© obpcnh/Shutterstock
References
Accredited Standards Committee X9 Incorporated, http://www.x9.org, accessed March 8, 2010.
Alberta Health Services, “Policy Development Framework,” April 25, 2016, https://extranet.ahsnet.ca/teams/policydocuments/1/clp-pdf-pol-devt-framework.pdf, accessed April 18, 2020.
Allbusiness, “Boston Attorney General Investigates E-Mail Destruction,” January 1, 2010, http://www.allbusiness.com/government/government-bodies-offices-public/13829522-1.html, accessed May 14, 2010.
American Speech-Language-Hearing Association, “Health Information Technology for Economics and Clinical Health (HITECH) Act,” https://www.asha.org/Practice/reimbursement/hipaa/HITECH-Act/, accessed April 10, 2020.
ArticleInput.com, “A Few Facts on Information Security and Accountability,” 2009, http://www.articleinput.com/e/a/title/A-few-facts-on-information-security-and-accountability/, accessed March 10, 2010.
Asia-Pacific Economic Cooperation, “APEC Privacy Framework,” https://www.apec.org/Publications/2005/12/APEC-Privacy-Framework, accessed April 11, 2020.
Baker & Hostetler LLP, “State Data Breach Statute Form,” http://www.bakerlaw.com/files/Uploads/Documents/Data%20Breach%20documents/State_Data_Breach_Statute_Form.pdf, accessed June 2, 2014.
Barrett, Jim, “Electronic Discovery Employment Roundtable,” AterWynne LLP, October 19, 2006, http://www.aterwynne.com/files/ERT_%20Electronic%20discovery.PDF, accessed March 26, 2010.
Bloch, Michael, Sven Blumberg, and Jürgen Laartz, “Delivering Large-Scale IT Projects on Time, on Budget, and on Value,” McKinsey & Company, Insights & Publications, October 2012, http://www.mckinsey.com/insights/business_technology/delivering_large-scale_it_projects_on_time_on_budget_and_on_value, accessed March 10, 2014.
Bloomberg, “Kerviel’s New Lawyers Will Focus on SocGen Conduct,” July 30, 2008, http://www.bloomberg.com/apps/news?pid=20601085&sid=aWbERdIeyYO4&refer=europe, accessed April 12, 2010.
Calfa, Jimena, “Difference between QA and QC,” American Society for Quality, October 13, 2011, http://www.onquality.info/2011/10/difference-between-qa-and-qc.html, accessed May 1, 2014.
Caputo, Kim, CMM Implementation Guide: Choreographing Software Process Improvement. New York, NY: Addison-Wesley Professional, 1998.
Carroll, Rory, “Snowden Used Simple Technology to Mine NSA Computer Networks,” The Guardian, February 9, 2014, http://www.theguardian.com/world/2014/feb/09/edward-snowden-used-simple-technology-nsa, accessed March 20, 2014.
“Case Study: Using Security Awareness to Combat the Advanced Persistent Threat,” 13th Colloquium for Information Systems Security Education, June 2009, http://www.cisse2009.com/colloquia/cisse13/proceedings/PDFs/Papers/S03P02.pdf, accessed May 20, 2010.
Center for Strategic and International Studies, “Significant Cyber Incidents,” https://www.csis.org/programs/technology-policy-program/significant-cyber-incidents, accessed April 10, 2020.
CERT, “Creating a Financial Institution CSIRT: A Case Study,” http://www.cert.org/csirts/AFI_case-study.html, accessed May 2, 2010.
Ch., Radoslave, “Cloud Computing Statistics 2020,” Techjury, March 28, 2019, https://techjury.net/stats-about/cloud-computing/, accessed April 13, 2020.
Chaudhuri, Saabira, “Cost of Replacing Credit Cards After Target Breach Estimated at $200 Million,” The Wall Street Journal, February 18, 2014, http://online.wsj.com/news/articles/SB10001424052702304675504579391080333769014?mg=reno64-wsj&url=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424052702304675504579391080333769014.html, accessed June 29, 2014.
Chef, “Why Chef?,” https://www.chef.io/why-chef/, accessed May 30, 2014.
Cheng, Andria, “Two Months After Damaging Data Breach, Target Stock Has Its Best Day in 5 Years,” Market Watch Wall Street Journal, February 26, 2014, http://blogs.marketwatch.com/behindthestorefront/2014/02/26/two-months-after-damaging-data-breach-target-stock-has-its-best-day-in-5-years/, accessed March 10, 2014.
CIPP Guide, “OMB Memorandum 07-16 Safeguarding Against and Responding to the Breach of Personally Identifiable Information,” https://www.cippguide.org/2010/05/04/omb-memorandum-07-16-safeguarding-against-and-responding-to-the-breach-of-personally-identifiable-information/, accessed April 15, 2020.
Clay, Kelly, “Amazon.com Goes Down, Loses $66,240 Per Minute,” Forbes, August 19, 2013, http://www.forbes.com/sites/kellyclay/2013/08/19/amazon-com-goes-down-loses-66240-per-minute, accessed May 1, 2014.
Columbus, Louis, “Public Cloud Soaring to $331B by 2022 According to Gartner,” Forbes, https://www.forbes.com/sites/louiscolumbus/2019/04/07/public-cloud-soaring-to-331b-by-2022-according-to-gartner/#39bdacfb5739, accessed April 13, 2020.
