You are previewing Threats, Countermeasures, and Advances in Applied Information Security.
O'Reilly logo
Threats, Countermeasures, and Advances in Applied Information Security

Book Description

Organizations are increasingly relying on electronic information to conduct business, which has caused the amount of personal information to grow exponentially.
Threats, Countermeasures, and Advances in Applied Information Security addresses the fact that managing information security program while effectively managing risks has never been so critical. This book contains 24 chapters on the most relevant and important issues and advances in applied information security management. The chapters are authored by leading researchers and practitioners in the field of information security from across the globe. The chapters represent emerging threats and countermeasures for effective management of information security at organizations.

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Preface
  5. Chapter 1: A Pragmatic Approach to Intrusion Response Metrics
    1. ABSTRACT
    2. INTRODUCTION
    3. RECENT APPROACHES
    4. SOLUTIONS AND RECOMMENDATIONS
    5. IMPLEMENTATION
    6. FUTURE RESEARCH DIRECTIONS
    7. CONCLUSION
  6. Chapter 2: Feature Extraction Methods for Intrusion Detection Systems
    1. ABSTRACT
    2. INTRODUCTION
    3. THEORETICAL BACKGROUND
    4. EXPERIMENTAL RESULTS
    5. DISCUSSIONS AND FUTURE DIRECTIONS
    6. CONCLUSION
  7. Chapter 3: A Distributed and Secure Architecture for Signature and Decryption Delegation through Remote Smart Cards
    1. ABSTRACT
    2. INTRODUCTION
    3. DESIGN OF A PROXY SMART CARD SYSTEM
    4. ANALYSIS OF PSCS
    5. CONCLUSION
  8. Chapter 4: Information Security Management
    1. ABSTRACT
    2. INTRODUCTION
    3. METHODOLOGY
    4. CONCLUSION
    5. FUTURE RECOMMENDATIONS
  9. Chapter 5: Analyzing Information Security Goals
    1. ABSTRACT
    2. INTRODUCTION
    3. BACKGROUND
    4. INFORMATION SECURITY GOALS AT A SWEDISH HOSPITAL
    5. SOLUTIONS AND RECOMMENDATIONS
    6. FUTURE RESEARCH DIRECTIONS
    7. CONCLUSION
  10. Chapter 6: Graphical Passwords
    1. ABSTRACT
    2. INTRODUCTION
    3. BACKGROUND
    4. GRAPHICAL PASSWORD: A REVIEW
    5. SECURITY CONCERNS
    6. USABILITY CONCERNS
    7. CONCLUSION
  11. Chapter 7: Assessing the Security of Software Configurations
    1. ABSTRACT
    2. INTRODUCTION
    3. BACKGROUND AND RELATED WORK
    4. GENERIC APPROACH TO FOR DEFINING APPRAISALS BASED ON SECURITY BEST PRACTICES
    5. SECURITY BEST PRACTICES FOR DATABASE ADMINISTRATION
    6. AN APPRAISAL TO ASSESS THE SECURITY OF DATABASE CONFIGURATIONS
    7. SELECTING SOFTWARE PACKAGES FOR DATABASE INSTALLATIONS
    8. CONCLUSION
    9. APPENDIX
  12. Chapter 8: A Decision Support System for Privacy Compliance
    1. ABSTRACT
    2. INTRODUCTION
    3. BACKGROUND
    4. HP PRIVACY ADVISOR
    5. KNOWLEDGE REPRESENTATION AND INFERENCE
    6. FUTURE RESEARCH DIRECTIONS
    7. CONCLUSION
  13. Chapter 9: Information Security Management Based on Linguistic Sharing Techniques
    1. ABSTRACT
    2. INTRODUCTION
    3. INFORMATION MANAGEMENT METHODS
    4. TYPES OF INFORMATION SPLITTING AND SHARING TECHNIQUES
    5. HIERARCHICAL INFORMATION DIVISION AND MANAGEMENT
    6. THE IDEA BEHIND LINGUISTIC THRESHOLD SCHEMES
    7. USING THRESHOLD SCHEMES IN HIERARCHICAL STRUCTURES
    8. PROPERTIES OF LINGUISTIC THRESHOLD SCHEMES
    9. CONCLUSION
  14. Chapter 10: SQL Injection Attacks Countermeasures
    1. ABSTRACT
    2. INTRODUCTION
    3. BACKGROUND
    4. A LEARNING-BASED APPROACH TO DETECT INJECTION ATTACKS
    5. CONTEXT-SENSITIVE STRING EVALUATION (CSSE)
    6. CSSE IMPLEMENTATION
    7. VARIABLE NORMALIZATION
    8. AMNESIA
    9. STORED PROCEDURES
    10. DISCUSSION
    11. CONCLUSION
  15. Chapter 11: Security and Authentication Issues of an Embedded System Designed and Implemented for Interactive Internet Users
    1. ABSTRACT
    2. INTRODUCTION
    3. SCHEMATIC DESCRIPTION OF THE FUNCTIONING COMPONENTS
    4. OVERALL HARDWARE SETUP WITH INTERNET IMPLEMENTATION
