Description

© SidorArt/Shutterstock.

15 U.S. Code Chapter 94, Subchapter I—Disclosure of Nonpublic Personal Information, n.d. Legal Information Institute. https://www.law.cornell.edu/uscode/text/15/chapter-94/subchapter-I (accessed May 4, 2015).

American Institute of Certified Public Accountants. Generally Accepted Privacy Principles. n.d. American Institute of Certified Public Accountants. Accessed April 19, 2015. http://www.aicpa.org/interestareas/informationtechnology/resources/privacy/generallyacceptedprivacyprinciples/Pages/default.aspx.

———. New SOC Reports for Service Organizations Replace SAS 70 Reports, 2011. American Institute of Certified Public Accountants. Accessed April 19, 2015. http://www.cpa2biz.com/Content/media/PRODUCER_CONTENT/Newsletters/Articles_2011/CPA/Feb/SOCReplaceSAS70Reports.jsp.

———. SOC Reports Information for CPAs, n.d. American Institute of Certified Public Accountants. Accessed April 19, 2015a. http://www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/Pages/CPAs.aspx.

Beresford, Dennis R., Nicholas deB. Katzenbach, and C. B. Rogers, Jr. Report of Investigation by the Special Investigative Committee of the Board of Directors of WorldCom, Inc., March 13, 2003. U.S. Securities and Exchange Commission. Accessed April 19, 2015. http://www.sec.gov/Archives/edgar/data/723527/000093176303001862/dex991.htm.

Cannings, Rich, Himanshu Dwivedi, and Zane Lackey. Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions. New York: McGraw-Hill Professional, 2008.

Cannon, David L., Timothy S. Bergmann, and Brady Pamplin. CISA: Certified Information Systems Auditor Study Guide. Indianapolis: Sybex, Wiley Publishing, 2006.

Celender, Jennifer. Information Privacy Topics, A Discussion, 2002. SANS Institute. Accessed April 19, 2015. http://www.sans.org/reading_room/whitepapers/privacy/information_privacy_topics_a_discussion_687.

Children’s Internet Protection Act, 2001. Internet Free Expression Alliance. Accessed April 19, 2015. ifea.net/cipa.pdf.

Clarke, Steve. End-user Computing: Concepts, Methodologies, Tools, and Applications. Hershey, PA: IGI Publishing, 2008.

Committee of Sponsoring Organizations of the Treadway Commission. About Us, 2010. Committee of Sponsoring Organizations of the Treadway Commission. Accessed April 19, 2015. http://www.coso.org/aboutus.htm.

———. Guidance, 2010. Committee of Sponsoring Organizations of the Treadway Commission. Accessed April 19, 2015b. http://www.coso.org/guidance.htm.

Contesti, Diana-Lynn, Douglas Andre, Eric Waxvik, Paul A. Henry, and Bonnie A. Goins. Official (ISC)2 Guide to the SSCP CBK. Boca Raton, FL: Auerbach Publications, Taylor & Francis Group, 2007.

Davis, Chris, Mike Schiller, and Kevin Wheeler. IT Auditing: Using Controls to Protect Information Assets. New York: The McGraw-Hill Companies, 2007.

Ethics Working Group. Ethics Working Group, n.d. Ethics Working Group. Accessed April 19, 2015. http://ethics-wg.org/.

Fair and Accurate Credit Transactions Act of 2003. 2003. U.S. Government Publishing Office. Accessed April 19, 2015. http://www.gpo.gov/fdsys/pkg/PLAW-108publ159/pdf/PLAW-108publ159.pdf.

Family Educational Rights and Privacy Act. n.d. U.S. Department of Education. Accessed April 19, 2015. http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html.

Federal Deposit Insurance Corporation. Gramm-Leach-Bliley Act (Privacy of Consumer Financial Information). n.d. Federal Deposit Insurance Corporation. Accessed April 19, 2015. https://www.fdic.gov/regulations/compliance/manual/pdf/VIII-1.1.pdf.

