You are previewing Handbook of Research on Information Security and Assurance.
O'Reilly logo
Handbook of Research on Information Security and Assurance

Book Description

The Handbook of Research on Information Security and Assurance offers comprehensive definitions and explanations on topics such as firewalls, information warfare, encryption standards, and social and ethical concerns in enterprise security. Edited by scholars in information science, this reference provides tools to combat the growing risk associated with technology.

Table of Contents

  1. Copyright
  2. Editorial Advisory Board
  3. Preface
  4. Acknowledgment
  5. Enterprise Security
    1. Ransomware: A New Cyber Hijacking Threat to Enterprises
      1. ABSTRACT
      2. INTRODUCTION
      3. IN-DEPTH ANALYSIS: HOW RANSOMWARE WORKS
      4. MALWARE COMPARISONS
      5. FUTURE TRENDS
      6. RECOMMENDATIONS FOR ANTIRANSOMWARE
      7. CONCLUSION
    2. REFERENCES
      1. KEY TERMS
    3. E-Commerce: The Benefits, Security Risks, and Countermeasures
      1. ABSTRACT
      2. INTRODUCTION: WHY E-COMMERCE?
      3. SECURITY RISKS IN CURRENT E-COMMERCE
      4. TECHNICAL COUNTERMEASURES
      5. NON-TECHNICAL SECURITY ENHANCEMENT IN E-COMMERCE
      6. CONCLUSION AND FUTURE TRENDS
    4. REFERENCES
      1. KEY TERMS
    5. Information Warfare: Survival of the Fittest
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. SURVIVAL OF THE FITTEST
      5. RECOMMENDATIONS AND FUTURE TRENDS
      6. CONCLUSION
    6. REFERENCES
      1. KEY TERMS
    7. Evolution of Enterprise Security Federation
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND AND MOTIVATION
      4. INTEGRATED SECURITY FRAMEWORK
      5. COOPERATIVE SECURITY FRAMEWORK
      6. CONCLUSION AND FUTURE WORK
    8. REFERENCES
      1. KEY TERMS
    9. A Holistic Approach to Information Security Assurance and Risk Management in an Enterprise
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. BUSINESS DRIVERS THAT INCREASE SECURITY EXPOSURE
      5. CASE EXAMPLE
      6. ENTERPRISE LEVEL RISK MANAGEMENT
      7. FUTURE TRENDS
      8. CONCLUSION
    10. REFERENCES
      1. KEY TERMS
    11. An Integrative Framework for the Study of Information Security Management Research
      1. ABSTRACT
      2. INTRODUCTION
      3. DIMENSIONS OF INFORMATION SECURITY MANAGEMENT
      4. OVERALL ANALYSIS
      5. CONCLUSION
    12. REFERENCES
      1. KEY TERMS
    13. Information Systems Risk Management: An Audit and Control Approach
      1. ABSTRACT
      2. INTRODUCTION
      3. A RISK-BASED AUDIT APPROACH
      4. PLANNING THE AUDIT
      5. COSO
      6. RISK ASSESSMENT
      7. THREAT-VULNERABILITY IDENTIFICATION
      8. MEASURING THE RISK
      9. CONTROL RECOMMENDATIONS
      10. RISK MITIGATION
      11. EMERGING ISSUES AND TRENDS
      12. CONCLUSION
    14. REFERENCES
      1. KEY TERMS
  6. Security Approaches, Frameworks, Tools, and Technologies
    1. Distributed Denial of Service Attacks in Networks
      1. ABSTRACT
      2. INTRODUCTION
      3. ATTACK MECHANISM
      4. IDEAL SOLUTION CHARACTERISTICS
      5. BACKGROUND
      6. ANALYSIS OF FEW IMPORTANT TECHNIQUES
      7. FUTURE TRENDS
      8. BEST PRACTICES
      9. CONCLUSION
      10. ACKNOWLEDGMENT
    2. REFERENCES
      1. KEY TERMS
      2. ENDNOTE
    3. Firewalls as Continuing Solutions for Network Security
      1. ABSTRACT
      2. INTRODUCTION
      3. WHAT IS A FIREWALL
      4. INTERNAL SECURITY
      5. COST-BENEFIT ANALYSIS
      6. SUMMARY
    4. REFERENCES
      1. KEY TERMS
    5. An Immune-Inspired Approach to Anomaly Detection
      1. ABSTRACT
      2. INTRODUCTION
      3. BIOLOGICALLY-INSPIRED APPROACHES
      4. PROCESS ANOMALY DETECTION
