Adams, Carlisle, and Steve Lloyd. “Core PKI Services: Authentication, Integrity, and Confidentiality” (Microsoft TechNet, 2009). http://technet.microsoft.com/en-us/library/cc700808.aspx (accessed May 16, 2010).

Adams, Carlisle, and Steve Lloyd. Understanding PKI: Concepts, Standards, and Deployment Considerations, 2nd ed. New York: Addison-Wesley Professional, 2002.

Allsopp, Wil. Unauthorised Access: Physical Penetration Testing for IT Security Teams. Hoboken, NJ: John Wiley & Sons, 2009.

Austin, Thomas. PKI: A Wiley Tech Brief, 1st ed. New York: John Wiley & Sons, 2001.

Barman, Scott. Writing Information Security Policies. Indianapolis: New Riders Publishing, 2002.

Bosworth, Seymour, M. E. Kabay, and Eric Whyne, eds. Computer Security Handbook, 5th ed. Hoboken, NJ: John Wiley & Sons, 2009.

Britton, Chris, and Peter Bye. IT Architectures and Middleware: Strategies for Building Large, Integrated Systems, 2nd ed. Indianapolis: Addison-Wesley Professional, 2004.

Center for Internet Security. http://cisecurity.org/en-us/? (accessed April 14, 2010).

Cole, Eric. Network Security Bible, 2nd ed. New York: Wiley, 2009.

Deluccia IV, James J. IT Compliance and Controls: Best Practices for Implementation. New York: Wiley, 2008.

Ferraiolo, David F., D. Richard Kuhn, and Ramaswamy Chandramouli. Role-Based Access Control. Norwood, MA: Artech House Publishers, 2003.

“FFIEC Releases Supplemental Guidance on Internet Banking” (FFIEC.gov, Press Releases section, June 28, 2011). https://www.ffiec.gov/press/pr062811.htm (accessed March 19, 2020).

Fry, Chris, and Martin Nystrom. Security Monitoring, 1st ed. Sebastopol, CA: O’Reilly Media, Inc., 2009.

Gregg, Michael, and David Kim. Inside Network Security Assessment: Guarding Your IT Infrastructure, 1st ed. Indianapolis: Sams, 2005.

Harris, Shon. CISSP All-in-One Exam Guide, 3rd ed. (All-In-One Certification). New York: McGraw-Hill Osborne Media, 2005.

Harris, Shon. “Cryptography.” In CISSP All-in-One Exam Guide, 3rd ed. New York: McGraw-Hill/Osborne Media, 2005, 587–683.

Institute of Electrical and Electronics Engineers (IEEE). http://www.ieee.org/index.html (accessed April 11 and 14, 2010).

International Organization for Standardization (ISO). http://www.iso.org/iso/home.htm (accessed April 14, 2010).

Internet Engineering Task Force (IETF) Web site. http://www.ietf.org/ (accessed April 14, 2010).

“Introduction to RBAC” (HISSA, January 9, 1995). https://csrc.nist.gov/CSRC/media/Publications /Shared/documents/itl-bulletin/cslbul1995-12.txt (accessed March 19, 2020).

Kelley, Jay. Network Access Control for Dummies. Somerset, NJ: Wiley, 2009.

“Kerberos: The Network Authentication Protocol” (MIT, April 8, 2010). http://web.mit.edu /Kerberos/ (accessed April 11, 2010).

Krawetz, Neal. Introduction to Network Security (Networking Series), 1st ed. Rockland, MA: Charles River Media, 2006.

Lam, Kevin, David LeBlanc, and Ben Smith. Assessing Network Security. Redmond, WA: Microsoft Press, 2004.

Landoll, Douglass J. The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments. Boca Raton, FL: Auerbach Publications, 2005.

Lemos, Robert. “Microsoft Warns of Hijacked Certificates” (CNET News Technology News, January 2, 2002). http://news.cnet.com/2100-1001-254586.html&tag=tp_pr (accessed May 16, 2010).

Manzuik, Steve, Ken Pfeil, Andrew Gold. Network Security Assessment: From Vulnerability to Patch, 1st ed. Burlington, MA: Syngress, 2006.

McCabe, James D. Network Analysis, Architecture, and Design, Third Edition (The Morgan Kaufmann Series in Networking). San Francisco: Morgan Kaufmann, 2007.

Mel, H.X., and Doris M. Cryptography Decrypted, 1st ed. New York: Addison-Wesley Professional, 2000.

MIT Kerberos Consortium. http://www.kerberos.org/index.html (accessed April 11, 2010).