Committee of Sponsoring Organizations of the Treadway Commission, “COSO Internal Control—Integrated Framework Executive Summary,” May 14, 2013, accessed May 20, 2014.
“Compliance E-mail Retention System Crucial under SEC17a-4,” SEC17a-4Compliance.com, http://www.sec17a-4compliance.com/ediscovery, accessed May 9, 2010.
Constantin, Lucian, “DDoS Attack Against Spamhaus Was Reportedly the Largest in History,” Infoworld, March 27, 2013, http://www.infoworld.com/d/networking/ddos-attack-against-spamhaus-was-reportedly-the-largest-in-history-215352?page=0,0, accessed June 29, 2014.
Conway, Tara, Susan Keverline, Michelle Keeney, Eileen Kowalski, Megan Williams, Dawn Cappelli, Andrew P. Moore, Stephanie Rogers, and Timothy J. Shimeall, “Insider Threat Study: Computer Sabotage in Critical Infrastructure Sectors,” U.S. Secret Service and Carnegie Mellon University CERT Program, May 2005, http://www.cert.org/insider_threat/insidercross.html, accessed April 12, 2010.
Cyprus Shipping Chamber, “Cyber Security Case Study,” July 2017, https://csc-cy.org/wp-content/uploads/2018/06/Cyprus-Shipping-Chamber-Cyber-Security-Case-Study.pdf, accessed April 20, 2020.
“Diagnosing Cornell’s Security Breach,” Cornell Daily Sun, June 24, 2009, http://cornellsun.com/node/37476, accessed May 14, 2010.
Digitalmedialawyerblog.com, “TJX Data Security Breach Saga Continues: Financial Institution Class Action against TJX Survives Based on Unfair Competition Claim Predicated on Statements in FTC Complaint against T.J. Maxx / Marshalls’ Parent Company,” August 10, 2009, http://www.digitalmedialawyerblog.com/2009/08/tjx_data_security_breach_saga.html, accessed March 4, 2010.
Dilanian, Ken, and Richard A. Serrano, “Snowden Leaks Severely Hurt U.S. Security, Two House Members Say,” Los Angeles Times, January 9, 2014. http://articles.latimes.com/2014/jan/09/nation/la-na-snowden-intel-20140110, accessed March 20, 2014.
E-CommerceAlert.com, “The Risk of At-Work Surfers,” November 23, 2004, http://www.e-commercealert.com/article645.shtml, accessed April 24, 2010.
Egress.com, “IT Leaders and Employees Differ on Data Ethics, Ownership and Root Causes of Insider Breaches,” May 22, 2019, https://www.egress.com/en-US/news/insider-data-breach-survey-2019-na, accessed April 15, 2020.
“The Eight Classic Types of Workplace Behavior,” HR Magazine, September 2000. http://findarticles.com/p/articles/mi_m3495/is_9_45/ai_65578688/, accessed March 7, 2010.
EMA, “EMA’s 2008 Survey of IT Governance, Risk and Compliance Management in the Real World,” 2008, http://eval.symantec.com/mktginfo/enterprise/other_resources/b-whitepaper_ema_symantec-it-grc_an_06-2008.en-us.pdf, accessed April 30, 2010.
Erikson, Chris, “Re: Privacy,” New York Post, April 12, 2010, http://www.nypost.com/f/print/news/business/jobs/re_privacy_zUsPRscheD905WKCSVv2qM, accessed May 12, 2010.
eSecurity Planet, “A Case Study in Security Incident Forensics and Response,” March 5, 2001, http://www.esecurityplanet.com/trends/article.php/10751_688797/article.htm, accessed May 2, 2010.
eSecurity Planet, “How To Set Social Networking Policies for Employees,” April 20, 2010, http://www.esecurityplanet.com/views/article.php/3877481/How-To-Set-Social-Networking-Policies-for-Employees.htm, accessed May 14, 2010.
Espelund, Leif, “Predictions 2013: Continued Exponential Data Growth Will Result in Increased Investment in Data Management & Big Data,” March 7, 2013, http://www.symform.com/blog/exponential-data-growth-2013/, accessed March 10, 2014.
ETSI, “Cyber,” https://www.etsi.org/committee/1393-cyber, accessed April 11, 2020.
eWeek, “Microsoft Responds: WMF Vulnerability,” February 2, 2006, http://www.eweek.com/c/a/Windows/Microsoft-Responds-WMF-Vulnerability/, accessed March 28, 2010.
“Executive Order—Improving Critical Infrastructure Cybersecurity,” The White House, Office of the Press Secretary, February 12, 2013, https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity, accessed April 11, 2020.
Fadilpašić, Sead, “DDoS Attacks Are Getting Even Larger,” ITProPortal, September 13, 2018, https://www.itproportal.com/news/ddos-attacks-are-getting-even-larger/, accessed April 14, 2020.
Federal Deposit Insurance Corporation, “501(b) Examination Guidance,” FIL-68-2001, Financial Guidance Letters, August 24, 2001, http://www.fdic.gov/news/news/financial/2001/fil0168.html, accessed May 20, 2010.