      5. THE libtissue SYSTEM
      6. VALIDATION OF APPROACH
      7. CONCLUSION
    6. REFERENCES
      1. KEY TERMS
    7. Cryptography for Information Security1
      1. ABSTRACT
      2. INTRODUCTION
      3. MATHEMATICS BACKGROUND
      4. MATHEMATICAL PROBLEMS
      5. CLASSICAL CRYPTOSYSTEM
      6. CLASSICAL SYSTEM ATTACKS
      7. BLOCK CIPHER FAMILY
      8. STREAM CIPHER
      9. PUBLIC KEY
      10. RSA
      11. RABIN
      12. DIGITAL SIGNATURE (ALSO CALLED ELECTRONIC SIGNATURE)
      13. HASH FUNCTIONS
      14. MASH
      15. CRYPTOGRAPHY KEY MANAGEMENT
      16. CRYPTOGRAPHY APPLICATION (HANSCHE, BERTI, & HARE, 2003; JAVVIN TECHNOLOGIES, 2006; STALLINGS, 2006; WAN, 2003)
      17. OTHER SERVICES
      18. FUTURE TRENDS(CAO & CAO, 2006; DWORK, 2006; SHOUP, 2005; TARTARY & WANG, 2006)
    8. REFERENCES
      1. KEY TERMS
      2. ENDNOTE
    9. Memory Corruption Attacks, Defenses, and Evasions
      1. ABSTRACT
      2. INTRODUCTION
      3. WHAT ARE LOW-LEVEL CODING VULNERABILITIES AND HOW ARE THEY EXPLOITED?
      4. RESEARCH ON DEFENSE AND EVASION
      5. CONCLUSION
    10. REFERENCES
      1. KEY TERMS
    11. Design and Implementation of a Distributed Firewall
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. FIRE-AGENT: A FIREWALL USING AGENTS
      5. IMPLEMENTATION DETAILS
      6. CONCLUSION AND FUTURE WORK
    12. REFERENCES
      1. KEY TERMS
      2. ENDNOTES
    13. A Formal Verification Centred Development Process for Security Protocols
      1. ABSTRACT
      2. INTRODUCTION
      3. FORMAL VERIFICATION OF SECURITY PROTOCOLS
      4. A FORMAL VERIFICATION-CENTERED DEVELOPMENT PROCESS FOR SECURITY PROTOCOLS
      5. CASE-STUDY: DESIGNING A PROVABLY SECURE CRYPTOGRAPHIC PROTOCOL
      6. FUTURE TRENDS
      7. CONCLUSION
    14. REFERENCES
      1. KEY TERMS
    15. Edge-to-Edge Network Monitoring to Detect Service Violations and DoS Attacks
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. OVERLAY-BASED MONITORING: ARCHITECTURE AND MEASUREMENTS
      5. DETECTING AND CONTROLLING SLA VIOLATIONS AND ATTACKS
      6. COMPARATIVE EVALUATION
      7. CONCLUSION
    16. REFERENCES
      1. KEY TERMS
    17. A "One-Pass" Methodology for Sensitive Data Disk Wipes
      1. ABSTRACT
      2. INTRODUCTION
      3. OVERVIEW
      4. EXPERIMENT RESULTS
      5. DISCUSSION OF FINDINGS
      6. CONCLUSION
    18. REFERENCES
      1. KEY TERMS
    19. Securing E-Mail Communication with XML Technology
      1. ABSTRACT
      2. INTRODUCTION
      3. PLAIN E-MAIL FORMATS AND TRANSMISSION PROTOCOLS
      4. SECURE E-MAIL FORMATS
      5. S/MIME
      6. XMAIL
      7. CONCLUSION
    20. REFERENCES
      1. KEY TERMS
    21. Aspect-Oriented Analysis of Security in Distributed Virtual Environment
      1. ABSTRACT
      2. ASPECT-ORIENTED ANALYSIS OF SECURITY IN DISTRIBUTED VIRTUAL ENVIRONMENT
      3. RELATED WORK
      4. BACKGROUND
      5. ASPECT-ORIENTED APPROACH TO ENHANCING DVE SECURITY
      6. FUTURE TRENDS
      7. CONCLUSION
    22. REFERENCES
      1. KEY TERMS
    23. Information Availability
      1. ABSTRACT
      2. INTRODUCTION
      3. DEFINING INFORMATION AVAILABILITY
      4. FACTORS IMPACTING INFORMATION AVAILABILITY
      5. CONCLUDING REMARKS
    24. REFERENCES
      1. KEY TERMS
    25. Formal Analysis and Design of Authentication Protocols
      1. ABSTRACT
      2. INTRODUCTION
      3. CRYPTOGRAPHY
      4. CRYPTOGRAPHIC PROTOCOLS
      5. NEEDHAM-SCHROEDER PROTOCOL
      6. FORMAL ANALYSIS OF AUTHENTICATION PROTOCOLS
      7. SCHNEIDER'S CSP APPROACH
      8. RANK FUNCTIONS
      9. FUTURE TRENDS AND CONCLUSION
      10. ACKNOWLEDGMENT
    26. REFERENCES
      1. KEY TERMS
    27. Access Control Frameworks for a Distributed System