Mitnick, Kevin D, and William L. Simon, and Steve Wozniac. The Art of Deception: Controlling the Human Element of Security. Somerset, NJ: John Wiley & Sons, 2003.

“National Information Assurance (IA) Glossary,” CNSS Instruction No. 4009 (Committee on National Security Systems, April 26, 2010). https://www.hsdl.org/?view&did=7447 (accessed March 19, 2020).

National Institute of Standards and Technology (NIST). http://www.nist.gov/index.html (accessed April 11, 2010).

NIST: Computer Security Resource Center. “An Introduction to Role-Based Access Control” (NIST Computer Security Division—Computer Security Resource Center, December 1995). http://csrc.nist.gov/groups/SNS/rbac/documents/design_implementation/Intro_role_based_access.htm (accessed April 19, 2010).

Oram, Andy, Anton Chuvakin, and John Viega. Beautiful Security, 1st ed. Sebastopol, CA: O’Reilly Media, Inc., 2009.

Requirement, Legal. “NIST.gov–Computer Security Division–Computer Security Resource Center.” http://csrc.nist.gov/ (accessed April 14, 2010).

“RFC 1492—An Access Control Protocol, Sometimes Called TACACS” (Internet FAQ Archives, July1993). http://www.faqs.org/rfcs/rfc1492.html (accessed April 27, 2010).

“RFC 1994—PPP Challenge Handshake Authentication Protocol (CHAP)” (Internet FAQ Archives, August1996). http://www.faqs.org/rfcs/rfc1994.html (accessed April 27, 2010).

“RFC 2138—Remote Authentication Dial In User Service (RADIUS)” (Internet FAQ Archives, April 1997). http://www.faqs.org/rfcs/rfc2138.html (accessed April 27, 2010).

“RFC 2284—PPP Extensible Authentication Protocol (EAP)” Internet FAQ Archives, March 1998). http://www.faqs.org/rfcs/rfc2284.html (accessed April 27, 2010).

“RFC 2637 (rfc2637)—Point-to-Point Tunneling Protocol (PPTP)” Internet FAQ Archives, July 1999). http://www.faqs.org/rfcs/rfc2637.html (accessed April 27, 2010).

“RFC 4120—The Kerberos Network Authentication Service (V5)” (IETF Tools, July 2005). http://tools.ietf.org/html/rfc4120 (accessed April 11, 2010).

“Role Based Access Controls” (NIST Computer Security Division, Computer Security Resource Center, 1992). http://csrc.nist.gov/nissc/1992/Role_Based_Access_Control-nissc-1992.html (accessed April 19, 2010).

Schneier, Bruce. Secrets and Lies: Digital Security in a Networked World. Somerset, NJ: Wiley, 2004.

Schultz, E. Eugene, and Russell Schumway. Incident Response: A Strategic Guide to Handling System and Network Security Breaches. Indianapolis, IN: New Riders Publishing, 2001.

“TACACS+ and RADIUS Comparison” (Cisco Systems, January 14, 2008). http://www.cisco .com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml (accessed Apri 27, 2010).

“US Coast Guard, Hawaii Improve Port Safety, Security and Commerce Through CIBER’s Web-Based System” (CIBER, n.d.). http://www.ciber.com/ciber_overview/stories/search_results_single.cfm?id=coastguard (accessed May 15, 2010).

US Department of Commerce, Office of the Chief Information Officer. “Electronic Transmission of PII Policy” (n.d.). https://www.osec.doc.gov/opog/privacy/pii_bii.html (accessed March 5, 2010).

Vacca, John. Network and System Security, 1st ed. Burlington, MA: Syngress, 2010.

Von Clausewitz, Carl. On War. Brooklyn, NY: Brownstone Books, 1909.

Whitman, Michael. Principles of Information Security. Florence, KY: Course Technology, 2007.

Wiles, Jack, et al. Techno Security’s Guide to Securing SCADA: A Comprehensive Handbook on Protecting the Critical Infrastructure, 1st ed. Burlington, MA: Syngress, 2008.

Wilhelm, Thomas. Professional Penetration Testing: Creating and Operating a Formal Hacking Lab. Burlington, MA: Syngress, 2009.

“Wireless Deployment Technology and Component Overview,” Microsoft TechNet: Resources for IT Professionals. http://technet.microsoft.com/en-us/library/bb457015.aspx (accessed May 11, 2010).

Wright, Craig. The IT Regulatory and Standards Compliance Handbook: How to Survive an Information Systems Audit and Assessments. Burlington, MA: Syngress, 2008.