Book description
The Handbook of Information Security is a definitive 3-volume handbook that offers coverage of both established and cutting-edge theories and developments on information and computer security. The text contains 180 articles from over 200 leading experts, providing the benchmark resource for information security, network security, information privacy, and information warfare.
Table of contents
- Cover Page
- Title Page
- Copyright
- Dedication
- About the Editor-in-Chief
- Editorial Board
- Contents
- Contributors
- Preface
- Guide to the Handbook of Information Security
-
PART 1: Threats and Vulnerabilities to Information and Computing Infrastructures
- Internal Security Threats
- Physical Security Threats
- Fixed-Line Telephone System Vulnerabilities
- E-Mail Threats and Vulnerabilities
- E-Commerce Vulnerabilities
- Hacking Techniques in Wired Networks
-
Hacking Techniques in Wireless Networks
- INTRODUCTION
- WIRELESS LAN OVERVIEW
- WIRELESS NETWORK SNIFFING
- WIRELESS SPOOFING
- WIRELESS NETWORK PROBING
- AP WEAKNESSES
- EQUIPMENT FLAWS
- DENIAL OF SERVICE
- MAN-IN-THE-MIDDLE ATTACKS
- Wireless MITM
- WAR DRIVING
- WIRELESS SECURITY BEST PRACTICES
- CONCLUSION
- GLOSSARY
- CROSS REFERENCES
- REFERENCES
- FURTHER READING
- Computer Viruses and Worms
- Trojan Horse Programs
- Hoax Viruses and Virus Alerts
- Hostile Java Applets
- Spyware
- Mobile Code and Security
- Wireless Threats and Attacks
- WEP Security
- Bluetooth Security
- Cracking WEP
- Denial of Service Attacks
- Network Attacks
- Fault Attacks
- Side-Channel Attacks
-
PART 2: Prevention: Keeping the Hackers and Crackers at Bay
- Physical Security Measures
- RFID and Security
- Cryptographic Privacy Protection Techniques
- Cryptographic Hardware Security Modules
- Smart Card Security
- Client-Side Security
- Server-Side Security
- Protecting Web Sites
- Database Security
- Medical Records Security
- Access Control: Principles and Solutions
-
Password Authentication
- INTRODUCTION
- TYPES OF IDENTIFICATION/AUTHENTICATION
- HISTORY OF PASSWORDS IN MODERN COMPUTING
- PASSWORD SECURITY—BACKGROUND
- PASSWORD CRACKING TOOLS
- PASSWORD SECURITY ISSUES AND EFFECTIVE MANAGEMENT
- PASSWORD LENGTH AND HUMAN MEMORY
- AN ARGUMENT FOR SIMPLIFIED PASSWORDS
- CONCLUSION
- GLOSSARY
- CROSS REFERENCES
- REFERENCES
- SOFTWARE TOOL REFERENCE
- FURTHER READING
- Computer and Network Authentication
- Antivirus Technology
- Biometric Basics and Biometric Authentication
- Issues and Concerns in Biometric IT Security
- Firewall Basics
-
Firewall Architectures
- INTRODUCTION
- REQUIREMENTS ANALYSIS FOR FIREWALL ARCHITECTURES
- ENTERPRISE FIREWALL ARCHITECTURES
- PACKET-FILTERING ROUTERS
- PERIMETER FIREWALL ARCHITECTURE
- SERVER/HOST FIREWALL ARCHITECTURE
- SCREENED SUBNET FIREWALL ARCHITECTURE
- MULTITIERED/DISTRIBUTED DMZ ARCHITECTURE
- AIR GAP ARCHITECTURE
- CONCLUSION
- GLOSSARY
- CROSS REFERENCES
