5. 73.5 BEING THE BEST YOU CAN BE.
        6. 73.6 SUMMARY.
        7. 73.7 FURTHER READING
        8. 73.8 NOTES
      6. CHAPTER 74: PROFESSIONAL CERTIFICATION AND TRAINING IN INFORMATION ASSURANCE
        1. 74.1 BUILDING SKILLS THROUGH PROFESSIONAL EDUCATION.
        2. 74.2 INFORMATION SECURITY CERTIFICATIONS.
        3. 74.3 PREPARING FOR SECURITY CERTIFICATION EXAMINATIONS.
        4. 74.4 COMMERCIAL TRAINING IN INFORMATION ASSURANCE.
        5. 74.5 CONCLUDING REMARKS.
        6. 74.6 NOTES
      7. CHAPTER 75: UNDERGRADUATE AND GRADUATE EDUCATION IN INFORMATION ASSURANCE
        1. 75.1 INTRODUCTION.
        2. 75.2 U.S. INITIATIVES IN TRAINING AND EDUCATION OF INFORMATION ASSURANCE
        3. 75.3 DISTANCE LEARNING IN HIGHER EDUCATION
        4. 75.4 BUSINESS CONTINUITY MANAGEMENT.
        5. 75.5 CONCLUDING REMARKS.
        6. 75.6 NOTES
      8. CHAPTER 76: EUROPEAN GRADUATE WORK IN INFORMATION ASSURANCE AND THE BOLOGNA DECLARATION1
        1. 76.1 UNDERGRADUATE AND GRADUATE EDUCATION.
        2. 76.2 CONVERGENCE OF EDUCATIONAL PROGRAMS.
        3. 76.3 BACHELOR'S AND MASTER'S IN INFORMATION SECURITY.
        4. 76.4 COMPUTER SCIENCE: DOES IT ENCOMPASS INFORMATION SECURITY, ASSURANCE, AND SECURITY ASSURANCE?
        5. 76.5 BOLOGNA BACHELOR'S DEGREE.
        6. 76.6 MOVING FROM UNDERGRADUATE TO GRADUATE EDUCATION: BOLOGNA.
        7. 76.7 EXECUTIVE AND SPECIALIZED MASTER'S DEGREES.
        8. 76.8 SIMILARITIES AND DIFFERENCES: ARTS AND SCIENCE.
        9. 76.9 WHAT DO PROGRAMS IN INFORMATION SECURITY TEACH STUDENTS?
        10. 76.10 UNDERGRADUATE EDUCATION: POLYTECHNICS AND UNIVERSITY.
        11. 76.11 INFORMATION ASSURANCE: DEFINING THE TERRITORY.
        12. 76.12 TEACHING INFORMATION SECURITY: THE MALWARE EXAMPLE.
        13. 76.13 CONCLUSION OF EUROPEAN INITIATIVES OVERVIEW.
        14. 76.14 IMPLICATIONS FOR EDUCATION.
        15. 76.15 IMPLICATIONS FOR MANAGERS.
        16. 76.16 NOTES
      9. CHAPTER 77: THE FUTURE OF INFORMATION ASSURANCE1
        1. 77.1 INTRODUCTION
        2. 77.2 VIEW OF THE FUTURE.
        3. 77.3 FOUNDATIONS OF ASSURANCE
        4. 77.4 BEST PRACTICES FOR INCREASING ASSURANCE.
        5. 77.5 ASSURANCE-BASED RISK REDUCTION.
        6. 77.6 ILLUSTRATIVE APPLICATION: COMPUTER-AIDED VOTING.
        7. 77.7 CONCLUSIONS.
        8. 77.8 FURTHER READING
        9. 77.9 NOTES
  3. INDEX