Federal Financial Institutions Examination Council. “Information Security: II.C.15(c) Remote Access.” Accessed April 25, 2022. https://ithandbook.ffiec.gov/it-booklets/information-security/ii-information-security-program-management/iic-risk-mitigation/iic15-logical-security/iic15(c)-remote-access.aspx.

Gallegos, Frederick, and Sandra Senft. Information Technology Control and Audit, 3rd ed. Boca Raton, FL: Auerbach Publications, Taylor & Francis Group, 2008.

Gavin, J. “60 Percent of Small Businesses Fold Within 6 Months of a Cyber Attack. Here's, How to Protect Yourself.” Inc. 2018. https://www.inc.com/joe-galvin/60-percent-of-small-businesses-fold-within-6-months-of-a-cyber-attack-heres-how-to-protect-yourself.html.

Global Information Assurance Certification. “Certifications.” Accessed May 4, 2015. http://www.giac.org/certifications.

Hamid, Rafidah Abdul. Wireless LAN: Security Issues and Solutions, 2003. SANS Institute. Accessed April 19, 2015. http://www.sans.org/reading_room/whitepapers/wireless/wireless-lan-security-issuessolutions_1009.

Herzog, Pete. Open Source Security Testing Methodology Manual (OSSTMM). n.d. Institute for Security and Open Methodologies. Accessed April 19, 2015. http://www.isecom.org/osstmm/.

Heschl, Jimmy. COBIT in Relation to Other International Standards, 2004. ISACA. Accessed April 19, 2015. http://www.isaca.org/Journal/archives/2004/Volume-4/Documents/jpdf044-COBITinRelationtoOther.pdf.

H. R. 2458, n.d. National Institute of Standards and Technology. Accessed April 19, 2015. http://csrc.nist.gov/drivers/documents/HR2458-final.pdf.

H. R. 2458–48. National Institute of Standards and Technology. Accessed April 19, 2015. http://csrc.nist.gov/drivers/documents/FISMA-final.pdf.

IEEE Standards Association. “IEEE Get Program.” Accessed April 19, 2015. http://standards.ieee.org/about/get/802/802.11.html.

Information Assurance Support Environment. “Policy and Guidance Home.” Accessed May 4, 2015. http://iase.disa.mil/Pages/index.aspx.

Institute of Internal Auditors. “Code of Ethics–English.” 2010. Accessed April 19, 2015. http://www.theiia.org/guidance/standards-and-guidance/ippf/code-of-ethics/.

———. “The Institute of Internal Auditors”. Accessed May 4, 2015. https://na.theiia.org/standards-guidance/topics/Pages/Information-Technology.aspx.

———. “Reference Library: Audit Software.” Accessed April 19, 2015. http://www.theiia.org/itauditarchive/index.cfm?act=ITAudit.reflibcategory&catid=7.

———. “Welcome to the IIA.” 2010. Accessed April 19, 2015. http://www.theiia.org/.

International Federation of Accountants. “Defining and Developing an Effective Code of Conduct for Organizations.” 2007. Accessed May 4, 2015. http://www.ifac.org/publications-resources/defining-and-developing-effective-code-conduct-organizations.

International Organization for Standardization. “ISO/IEC 27002:2013(en).” Accessed April 19, 2015. https://www.iso.org/obp/ui/#!iso:std:54533:en.

———. “ISO/IEC 27001:2013–Information Technology–Security Techniques–Information Security Management Systems–Requirements.” 2013. Accessed April 19, 2015. http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=54534.

International Telecommunication Union. “X.701 Information Technology–Open Systems Interconnection–Systems Management Overview.” 1997. Accessed April 19, 2015. http://www.itu.int/rec/T-REC-X.701-199708-I.

ISACA. “COBIT 5: A Business Framework for the Governance and Management of Enterprise IT.” 2012. Accessed April 19, 2015. http://www.isaca.org/COBIT/Documents/COBIT5-Ver2-FrameWork.pdf.

———. “COBIT 5 Introduction.” 2012. Accessed April 19, 2015. http://www.isaca.org/COBIT/Documents/COBIT5-Introduction.ppt.

———. “COBIT 5 Resource Center.” Accessed April 19, 2015. https://cobitonline.isaca.org.

