“501(b) Examination Guidance,” FIL-68-2001 (Federal Deposit Insurance Corporation, Financial Guidance Letters, August 24, 2001). http://www.fdic.gov/news/news/financial/2001/fil0168.html (accessed May 20, 2010).
Baker & Hostetler LLP, “State Data Breach Statute Form” (n.d.), http://www.bakerlaw.com/files/Uploads/Documents/Data%20Breach%20documents/State_Data_Breach_Statute_Form.pdf (accessed June 2, 2014).
Barrett, Jim. “Electronic Discovery Employment Roundtable” (AterWynne LLP, October 19, 2006). http://www.aterwynne.com/files/ERT_%20Electronic%20discovery.PDF (accessed March 26, 2010).
Bloch, Michael, Sven Blumberg, and Jürgen Laartz, “Delivering large-scale IT projects on time, on budget, and on value,” (McKinsey & Company, Insights & Publications, October 2012). http://www.mckinsey.com/insights/business_technology/delivering_large-scale_it_projects_on_time_on_budget_and_on_value (accessed March 10, 2014).
“Boston Attorney General Investigates E-Mail Destruction” (Allbusiness, January 1, 2010). http://www.allbusiness.com/government/government-bodies-offices-public/13829522-1.html (accessed May 14, 2010).
“Building a Security Program Using ISO 27001” (Halock Security Labs, n.d.). http://www.halock.com/Downloads/Case_Study/AIM%20Case%20Study.pdf (accessed March 17, 2010).
Calfa, Jimena. “Difference between QA and QC.” American Society for Quality, Oct. 13, 2011. http://onquality.blogspot.com/2011/10/difference-between-qa-and-qc.html, October 13, 2011 (accessed May 1, 2014.)
“Call Anywhere in the U.S. with No Monthly Fee” (OOMA.com, 2010). http://www.ooma.com/ (accessed March 27, 2010).
Caputo, Kim. CMM Implementation Guide: Choreographing Software Process Improvement. New York, NY: Addison-Wesley Professional, 1998.
Carroll, Rory. “Snowden used simple technology to mine NSA computer networks.” The Guardian, February 9, 2014. http://www.theguardian.com/world/2014/feb/09/edward-snowden-used-simple-technology-nsa (accessed March 20, 2014).
“Case Study: Fast Food Franchise Security Breach (Multiple Locations)” (VendorSafe Technologies, October 2008). http://www.vendorsafe.com/images/pdfs/CaseStudy_FastFood.pdf (accessed April 30, 2010).
“A Case Study in Security Incident Forensics and Response” (eSecurity Planet, March 5, 2001). http://www.esecurityplanet.com/trends/article.php/10751_688797/article.htm (accessed May 2, 2010).
“Case Study: Using Security Awareness to Combat the Advanced Persistent Threat” (13th Colloquium for Information Systems Security Education, June 2009). http://www.cisse2009.com/colloquia/cisse13/proceedings/PDFs/Papers/S03P02.pdf (accessed May 20, 2010).
Chaudhuri, Saabira. “Cost of Replacing Credit Cards After Target Breach Estimated at $200 Million” (The Wall Street Journal, February 18, 2014). http://online.wsj.com/news/articles/SB10001424052702304675504579391080333769014?mg=reno64-wsj&url=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424052702304675504579391080333769014.html (accessed June 29, 2014).
Cheng, Andria. “Two months after damaging data breach, Target stock has its best day in 5 years.” Market Watch Wall Street Journal, February 26, 2014. http://blogs.marketwatch.com/behindthestorefront/2014/02/26/two-months-after-damaging-data-breach-target-stock-has-its-best-day-in-5-years/ (accessed March 10, 2014).
Clay, Kelly. “Amazon.com Goes Down, Loses $66,240 Per Minute.” Forbes, Aug. 19, 2013. http://www.forbes.com/sites/kellyclay/2013/08/19/amazon-com-goes-down-loses-66240-per-minute (accessed May 1st, 2014).
“COBIT 4.1” (ISACA, 2007). http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx (accessed February 13 and March 24, 2010).
“COBIT 5 Design Paper Exposure Draft” (ISACA, 2010). http://www.isaca.org/ContentManagement/ContentDisplay.cfm?ContentID=56448 (accessed April 30, 2010).
“COBIT 5 Introduction,” (ISACA 2012). www.isaca.org/cobit/documents/cobit5-introduction.ppt (accessed June 30, 2014).
