Computer and Information Security Handbook

Computer and Information Security Handbook

2nd Edition - November 5, 2012

Write a review

  • Editor: John Vacca
  • eBook ISBN: 9780123946126

Purchase options

Purchase options
DRM-free (PDF, EPub, Mobi)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order


The second edition of this comprehensive handbook of computer and information security provides the most complete view of computer security and privacy available. It offers in-depth coverage of security theory, technology, and practice as they relate to established technologies as well as recent advances. It explores practical solutions to many security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors’ respective areas of expertise. The book is organized into 10 parts comprised of 70 contributed chapters by leading experts in the areas of networking and systems security, information management, cyber warfare and security, encryption technology, privacy, data storage, physical security, and a host of advanced security topics. New to this edition are chapters on intrusion detection, securing the cloud, securing web apps, ethical hacking, cyber forensics, physical security, disaster recovery, cyber attack deterrence, and more.

Key Features

  • Chapters by leaders in the field on theory and practice of computer and information security technology, allowing the reader to develop a new level of technical expertise
  • Comprehensive and up-to-date coverage of security issues allows the reader to remain current and fully informed from multiple viewpoints
  • Presents methods of analysis and problem-solving techniques, enhancing the reader's grasp of the material and ability to implement practical solutions


The primary audience for this handbook consists of researchers and practitioners in industry and academia as well as security technologists, engineers, and federal and state agencies working with or interested in computer and cyber security. This comprehensive reference and practitioner’s guide will also be of value to students in undergraduate and graduate-level courses in computer and cyber security.