    5. SOFTWARE DEVELOPED FOR THE PROPOSED SYSTEM
    6. MONITORING AND CONTROLLING FROM INTRANET AND INTERNET
    7. IMPLEMENTATION OF AUTHENTICATION ISSUES AND LOGIN PAGE
    8. CONCLUSION AND LINES FOR FUTURE WORK
  16. Chapter 12: Distributed Key Management Scheme Based on CL-PKC in P2P Networks
    1. ABSTRACT
    2. BACKGROUND
    3. THE KEY DISTRIBUTION SCHEME WITH MULTIPLE TRUSTED CENTERS
    4. KEY AGREEMENT PROTOCOL
    5. IMPLEMENTATION OF KEY MANAGEMENT IN P2P NETWORKS
    6. CONCLUSION
  17. Chapter 13: A Privacy Service for Comparison of Privacy and Trust Policies within SOA
    1. ABSTRACT
    2. INTRODUCTION
    3. BACKGROUND
    4. PRIVACY METAMODEL STRUCTURE
    5. TRUST AND THE PRIVACY METAMODEL
    6. PRIVACY SERVICE STRUCTURE
    7. PROOF OF CONCEPT
    8. FUTURE RESEARCH DIRECTIONS
    9. CONCLUSION
  18. Chapter 14: Creating and Applying Security Goal Indicator Trees in an Industrial Environment
    1. ABSTRACT
    2. INTRODUCTION
    3. BACKGROUND
    4. APPLYING SGITS IN PRACTICE
    5. RESULTS AND FUTURE RESEARCH DIRECTIONS
    6. CONCLUSION
  19. Chapter 15: Security Enhancement of Peer-to-Peer Session Initiation
    1. ABSTRACT
    2. INTRODUCTION
    3. SECURITY CHALLENGES
    4. CONCLUSION
  20. Chapter 16: Towards a Framework for Collaborative Enterprise Security
    1. ABSTRACT
    2. INTRODUCTION
    3. THE REINFORCEMENT MODEL
    4. THE PAYOFF MECHANISM
    5. IMPLEMENTATION ISSUES
    6. EXPERIMENTAL ANALYSIS
    7. CHALLENGES FOR COLLABORATIVE SECURITY
    8. DIRECTIONS FOR FUTURE WORK
    9. CONCLUSION
  21. Chapter 17: Privacy-Aware Organisation-Based Access Control Model (PrivOrBAC)
    1. ABSTRACT
    2. INTRODUCTION
    3. MODELLING MOTIVATION
    4. OrBAC
    5. THE PRIVACY-AWARE OrBAC MODEL (PRIVOrBAC)
    6. USE CASE
    7. CONCLUSION
  22. Chapter 18: Can Formal Methods Really Help?
    1. ABSTRACT
    2. INTRODUCTION
    3. THE ROLE OF FORMAL METHODS IN THE DEVELOPMENT OF E-VOTING SYSTEMS
    4. THE USAGE OF FORMAL METHODS
    5. DISCUSSION
    6. FUTURE RESEARCH DIRECTIONS
    7. CONCLUSION
  23. Chapter 19: Countering Spam Robots
    1. ABSTRACT
    2. INTRODUCTION
    3. BACKGROUND
    4. FUTURE RESEARCH DIRECTIONS
    5. CONCLUSION
  24. Chapter 20: Embedded System Security Risk in a Green-House Environment
    1. ABSTRACT
    2. INTRODUCTION
    3. LIFE-CYCLE OF EMBEDDED SYSTEM FOR GREENHOUSE ENVIRONMENT
    4. SOURCES OF VULNERABILITIES IN LIFE-CYCLE
    5. SECURITY IN PRODUCT DESIGN METHODOLOGY
    6. REQUIREMENTS FOR A SECURE PRODUCT DESIGN
    7. SECURITY PHILOSOPHY OF EMBEDDED SYSTEM DEVELOPMENT
    8. SECURITY AT SYSTEM INTERFACE LEVEL
    9. SECURITY AT USER INTERFACE LEVEL
    10. PREVENTION: A SAFE STRATEGY
    11. TOLERANCE
    12. REMOVAL OF VULNERABILITY
    13. VULNERABILITY FORECASTING
    14. CONCLUSION
  25. Chapter 21: Security in Wireless Sensor Networks with Mobile Codes
    1. ABSTRACT
    2. INTRODUCTION
    3. ARCHITECTURES OF WIRELESS SENSOR NETWORKS
    4. SECURITY THREATS IN SENSOR SYSTEMS WITH MOBILE CODES
    5. REALIZATION OF CRYPTOGRAPHY ALGORITHMS FOR WSN NODES
    6. CONCLUSION
  26. Chapter 22: Grid of Security
    1. ABSTRACT
    2. INTRODUCTION
    3. THE SECURITY PROBLEM
    4. THE GRIDS: GENERAL PRESENTATION
    5. FROM GRID TO NETWORK SECURITY ARCHITECTURE
    6. IMPLEMENTATION ISSUES
    7. FUTURE RESEARCH DIRECTIONS
    8. CONCLUSION
  27. Chapter 23: Effective Malware Analysis Using Stealth Breakpoints
    1. ABSTRACT
    2. INTRODUCTION
    3. BACKGROUND AND RELATED WORK
    4. DESIGN AND IMPLEMENTATION
    5. EXPERIENCES
    6. PERFORMANCE EVALUATION
    7. CONCLUSIONS, LIMITATIONS, AND FUTURE RESEARCH
  28. Chapter 24: A Dynamic Cyber Security Economic Model
    1. ABSTRACT
    2. INTRODUCTION
    3. INVOLVED PARTIES
    4. MOTIVATIONS OF VARIOUS PARTIES
    5. DISINCENTIVES (DETERRENTS)
    6. ACTIVE AND PASSIVE ATTACKS AND DEFENSES
    7. PROPOSED ECONOMIC MODEL
    8. FUTURE RESEARCH DIRECTIONS
    9. CONCLUSION
  29. Compilation of References
  30. About the Contributors
  31. Index