———. “Code of Professional Ethics.” Accessed May 4, 2015. http://www.isaca.org/Certification/Code-of-Professional-Ethics/Pages/default.aspx.

———. “Identify, Govern, and Manage IT Risk Part 1: Risk IT Based on COBIT Objectives and Principles.” 2009. Accessed May 4, 2015. http://www.isaca.org/Journal/archives/2009/Volume-4/Documents/jpdf094-identify-govern.pdf.

———. “IS Auditing Procedure Security Assessment—Penetration Testing and Vulnerability Analysis.” 2004. University of North Carolina Wilmington. Accessed May 4, 2015. http://www.csb.uncw.edu/people/IvancevichD/classes/MSA%20516/Extra%20Readings%20on%20Topics/Networks/IS%20Audit%20Guideline%20Penetration%20Testing%20&%20Vulnerability%20Analysis.pdf.

———. “IT Standards, Guidelines, and Tools and Techniques for Audit and Assurance and Control Professionals.” 2010. Accessed May 4, 2015. http://www.isaca.org/knowledgecenter/standards/documents/it-audit-assurance-guidance-1march2010.pdf.

———. “Standards for IT Audit and Assurance.” Accessed April 19, 2015. http://www.isaca.org/Knowledge-Center/ITAF-IS-Assurance-Audit-/IS-Audit-and-Assurance/Pages/Standards-for-IT-Audit-and-Assurance-English.aspx.

———. The COBIT 5 Process Capability Model. In COBIT 5: A Business Framework for the Governance and Management of Enterprise IT. Rolling Meadows, IL: ISACA, 2012.

(ISC)². “(ISC)² Code of Ethics.” 2010. Accessed April 19, 2015. http://www.isc2.org/ethics/default.aspx.

International Organization for Standardization. ISO/IEC JTC 001 “Information Technology.” 2010. Accessed April 19, 2015. http://isotc.iso.org/livelink/livelink/open/jtc1.

IT Governance Institute. “About the IT Governance Institute.” Accessed April 19, 2015. http://www.itgi.org/

———. “Unlocking Value: An Executive Primer on the Critical Role of IT Governance.” Accessed May 4, 2015. http://www.isaca.org/knowledge-center/research/documents/unlocking-value-an-executive-primer-on-the-critical-role-of-it-governance_res_eng_1108.pdf.

Kidder, Rushworth. How Good People Make Tough Choices Resolving the Dilemmas of Ethical Living. Clovis, CA: Quill, 2003.

King, Tom. “Packet Sniffing in a Switched Environment.” SANS Institute. 2006. Accessed April 19, 2015. http://www.sans.org/reading_room/whitepapers/networkdevs/packet-sniffing-switched-environment_244.

KPMG. “KPMG’s Code of Conduct—Our Promise of Professionalism.” Accessed May 4, 2015. http://www.kpmg.com/us/en/about/pages/codeofconduct.aspx.

Kurihara, Yutaka, et al. Information Technology and Economic Development. Hershey, PA: IGI Publishing, 2008.

“LAN Switch Security: What the Hackers Know That You Don’t.” Network World 24, no. 45 (2007):8.

Leo, Ross. The HIPAA Program Reference Handbook. Boca Raton, FL: CRC Press, 2005.

Leventhal, Rajiv. “Moving Hospital Care into the Home: A Pandemic-fueled Surge.” healthcareinnovation.com. Published March 18, 2021. https://www.hcinnovationgroup.com/population-health-management/remote-patient-monitoring-rpm/article/21211211/moving-hospital-care-into-the-home-a-pandemicfueled-surge.

Littman, Marlyn Kemper. Building Broadband Networks. Boca Raton, FL: CRC Press, 2002.

National Institute of Standards and Technology. “Computer Security Resource Center.” Accessed April 19, 2015. http://csrc.nist.gov/.

National Institute of Standards. “Draft Cybersecurity Framework v1.1 core.” Accessed April 5, 2020. https://view.officeapps.live.com/op/view.aspx?src=https%3A%2F%2Fwww.nist.gov%2Fsystem%2Ffiles%2Fdocuments%2F2017%2F01%2F10%2Fdraft-cybersecurity-framework-v1.1-core.xlsx&wdOrigin=BROWSELINK.

