[bib-1] Carlisle, Adams, and Steve Lloyd. "Core PKI Services: Authentication, Integrity, and Confidentiality" (Microsoft TechNet, 2009). http://technet.microsoft.com/en-us/library/cc700808.aspx (accessed May 16, 2010).

[bib-2] Carlisle Adams,, and Steve Lloyd. Understanding PKI: Concepts, Standards, and Deployment Considerations, 2nd ed. New York: Addison-Wesley Professional, 2002.

[bib-3] Wil. Allsopp, Unauthorised Access: Physical Penetration Testing for IT Security Teams. Hoboken, NJ: John Wiley & Sons, 2009.

[bib-4] Thomas. Austin, PKI: A Wiley Tech Brief, 1st ed. New York: John Wiley & Sons, 2000.

[bib-5] Doris M. Baker,, Steve Burnett, and H. X. Mel. Cryptography Decrypted, 1st ed. New York: Addison-Wesley Professional, 2000.

[bib-6] Scott. Barman, Writing Information Security Policies. Indianapolis: New Riders Publishing, 2002.

[bib-7] Bosworth,Seymour, M. E.Kabay, and EricWhyne, eds. Computer Security Handbook, 5th ed. Hoboken, NJ: John Wiley & Sons, 2009.

[bib-8] Derek Brink,, Bill Duane, and Celia Joseph. PKI: Implementing & Managing E-Security. Berkeley, CA: McGraw-Hill/Osborne Media, 2001.

[bib-9] Chris Britton,, and Peter Bye. IT Architectures and Middleware: Strategies for Building Large, Integrated Systems. 2nd ed. Indianapolis: Addison-Wesley Professional, 2004.

[bib-10] Center for Internet Security. http://cisecurity.org/en-us/? (accessed April 14, 2010).

[bib-11] Eric. Cole, Network Security Bible. 2nd ed. New York: Wiley, 2009.

[bib-12] IV Deluccia, James J. IT Compliance and Controls: Best Practices for Implementation. New York: Wiley, 2008.

[bib-13] David F. Ferraiolo,, D. Richard Kuhn, and Ramaswamy Chandramouli. Role-Based Access Control. Norwood, MA: Artech House Publishers, 2003.

[bib-14] "FFIEC Releases Guidance on Authentication in Internet Banking Environment" (FFIEC.gov, Press Releases section, October 12, 2005). http://www.ffiec.gov/press/pr101205.htm (accessed April 14, 2010).

[bib-15] "From Paper to an eSystem" (Anglican Care, 2002). http://www.health.gov.au/internet/main/publishing.nsf/Content/5FBB0710ED516DFBCA25714C001FC70E/$File/cs10.pdf (accessed April 30, 2010).

[bib-16] Chris Fry,, and Martin Nystrom. Security Monitoring, 1st ed. Sebastopol, CA: O'Reilly Media, Inc., 2009.

[bib-17] Michael Gregg,, and David Kim. Inside Network Security Assessment: Guarding Your IT Infrastructure. Indianapolis: Sams, 2005.

[bib-18] Shon. Harris, CISSP All-in-One Exam Guide, Third Edition. New York: McGraw-Hill Osborne Media, 2005.

[bib-19] Shon. Harris, "Cryptography." In CISSP All-in-One Exam Guide, Third Edition. New York: McGraw-Hill/Osborne Media, 2005, 587-683.

[bib-20] "Information Security Frame Set" (Federal Financial Institutions Examination Council [FFIEC] IT Handbook InfoBase, n.d.). http://www.ffiec.gov/ffiecinfobase/html_pages/infosec_book_frame.htm (accessed April 20, 2010).

[bib-21] Institute of Electrical and Electronics Engineers (IEEE). http://www.ieee.org/index.html (accessed April 11 and 14, 2010).

[bib-22] International Organization for Standardization (ISO). http://www.iso.org/iso/home.htm (accessed April 14, 2010).

[bib-23] Internet Engineering Task Force (IETF) Web site. http://www.ietf.org/ (accessed April 14, 2010).

[bib-24] "Introduction to RBAC" (HISSA, January 9, 1995). http://hissa.ncsl.nist.gov/rbac/paper/node1.html (accessed April 11, 2010).

[bib-25] M. E. Kabay, "The Parkerian Hexad" (Norwich University, School of Business & Management, 2000). http://www.mekabay.com/overviews/hexad_ppt.zip (accessed May 15, 2010).

[bib-26] Jay. Kelley, Network Access Control For Dummies. Somerset, NJ: Wiley, 2009.

[bib-27] "Kerberos: The Network Authentication Protocol" (MIT, April 8, 2010). http://web.mit.edu/Kerberos/ (accessed April 11, 2010).

[bib-28] Neal. Krawetz, Introduction to Network Security (Networking Series), 1st ed. Rockland, MA: Charles River Media, 2006.

[bib-29] Kevin Lam,, David LeBlanc, and Ben Smith. Assessing Network Security. Redmond, WA: Microsoft Press, 2004.

[bib-30] Douglass J. Landoll The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments. Boca Raton, FL: Auerbach Publications, 2005.