Table of Contents

  • Part I Overview of System and Network Security: A Comprehensive Introduction
    Chapter 1 Building a Secure Organization
    1.1 Obstacles To Security
    1.2 Ten Steps To Building A Secure Organization
    1.3 Don’t Forget The Basics
    1.4 Preparing For The Building Of Security Control Assessments
    1.5 Summary
    1.6 Chapter Review Questions/Exercises
    1.7 Optional Team Case Project
    Chapter 2 A Cryptography Primer
    2.1 What Is Cryptography? What Is Encryption?
    2.2 Famous Cryptographic Devices
    2.3 Ciphers
    2.4 Modern Cryptography
    2.5 The Computer Age
    2.6 How Aes Works
    2.7 Selecting Cryptography: The Process
    2.8 Summary
    2.9 Chapter Review Questions/Exercises
    2.9 Optional Team Case Project
    Chapter 3 Detecting System Intrusions
    3.1 Introduction
    3.2 Monitoring Key Files In The System
    3.3 Security Objectives
    3.4 0day Attacks
    3.5 Good Known State
    3.6 Rootkits
    3.7 Low Hanging Fruit
    3.8 Antivirus Software
    3.9 Homegrown Intrusion Detection
    3.10 Full Packet Capture Devices
    3.11 Out Of Band Attack Vectors
    3.12 Security Awareness Training
    3.13 Data Correlation
    3.14 Siem
    3.15 Other Weird Stuff On The System
    3.16 Detection
    3.17 Network-Based Detection Of System Intrusions (Dsis)
    3.18 Summary
    3.19 Chapter Review Questions/Exercises
    3.20 Optional Team Case Project
    Chapter 4 Preventing System Intrusions
    4.1 So, What Is An Intrusion?
    4.2 Sobering Numbers
    4.3 Know Your Enemy: Hackers Versus Crackers
    4.4 Motives
    4.5 The Crackers’ Tools Of The Trade
    4.6 Bots
    4.7 Symptoms Of Intrusions
    4.8 What Can You Do?
    4.9 Security Policies
    4.10 Risk Analysis
    4.11 Tools Of Your Trade
    4.12 Controlling User Access
    4.13 Intrusion Prevention Capabilities
    4.14 Summary
    4.15 Chapter Review Questions/Exercises
    4.16 Optional Team Case Project
    Chapter 5 Guarding Against Network Intrusions
    5.1 Traditional Reconnaissance And Attacks
    5.2 Malicious Software
    5.3 Defense In Depth
    5.4 Preventive Measures
    5.5 Intrusion Monitoring And Detection
    5.6 Reactive Measures
    5.7 Network-Based Intrusion Protection
    5.6 Summary
    5.7 Chapter Review Questions/Exercises
    5.8 Optional Team Case Project
    Chapter 6 Securing Cloud Computing Systems
    6.1 Cloud Computing Essentials: Examining The Cloud Layers
    6.2 Software As A Service (Saas): Managing Risks In The Cloud
    6.3 Platform As A Service (Paas): Securing The Platform
    6.4 Infrastructure As A Service (Iaas)
    6.5 Leveraging Provider-Specific Security Options
    6.6 Achieving Security In A Private Cloud
    6.7 Meeting Compliance Requirements
    6.8 Preparing For Disaster Recovery
    6.9 Summary
    6.10 Chapter Review Questions/Exercises
    6.11 Optional Team Case Project
    Chapter 7 Fault Tolerance And Resilience In Cloud Computing Environments
    7.1 Introduction
    7.2 Cloud Computing Fault Model
    7.3 Basic Concepts On Fault Tolerance
    7.4 Different Levels Of Fault Tolerance In Cloud Computing
    7.5 Fault Tolerance Against Crash Failures In Cloud Computing
    7.6 Fault Tolerance Against Byzantine Failures In Cloud Computing
    7.7 Fault Tolerance As A Service In Cloud Computing
    7.8 Summary
    7.9 Chapter Review Questions/Exercises
    7.10 Optional Team Case Project
    Chapter 8 Securing Web Applications, Services And Servers
    8.1 Setting The Stage
    8.2 Basic Security For Http Applications And Services
    8.3 Basic Security For Soap Services
    8.4 Identity Management And Web Services
    8.5 Authorization Patterns
    8.6 Security Considerations
    8.7 Challenges
    8.8 Summary
    8.9 Chapter Review Questions/Exercisesamp;Nbsp;
    8.10 Optional Team Case Project
    Chapter 9 Unix And Linux Security
    9.1 Unix And Security
    9.2 Basic Unix Security Overview
    9.3 Achieving Unix Security
    9.4 Protecting User Accounts And Strengthening Authentication
    9.5 Limiting Superuser Privileges
    9.6 Securing Local And Network File Systems
    9.7 Network Configuration
    9.8 Additional Resources
    9.9 Improving The Security Of Linux And Unix Systems
    9.10 Summary
    9.11 Chapter Review Questions/Exercises
    9.12 Optional Team Case Project
    Chapter 10 Eliminating The Security Weakness Of Linux And Unix Operating Systems
    10.1 Introduction