Committee of Sponsoring Organizations of the Treadway Commission. “COSO Internal Control—Integrated Framework Executive Summary,” May 14, 2013 (accessed May 20, 2014).
“Compliance E-mail Retention System Crucial under SEC17a-4” (SEC17a-4Compliance.com, n.d.). http://www.sec17a-4compliance.com/ediscovery (accessed May 9, 2010).
“Computer Security Incident Response Planning” (Internet Security Systems, n.d.). http://documents.iss.net/whitepapers/csirplanning.pdf (accessed May 1, 2010).
Constantin, Lucian. “DDoS attack against Spamhaus was reportedly the largest in history” (Infoworld, March 27, 2013. http://www.infoworld.com/d/networking/ddos-attack-against-spamhaus-was-reportedly-the-largest-in-history-215352?page=0,0 (accessed June 29, 2014).
“Contingency Planning Guide for Information Technology Systems,” NIST Special Publication 800-34 (National Institute of Standards and Technology [NIST], June 2002). http://csrc.nist.gov/publications/nistpubs/800-34/sp800-34.pdf (accessed March 26, 2010).
“Court Orders Broad Discovery of Class Members’ Social Media, Text Messages & Email,” K&L Gates, Nov. 13, 2012. http://www.ediscoverylaw.com/2012/11/articles/case-summaries/court-orders-broad-discovery-of-class-members-social-media-text-messages-email/ (accessed May 22, 2014).
“Creating a Financial Institution CSIRT: A Case Study” (CERT, n.d.). http://www.cert.org/csirts/AFI_case-study.html (accessed May 2, 2010).
“CyberLaw 101: A Primer on US Laws Related to Honeypot Deployments” (SANS Institute Reading Room, 2007). http://www.sans.org/reading_room/whitepapers/honors/cyberlaw-101-primer-laws-related-honeypot-deployments_1746 (accessed May 14, 2010).
“Data Classification Standard” (University of Texas, September 14, 2007). http://www.utexas.edu/its/policies/opsmanual/dataclassification.php (accessed March 28, 2010).
“Database Credentials Coding Policy,” Information Security Policy Templates (SANS Institute, 2010). http://www.sans.org/security-resources/policies/DB_Credentials_Policy.pdf (accessed April 15, 2010).
“Developing a Security-Awareness Culture—Improving Security Decision Making” (SANS, July 2004). http://www.sans.org/reading_room/whitepapers/awareness/developing-security-awareness-culture-improving-security-decision-making_1526 (accessed May 1, 2010).
“Diagnosing Cornell’s Security Breach” (Cornell Daily Sun, June 24, 2009). http://cornellsun.com/node/37476 (accessed May 14, 2010).
Dilanian, Ken, and Richard A. Serrano. “Snowden leaks severely hurt U.S. security, two House members say.” Los Angeles Times, January 9, 2014. http://articles.latimes.com/2014/jan/09/nation/la-na-snowden-intel-20140110, accessed March 20, 2014).
“Disk and Data Sanitization Policy and Guidelines” (Stanford University, July 2005). http://www.stanford.edu/group/security/securecomputing/data_destruction_guidelines.html (accessed March 17, 2010).
“E-commerce Quick Facts” (MachroTech, 2002). http://www.machrotech.com/services/ecommerce-marketsize-statistics.asp (accessed April 30, 2010).
“The Eight Classic Types of Workplace Behavior” (HR Magazine, September 2000). http://findarticles.com/p/articles/mi_m3495/is_9_45/ai_65578688/ (accessed March 7, 2010).
“EMA’s 2008 Survey of IT Governance, Risk and Compliance Management in the Real World” (EMA, 2008). http://eval.symantec.com/mktginfo/enterprise/other_resources/b-whitepaper_ema_symantec-it-grc_an_06-2008.en-us.pdf (accessed April 30, 2010).
“Employee Internet Use Monitoring and Filtering Policy” (SANS Technology Institute Student Projects, November 2007). www.sans.edu/resources/student_projects/200711_004.pdf (accessed April 15, 2010).
“Enterprise Information Security Policies” (State of Tennessee, Department of Finance and Administration, Office for Information Resources, Information Security Program, April 4, 2008). http://www.tennessee.gov/finance/oir/security/PUBLIC-Enterprise-Information-Security-Policies-v1-6.pdf (accessed March 8, 2010).
Espelund, Leif. “Predictions 2013: Continued Exponential Data Growth Will Result in Increased Investment in Data Management & Big Data,” March 7, 2013, http://www.symform.com/blog/exponential-data-growth-2013/ (accessed March 10, 2014.)
