90 What Every Engineer Should Know About Cyber Security
DeFranco, J., and Laplante, P. 2011. Preparing for incident response using the Zachman
framework. IA Newsletter 14 (3).
Grance, T., Kent, K., and Kim, B. 2004. Computer security incident handling guide.
National Institute of Standards and Technology, special publication 800-61,
http://www.csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf
(retrieved January 19, 2010).
Grimes, R. 2010. How advanced persistent threats bypass your network security.
InfoWorld, October 19, 2010.
———. 2012. 5 signs you’ve been hit with an advanced persistent threat. InfoWorld,
October 16, 2012.
Hassell, J. 2012. 7 Tips for establishing a successful BYOD policy. CIO Magazine, May
17, 2012.
Leong, R. 2006. FORZA—Digital forensics investigation framework that incorporates
legal issues. Digital Investigation 3S:29–36.
Lewis and Roca, LLP. 2011. Protecting “nooks and crannies” Bimbo Bakeries USA,
INC. V. Chris Botticella, http://www.lrlaw.com/ipblog/blog.aspx?entry=260
(retrieved January 14, 2013).
Long, J. 2008. No tech hacking: A guide to social engineering, dumpster diving, and shoulder
surng. Burlington, MA: Syngress Press.
Mandia, K., Prosise, C., and Pepe, M. 2003. Incident response & computer forensics,
2nded. New York: McGraw–Hill.
Mell, P., Kent, K., and Nusbaum, J. 2005. Guide to malware incident prevention and
handling. NIST special publication SP800-83, November 2005.
National Security Agency. 2009. Manageable network plan.
NTT. 2009. Communications white paper, 8 elements of complete vulnerability man-
agement. September 2009.
Ponemon Institute. 2012. Cost of cyber crime study: United States” http://www.
ponemon.org/local/upload/file/2012_US_Cost_of_Cyber_Crime_Study_
FINAL6%20.pdf (retrieved January 10, 2013).
SANS Institute. 2009. The importance of security awareness training, http://www.
sans.org/reading_room/whitepapers/awareness/importance-security-aware-
ness-training_33013 (retrieved January 20, 2013).
Scarfone, K. and Mell, P. 2007. Guide to intrusion detection and prevention systems.
NIST special publication 800-94.
Sophos. 2013. Security threat report 2013, http://www.sophos.com/en-us/security-
news-trends/reports/security-threat-report.aspx (retrieved January 9, 2013).
Souppaya, M., and Scarfone, K. 2012. Guidelines for managing and securing mobile
devices in the enterprise. NIST special publication 800-124, July 2012.
Stoneburner, G., Goguen, A., and Feringa, A. 2002. Risk management guide for
information technology systems. NIST special publication 800-30, http://csrc.
nist.gov/publications/nistpubs/800-30/sp800-30.pdf (retrieved on January 23,
2010).
Vance, A. 2012. Data security: Most nders of lost smartphones are snoops. Bloomberg
Businessweek, March 8, 2012.
Zachman, J. 1987. A framework for information systems architecture. IBM Systems
Journal 26 (3): 276–292.
Zhang, X., Li, C., and Zheng, W. 2004. Intrusion prevention system design. The 4th
International Conference on Computer and Information Technology.
Zimmerman, S., and Glavach, D. 2011. Cyber forensics in the cloud. IA Newsletter 14 (1).