- FURTHER READING
- Packet Filtering and Stateful Firewalls
- Proxy Firewalls
-
E-Commerce Safeguards
- INTRODUCTION
- CONSUMER CONCERNS ABOUT E-COMMERCE TRANSACTIONS
- E-COMMERCE RISK ASSESSMENT PRINCIPLES AND RECOMMENDATIONS
- RECOMMENDATIONS FOR HOME OFFICE E-COMMERCE MERCHANTS
- E-COMMERCE SAFEGUARDS BEGIN WITH BUILDING TRUST
- A SECURE PAYMENT PROCESSING TECHNICAL ENVIRONMENT
- ADDITIONAL SERVER CONTROLS
- RECAPPING NETWORK SECURITY RESPONSIBILITIES
- SOFTWARE SUPPORT
- CONFIGURATION MANAGEMENT
- BACKUPS
- CONTROLS
- DOCUMENTATION
- MAINTENANCE
- INTERDEPENDENCES
- COST CONSIDERATIONS
- PAYMENT CARD BEST PRACTICES
- CONCLUSION
- GLOSSARY
- CROSS REFERENCES
- FURTHER READING
- Digital Signatures and Electronic Signatures
- E-Mail Security
- Security for ATM Networks
- VPN Basics
- VPN Architecture
- IP-Based VPN
- Identity Management
- The Use of Deception Techniques: Honeypots and Decoys
-
Active Response to Computer Intrusions
- INTRODUCTION: THE CONCEPT OF ACTIVE RESPONSE
- LEVELS OF INTRUSION RESPONSE
- POTENTIAL TECHNICAL BARRIERS FOR INTRUSION RESPONSE
- INVOLVING LAW ENFORCEMENT AGENCIES
- LEVELS OF FORCE: BENIGN THROUGH AGGRESSIVE RESPONSES
- THE ETHICS OF ACTIVE RESPONSE
- THE LEGALITY OF ACTIVE RESPONSE
- CONCLUSION
- GLOSSARY
- CROSS REFERENCES
- REFERENCES
- FURTHER READING
-
PART 3: Detection, Recovery, Management, and Policy Considerations
- Intrusion Detection Systems Basics
- Host-Based Intrusion Detection Systems
-
Network-Based Intrusion Detection Systems
- INTRODUCTION
- NETWORK INTRUSION DETECTION MODELS
- SIGNATURE-BASED NIDSS
- PROTOCOL-BASED INTRUSION DETECTION
- EVASION TECHNIQUES
- TESTING NIDS
- NIDS DEPLOYMENT AND MANAGEMENT
- ECONOMICS OF NIDSs
- LIMITATIONS OF NIDSs AND INNOVATIVE RESEARCH EFFORTS
- CONCLUSION
- GLOSSARY
- CROSS REFERENCES
- REFERENCES
- FURTHER READING
- The Use of Agent Technology for Intrusion Detection
-
Contingency Planning Management
- INTRODUCTION
- GROWING DEPENDENCE ON THE IT INFRASTRUCTURE
- CAUSES OF DOWNTIMES: THE PREVALENCE OF SMALL DISASTERS
- THE COST OF DOWNTIME
- BCM PLANNING
- RISK MANAGEMENT
- RECOVERY STRATEGIES: BACKUP AND RECOVERY OF DATA
- ENSURING CONTINUITY OF OPERATIONS: ALTERNATE SITES STRATEGY
- BACKUP AND RECOVERY FOR WEB-BASED HOSTING SERVICES
- TRAINING, EXERCISING, AND REVIEWING THE PLAN
- BCM/DR PLANNING TEMPLATE
- BUSINESS CONTINUITY AND INVESTMENT SHORTAGE
- CONCLUSIONS
- GLOSSARY
- CROSS REFERENCES
- REFERENCES
- FURTHER READING
- Computer Security Incident Response Teams (CSIRTs)
- Implementing a Security Awareness Program
- Risk Management for IT Security
- Security Insurance and Best Practices
-
Auditing Information Systems Security
- WHY AUDIT INFORMATION SYSTEMS AND SECURITY?
- WHAT IS THE SCOPE OF THE INFORMATION SECURITY AUDIT?
- WHO PERFORMS THE INFORMATION SYSTEMS SECURITY AUDITS?
- WHAT IS THE AUDIT PROCESS?
- WHAT IS THE MANAGEMENT'S RESPONSE TO THE AUDIT RESULTS?