Federal Deposit Insurance Corporation, “FFIEC Supplement to Authentication in an Internet Banking Environment,” June 29, 2011. http://www.fdic.gov/news/news/financial/2011/fil11050.html, accessed June 30, 2014.
Federation of American Scientists, “National Security Information EO 12356,” April 2, 1982, http://www.fas.org/irp/offdocs/eo12356.htm, accessed March 27, 2010.
Glaser, John, “Management’s Role in IT Project Failures: Senior Managers Obviously Have Great Interest in Seeing That Projects Become Successful. Yet Despite Best Intentions, All Too Often They Wind Up Playing a Pivotal Role in Ensuring Project Failure,” Allbusiness.com, October 2004, http://www.allbusiness.com/technology/technology-services/237595-1.html, accessed April 26, 2010.
Globalscape, “Stolen Laptops Cause Data Breach for Coca-Cola,” January 27, 2014. http://www.globalscape.com/blog/2014/1/27/stolen-laptops-cause-data-breach-for-cocacola, accessed May 1, 2014.
Goodin, Dan, “New Advanced Malware, Possibly Nation Sponsored, Is Targeting US Utilities,” Ars Technica, https://arstechnica.com/information-technology/2019/08/new-advanced-malware-possibly-nation-sponsored-is-targeting-us-utilities/, accessed April 10, 2020.
Gorman, Siobhan, August Cole, and Yochi Dreazen, “Computer Spies Breach Fighter-Jet Project,” Wall Street Journal, April 21, 2009. http://online.wsj.com/article/SB124027491029837401.html, accessed April 11, 2010.
“Governor O’Malley’s 15 Strategic Policy Goals,” State of Maryland StateStat, http://www.gov.state.md.us/statestat/gdu.asp, accessed March 14, 2010.
Gralla, Preston, “Windows Market Share Dips Again; World and Microsoft Survive,” ComputerWorld Blogs, January 4, 2010, http://blogs.computerworld.com/15344/windows_market_share_dips_again_world_and_microsoft_survive, accessed April 2010.
Grier, Sam, “ISACA Releases the Risk IT Framework Draft,” IT Manager’s Inbox, http://itmanagersinbox.com/1007/isaca-releases-the-risk-it-framework-draft/, accessed April 30, 2010.
Halock Security Labs, “Building a Security Program Using ISO 27001,” http://www.halock.com/Downloads/Case_Study/AIM%20Case%20Study.pdf, accessed March 17, 2010.
Harress, Christopher, “Obama Says Cyberterrorism Is Country’s Biggest Threat, U.S. Government Assembles ‘Cyber Warriors,’” International Business Times, February 18, 2014, http://www.ibtimes.com/obama-says-cyberterrorism-countrys-biggest-threat-us-government-assembles-cyber-warriors-1556337, accessed June 29, 2014.
Health Management Technology, “Organized Security,” 2010, http://www.healthmgttech.com/index.php/solutions/hospitals/organized-security.html, accessed March 8, 2010.
Healthitlawblog.com, “Rising Numbers and Costs of Data Breaches,” January 28, 2010, http://www.healthitlawblog.com/tags/data-breach/, accessed March 4, 2010.
Help Net Security, “Average DDoS Attack Sizes Decrease 85% Due to FBI’s Shutdown of DDoS-for-Hire Websites,” March 21, 2019, https://www.helpnetsecurity.com/2019/03/21/average-ddos-attack-sizes-decrease/, accessed April 14, 2020.
Help Net Security, “Top 10 Information Security Threats for 2010,” January 14, 2010, http://www.net-security.org/secworld.php?id=8709, accessed April 10, 2010.
Higgins, Kelly Jackson, “Violation of Sensitive Data Storage Policy Led to Exposure of Info on 3.3 Million Student Loan Recipients,” DarkReading, March 29, 2010, http://www.darkreading.com/insiderthreat/security/privacy/showArticle.jhtml?articleID=224200648, accessed May 14, 2010.
HostingFacts, “Internet Stats and Facts (2020),” https://hostingfacts.com/internet-facts-stats/, accessed April 10, 2020.
Hu, Vincent C., David Ferraiolo, Rick Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, and Karen Scarfone, “Guide to Attribute Based Access Control (ABAC) Definition and Considerations,” National Institute of Standards and Technology, January 2014, http://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.sp.800-162.pdf, accessed March 11, 2014.
IBM, “IBM Security Solutions X-Force(r) 2009 Trend and Risk Report: Annual Review of 2009,” 2010, http://www-935.ibm.com/services/us/iss/xforce/trendreports/, accessed April 10, 2010.
Industry.bnet.com, “Financial Roundup: Total Bank Losses to $3.6 Trillion, Mortgage Lender Breaks, Half of CDOs in Default,” February 13, 2009, http://industry.bnet.com/financial-services/1000403/financial-roundup-total-bank-losses-to-36-trillion-mortgage-lender-breaks-half-of-cdos-in-default/, accessed March 6, 2010.
Information Security Oversight Office, “Information Security Oversight Report 2009,” March 10, 2010, http://www.archives.gov/isoo/reports/2009-annual-report.pdf, accessed March 27, 2010.