Federal Deposit Insurance Corporation: FFIEC Supplement to Authentication in an Internet Banking Environment, June 29, 2011. http://www.fdic.gov/news/news/financial/2011/fil11050.html (accessed June 30, 2014).
“Federal Desktop Core Configuration (FDCC)” (National Institute of Standards and Technology [NIST], 2010). http://nvd.nist.gov/fdcc/index.cfm (accessed May 12, 2010).
“A Few Facts on Information Security and Accountability” (ArticleInput.com, 2009). http://www.articleinput.com/e/a/title/A-few-facts-on-information-security-and-accountability/ (accessed March 10, 2010).
“Financial Industry Standards” (Accredited Standards Committee X9 Incorporated, 2010). http://www.x9.org (accessed March 8, 2010).
“Financial Roundup: Total Bank Losses to $3.6 Trillion, Mortgage Lender Breaks, Half of CDOs in Default” (Industry.bnet.com, February 13, 2009). http://industry.bnet.com/financial-services/1000403/financial-roundup-total-bank-losses-to-36-trillion-mortgage-lender-breaks-half-of-cdos-in-default/ (accessed March 6, 2010).
Gorman, Siobhan, August Cole, and Yochi Dreazen. “Computer Spies Breach Fighter-Jet Project.” Wall Street Journal, April 21, 2009. http://online.wsj.com/article/SB124027491029837401.html (accessed April 11, 2010).
“Governor O’Malley’s 15 Strategic Policy Goals” (State of Maryland StateStat, n.d.). http://www.gov.state.md.us/statestat/gdu.asp (accessed March 14, 2010).
Gralla, Preston. “Windows Market Share Dips Again; World and Microsoft Survive” (ComputerWorld Blogs, January 4, 2010). http://blogs.computerworld.com/15344/windows_market_share_dips_again_world_and_microsoft_survive (accessed April 2010).
“Guidelines for Appropriate Use of External Communication Systems” (University of Montana, June 29, 2009). http://www.umt.edu/it/policies/externalwebsystems.aspx (accessed March 15, 2010).
Harress, Christopher. “Obama Says Cyberterrorism Is Country’s Biggest Threat, U.S. Government Assembles ‘Cyber Warriors,’” International Business Times, February 18, 2014. http://www.ibtimes.com/obama-says-cyberterrorism-countrys-biggest-threat-us-government-assembles-cyber-warriors-1556337 (accessed June 29, 2014).
“How To Set Social Networking Policies for Employees” (eSecurity Planet, April 20, 2010). http://www.esecurityplanet.com/views/article.php/3877481/How-To-Set-Social-Networking-Policies-for-Employees.htm (accessed May 14, 2010).
Hu, Vincent C., David Ferraiolo, Rick Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, and Karen Scarfone. Guide to Attribute Based Access Control (ABAC) Definition and Considerations (NIST National Institute of Standards and Technology, US Department of Commerce, January 2014). http://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.sp.800-162.pdf (accessed March 11, 2014.)
IBM Security Solutions. “IBM Security Solutions X-Force(r) 2009 Trend and Risk Report: Annual Review of 2009” (IBM, 2010). http://www-935.ibm.com/services/us/iss/xforce/trendreports/ (accessed April 10, 2010).
“Information Resources Management Administration” (State of Maryland, Department of Health and Mental Hygiene, n.d.). http://dhmh.maryland.gov/irma/ (accessed March 8, 2010).
“Information Security Oversight Report 2009” (ISOO, March 10, 2010). http://www.archives.gov/isoo/reports/2009-annual-report.pdf (accessed March 27, 2010).
“Information Security Policy—A Development Guide for Large and Small Companies” (SANS Institute Reading Room, 2007). http://www.sans.org/reading_room/whitepapers/policyissues/information_security_policy_a_development_guide_for_large_and_small_companies_1331?show=1331.php&cat=policyissues (accessed March 7, 2010).
“Information Sharing and the Private Sector” (Ise.gov, n.d.). http://www.ise.gov/pages/partner-private.aspx (accessed March 10, 2010).
“Information Technology Security Policy Framework” (University of Guelph, January 27, 2010). http://www.uoguelph.ca/cio/sites/uoguelph.ca.cio/files/CIO-ITSecurity-00-PolicyFramework-2009Approved.pdf (accessed April 30, 2010).