- AUDIT OBJECTIVES, AUDIT WORK PROGRAMS, AND AUDIT TOOLS AND TECHNIQUES
- CONCLUSIONS
- GLOSSARY
- APPENDIX: GOVERNMENT LAWS, DIRECTIVES, AND REGULATIONS
- CROSS REFERENCES
- REFERENCES
- FURTHER READING
-
Evidence Collection and Analysis Tools
- INTRODUCTION
- TYPES OF INVESTIGATIONS AND TOOL SELECTION
- TOOL TESTING, ADMISSIBILITY, AND STANDARDS
- CLASSES OF TOOLS
- INTEGRATED COLLECTION (IMAGING) AND ANALYSIS TOOLS
- DATA RECOVERY UTILITIES
- SPECIALIZED TOOLS FOR E-MAIL AND INTERNET HISTORY ANALYSIS
- PDAs AND OTHER DEVICES
- EVIDENCE COLLECTION HARDWARE
- COLLECTION AND ANALYSIS WORKSTATION
- EVIDENCE COLLECTION FIELD KIT
- CONCLUSION
- GLOSSARY
- CROSS REFERENCES
- REFERENCES
- FURTHER READING
- Information Leakage: Detection and Countermeasures
- Digital Rights Management
-
Web Hosting
- INTRODUCTION
- CATEGORIES
- COMPONENTS OF WEB HOSTING
- SHARED AND DEDICATED SERVERS
- COLOCATION
- MANAGED SERVICES
- MANAGED SECURITY PROVIDERS
- SECURITY AUDITS
- ROOT ACCESS
- SECURITY AND WEB-HOSTING ARCHITECTURES
- DATA RECOVERY: AN IMPORTANT DEFENSE
- FIREWALLS
- ADMINISTRATIVE NETWORKS
- CONCLUSION
- GLOSSARY
- CROSS REFERENCES
- FURTHER READING
- Managing a Network Environment
-
E-Mail and Internet Use Policies
- INTRODUCTION
- PURPOSE AND FUNCTION OF E-MAIL AND INTERNET USE POLICIES
- SCOPE OF E-MAIL AND INTERNET USE POLICIES
- COMPLYING WITH LAWS PROTECTING EMPLOYEE RIGHTS
- PROTECTING THE EMPLOYER'S TRADE SECRETS AND OTHER PROPRIETARY INFORMATION
- PREVENTING EMPLOYEES FROM ENGAGING IN CRIMINAL ACTIVITY
- RESERVING THE EMPLOYER'S RIGHT TO CONDUCT ELECTRONIC MONITORING
- RESPONDING TO GOVERNMENT REQUESTS FOR ELECTRONIC INFORMATION
- RESERVING THE EMPLOYER'S RIGHT TO DISCIPLINE EMPLOYEES UNDER THE POLICY
- SPECIAL ISSUES RELATED TO EMPLOYMENT STATUS
- SPECIAL ISSUES FOR MULTINATIONAL EMPLOYERS
- COORDINATING E-MAIL AND INTERNET USE POLICIES WITH OTHER POLICIES
- COMMUNICATING E-MAIL AND INTERNET USE POLICIES TO EMPLOYEES
- ENFORCING THE POLICY
- CONCLUSION
- GLOSSARY
- CROSS REFERENCES
- REFERENCES
-
Forward Security Adaptive Cryptography: Time Evolution
- SECURITY AND SECRET KEYS
- INTRODUCTION BY EXAMPLE: FORWARD SECURE SIGNATURES
- KEY SECURITY
- THRESHOLD AND FORWARD SECURITY: OVERVIEW
- KEY EVOLUTION: FUNCTIONAL DEFINITIONS FOR FORWARD SECURITY
- FORWARD SECURE PSEUDORANDOM GENERATORS
- FORWARD SECURE SIGNATURES
- FORWARD-SECURE PUBLIC KEY ENCRYPTION
- CONCLUSION
- GLOSSARY
- CROSS REFERENCES
- ACKNOWLEDGMENT
- REFERENCES
- Security Policy Guidelines
- Asset–Security Goals Continuum: A Process for Security
- Multilevel Security
- Multilevel Security Models
- Security Architectures
- Quality of Security Service: Adaptive Security
- Security Policy Enforcement
-
Guidelines for a Comprehensive Security System
- INTRODUCTION
- FORMATION OF THE SECURITY TASK FORCE
- IDENTIFICATION OF BASIC SECURITY SAFEGUARDS
- IDENTIFICATION OF GENERAL SECURITY THREATS
- IDENTIFICATION OF INTENTIONAL THREATS
- IDENTIFICATION OF SECURITY MEASURES AND ENFORCEMENTS
- IDENTIFICATION OF COMPUTER EMERGENCY RESPONSE TEAM SERVICES
- THE FORMATION OF A COMPREHENSIVE SECURITY PLAN
- PREPARING FOR A DISASTER
- CONCLUSION
- GLOSSARY
- CROSS REFERENCES
- REFERENCES
- FURTHER READING
- Reviewers List
- Index
Product information
- Title: Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3
- Author(s):
- Release date: January 2006
- Publisher(s): Wiley
- ISBN: 9780471648321
You might also like
book
Information Security Management, 2nd Edition
Information Security Management, Second Edition arms students with answers to the most critical questions about the …
book
Handbook of Information Security, Volume 1, Key Concepts, Infrastructure, Standards, and Protocols
The Handbook of Information Security is a definitive 3-volume handbook that offers coverage of both established …
book
Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures
In Securing VoIP Networks, two leading experts systematically review the security risks and vulnerabilities associated with …
book
Information Security Risk Assessment Toolkit
In order to protect company’s information assets such as sensitive customer records, health care records, etc., …