Internet Security Systems, “Computer Security Incident Response Planning,” http://documents.iss.net/whitepapers/csirplanning.pdf, accessed May 1, 2010.
Internet World Stats, https://www.internetworldstats.com/stats.htm
ISACA, “COBIT 4.1,” 2007, http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx, accessed February 13 and March 24, 2010.
ISACA, “COBIT 5 Design Paper Exposure Draft,” 2010, http://www.isaca.org/ContentManagement/ContentDisplay.cfm?ContentID=56448, accessed April 30, 2010.
ISACA, “COBIT 5 Introduction,” http://www.isaca.org/cobit/documents/cobit5-introduction.ppt, accessed June 30, 2014.
“ISO/IEC 27002:2005 Information Technology—Security Techniques—Code of Practice for Information Security Management,” InsecT Ltd., 2010, http://www.iso27001security.com/html/27002.html, accessed March 8, 2010.
ITIL, http://www.itil-officialsite.com/home/home.asp, accessed March 22, 2010.
Jansen, Wayne, and Karen Scarfone, “Guidelines on Cell Phone and PDA Security,” NIST SP 800-124, NIST Computer Security Division, October 2008, http://csrc.nist.gov/publications/nistpubs/800-124/SP800-124.pdf, accessed March 8, 2010.
Jarmom, David, “A Preparation Guide to Information Security Policies,” SANS Institute, 2002, http://www.sans.org/reading_room/whitepapers/policyissues/preparation-guide-information-security-policies_503, accessed March 7, 2010.
Javaid, Adeel, “Code Error Caused Million Hearts to Bleed,” Linkedin.com, April 11, 2014, http://www.linkedin.com/today/post/article/20140411161121-71158614-code-error-caused-million-hearts-to-bleed, accessed May 1, 2014.
JobStreet, “Salary Report, Position Title: Call Center Agent, Country: Philippines,” 2010, http://myjobstreet.jobstreet.com/career-enhancer/basic-salary-report.php?param=Call%20Center%20Agent%7C000%7Cph%7C%7Cph, accessed March 24, 2010.
Johnson, Arnold, Kelley Dempsey, Ron Ross, Sarbari Gupta, and Dennis Bailey, “Guide for Security Configuration Management of Information Systems,” National Institute of Standards and Technology Special Publication 800-128 initial public draft (NIST SP 800-128). Gaithersburg, MD: United States Department of Commerce, 2010.
K&L Gates, “Court Orders Broad Discovery of Class Members’ Social Media, Text Messages & Email,” November 13, 2012, http://www.ediscoverylaw.com/2012/11/articles/case-summaries/court-orders-broad-discovery-of-class-members-social-media-text-messages-email/, accessed May 22, 2014.
Kaplan, Dan, “U.S. House to Toughen Internal Cybersecurity Policy,” SC Magazine, December 16, 2009, http://www.scmagazineus.com/us-house-to-toughen-internal-cybersecurity-policy/article/159785/, accessed May 2, 2010.
Karvy, “Unlearnt Lessons from Barings,” http://www.karvy.com/articles/baringsdebacle.htm, accessed April 11, 2010.
Keeper Security, “2018 State of Cybersecurity in Small & Medium Size Businesses,” Ponemon Institute, 2018, https://keepersecurity.com/assets/pdf/Keeper-2018-Ponemon-Report.pdf, accessed April 15, 2020.
Kemp, Simon, “Digital 2019: Global Internet Use Accelerates,” We Are Social, https://wearesocial.com/blog/2019/01/digital-2019-global-internet-use-accelerates, accessed April 10, 2020.
Krebs, Brian, “Chinese Hackers Blamed for Intrusion at Energy Industry Giant Telvent,” Krebs on Security, September 26, 2012, http://krebsonsecurity.com/2012/09/chinese-hackers-blamed-for-intrusion-at-energy-industry-giant-telvent/, accessed May 1, 2014.
Lago, Cristina, “How to Implement a Successful Cybersecurity Plan,” July 10, 2019, https://www.cio.com/article/3295578/how-to-implement-a-successful-security-plan.html, accessed May 8, 2020.
Leapfrog, “What Percentage of Your Company’s Budget Should Be Allocated for IT Operations,” July 30, 2019, https://leapfrogservices.com/percentage-companys-budget-allocated/, accessed April 14, 2020.
Legal Center for Foster Care and Education, “The Uninterrupted Scholars Act: How Do Recent Changes to FERPA Help Child Welfare Agencies Get Access to School Records?,” 2013, http://www.fostercareandeducation.org/portals/0/dmx/2013/02/file_20130211_145758_xjnFqt_0.pdf, accessed June 30, 2014.
Legal Information Institute, “Intellectual Property,” https://www.law.cornell.edu/wex/intellectual_property, accessed April 15, 2020.
LeMay, Renai, “Nessus Security Tool Closes Its Source,” CNET News, October 6, 2005, http://news.cnet.com/Nessus-security-tool-closes-its-source/2100-7344_3-5890093.html, accessed May 15, 2010.
Leyden, John, “The Enemy Within,” The Register, December 2005, http://www.theregister.co.uk/2005/12/15/mcafee_internal_security_survey/, accessed May 1, 2010.
MachroTech, “E-commerce Quick Facts,” 2002, http://www.machrotech.com/services/ecommerce-marketsize-statistics.asp, accessed April 30, 2010.