“Innovation Implementation: The Role of Technology Diffusion Agencies,” J. Technol. Manag. Innov. 3, no. 3 (2008): 1-10. http://www.scielo.cl/scielo.php?pid=S0718-27242008000100001&script=sci_arttext (accessed March 6, 2010).
“ISACA Releases the Risk IT Framework Draft” (IT Manager’s Inbox, n.d.). http://itmanagersinbox.com/1007/isaca-releases-the-risk-it-framework-draft/ (accessed April 30, 2010).
“ISO/IEC 27002:2005 Information Technology—Security Techniques—Code of Practice for Information Security Management” (InsecT Ltd., 2010). http://www.iso27001security.com/html/27002.html (accessed March 8, 2010).
Jansen, Wayne, and Karen Scarfone. “Guidelines on Cell Phone and PDA Security,” NIST SP 800-124. (NIST Computer Security Division, October 2008). http://csrc.nist.gov/publications/nistpubs/800-124/SP800-124.pdf (accessed March 8, 2010).
Jarmom, David. “A Preparation Guide to Information Security Policies” (SANS Institute, 2002). http://www.sans.org/reading_room/whitepapers/policyissues/preparation-guide-information-security-policies_503 (accessed March 7, 2010).
Javaid, Muhammad Adeel. “Code Error Caused Million Hearts to Bleed.” Linkedin.com, April 11, 2014. http://www.linkedin.com/today/post/article/20140411161121-71158614-code-error-caused-million-hearts-to-bleed (accessed May 1, 2014).
Job Street. “Salary Report,” Position Title: Call Center Agent, Country: Philippines. (JobStreet.com, 2010). http://myjobstreet.jobstreet.com/career-enhancer/basic-salary-report.php?param=Call%20Center%20Agent%7C000%7Cph%7C%7Cph (accessed March 24, 2010).
Johnson, Arnold, Kelley Dempsey, Ron Ross, Sarbari Gupta, and Dennis Bailey. “Guide for Security Configuration Management of Information Systems,” National Institute of Standards and Technology Special Publication 800-128 initial public draft (NIST SP 800-128). Gaithersburg, MD, United States Department of Commerce, 2010.
Kaplan, Dan. “U.S. House to Toughen Internal Cybersecurity Policy” (SC Magazine, December 16, 2009). http://www.scmagazineus.com/us-house-to-toughen-internal-cybersecurity-policy/article/159785/ (accessed May 2, 2010).
“Kerviel’s New Lawyers Will Focus on SocGen Conduct” (Bloomberg.com, July 30, 2008). http://www.bloomberg.com/apps/news?pid=20601085&sid=aWbERdIeyYO4&refer=europe (accessed April 12, 2010).
Krebs, Brian. “Chinese Hackers Blamed for Intrusion at Energy Industry Giant Telvent.” Krebs on Security, Sept. 26, 2012. http://krebsonsecurity.com/2012/09/chinese-hackers-blamed-for-intrusion-at-energy-industry-giant-telvent/ (accessed May 1, 2014).
Legal Center for Foster Care and Education. “The Uninterrupted Scholars Act: How Do Recent Changes to FERPA Help Child Welfare Agencies Get Access to School Records?” 2013. http://www.fostercareandeducation.org/portals/0/dmx/2013/02/file_20130211_145758_xjnFqt_0.pdf (accessed June 30, 2014).
LeMay, Renai. “Nessus Security Tool Closes Its Source” (CNET News, October 6, 2005). http://news.cnet.com/Nessus-security-tool-closes-its-source/2100-7344_3-5890093.html (accessed May 15, 2010).
Leyden, John. “The Enemy Within” (The Register, December 2005). http://www.theregister.co.uk/2005/12/15/mcafee_internal_security_survey/ (accessed May 1, 2010).
Malcolm, Hadley, “Target tech chief resigns amid security overhaul,” (USA Today, March 6, 2014). http://www.usatoday.com/story/money/business/2014/03/05/target-tech-chief-resigns-data-breach/6070263/ (accessed March 10, 2014).
Marzigliano, Leonard T. “Defense Department Adopts NIST Security Standards.” Information Week, March 14, 2014, (http://www.informationweek.com/government/cybersecurity/defense-department-adopts-nist-security-standards/d/d-id/1127706 (accessed March 20, 2014).
McCann, Erin. “Stanford reports fifth big HIPAA breach,” (HealthcareITNews, June 13, 2013). http://www.healthcareitnews.com/news/stanford-reports-fifth-big-hipaa-breach (accessed May 13, 2014).