———. “Federal Information Security Management Act Implementation Project.” Accessed April 19, 2015. http://csrc.nist.gov/groups/SMA/fisma/index.html.

———. “Guide for Assessing the Security Controls in Federal Information Systems and Organizations.” 2010. http://csrc.nist.gov/publications/nistpubs/800-53A-rev1/sp800-53A-rev1-final.pdf.

———. “Guide for Conducting Risk Assessments.” 2012. http://csrc.nist.gov/publications/nistpubs/800-30-rev1/sp800_30_r1.pdf.

———. “Improving Critical Infrastructure Cybersecurity Executive Order 13636: Preliminary Cybersecurity Framework.” Accessed April 19, 2015. http://nist.gov/itl/upload/preliminary-cybersecurity-framework.pdf.

———. “Information Security Handbook: A Guide for Managers.” 2006. http://csrc.nist.gov/publications/nistpubs/800-100/SP800-100-Mar07-2007.pdf.

———. “The NIST Definition of Cloud Computing.” 2011. http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf.

———. “Security and Privacy Controls for Federal Information Systems and Organizations.” 2013. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf.

———. “Special Publications (800 Series).” Accessed April 19, 2015. http://csrc.nist.gov/publications/PubsSPs.html.

———. “Technical Guide to Information Security Testing and Assessment.” 2008. http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf.

Oud, Ernst. “The Value to IT of Using International Standards.” 2005. http://www.isaca.org/Journal/archives/2005/Volume-3/Documents/jpdf053-The-Value-to-IT-Using.pdf.

Paperwork Reduction Act of 1995. U.S. Small Business Administration. Accessed April 19, 2015. https://www.sba.gov/sites/default/files/files/pap.pdf.

PCI Security Standards Council. “PCI SSC Data Security Standards Overview.” Accessed April 19, 2015. https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml.

———. “Welcome to the PCI Security Standards Council.” Accessed April 19, 2015. https://www.pcisecuritystandards.org.

Powers, Jr., William C., Raymond S. Troubh, and Herbert S. Winokur, Jr. “Report of Investigation by the Special Investigative Committee of the Board of Directors of Enron Corp.” FindLaw. Accessed April 19, 2015. news.findlaw.com/wp/docs/enron/specinv020102rpt1.pdf.

Public Company Accounting Oversight Board. “Auditing.” Accessed April 19, 2015. http://pcaobus.org/Standards/Auditing/Pages/default.aspx.

———. “Auditing Standard No. 2.” Accessed April 19, 2015. http://pcaobus.org/Standards/Auditing/Pages/Auditing_Standard_2_Appendix_E.aspx.

———. “Auditing Standard No. 3.” Accessed April 19, 2015. http://pcaobus.org/Standards/Auditing/Pages/Auditing_Standard_3.aspx.

———. “Auditing Standard No. 5.” 2010. http://pcaobus.org/Standards/Auditing/Pages/Auditing_Standard_5.aspx.

———. “PCAOB Oversees the Auditors of Companies to Protect Investors.” Accessed April 19, 2015. http://pcaobus.org/Pages/default.aspx.

“RFC 1087–Ethics and the Internet.” Internet Engineering Task Force Tools. 1989. http://tools.ietf.org/html/rfc1087.

SANS Institute. “Critical Security Control: 2.0.” Accessed May 4, 2015. https://www.sans.org/critical-security-controls/control/20.

———. “The Most Trusted Source for Computer Security Training, Certification, and Research.” Accessed April 19, 2015. http://www.sans.org/.

SANS Technology Institute. “SANS Technology Institute.” Accessed April 19, 2015. http://www.sans.edu/.

Sarbanes-Oxley Act of 2002. SEC. Accessed April 19, 2015. https://www.sec.gov/about/laws/soa2002.pdf.

Sayana, S. Anantha. “ Using CAATs to Support IS Audit. ISACA. 2003. http://www.isaca.org/Journal/archives/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdf.