Malcolm, Hadley, “Target Tech Chief Resigns Amid Security Overhaul,” USA Today, March 6, 2014, http://www.usatoday.com/story/money/business/2014/03/05/target-tech-chief-resigns-data-breach/6070263/, accessed March 10, 2014.
Marr, Bernard, “How Much Data Do We Create Every Day? The Mind-Blowing Stats Everyone Should Read,” Forbes, https://www.forbes.com/sites/bernardmarr/2018/05/21/how-much-data-do-we-create-every-day-the-mind-blowing-stats-everyone-should-read/#3ad8b75b60ba, accessed April 13, 2020.
Marzigliano, Leonard T., “Defense Department Adopts NIST Security Standards,” Information Week, March 14, 2014, http://www.informationweek.com/government/cybersecurity/defense-department-adopts-nist-security-standards/d/d-id/1127706, accessed March 20, 2014.
McAfee, “12 Must-Know Statistics on Cloud Usage in the Enterprise,” March 9, 2017, https://www.skyhighnetworks.com/cloud-security-blog/12-must-know-statistics-on-cloud-usage-in-the-enterprise/, accessed April 13, 2020.
McCann, Erin, “Stanford Reports Fifth Big HIPAA Breach,” HealthcareITNews, June 13, 2013, http://www.healthcareitnews.com/news/stanford-reports-fifth-big-hipaa-breach, accessed May 13, 2014.
McCue, T.J., “Cloud Computing: United States Businesses Will Spend $13 Billion On It,” Forbes, January 29, 2014, http://www.forbes.com/sites/tjmccue/2014/01/29/cloud-computing-united-states-businesses-will-spend-13-billion-on-it/, accessed June 30, 2014.
MediaValet, “What Is a Digital Asset,” https://www.mediavalet.com/blog/what-is-a-digital-asset-2/, accessed April 15, 2020.
Meier, J.D., “Diversification, Coordination, Replication, and Unification,” MSDN Blogs, February 24, 2013, http://blogs.msdn.com/b/jmeier/archive/2013/02/24/diversification-coordination-replication-and-unification.aspx, accessed March 30, 2014.
Meltzer, Joshua, “The Internet, Cross-Border Data Flows and International Trade,” The Brookings Institution: Issues in Technology Innovation, No. 22, February 2013, http://www.brookings.edu/~/media/research/files/papers/2013/02/25%20international%20data%20flows%20meltzer/internet%20data%20and%20trade%20meltzer.pdf, pg. 2, accessed June 29, 2014.
Merchant University, “PCI Compliance & Fines,” http://www.merchantuniversity.org/101-education/security-pci-101/pci-compliance-fines.aspx, accessed June 29, 2014.
Microsoft, “Microsoft Security Advisory 2963983: Vulnerability in Internet Explorer Could Allow Remote Code Execution,” April 26, 2014, https://technet.microsoft.com/en-us/library/security/2963983.aspx, accessed May 28, 2014.
Milford, Kim, Tracy Mitrano, and Steve Shuster, Educause electronic presentation, http://net.educause.edu/ir/library/powerpoint/SPC0662.pps, accessed March 17, 2010.
Montgomery College, “Remote Access Standard,” August 12, 2008, http://cms.montgomerycollege.edu/WorkArea/linkit.aspx?LinkIdentifier=id&ItemID=846, accessed April 14, 2010.
Moscaritolo, Angela, “Record-Breaking DDoS Attack Nears 400 Gbps,” PC Magazine, February 11, 2014, http://www.pcmag.com/article2/0,2817,2453157,00.asp, accessed June 29, 2014.
NACS, “Nevada Mandates PCI DSS,” June 24, 2009, http://www.nacsonline.com/NACS/News/Daily/Pages/ND0624094.aspx, accessed March 26, 2010.
Nash, Kim S., “Information Technology Budgets: Which Industry Spends the Most?,” CIO, November 2, 2007, http://www.cio.com/article/151301/Information_Technology_Budgets_Which_Industry_Spends_the_Most_, accessed March 10, 2014.
Nash, Troy, “An Undirected Attack Against Critical Infrastructures: A Case Study for Improving Your Control System Security,” US-CERT Control Systems Security Center, Lawrence Livermore National Laboratory, September 2005, http://www.us-cert.gov/control_systems/pdf/undirected_attack0905.pdf, accessed April 11, 2010.
National Cybersecurity Alliance and Symantec, “2012 NCSA/Symantec National Small Business Study,” October 2012, https://www.staysafeonline.org/stay-safe-online/resources/, accessed June 30, 2014.
National Institute of Standards and Technology, “Contingency Planning Guide for Information Technology Systems,” NIST Special Publication 800-34, June 2002, http://csrc.nist.gov/publications/nistpubs/800-34/sp800-34.pdf, accessed March 26, 2010.
National Institute of Standards and Technology, “Federal Desktop Core Configuration (FDCC),” 2010, http://nvd.nist.gov/fdcc/index.cfm, accessed May 12, 2010.
National Institute of Standards and Technology, “National Institute of Standards and Technology Special Publications (800 Series),” http://csrc.nist.gov/publications/PubsSPs.html, accessed March 8, 2010.