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. UNIFRAME
      5. VALIDATION OF ACCESS CONTROL BEHAVIOR
      6. FUTURE TRENDS
      7. CONCLUSION
      8. ACKNOWLEDGMENT
    28. REFERENCES
      1. KEY TERMS
    29. Implications of FFIEC Guidance on Authentication in Electronic Banking
      1. ABSTRACT
      2. INTRODUCTION AND BACKGROUND
      3. INTERNET BANKING AND AUTHENTICATION
      4. CHAPTER ORGANIZATION AND CONTRIBUTION
      5. THE FFIEC GUIDANCE
      6. ASSESSMENT PHASE
      7. IMPLEMENTATION AND COMPLIANCE PHASE
      8. TECHNICAL REVIEW AND USER IMPACT ASSESSMENT
      9. DISCUSSIONS AND CONCLUSION
    30. REFERENCES
      1. KEY TERMS
    31. Disruptive Technology Impacts on Security
      1. ABSTRACT
      2. BACKGROUND
      3. NEW TECHNOLOGIES CHALLENGE SECURITY PARADIGMS
      4. RFID
      5. THREATS
      6. SOLUTIONS
      7. CONCLUSION
    32. REFERENCES
      1. KEY TERMS
      2. ENDNOTE
  7. Security Policies and Procedures
    1. Internal Auditing for Information Assurance
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. MAIN FOCUS OF THE CHAPTER
      5. COMPLIANCE
      6. INTERNAL CONTROL ASSESSMENT
      7. SYSTEMS DEVELOPMENT
      8. GOVERNANCE
      9. CURRENT PRACTICES IN INTERNAL AUDIT
      10. FUTURE TRENDS
      11. CONCLUSION
    2. REFERENCES
      1. KEY TERMS
    3. IT Continuity in the Face of Mishaps
      1. ABSTRACT
      2. INTRODUCTION
      3. REVISING COMMON ASSUMPTIONS ABOUT DISASTER
      4. CONSEQUENCES OF DISASTER
      5. GENERAL PREPAREDNESS
      6. SUCCESS FACTORS IN MINIMIZING RISK AND LOSS
      7. PHYSICAL SECURITY
      8. PROVIDING FOR IT SYSTEMS CONTINUITY AFTER A DISASTER
      9. CONCLUSION
    4. REFERENCES
      1. KEY TERMS
    5. Business Continuity and Disaster Recovery Plans
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. THE THREE-PHASE APPROACH TO BUSINESS CONTINUITY AND DISASTER RECOVERY
      5. FUTURE TRENDS
      6. CONCLUSION
    6. REFERENCES
      1. KEY TERMS
    7. Security Policies and Procedures
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. PRACTICAL GUIDANCE FOR SECURITY POLICIES
      5. CONCLUSION
    8. REFERENCES
      1. KEY TERMS
    9. Enterprise Access Control Policy Engineering Framework
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. REQUIREMENTS OF ENTERPRISE ACCESS CONTROL POLICY LANGUAGE
      5. ACCESS CONTROL MODELS
      6. VERIFICATION OF ACCESS CONTROL POLICIES
      7. VALIDATION OF ACCESS CONTROL SYSTEMS
      8. CONCLUSION
    10. REFERENCES
      1. KEY TERMS
    11. Information Security Policies: Precepts and Practices
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. FUTURE TRENDS
      5. CONCLUSION
    12. REFERENCES
      1. KEY TERMS
    13. A Guide to Non – Disclosure Agreements for Researchers
      1. ABSTRACT
      2. INTRODUCTION AND OBJECTIVES
      3. BACKGROUND
      4. LEGAL OVERVIEW
      5. LITERATURE REVIEW
      6. GUIDELINES
      7. FUTURE TRENDS
      8. CONCLUSION
      9. LIMITATIONS AND DIRECTIONS FOR FUTURE RESEARCH
      10. DISCLAIMER
      11. NOTE
      12. ACKNOWLEDGMENT
    14. REFERENCES
      1. ADDITIONAL SOURCES
      2. SAMPLE NDA FOR CLINICAL TRIALS
      3. WIKI FOR DISCUSSION
      4. KEY TERMS
      5. ENDNOTES
      6. APPENDIX
    15. Assurance for Temporal Compatibility Using Contracts
      1. ABSTRACT
      2. INTRODUCTION
      3. RELATED WORK
      4. TEMPORAL INTERACTION CONTRACTS
      5. COMPATIBILITY ANALYSIS
      6. A SIMPLE EXAMPLE
      7. CONCLUSION AND FUTURE WORK
    16. REFERENCES
      1. KEY TERMS
    17. Spatial Authentication Using Cell Phones
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. OUR SCHEME: SPATIAL AUTHENTICATION USING CELL PHONES (SAC)