McCue, T.J. “Cloud Computing: United States Businesses Will Spend $13 Billion On It,” Forbes, Jan. 29, 2014. http://www.forbes.com/sites/tjmccue/2014/01/29/cloud-computing-united-states-businesses-will-spend-13-billion-on-it/ (accessed June 30, 2014).
Meier, J.D. “Diversification, Coordination, Replication, and Unification.” MSDN Blogs, Feb. 24, 2013. http://blogs.msdn.com/b/jmeier/archive/2013/02/24/diversification-coordination-replication-and-unification.aspx (accessed March 30, 2014).
Meltzer, Joshua. The Internet, Cross-Border Data Flows and International Trade. (The Brookings Institution: Issues in Technology Innovation, Number 22, February 2013). http://www.brookings.edu/~/media/research/files/papers/2013/02/25%20international%20data%20flows%20meltzer/internet%20data%20and%20trade%20meltzer.pdf, pg. 2 (accessed June 29, 2014).
“Microsoft Responds: WMF Vulnerability” (eWeek, February 2, 2006). http://www.eweek.com/c/a/Windows/Microsoft-Responds-WMF-Vulnerability/ (accessed March 28, 2010).
“Microsoft Security Advisory 2963983: Vulnerability in Internet Explorer Could Allow Remote Code Execution,” Microsoft, April 26, 2014. https://technet.microsoft.com/en-us/library/security/2963983.aspx (accessed May 28, 2014).
Milford, Kim, Tracy Mitrano, and Steve Shuster. “Educause” electronic presentation, n.d.. net.educause.edu/ir/library/powerpoint/SPC0662.pps (accessed March 17, 2010).
“Monitoring Employees’ Use of Company Computers and the Internet” (TexasWorkForce, n.d.). http://www.twc.state.tx.us/news/efte/monitoring_computers_internet.html (accessed May 14, 2010).
Moscaritolo, Angela. “Record-Breaking DDoS Attack Nears 400 Gbps” (PC Magazine, February 11, 2014). http://www.pcmag.com/article2/0,2817,2453157,00.asp (accessed June 29, 2014).
Nash, Kim S., “Information Technology Budgets: Which Industry Spends the Most?” (CIO.com, November 2, 2007). http://www.cio.com/article/151301/Information_Technology_Budgets_Which_Industry_Spends_the_Most_ (accessed March 10, 2014).
Nash, Troy. An Undirected Attack Against Critical Infrastructures: A Case Study for Improving Your Control System Security. US-CERT Control Systems Security Center, Lawrence Livermore National Laboratory, September 2005. http://www.us-cert.gov/control_systems/pdf/undirected_attack0905.pdf (accessed April 11, 2010).
“National Institute of Standards and Technology Special Publications (800 Series)” (NIST Computer Security Division, 2010). http://csrc.nist.gov/publications/PubsSPs.html (accessed March 8, 2010).
“National Security Information EO 12356” (April 2, 1982). http://www.fas.org/irp/offdocs/eo12356.htm (accessed March 27, 2010).
NCSA and Symantec, “2012 NCSA / Symantec National Small Business Study,” October 2012. https://www.staysafeonline.org/stay-safe-online/resources/ (accessed June 30, 2014).
“Nevada Mandates PCI DSS” (NACS Online, June 24, 2009). http://www.nacsonline.com/NACS/News/Daily/Pages/ND0624094.aspx (accessed March 26, 2010).
Newman, Jared. “The Target Credit Card Breach: What You Should Know,” (Time, December 19, 2013). http://techland.time.com/2013/12/19/the-target-credit-card-breach-what-you-should-know/ (accessed June 29, 2014).
Nichols, Russell. “California Issues Telework Policy to Curb Cyber-Security Risks.” Government Technology, March 3, 2010. http://www.govtech.com/gt/748172 (accessed March 17, 2010).
Online Trust Alliance. 2014 Data Protection and Breach Readiness Guide, April 7, 2014. https://www.otalliance.org/resources/data-breach-protection (accessed June 30, 2014).
The Open Web Application Security Project. “OWASP Risk Rating Methodology,” https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology, May 13, 2014 (accessed May 30, 2014).
“Organized Security” (Health Management Technology, 2010). http://www.healthmgttech.com/index.php/solutions/hospitals/organized-security.html (accessed March 8, 2010).
“PCI Compliance & Fines.” Merchant University, n.d. http://www.merchantuniversity.org/101-education/security-pci-101/pci-compliance-fines.aspx (accessed June 29, 2014).