National Institute of Standards and Technology, “Standards for Security Categorization of Federal Information and Information Systems,” NIST Special Publication 199, February 2004, http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf, accessed March 26, 2010.
Newman, Jared, “The Target Credit Card Breach: What You Should Know,” Time, December 19, 2013, http://techland.time.com/2013/12/19/the-target-credit-card-breach-what-you-should-know/, accessed June 29, 2014.
Nextgov, “VA Investigating Security Breach of Veterans’ Medical Data,” March 9, 2010, http://www.nextgov.com/nextgov/ng_20100309_9888.php, accessed May 14, 2010.
Nichols, Russell, “California Issues Telework Policy to Curb Cyber-Security Risks,” Government Technology, March 3, 2010, http://www.govtech.com/gt/748172, accessed March 17, 2010.
Nova Scotia, “Wide Area Network Security Policy,” 2010, http://www.gov.ns.ca/treasuryboard/manuals/PDF/300/30408-04.pdf, accessed April 15, 2010.
Office of Homeland Security, “Recommended Practice: Developing an Industrial Control Systems Cybersecurity Incident Response Capability,” October 2009, http://csrp.inl.gov/Documents/final-RP_ics_cybersecurity_incident_response_100609.pdf, accessed May 2, 2010.
Office of the Comptroller of the Currency, “Supervisory Guidance on Operational Risk Advanced Measurement Approaches for Regulatory Capital,” July 2, 2003, http://www.occ.treas.gov/ftp/release/2003-53c.pdf, accessed April 30, 2010.
Office of the Director of National Intelligence, “Information Sharing and the Private Sector,” http://www.ise.gov/pages/partner-private.aspx, accessed March 10, 2010.
Online Trust Alliance, “2014 Data Protection and Breach Readiness Guide,” April 7, 2014, https://www.otalliance.org/resources/data-breach-protection, accessed June 30, 2014.
Ooma, “Call Anywhere in the U.S. with No Monthly Fee,” http://www.ooma.com, accessed March 27, 2010.
Open Web Application Security Project, “OWASP Risk Rating Methodology,” May 13, 2014, https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology, accessed May 30, 2014.
PCI Security Standards Council, https://www.pcisecuritystandards.org, accessed June 30, 2014.
Ponemon Institute, “2011 Cost of Data Breach Study,” March 2012, http://www.ponemon.org/local/upload/file/2011_US_CODB_FINAL_5.pdf, accessed June 29, 2014.
Prince, Brian, “Stolen Credit Card Data Goes for Cheap on Cyber-Black Market,” eWeek, August 20, 2009, http://www.eweek.com/c/a/Security/Stolen-Credit-Card-Data-Goes-for-Cheap-on-CyberBlack-Market-891275/, accessed March 24, 2010.
Privacy Rights Clearinghouse, “Chronology of Data Breaches,” December 31, 2013, http://www.privacyrights.org/data-breach, accessed June 30, 2014.
Purcell, James, “Security Control Types and Operational Security,” GIAC, February 12, 2007, http://www.giac.org/resources/whitepaper/operations/207.php, accessed March 15, 2010.
“Putting Big Data to Work for Your Business,” Aon One, Q1, April 2013, http://one.aon.com/putting-big-data-work, accessed March 13, 2014.
Quinn, Stephen, David Waltermire, Christopher Johnson, Karen Scarfone, and John Banghart, “The Technical Specification for the Security Content Automation Protocol (SCAP),” National Institute of Standards and Technology Special Publication 800-126. Gaithersburg, MD: U.S. Department of Commerce, 2009.
Ranum, Marcus J., The Myth of Homeland Security. Indianapolis: Wiley, 2004.
Risk Based Security, Inc., “Data Breach QuickView: An Executive’s Guide to 2013 Data Breach Trends,” 2013, https://www.riskbasedsecurity.com/reports/2013-DataBreachQuickView.pdf, accessed July 2, 2014.
Robinson, Jasmin, Tamma Sorbello, and Kerrie Unsworth, “Innovation Implementation: The Role of Technology Diffusion Agencies,” Journal of Technology, Management and Innovation, 3, no. 3 (2008): 1–10. http://www.scielo.cl/scielo.php?pid=S0718-27242008000100001&script=sci_arttext, accessed March 6, 2010.
Rupert, Brad, “IT Guidance to the Legal Team,” SANS Institute Reading Room, April 15, 2009, http://www.sans.org/reading_room/whitepapers/legal/guidance-legal-team_33308, accessed May 14, 2010.
SANS, “CyberLaw 101: A Primer on US Laws Related to Honeypot Deployments,” SANS Institute Reading Room, 2007, http://www.sans.org/reading_room/whitepapers/honors/cyberlaw-101-primer-laws-related-honeypot-deployments_1746, accessed May 14, 2010.
SANS, “Database Credentials Policy,” Security Policy Templates, 2010, https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blt2b856a20ea955f3c/5e9dd82045a2a97194a1da17/database_credentials_policy.pdf, accessed April 15, 2010.
SANS, “Developing a Security-Awareness Culture—Improving Security Decision Making,” July 2004, http://www.sans.org/reading_room/whitepapers/awareness/developing-security-awareness-culture-improving-security-decision-making_1526, accessed May 1, 2010.
