Access control, 187, 217–218

Access violations analyses, 217

Accountabilities, 116–117

Advanced persistent threat (APT), 304

Advanced Research Project Agency (ARPA), 75–76

Advisory services, 299

AEA, See American Electronics Association (AEA)

Africa, 55

“Aggressive defensive” operations, 90

Agricultural Age, 11

Air Force’s 53rd Wing, 97

Alleged monopoly actions, 97

Amazon. com, 91

American Electronics Association (AEA), 70

Annual reevaluation

APT, See Advanced persistent threat (APT)

ARPA, See Advanced Research Project Agency (ARPA)

Asia, 53–54

Assessment services, 298

Augmentation, 299

Awareness

BlackBerry, 96

BLS, See U.S. Bureau of Labor Statistics (BLS)

Blue-light cameras, 96

Business

Business managers

C2W, See Command and control warfare (C2W)

Canada, 55

Cellular phones, 105b

CEO, See Chief executive officer (CEO), Corporate executive officer (CEO)

CEP-DR, See Contingency and emergency planning and disaster recovery (CEP-DR)

Changing criminal justice systems, 21–24

Chief executive officer (CEO), 135, 138, 144

Chinese hacking group, 99

CI, See Counterintelligence (CI)

CIKR, See Critical infrastructure and key resources (CIKR)

CIO, See Corporate information officer (CIO)

CKO, See Coherent knowledge-based operations (CKO)

Classified networks security, 60

CNCI, See Comprehensive National Cybersecurity Initiative (CNCI)

Codes of ethics, 277–278

Coherent knowledge-based operations (CKO), 270

Cold calling potential customers, 296

Command and control warfare (C2W), 263

Commercial off-the-shelf software (COTS software), 258–259

Communications technology, 12

Company managers, 44–45

Comprehensive National Cybersecurity Initiative (CNCI), 55–57

Computer forensics, 238–240

Contingency and emergency planning and disaster recovery (CEP-DR), 194

Contingency planning, 217

Corporate cyber security program, 132–152

Corporate ethics, 278–279

Corporate executive officer (CEO), 237

Corporate format, 124–125

Corporate information, determining value, 179–180

Corporate information officer (CIO), 107, 137–139, 144, 155, 219, 229, 236

Corporate leader, 110

Corporate management, 241–242

Corporate strategic business plan, 123, 127

Corporate values, 278–279

Corporation, customers, and competition (three C’s), 32

Corporation overall policy document, 142

Cost-effective cyber security program, 9

Cost-effective method, 120

COTS software, See Commercial off-the-shelf software (COTS software)

Counterintelligence (CI), 60

Critical infrastructure and key resources (CIKR), 61–62

Cumbersome processes, 153

Cyber Command, 98–99

Cyber education expansion, 60

Cyber operations connection, 59

Cyber security, 52, 123, 305

Cyber security function, 29, 176

Cyber security officer, 6–8, 28–29, 34, 104, 125, 152–171, 185, 202, 235–236

Cyber security program and organization establishment, 132

Cyber Security Specialist, 141–142

Cyber wars, 82

Cyber-information world environment, 4

Cyberspace, 14–15, 77

Cyberspace Policy Review, 57

DDoS, See Distributed denial-of-service (DDoS)

Defense Advanced Research Project Agency leaders, 95

“Defensive attacks”, 255–256

Defensive IO, 266

Department of Homeland Security (DHS), 50b, 57, 59, 61–62

Detekt tool, 92

Deterrence strategies and programs, 61

DHS, See Department of Homeland Security (DHS)

Digital battlefield attacks, 90

Director, 237–238

Director of Security, 235–237, 240

Disaster recovery, 195

Distributed denial-of-service (DDoS), 252

DoD, See U.S. Department of Defense (DoD)

E-mail, 76

Easter eggs, 81

EATP, See Education Awareness and Training Program (EATP)