      5. ANALYSIS
      6. CONCLUSION
    18. REFERENCES
      1. KEY TERMS
  8. Mitigating Security Risks
    1. Plugging Security Holes in Online Environment
      1. ABSTRACT
      2. INTRODUCTION
      3. VULNERABILITY IN AN ONLINE ENVIRONMENT
      4. A FRAMEWORK FOR PLUGGING SECURITY HOLES
      5. FUTURE TRENDS
      6. CONCLUSION
    2. REFERENCES
      1. KEY TERMS
    3. Six Keys to Improving Wireless Security
      1. ABSTRACT
      2. INTRODUCTION
      3. KEY 1: ENCRYPT SENSITIVE DATA
      4. KEY 2: REQUIRE STRONG AUTHENTICATION
      5. KEY 3: PROPER NETWORK DESIGN AND CONFIGURATION
      6. KEY 4: ENSURE PHYSICAL SECURITY
      7. KEY 5: POLICY DEVELOPMENT AND MONITORING
      8. KEY 6: USER TRAINING
      9. SUMMARY AND CONCLUSION
    4. REFERENCES
      1. KEY TERMS
      2. ENDNOTE
    5. Human Factors in Information Security and Privacy
      1. ABSTRACT
      2. INTRODUCTION
      3. HUMAN FACTORS ISSUES IN INFORMATION SECURITY
      4. HUMAN FACTORS ISSUES IN PRIVACY PROTECTION
      5. CONCLUSION
    6. REFERENCES
      1. AUTHORS' NOTE
      2. KEY TERMS
    7. Threat Modeling and Secure Software Engineering Process
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. FUTURE TRENDS
      5. CONCLUSION
    8. REFERENCES
      1. KEY TERMS
    9. Guarding Corporate Data from Social Engineering Attacks
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. METHODOLOGY
      5. RESULTS
      6. DISCUSSION
      7. RECOMMENDATIONS
      8. FUTURE RESEARCH
      9. CONCLUSION
    10. REFERENCES
      1. KEY TERMS
    11. Data Security for Storage Area Networks
      1. ABSTRACT
      2. INTRODUCTION
      3. WHY SANs?
      4. WHERE IS STORAGE SECURITY NEEDED?
      5. THREE ASPECTS OF SAN SECURITY
      6. SECURING THE SAN DATA TRANSPORT
      7. SECURING STORAGE DATA PLACEMENT
      8. SECURING THE MANAGEMENT INTERFACE
      9. CONCLUSION
    12. REFERENCES
      1. KEY TERMS
    13. Security Awareness: Virtual Environments and E-Learning
      1. ABSTRACT
      2. INTRODUCTION
      3. VIRTUAL ENVIRONMENTS
      4. MEASURING SUCCESS
      5. CONCLUSION
    14. REFERENCES
      1. KEY TERMS
    15. Security-Efficient Identity Management Using Service Provisioning (Markup Language)
      1. ABSTRACT
      2. INTRODUCTION
      3. PRELIMINARIES AND KEY CONCEPTS
      4. FUNCTIONAL AND ARCHITECTURAL REVIEW OF SPML
      5. BUSINESS AND SECURITY IMPERATIVES