PCI Security Standards (n.d.) https://www.pcisecuritystandards.org (accessed June 30, 2014).
Ponemon Institute LLC. “2011 Cost of Data Breach Study,” March 2012. http://www.ponemon.org/local/upload/file/2011_US_CODB_FINAL_5.pdf (accessed June 29, 2014).
Prince, Brian. “Stolen Credit Card Data Goes for Cheap on Cyber-Black Market.” eWeek, August 20, 2009. http://www.eweek.com/c/a/Security/Stolen-Credit-Card-Data-Goes-for-Cheap-on-Cyber-Black-Market-891275/ (accessed March 24,2010).
Privacy Rights Clearinghouse. “Chronology of Data Breaches,” April 20, 2005 (last updated, Dec. 31, 2013). http://www.privacyrights.org/data-breach (accessed June 30, 2014).
“Putting Big Data to Work for Your Business,” Q1 2013 issue of Aon One, April 2013. http://one.aon.com/putting-big-data-work (accessed March 13, 2014).
Purcell, James. “Security Control Types and Operational Security” (GIAC.org, February 12, 2007). http://www.giac.org/resources/whitepaper/operations/207.php (accessed March 15, 2010).
Quinn, Stephen, David Waltermire, Christopher Johnson, Karen Scarfone, and John Banghart. “The Technical Specification for the Security Content Automation Protocol (SCAP),” National Institute of Standards and Technology Special Publication 800-126 NIST SP 800-126. Gaithersburg, MD, United States Department of Commerce, 2009.
Ranum, Marcus J. The Myth of Homeland Security. Indianapolis: Wiley Publications, 2004.
“Re: Privacy” (New York Post, April 12, 2010). http://www.nypost.com/f/print/news/business/jobs/re_privacy_zUsPRscheD905WKCSVv2qM (accessed May 12, 2010).
“Recommended Practice: Developing an Industrial Control Systems Cybersecurity Incident Response Capability” (Homeland Security, October 2009). http://csrp.inl.gov/Documents/final-RP_ics_cybersecurity_incident_response_100609.pdf (accessed May 2, 2010).
“Remote Access Standard” (Montgomery College, August 12, 2008). http://cms.montgomerycollege.edu/WorkArea/linkit.aspx?LinkIdentifier=id&ItemID=846 (accessed April 14, 2010).
“Report to the Congress on Review of Regulations Affecting Online Delivery of Financial Products and Services” (U.S. Department of the Treasury, Comptroller of the Currency, November 2001). http://www.occ.treas.gov/netbank/729jrptnov1601.doc (accessed May 20, 2010).
“Rising Numbers and Costs of Data Breaches” (Healthitlawblog.com, January 28, 2010). http://www.healthitlawblog.com/tags/data-breach/ (accessed March 4, 2010).
“The Risk of At-Work Surfers” (E-CommerceAlert.com, November 23, 2004). http://www.e-commercealert.com/article645.shtml (accessed April 24, 2010).
Risk Based Security, Inc. “Data Breach QuickView: An Executive’s Guide to 2013 Data Breach Trends,” 2013. https://www.riskbasedsecurity.com/reports/2013-DataBreachQuickView.pdf (accessed July 2, 2014).
Rupert, Brad. “IT Guidance to the Legal Team” (SANS Institute Reading Room, April 15, 2009). http://www.sans.org/reading_room/whitepapers/legal/guidance-legal-team_33308 (accessed May 14, 2010).
Schulz, David. “College Rupture impacts 300,000 Students & Staff: Why is this breach different from all other breaches?” Privacy Writes, Oct. 15, 2012. http://www.501cybersecurity.com/2012/10/may-september-college-rupture-impacts-300000-students-staff-why-is-this-different/ (accessed June 30, 2014).
“Security Incident Response Procedure (Visa, 2007). http://www.visa-asia.com/ap/sea/merchants/riskmgmt/includes/uploads/SecurityIncidentRespProcd.pdf (accessed May 3, 2010).
Smith, Tim. “Lack of security policy cited in S.C. breach” (Greenville Online, Nov. 14, 2012). http://www.usatoday.com/story/news/nation/2012/11/14/lack-computer-security-policy-sc-hacking/1704529/ (accessed May 1, 2014).
“Standards for Security Categorization of Federal Information and Information Systems,” Publication 199. U.S. Dept. of Commerce, National Institute of Standards and Technology, February 2004.
“Standards for Security Categorization of Federal Information and Information Systems,” NIST Special Publication 199 (National Institute of Standards and Technology [NIST], February 2004). http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf (accessed March 26, 2010).