Education, 286

Education Awareness and Training Program (EATP), 185–186, 213–214

EINSTEIN 2 approach, 57–58

EINSTEIN 3 approach, 58–59

Electronic commerce, 77

Electronic mail, 76

Engagement

Environment, changing, 305

“Errors and omissions”, 293

Ethics issues, 274–275

European Union (EU), 53

Federal Enterprise Network management, 57

Federal role in extending cyber security, 61–62

Firmware evaluation, 189–191

First-generation warfare, 250

Formal project management techniques, 136

Framework Core, 25–26

Future Shock, 15–16

GII, See Global information infrastructure (GII)

GIW, See Global information warfare (GIW)

Global business and management environment, 28

Global corporation, cyber security officer in, 106

Global information infrastructure (GII), 10, 28, 72, 77

Global information warfare (GIW), 89, 251

Global nervous system, 13, 75

Global trends, 306

Globalization impact, 307

Gopher, 76

Government-wide cyber CI plan, 60

Hackers, 92, 99

Handgun, 78

Hardware evaluation, 189–191

healthcare.gov, 94

High technology, 66

High-technology crime prevention program (HTCPP), 237

High-technology crimes

High-technology-driven communications, 79–80

High-technology-driven phenomenon, 78–79

HR, See Human Resources (HR)

HTCPP, See High-technology crime prevention program (HTCPP)

Human factor, 24–26

Human Resources (HR), 141

IAPPD 500–1, See Information Assets Protection Policy Document 500–1 (IAPPD 500–1)

IE, See Information environment (IE)

IMs, See Instant messages (IMs)

Industrial Age, 12

Info-warriors, 89

Information

Information Assets Protection Policy Document 500–1 (IAPPD 500–1), 142, 145–146

Information environment (IE), 132, 151, 251, 263

Information operations (IO), 266

Information security (InfoSec), 36, 106, 263–264

Information system (IS), 264, 268

Information technology (IT), 104, 136–137, 202, 254

Information warfare (IW), 91, 95, 247, 252, 264

InfoSec, See Information security (InfoSec)

INFOSEC, See National Information Systems Security (INFOSEC)

Instant messages (IMs), 79

Intel’s Pentium III, 83

Internal use only information types, 183

International Security in Cyberspace, 53

Internet, 17, 30, 52, 75

Internet, Birth of, 13–15

Internet Governance Developments, 53

Internet service providers (ISPs), 29, 78

Interviewing for cyber security officer position, 288

Intrusion detection system deployment, 57–58

Intrusion prevention systems deployment, 58–59

IO, See Information operations (IO)

IS, See Information system (IS)

ISPs, See Internet service providers (ISPs)

IT, See Information technology (IT)

IW, See Information warfare (IW)

“Keep it simple, stupid” principle (“KISS” principle), 147, 206

Knowledge Age, 8–9

Knowledge management (KM), 264, 271–272

LANs, See Local area networks (LANs)

Laws, 24–26

Leadership

“Leap-ahead” technology, 60–61

Legal issues, 24–26

Level-of-effort (LOE), 202–203, 225–226

Liability issues, 279–280

Link-analysis methodology, 228

Linking cyber security program, 228–230

Litmus test, 252

Local area networks (LANs), 188

“Locust Swarm” program, 248

Locusts program, 250

LOE, See Level-of-effort (LOE)

Logic bombs, 82

Management blank check, 108

Message, 83

Metric(s), 202

Metrics charts, 211

Microdot, 83

Microprocessors, 7–8, 71–72

Mission

Moore’s law, 72–73

Multipronged approach, 61

National Cybersecurity Center, 59–60

National information infrastructure (NII), 11, 28

National Information Systems Security (INFOSEC), 267

National Security Agency (NSA), 58–59, 97

National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/HSPD-23), 56

NCB, See Network-centric business (NCB)

NCIs, See Noncompliance inquiries (NCIs)

Netspionage agents, 84

Network-centric business (NCB), 270–271

NIC, See U.S. National Intelligence Council (NIC)

NII, See National information infrastructure (NII)

Noncompliance inquiries (NCIs), 194, 217, 236

NSA, See National Security Agency (NSA)

NSTISSC, See U.S. National Security Telecommunications and Information Systems Security Committee (NSTISSC)

