CONTENTS

PREFACE

ACKNOWLEDGMENTS

PART I FOUNDATIONS OF COMPUTER SECURITY

1. Brief History and Mission of Information System Security

Seymour Bosworth and Robert V. Jacobson

2. History of Computer Crime

M. E. Kabay

3. Toward a New Framework for Information Security

Donn B. Parker

4. Hardware Elements of Security

Seymour Bosworth and Stephen Cobb

5. Data Communications and Information Security

Raymond Panko

6. Network Topologies, Protocols, and Design

Gary C. Kessler and N. Todd Pritsky

7. Encryption

Stephen Cobb and Corinne Lefrançois

8. Using a Common Language for Computer Security Incident Information

John D. Howard

9. Mathematical Models of Computer Security

Matt Bishop

10. Understanding Studies and Surveys of Computer Crime

M. E. Kabay

11. Fundamentals of Intellectual Property Law

William A. Zucker and Scott J. Nathan

PART II THREATS AND VULNERABILITIES

12. The Psychology of Computer Criminals

Q. Campbell and David M. Kennedy

13. The Dangerous Information Technology Insider: Psychological Characteristics and Career Patterns

Jerrold M. Post

14. Information Warfare

Seymour Bosworth

15. Penetrating Computer Systems and Networks

Chey Cobb, Stephen Cobb, and M. E. Kabay

16. Malicious Code

Robert Guess and Eric Salveggio

17. Mobile Code

Robert Gezelter

18. Denial-of-Service Attacks

Gary C. Kessler and Diane E. Levine

19. Social Engineering and Low-Tech Attacks

Karthik Raman, Susan Baumes, Kevin Beets, and Carl Ness

20. Spam, Phishing, and Trojans: Attacks Meant To Fool

Stephen Cobb

21. Web-Based Vulnerabilities

Anup K. Ghosh, Kurt Baumgarten, Jennifer Hadley, and Steven Lovaas

22. Physical Threats to the Information Infrastructure

Franklin Platt

PART III PREVENTION: TECHNICAL DEFENSES

23. Protecting the Information Infrastructure

Franklin Platt

24. Operating System Security

William Stallings

25. Local Area Networks

Gary C. Kessler and N. Todd Pritsky

26. Gateway Security Devices

David Brussin and Justin Opatrny

27. Intrusion Detection and Intrusion Prevention Devices

Rebecca Gurley Bace

28. Identification and Authentication

Ravi Sandhu, Jennifer Hadley, Steven Lovaas, and Nicholas Takacs

29. Biometric Authentication

David R. Lease, Robert Guess, Steven Lovaas, and Eric Salveggio

30. E-Commerce and Web Server Safeguards

Robert Gezelter

31. Web Monitoring and Content Filtering

Steven Lovaas

32. Virtual Private Networks and Secure Remote Access

Justin Opatrny

33. 802.11 Wireless LAN Security

Gary L. Tagg

34. Securing VoIP

Christopher Dantos and John Mason

35. Securing P2P, IM, SMS, and Collaboration Tools

Carl Ness

36. Securing Stored Data

David J. Johnson, Nicholas Takacs, and Jennifer Hadley

37. PKI and Certificate Authorities

Santosh Chokhani, Padgett Peterson, and Steven Lovaas

38. Writing Secure Code

Lester E. Nichols, M. E. Kabay, and Timothy Braithwaite

39. Software Development and Quality Assurance

John Mason, Jennifer Hadley, and Diane E. Levine

40. Managing Software Patches and Vulnerabilities

Peter Mell and Karen Kent

41. Antivirus Technology

Chey Cobb and Allysa Myers

42. Protecting Digital Rights: Technical Approaches

Robert Guess, Jennifer Hadley, Steven Lovaas, and Diane E. Levine

PART IV PREVENTION: HUMAN FACTORS

43. Ethical Decision Making and High Technology

James Landon Linderman

44. Security Policy Guidelines

M. E. Kabay and Bridgitt Robertson

45. Employment Practices and Policies

M. E. Kabay and Bridgitt Robertson

46. Vulnerability Assessment

Rebecca Gurley Bace

47. Operations Security and Production Controls

M. E. Kabay, Don Holden, and Myles Walsh

48. E-Mail and Internet Use Policies

M. E. Kabay and Nicholas Takacs

49. Implementing a Security Awareness Program

K. Rudolph

50. Using Social Psychology to Implement Security Policies

M. E. Kabay, Bridgitt Robertson, Mani Akella, and D. T. Lang

51. Security Standards for Products

Paul J. Brusil and Noel Zakin

PART V DETECTING SECURITY BREACHES

52. Application Controls

Myles Walsh

53. Monitoring and Control Systems

Caleb S. Coggins and Diane E. Levine

54. Security Audits, Standards, and Inspections

Donald Glass, Chris Davis, John Mason, David Gursky, James Thomas, Wendy Carr, and Diane Levine

55. Cyber Investigation

Peter Stephenson

PART VI RESPONSE AND REMEDIATION

56. Computer Security Incident Response Teams

Michael Miora, M. E. Kabay, and Bernie Cowens

57. Data Backups and Archives

M. E. Kabay and Don Holden

58. Business Continuity Planning

Michael Miora

59. Disaster Recovery

Michael Miora

60. Insurance Relief

Robert A. Parisi Jr., Chaim Haas, and Nancy Callahan

61. Working with Law Enforcement

David A. Land

PART VII MANAGEMENT'S ROLE IN SECURITY

62. Risk Assessment and Risk Management

Robert V. Jacobson

63. Management Responsibilities and Liabilities

Carl Hallberg, M. E. Kabay, Bridgitt Robertson, and Arthur E. Hutt

64. U.S. Legal and Regulatory Security Issues

Timothy Virtue

65. The Role of the CISO

Karen F. Worstell

66. Developing Security Policies

M. E. Kabay and Sean Kelley

67. Developing Classification Policies for Data

Karthik Raman and Kevin Beets

68. Outsourcing and Security

Kip Boyle, Michael Buglewicz, and Steven Lovaas

PART VIII PUBLIC POLICY AND OTHER CONSIDERATIONS

69. Privacy in Cyberspace: U.S. and European Perspectives

Marc Rotenberg

70. Anonymity and Identity in Cyberspace

M. E. Kabay, Eric Salveggio, and Robert Guess

71. Medical Records Protection

Paul J. Brusil

72. Legal and Policy Issues of Censorship and Content Filtering

Lee Tien, Seth Finkelstein, and Steven Lovaas

73. Expert Witnesses and the Daubert Challenge

Chey Cobb

74. Professional Certification and Training in Information Assurance

Christopher Christian, M. E. Kabay, Kevin Henry, and Sondra Schneider

75. Undergraduate and Graduate Education in Information Assurance

Vic Maconachy, John Orlando, and Seymour Bosworth

76. European Graduate Work in Information Assurance and the Bologna Declaration

Urs E. Gattiker

77. The Future of Information Assurance

Peter G. Neumann

INDEX