Stanford University Information Security Office, “Data Classification, Access, Transmittal, and Storage.” http://www.stanford.edu/group/security/securecomputing/dataclass_chart.html (n.d.), (accessed May 1, 2014).
Stempel, Jonathan. Reuters, “Target, security auditor Trustwave are sued over data breach.” Reuters, March 26, 2014. http://www.reuters.com/article/2014/03/26/us-target-trustwave-lawsuit-idUSBREA2P0B020140326 (accessed March 27, 2014).
“Stolen laptops cause data breach for Coca-Cola.” Globalscape, January 27, 2014. http://www.globalscape.com/blog/2014/1/27/stolen-laptops-cause-data-breach-for-cocacola (accessed May 1, 2014).
SUNY Levine Institute. “Advances in Information Technology.” (n.d.) http://www.globalization101.org/advances-in-information-technology/ (accessed June 29, 2014).
Target Corporation. “Corporate overview” (n.d.) http://investors.target.com/phoenix.zhtml?c=65828&p=irol-homeprofile (accessed June 29, 2014).
Target Corporation, “Corporate fact sheet,” (n.d.). http://pressroom.target.com/corporate (accessed March 10, 2014).
“TechEncyclopedia.” Definition of system software (Techweb.com, 2010). http://www.techweb.com/encyclopedia/defineterm.jhtml?term=systemsoftware (accessed March 25, 2010).
Telecommunications Industry Association. http://www.tiaonline.org/index.cfm (accessed March 8, 2010).
Teschner, Charles, Dr. Peter Golder, and Thorsten Liebert. “Bringing Back Best Practices in Risk Management: Banks’ Three Lines Of Defense,” Booz & Company, October 17, 2008. http://www.booz.com/global/home/what_we_think/reports_and_white_papers/ic-display/42753543 (accessed April 30, 2010).
Texas State Library and Archives Commission. “Local Schedule GR, Retention Schedule for Records Common to All Local Governments.” https://www.tsl.texas.gov/slrm/recordspubs/gr.html, July 4, 2012 (accessed May 22, 2014).
“TJX Data Security Breach Saga Continues: Financial Institution Class Action against TJX Survives Based on Unfair Competition Claim Predicated on Statements in FTC Complaint against T.J. Maxx / Marshalls’ Parent Company” (Digitalmedialawyerblog.com, August 10, 2009). http://www.digitalmedialawyerblog.com/2009/08/tjx_data_security_breach_saga.html (accessed March 4, 2010).
“Top 10 Information Security Threats for 2010” (Help Net Security, January 14, 2010). http://www.net-security.org/secworld.php?id=8709 (accessed April 10, 2010).
“Top 10 Vulnerability Scanners” (SecTools.org, n.d.). http://sectools.org/vuln-scanners.html (accessed May 15, 2010).
“Unlearnt Lessons from Barings” (Karvy.com, n.d.). http://www.karvy.com/articles/baringsdebacle.htm (accessed April 11, 2010).
U.S. Department of Energy. “DNS Policies & Procedures” (U.S. Department of Energy, n.d.). http://cio.energy.gov/policy-guidance/952.htm (accessed April 15, 2010).
U.S. Department of Energy, Office of Inspector General, Special Report: IG-0900, “Department of Energy’s July 2013 Cyber Security Breach,” December 6, 2013. http://energy.gov/ig/downloads/special-report-ig-0900 (accessed May 20, 2014).
U.S. Department of Health and Human Services. “New rule protects patient privacy, secures health information” (press release), January 17, 2013. http://www.hhs.gov/news/press/2013pres/01/20130117b.html (accessed June 30, 2014).
U.S. Department of Veterans Affairs. Federal Information Security Management Act Audit for Fiscal Year 2012, June 27 2013. http://www.va.gov/oig/pubs/VAOIG-12-01712-229.pdf (accessed June 30, 2014).
U.S. Secret Service and Carnegie Mellon University. “Insider Threat Study: Computer Sabotage in Critical Infrastructure Sectors” (U.S. Secret Service and Carnegie Mellon University CERT Program, May 2005). http://www.cert.org/insider_threat/insidercross.html (accessed April 12, 2010).
“VA Investigating Security Breach of Veterans’ Medical Data” (Nextgov.com, March 9, 2010) http://www.nextgov.com/nextgov/ng_20100309_9888.php (accessed May 14, 2010).