Observe–orient–decide–act loop (OODA loop), 32

Octopus Conference, 54

Off-ramp, 16

Off-site cyber security program organizations, 159–160

Offensive IO, 266

Offensive–defensive cyber attacks, 310

On-ramps, 16

One Source, 71

One-year review, 224

OODA loop, See Observe–orient–decide–act loop (OODA loop)

Operations security (OPSEC), 267–268

Organizational responsibilities, 115

P⁴, See Plans, processes, policies, and procedures (P⁴)

PDAs, See Personal digital assistants (PDAs)

People’s Liberation Army (PLA), 93

People’s Republic of China (PRC), 93

Personal digital assistants (PDAs), 132

Personal information, 181

Personal leader, 110

Pervasive insecurity, 309

PLA, See People’s Liberation Army (PLA)

Plan X, 95

Plans, processes, policies, and procedures (P⁴), 133

PLCs, See Programmable logic controllers (PLCs)

Policy implications, 309–310

PRC, See People’s Republic of China (PRC)

Preemptive strikes, 255–256

Privacy issues, 273–274

Private information, 181

Private information types, 184

Processor serial number (PSN), 83

Programmable logic controllers (PLCs), 90

Project(s), 226–227

PSN, See Processor serial number (PSN)

Quality statements, 112–114

R&D, See Research and development (R&D)

Radio frequency spectrum (RF spectrum), 256–257

Recruiting cyber security professionals, 168–171

“Regin” malware, 91

Regional Financial Associates (RFA), 70

Regular employees, 43

Regulations, 24–26

Requirements identification function, 184–185

Research and development (R&D), 59

Return on investment (ROI), 269

RF spectrum, See Radio frequency spectrum (RF spectrum)

RFA, See Regional Financial Associates (RFA)

Risk management, 115, 191

Road Map for Internet, 16–17

ROI, See Return on investment (ROI)

Samsung Electronics, 97

SBP, See Strategic business plan (SBP)

Second-generation warfare, 251

Secret Service, 97

Security implementation, 299

Security tests and evaluations (ST&E), 193, 212–213

Security—defensive approach, 304–305

Senior corporate and government leadership, 303

Senior leadership, 303

Sensitive information, 132, 184

SIC, See U.S. Standard Industrial Classifications (SIC)

Software evaluation, 189–191

South America, 54

Spy agency, 98

Spyware, 94

ST&E, See Security tests and evaluations (ST&E)

Stand-alone microcomputers, 208

Standards, 24–26

Steganography, 83

Strategic business plan (SBP), 135, 151

Stuxnet, 90

Subordinate organizations development, 156–160

Syrian Twitter, 92

Tactical business plan (TBP), 135, 151

Team leader, 110

Technology, 63–64

Telecommunications, 196–197

Terms of reference (TOR), 261

TIC initiative, See Trusted Internet Connections initiative (TIC initiative)

Time factor, 183

Tofflers’ model of technological evolution, 11

Topic-oriented information assets protection policy documents, 147

TOR, See Terms of reference (TOR)

“Touchy-feely don’t-hold-me-responsible” management, 39

Traf-O-Data, 74

Transmuting international terrorism, 309

Trojan horses, 81–82

Trusted Internet Connections initiative (TIC initiative), 57

Turf battles, 43

Turing Test, 96

Twenty-first century technology, 84–86

U.K. Cyber Security Strategy, 98

U.S. Bureau of Labor Statistics (BLS), 70–71

U.S. Department of Defense (DoD), 251

U.S. Department of Homeland Security, 95

U.S. federal government computer security standards, 302

U.S. National Intelligence Council (NIC), 306

U.S. National Security Telecommunications and Information Systems Security Committee (NSTISSC), 267

U.S. Standard Industrial Classifications (SIC), 69

U.S.–EU Cyber Security-Related Cooperation, 53

United States, 55–57

US-CERT, 57–58

Usenet newsgroup, 76

Valuing information, 179, 182

Viruses, 80–81

Vision statements, 112–113

Vulnerability, 267

Water pumping stations, 250

Webster’s Dictionary, 239

Whistleblower, 277

Work, 287b

World Wide Web (Web), 14, 76–77

Worms, 81