SANS, “Employee Internet Use Monitoring and Filtering Policy,” SANS Technology Institute Student Projects, November 2007, http://www.sans.edu/resources/student_projects/200711_004.pdf, accessed April 15, 2010.
SANS, “Information Security Policy—A Development Guide for Large and Small Companies,” SANS Institute Reading Room, 2007, http://www.sans.org/reading_room/whitepapers/policyissues/information_security_policy_a_development_guide_for_large_and_small_companies_1331?show=1331.php&cat=policyissues, accessed March 7, 2010.
SANS, “Virtual Private Network Policy,” 2010, http://www.sans.org/security-resources/policies/Virtual_Private_Network.pdf, accessed April 15, 2010.
Schulz, David, “College Rupture Impacts 300,000 Students & Staff: Why Is This Breach Different from All Other Breaches?,” Privacy Writes, October 15, 2012, http://www.501cybersecurity.com/2012/10/may-september-college-rupture-impacts-300000-students-staff-why-is-this-different/, accessed June 30, 2014.
SecTools.org, “Top 10 Vulnerability Scanners,” http://sectools.org/vuln-scanners.html, accessed May 15, 2010.
Smith, Tim, “Lack of Security Policy Cited in S.C. Breach,” USA Today, November 14, 2012, http://www.usatoday.com/story/news/nation/2012/11/14/lack-computer-security-policy-sc-hacking/1704529/, accessed May 1, 2014.
Stanford University, “Disk and Data Sanitization Policy and Guidelines,” July 2005. http://www.stanford.edu/group/security/securecomputing/data_destruction_guidelines.html, accessed March 17, 2010.
Stanford University Information Security Office, “Data Classification, Access, Transmittal, and Storage,” http://www.stanford.edu/group/security/securecomputing/dataclass_chart.html, accessed May 1, 2014.
State of Maryland, Department of Health and Mental Hygiene, “Information Resources Management Administration,” http://dhmh.maryland.gov/irma/, accessed March 8, 2010.
State of Tennessee, Department of Finance and Administration, Office for Information Resources, Information Security Program, “Enterprise Information Security Policies,” April 4, 2008, http://www.tennessee.gov/finance/oir/security/PUBLIC-Enterprise-Information-Security-Policies-v1-6.pdf, accessed March 8, 2010.
Stempel, Jonathan, “Target, Security Auditor Trustwave Are Sued Over Data Breach,” Reuters, March 26, 2014, http://www.reuters.com/article/2014/03/26/us-target-trustwave-lawsuit-idUSBREA2P0B020140326, accessed March 27, 2014.
SUNY Levine Institute, “Advances in Information Technology,” http://www.globalization101.org/advances-in-information-technology/, accessed June 29, 2014.
Target Corporation, “Corporate Fact Sheet,” http://pressroom.target.com/corporate, accessed March 10, 2014.
Target Corporation, “Corporate Overview,” http://investors.target.com/phoenix.zhtml?c=65828&p=irol-homeprofile, accessed June 29, 2014.
TechEncyclopedia, “Definition of System Software,” Techweb.com, 2010, http://www.techweb.com/encyclopedia/defineterm.jhtml?term=systemsoftware, accessed March 25, 2010.
Telecommunications Industry Association, http://www.tiaonline.org/index.cfm, accessed March 8, 2010.
Teschner, Charles, Peter Golder, and Thorsten Liebert, “Bringing Back Best Practices in Risk Management: Banks’ Three Lines of Defense,” Booz & Company, October 17, 2008, http://www.booz.com/global/home/what_we_think/reports_and_white_papers/ic-display/42753543, accessed April 30, 2010.
Texas State Library and Archives Commission, “Local Schedule GR, Retention Schedule for Records Common to All Local Governments,” July 4, 2012, https://www.tsl.texas.gov/slrm/recordspubs/gr.html, accessed May 22, 2014.
TexasWorkForce, “Monitoring Employees’ Use of Company Computers and the Internet,” http://www.twc.state.tx.us/news/efte/monitoring_computers_internet.html, accessed May 14, 2010.
University of Guelph, “Information Technology Security Policy Framework,” January 27, 2010, http://www.uoguelph.ca/cio/sites/uoguelph.ca.cio/files/CIO-ITSecurity-00-PolicyFramework-2009Approved.pdf, accessed April 30, 2010.
University of Huddlesfield, “Policy Framework,” https://www.hud.ac.uk/media/policydocuments/Policy-Framework.pdf, accessed April 18, 2020.
University of Montana, “Guidelines for Appropriate Use of External Communication Systems,” June 29, 2009, http://www.umt.edu/it/policies/externalwebsystems.aspx, accessed March 15, 2010.
University of Texas, “Data Classification Standard,” September 14, 2007, http://www.utexas.edu/its/policies/opsmanual/dataclassification.php, accessed March 28, 2010.
U.S. Department of Energy, “DNS Policies & Procedures,” http://cio.energy.gov/policy-guidance/952.htm, accessed April 15, 2010.
U.S. Department of Energy, Office of Inspector General, Special Report: IG-0900, “Department of Energy’s July 2013 Cyber Security Breach,” December 6, 2013, http://energy.gov/ig/downloads/special-report-ig-0900, accessed May 20, 2014.