[bib-31] Robert. Lemos, "Microsoft Warns of Hijacked Certificates" (CNET News Technology News, March 22, 2001). http://news.cnet.com/2100-1001-254586.html&tag=tp_pr (accessed May 16, 2010).

[bib-32] Steve Manzuik,, Andre Gold, and Chris Gatford. Network Security Assessment: From Vulnerability to Patch. Burlington, MA: Syngress, 2006.

[bib-33] James D. McCabe, Network Analysis, Architecture, and Design, Third Edition (The Morgan Kaufmann Series in Networking). San Francisco: Morgan Kaufmann, 2007.

[bib-34] MIT Kerberos Consortium. http://www.kerberos.org/index.html (accessed April 11, 2010).

[bib-35] Kevin D Mitnick,, and William L. Simon and Steve Wozniac. The Art of Deception: Controlling the Human Element of Security. Somerset, NJ: John Wiley & Sons, 2003.

[bib-36] "National Information Assurance (IA) Glossary," CNSS Instruction No. 4009 (Committee on National Security Systems, April 26, 2010). http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf (accessed May 15, 2010).

[bib-37] National Institute of Standards and Technology (NIST). http://www.nist.gov/index.html (accessed April 11, 2010).

[bib-38] Andy Oram,, and John Viega. Beautiful Security. 1st ed. Sebastopol, CA: O'Reilly Media, Inc., 2009.

[bib-39] Privacy Rights Clearinghouse: California Identity Theft Laws. http://www.privacyrights.org/ar/ITLawsCA.htm

[bib-40] Requirement, Legal. "NIST.gov-Computer Security Division-Computer Security Resource Center." NIST.gov-Computer Security Division-Computer Security Resource Center. http://csrc.nist.gov/ (accessed April 14, 2010).

[bib-41] "RFC 1492—An Access Control Protocol, Sometimes Called TACACS" (Internet FAQ Archives, July 1993). http://www.faqs.org/rfcs/rfc1492.html (accessed April 27, 2010).

[bib-42] "RFC 1994—PPP Challenge Handshake Authentication Protocol (CHAP)" (Internet FAQ Archives, August 1996). http://www.faqs.org/rfcs/rfc1994.html (accessed April 27, 2010).

[bib-43] "RFC 2138—Remote Authentication Dial In User Service (RADIUS)" (Internet FAQ Archives, April 1997). http://www.faqs.org/rfcs/rfc2138.html (accessed April 27, 2010).

[bib-44] "RFC 2284—PPP Extensible Authentication Protocol (EAP)" Internet FAQ Archives, March 1998). http://www.faqs.org/rfcs/rfc2284.html (accessed April 27, 2010).

[bib-45] "RFC 2637 (rfc2637)—Point-to-Point Tunneling Protocol (PPTP)" Internet FAQ Archives, July 1999). http://www.faqs.org/rfcs/rfc2637.html (accessed April 27, 2010).

[bib-46] "RFC 4120—The Kerberos Network Authentication Service (V5)" (IETF Tools, July 2005). http://tools.ietf.org/html/rfc4120 (accessed April 11, 2010).

[bib-47] Bruce. Schneier, Secrets and Lies: Digital Security in a Networked World. Somerset, NJ: Wiley, 2004.

[bib-48] E. Eugene Schultz,, and Russell Schumway. Incident Response: A Strategic Guide to Handling System and Network Security Breaches. Indianapolis, IN: New Riders Publishing, 2001.

[bib-49] "TACACS+ and RADIUS Comparison" (Cisco Systems, January 14, 2008). http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml (accessed April 27, 2010).

[bib-50] Sun Tzu, and Gerald A. Michaelson. Sun Tzu: The Art of War for Managers; 50 Strategic Rules. Cincinnati, OH: Adams Media, 2010.

[bib-51] "U.S. Coast Guard, Hawaii Improve Port Safety, Security and Commerce Through CIBER's Web-Based System" (CIBER, n.d.). http://www.ciber.com/ciber_overview/stories/search_results_single.cfm?id=coastguard (accessed May 15, 2010).

[bib-52] John. Vacca, Network and System Security. Burlington, MA: Syngress, 2010.

[bib-53] Carl. Von Clausewitz, On War. Brooklyn, NY: Brownstone Books, 2009.

[bib-54] Michael. Whitman, Principles of Information Security. Florence, KY: Course Technology, 2007.

[bib-55] Jack Wiles,, et al. Techno Security's Guide to Securing SCADA: A Comprehensive Handbook on Protecting the Critical Infrastructure. Burlington, MA: Syngress, 2008.

[bib-56] Thomas. Wilhelm, Professional Penetration Testing: Creating and Operating a Formal Hacking Lab. Burlington, MA: Syngress, 2009.

[bib-57] "Wireless Deployment Technology and Component Overview," Microsoft TechNet: Resources for IT Professionals. http://technet.microsoft.com/en-us/library/bb457015.aspx (accessed May 11, 2010).

[bib-58] Craig S. Wright, The IT Regulatory and Standards Compliance Handbook: How to Survive an Information Systems Audit and Assessments. Burlington, MA: Syngress, 2008.