      6. A SPML IMPLEMENTATION SCENARIO
      7. DISCUSSION AND CONCLUSION
    16. REFERENCES
      1. KEY TERMS
    17. A Strategy for Enterprise VoIP Security
      1. ABSTRACT
      2. INTRODUCTION
      3. BENEFITS OF VoIP
      4. VoIP MODELS
      5. VoIP UTILIZATION IN EDUCATION
      6. VoIP IMPLEMENTATION CONCERNS
      7. VoIP SECURITY CONCERNS
      8. VoIP QUALITY OF SERVICE (QoS)
      9. VoIP SECURITY ASSURANCE STRATEGIES
      10. DISASTER RECOVERY AND VoIP
      11. CONCLUSION
    18. REFERENCES
      1. KEY TERMS
    19. Critical Success Factors and Indicators to Improve Information Systems Security Management Actions
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. THE ISSMF
      5. INDICATORS
      6. CONCLUSION
    20. REFERENCES
      1. KEY TERMS
      2. ENDNOTES
    21. Privacy, Societal, and Ethical Concerns in Security
      1. ABSTRACT
      2. INTRODUCTION
      3. SECURITY
      4. PRIVACY
      5. PRIVACY AND THE LAW
      6. MONITORING THE WORKPLACE
      7. COPYRIGHT LAWS
      8. ETHICS
      9. POLICIES AND PROCEDURES
      10. FUTURE CONCERNS
      11. CONCLUSION
    22. REFERENCES
      1. KEY TERMS
    23. An MDA Compliant Approach for Designing Secure Data Warehouses
      1. ABSTRACT
      2. INTRODUCTION
      3. RELATED WORK
      4. AN MDA AND MDS COMPLIANT APPROACH
      5. CONCLUSION
    24. REFERENCES
      1. KEY TERMS
    25. Survivability Evaluation Modeling Techniques and Measures
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. MODELING TECHNIQUES
      5. EVALUATION METRICS
      6. MODEL VALIDATION
      7. RESULTS
      8. FUTURE TRENDS
      9. CONCLUSION
      10. ACKNOWLEDGMENT
    26. REFERENCES
      1. KEY TERMS
    27. The Last Line of Defense: A Comparison of Windows and Linux Authentication and Authorization Features
      1. ABSTRACT
      2. THE LAST LINE OF DEFENSE: THE OPERATING SYSTEM
      3. AUTHENTICATION
      4. AUTHORIZATION
      5. ASSESSMENT
      6. SUMMARY AND CONCLUSION
    28. REFERENCES
    29. Bioterrorism and Biosecurity
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. CHALLENGES IN BIOSECURITY
      5. INFORMATION TECHNOLOGY FOR BIOSECURITY
      6. BIOMETRIC MEASURES FOR BIOSECURITY
      7. INFORMATION TECHNOLOGY SYSTEMS BASED ON DATA COLLECTION/PREVENTION TECHNIQUES
      8. BIOSECURITY FOR BIOLOGICAL DATABASES
      9. CONCLUSION
    30. REFERENCES
      1. KEY TERMS
  9. About the Contributors
  10. Index