Schneier, Bruce. “The Psychology of Security (Part 1).” Schneier on Security. 2008. http://www.schneier.com/essay-155.html.

Steinberg, Scott. “Cyberattacks Now Cost Companies $200,000 on Average, Putting Many out of Business.” CNBC. Published October 13, 2019. https://www.cnbc.com/2019/10/13/cyberattacks-cost-small-companies-200k-putting-many-out-of-business.html.

Strickland, Dale. “Should Employees Work from Home after COVID-19?” CurrentWare. Accessed April 22, 2022. https://www.currentware.com/blog/infographic-benefits-of-a-remote-workforce/.

Subramanian, Ramesh. Computer Security, Privacy, and Politics: Current Issues, Challenges and Solutions. Hershey, PA: IGI Publishing, 2008.

Swinhoe, Dan. The Biggest Data Breach Fines, Penalties, and Settlements So Far. CSO. Published January 28, 2022. https://www.csoonline.com/article/3410278/the-biggest-data-breach-fines-penalties-and-settlements-so-far.html.

Talukder, Asoke K., and Manish Chaitanya. Architecting Secure Software Systems. Boca Raton, FL: CRC Press, 2008.

Tessian Research. “Why DLP Has Failed and What the Future Looks Like.” 2021. https://cdn2.hubspot.net/hubfs/1670277/%5BTessian%20Research%5D%20The%20State%20of%20Data%20Loss%20Prevention%20(DLP)%202020.pdf?__hstc=&__hssc=&hsCtaTracking=aad6453b-4ab2-4f6c-bf1d-e2358d846478%7C36b78c19-de71-4009-bc75-6b3a47950315.

Tipton, Harold, and Micki Krause. Information Security Management Handbook. 6th ed. Boca Raton, FL: Auerbach Publications, Taylor & Francis Group, 2007.

———. Information Security Management Handbook, 6th ed., vol. 3. Chicago: Auerbach Publications, 2009.

Tyson, Jeff. “How LAN Switches Work,” HowStuffWorks. 2010. http://www.howstuffworks.com/lan-switch.htm.

U.S. Department of Health & Human Services. “HIPAA Administrative Simplification Statute and Rules.” Accessed April 19, 2015. http://www.hhs.gov/ocr/privacy/hipaa/administrative/index.html.

———. “HIPAA Administrative Simplification.” 2013. http://www.hhs.gov/ocr/privacy/hipaa/administrative/combined/hipaa-simplification-201303.pdf.

———. “Standards for Privacy of Individually Identifiable Health Information.” 2002. http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/privruletxt.txt.

———. “Understanding Health Information Privacy.” Accessed April 19, 2015. http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html.

U.S. Federal Communications Commission. “Children’s Internet Protection Act (CIPA).” 2015. http://transition.fcc.gov/cgb/consumerfacts/cipa.pdf.

———. “Children’s Internet Protection Act.” http://www.fcc.gov/guides/childrens-internet-protection-act.

U.S. Federal Trade Commission. “Fighting Fraud with the Red Flags Rule: A How-To Guide for Business.” Accessed April 19, 2015. http://ftc.gov/redflagsrule.

U.S. Government Accountability Office. “Financial Audit Manual.” 2008. http://www.gao.gov/special.pubs/gaopcie/.

U.S. Government Publishing Office. “Electronic Code of Federal Regulations.” 2015. http://www.ecfr.gov/cgi-bin/text-idx?c=ecfr&sid=11975031b82001bed902b3e73f33e604&rgn=div5&view=text&node=34:1.1.1.1.33&idno=34.

U.S. Securities and Exchange Commission. “The Laws That Govern the Securities Industry.” Accessed April 19, 2015. http://www.sec.gov/about/laws.shtml.

Wakefield, Robin L. “Employee Monitoring and Surveillance—The Growing Trend.” ISACA. 2004. http://www.isaca.org/Journal/archives/2004/Volume-1/Documents/jpdf041-EmployeeMonitoringand.pdf.

Wright, Craig S. The IT Regulatory and Standards Compliance Handbook: How to Survive Information Systems Audit and Assessments. Burlington, MA: Syngress, 2008.