U.S. Department of Health and Human Services, “New Rule Protects Patient Privacy, Secures Health Information,” January 17, 2013, http://www.hhs.gov/news/press/2013pres/01/20130117b.html, accessed June 30, 2014.
U.S. Department of Transportation, Federal Aviation Administration, “Voice Over Internet Protocol (VoIP) Security Policy,” September 21, 2009, http://www.faa.gov/documentLibrary/media/Order/1370.108.pdf, accessed April 15, 2010.
U.S. Department of the Treasury, Comptroller of the Currency, “Report to the Congress on Review of Regulations Affecting Online Delivery of Financial Products and Services,” November 2001, http://www.occ.treas.gov/netbank/729jrptnov1601.doc, accessed May 20, 2010.
U.S. Department of Veterans Affairs, “Federal Information Security Management Act Audit for Fiscal Year 2012,” June 27, 2013, http://www.va.gov/oig/pubs/VAOIG-12-01712-229.pdf, accessed June 30, 2014.
U.S. Securities and Exchange Commission, Office of Inspector General, Office of Audits, “Audit of the SEC’s Compliance with the Federal Information Security Modernization Act for Fiscal Year 2017,” https://www.sec.gov/files/Audit-of-the-SECs-Compliance-with-FISMA-for-Fiscal-Year-2017.pdf, accessed April 10, 2020.
VendorSafe Technologies, “Case Study: Fast Food Franchise Security Breach (Multiple Locations),” October 2008, http://www.vendorsafe.com/images/pdfs/CaseStudy_FastFood.pdf, accessed April 30, 2010.
Verizon, “2013 Data Breach Investigations Report,” http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2013_en_xg.pdf, accessed June 30, 2014.
Verizon Business RISK Team, “2009 Data Breach Investigations Report,” 2009, http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf, accessed on April 11, 2010.
Verizon Business RISK Team, “2009 Data Breach Investigations Supplemental Report,” 2010, http://www.bankinfosecurity.com/external/rp_2009-data-breach-investigations-supplemental-report_en_xg.pdf, accessed April 11, 2010.
Vijayan, Jaikumar, “Computer Theft May Have Exposed Patient Data Across Five States,” Computerworld, January 4, 2007, http://www.computerworld.com/s/article/9007199/Computer_theft_may_have_exposed_patient_data_across_five_states?intsrc=hm_list, accessed March 25, 2010.
Vijayan, Jaikumar, “NASA Breach Update: Stolen Laptop Had Data on 10,000 Users,” Computerworld, November 15, 2012, http://www.computerworld.com/s/article/9233701/NASA_breach_update_Stolen_laptop_had_data_on_10_000_users?taxonomyId=17&pageNumber=2, accessed May 1, 2014.
Visa, “Security Incident Response Procedure,” 2007, http://www.visa-asia.com/ap/sea/merchants/riskmgmt/includes/uploads/SecurityIncidentRespProcd.pdf, accessed May 3, 2010.
Visa, “What to Do If Compromised: Visa Inc. Fraud Control and Investigations Procedures Version 3.0,” May 2011, http://www.visacemea.com/ac/ais/uploads/cisp_what_to_do_if_compromised.pdf, accessed June 30, 2014.
Wack, John, Ken Cutler, and Jamie Pole, “Guidelines on Firewalls and Firewall Policy,” NIST SP 800-41, U.S. Department of Commerce, January 2002, http://www.ffiec.gov/.../nis-guide_on_firewall_and_firewall_pol_800_41.pdf, accessed April 15, 2010.
Waldron, Harry, “SEC Approves Sarbanes-Oxley Changes for Section 404,” Microsoft Most Valuable Professional, May 23, 2007, http://msmvps.com/blogs/harrywaldron/archive/2007/05/23/sec-approves-sarbanes-oxley-changes-for-section-404.aspx, accessed June 30, 2014.
Walker, Richard W., “Negligent Employees Cause Most Data Breaches; Mobile Is Key Factor,” BreakingGov, March 22, 2012, http://breakinggov.com/2012/03/22/negligent-employees-cause-most-data-breaches-mobile-is-key-fact/, accessed June 29, 2014.
White House, Office of the Press Secretary, “Executive Order—Improving Critical Infrastructure Cybersecurity,” February 12, 2013, http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity, accessed June 29, 2014.
Yu, Roger, and Mike Snider, “Bans on Streaming at Work Target Bandwidth-Eating Sites,” USA Today, April 3, 2012, http://usatoday30.usatoday.com/tech/news/story/2012-04-03/employers-ban-streaming-video/53980384/1, accessed June 30, 2014.
Zeno, Thomas, and Lindsay Holmes, “Data Security Laws and Penalties: Pay IT Now or Pay Out Later,” Tech Republic, December 4, 2013, http://www.techrepublic.com/blog/data-center/data-security-laws-and-penalties-pay-it-now-or-pay-out-later/, accessed May 18, 2014.
Zimmermann, Stephanie, “Could Target-Style Data Breach Happen to Me?,” ABC News, February 13, 2014, http://abcnews.go.com/Blotter/target-style-data-breach-happen/story?id=22483195, accessed June 29, 2014.