Verizon. “2013 Data Breach Investigations Report.” http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2013_en_xg.pdf (accessed June 30, 2014).
Verizon Business RISK team. “2009 Data Breach Investigations Report” (Verizonbusiness.com, 2009). http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf (Accessed on April 11, 2010).
Verizon Business RISK team. “2009 Data Breach Investigations Supplemental Report” (Verizonbusiness.com, 2010). http://www.bankinfosecurity.com/external/rp_2009-data-breach-investigations-supplemental-report_en_xg.pdf (accessed April 11, 2010).
Vijayan, Jaikumar. “Computer Theft May Have Exposed Patient Data Across Five States” (Computerworld.com, January 4, 2007). http://www.computerworld.com/s/article/9007199/Computer_theft_may_have_exposed_patient_data_across_five_states?intsrc=hm_list (accessed March 25, 2010).
Vijayan, Jaikumar. “NASA breach update: Stolen laptop had data on 10,000 users.” Computer World, Nov. 15, 2012. http://www.computerworld.com/s/article/9233701/NASA_breach_update_Stolen_laptop_had_data_on_10_000_users?taxonomyId=17&pageNumber=2 (accessed May 1, 2014).
“Violation of Sensitive Data Storage Policy Led to Exposure of Info on 3.3 Million Student Loan Recipients” (Dark Reading, March 29, 2010). http://www.darkreading.com/insiderthreat/security/privacy/showArticle.jhtml?articleID=224200648 (accessed May 14, 2010).
“Virtual Private Network Policy,” Information Security Policy Templates Web site (SANS Institute, 2010). http://www.sans.org/security-resources/policies/Virtual_Private_Network.pdf (accessed April 15, 2010).
“Voice Over Internet Protocol (VoIP) Security Policy” (U.S. Department of Transportation, Federal Aviation Administration, September 21, 2009). http://www.faa.gov/documentLibrary/media/Order/1370.108.pdf (accessed April 15, 2010).
Wack, John, Ken Cutler, and Jamie Pole. “Guidelines on Firewalls and Firewall Policy,” NIST SP 800-41, U.S. Department of Commerce, January 2002. http://www.ffiec.gov/…/nis-guide_on_firewall_and_firewall_pol_800_41.pdf (accessed April 15, 2010).
Waldron, Harry. “SEC approves Sarbanes-Oxley changes for section 404,” Microsoft Most Valuable Professional, May 23, 2007. http://msmvps.com/blogs/harrywaldron/archive/2007/05/23/sec-approves-sarbanes-oxley-changes-for-section-404.aspx (accessed June 30, 2014).
Walker, Richard W. “Negligent Employees Cause Most Data Breaches; Mobile Is Key Factor.” BreakingGov.com, March 22, 2012. http://breakinggov.com/2012/03/22/negligent-employees-cause-most-data-breaches-mobile-is-key-fact/ (accessed June 29, 2014).
“What To Do If Compromised: Visa Inc. Fraud Control and Investigations Procedures Version 3.0.” (Visa, Inc., May 2011). http://www.visacemea.com/ac/ais/uploads/cisp_what_to_do_if_compromised.pdf (accessed June 30, 2014).
The White House: Office of the Press Secretary. “Executive Order—Improving Critical Infrastructure Cybersecurity,” February 12, 2013. http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity (accessed June 29, 2014).
“Why Chef?” Chef Software Inc. (n.d.). http://www.getchef.com/chef/” (accessed May 30, 2014).
“Wide Area Network Security Policy” (Government of Nova Scotia, Corporate Policy Manuals, 2010) http://www.gov.ns.ca/treasuryboard/manuals/PDF/300/30408-04.pdf (accessed April 15, 2010).
Yu, Roger, and Mike Snider. “Bans on streaming at work target bandwidth-eating sites,” (USA Today, April 3, 2012) http://usatoday30.usatoday.com/tech/news/story/2012-04-03/employers-ban-streaming-video/53980384/1 (accessed June 30, 2014).
Zeno, Thomas, and Lindsay Holmes. “Data security laws and penalties: Pay IT now or pay out later,” (Tech Republic, Dec. 4, 2013). http://www.techrepublic.com/blog/data-center/data-security-laws-and-penalties-pay-it-now-or-pay-out-later/ (accessed May 18, 2014).
Zimmermann, Stephanie. “Could Target-Style Data Breach Happen to Me?” ABC News, February 13, 2014. http://abcnews.go.com/Blotter/target-style-data-breach-happen/story?id=22483195 (accessed June 29, 2014).