    10.2 Hardening Linux And Unix
    10.3 Proactive Defense For Linux And Unix
    10.4 Summary
    10.5 Chapter Review Questions/Exercises
    10.6 Optional Team Case Project
    Chapter 11 Internet Security
    11.1 Internet Protocol Architecture
    11.2 An Internet Threat Model
    11.3 Defending Against Attacks On The Internet
    11.4 Internet Security Checklist
    11.5 Summary
    11.6 Chapter Review Questions/Exercises
    11.7 Optional Team Case Project
    Chapter 12 The Botnet Problem
    12.1 Introduction
    12.2 Botnet Overview
    12.3 Typical Bot Life Cycle
    12.4 The Botnet Business Model
    12.5 Botnet Defense
    12.6 Botmaster Traceback
    12.7 Preventing Botnets
    12.8 Summary
    12.9 Chapter Review Questions/Exercises
    12.10 Optional Team Case Project
    Chapter 13 Intranet Security
    13.1 Smartphones amp;Amp; Tablets In The Intranet
    13.2 Security Considerations
    13.3 Plugging The Gaps: Nac And Access Control
    13.4 Measuring Risk: Audits
    13.5 Guardian At The Gate: Authentication And Encryption
    13.6 Wireless Network Security
    13.7 Shielding The Wire: Network Protection
    13.8 Weakest Link In Security: User Training
    13.9 Documenting The Network: Change Management
    13.10 Rehearse The Inevitable: Disaster Recovery
    13.11 Controlling Hazards: Physical And Environmental Protection
    13.12 Know Your Users: Personnel Security
    13.13 Protecting Data Flow: Information And System Integrity
    13.14 Security Assessments
    13.15 Risk Assessments
    13.16 Intranet Security Checklist
    13.17 Summary
    13.18 Chapter Review Questions/Exercises
    13.19 Optional Team Case Project
    Chapter 14 Local Area Network Security
    14.1 Identify Network Threats
    14.2 Establish Network Access Controls
    14.3 Risk Assessment
    14.4 Listing Network Resources
    14.5 Threats
    14.6 Security Policies
    14.7 The Incident-Handling Process
    14.8 Secure Design Through Network Access Controls
    14.9 Ids Defined
    14.10 Nids: Scope And Limitations
    14.11 A Practical Illustration Of Nids
    14.12 Firewalls
    14.13 Dynamic Nat Configuration
    14.14 The Perimeter
    14.15 Access List Details
    14.16 Types Of Firewalls
    14.17 Packet Filtering: Ip Filtering Routers
    14.18 Application-Layer Firewalls: Proxy Servers
    14.19 Stateful Inspectio Firewalls
    14.20 Nids Complements Firewalls
    14.21 Monitor And Analyze System Activities
    14.22 Signature Analysis
    14.23 Statistical Analysis
    14.24 Signature Algorithms
    14.25 Summary
    14.26 Chapter Review Questions/Exercises
    14.27 Optional Team Case Project
    Chapter 15 Wireless Network Security
    15.1 Cellular Networks
    15.2 Wireless Ad Hoc Networks
    15.3 Security Protocols
    15.4 Wep
    15.5 Wpa And Wpa2
    15.6 Spins: Security Protocols For Sensor Networks
    15.7 Secure Routing
    15.8 Sead
    15.9 Aran
    15.10 Slsp
    15.11 Key Establishment
    15.12 Ing
    15.13 Management Countermeasures
    15.14 Summary
    15.15 Chapter Review Questions/Exercises
    15.16 Optional Team Case Project
    Chapter 16 Wireless Sensor Network Security
    16.1 Introduction To Wireless Sensor Network (Wsn)
    16.2 Summary
    16.3 Chapter Review Questions/Exercises
    16.4 Optional Team Case Project
    Chapter 17 Cellular Network Security
    17.1 Introduction To Wireless Sensor Network (Wsn)
    17.2 Overview Of Cellular Networks
    17.3 The State Of The Art Of Cellular Network Security
    17.4 Cellular Network Attack Taxonomy
    17.5 Cellular Network Vulnerability Analysis
    17.6 (Acat)
    17.7 (Ecat)
    17.8 Summary
    17.9 Chapter Review Questions/Exercises
    17.10 Optional Team Case Project
    Chapter 18 Rfid Security
    18.1 Rfid Introduction
    18.2 Rfid Challenges
    18.3 Rfid Protections
    18.4 Summary
    18.5 Chapter Review Questions/Exercises
    18.6 Optional Team Case Project
    Chapter 19 Optical Network Security
    19.1 Optical Networks
    19.2 Securing Optical Networks
    19.3 Identify Vulnerabilities
    19.4 Corrective Actions
    19.5 Summary
    19.6 Chapter Review Questions/Exercises
    19.7 Optional Team Case Project
    Chapter 20 Optical Wireless Security
    20.1 Optical Wireless Systems Overview
    20.2 Deployment Architectures
    20.3 High Bandwidth
    20.4 Low Cost
    20.5 Implementation
    20.6 Surface Area
    20.7 Summary
    20.8 Chapter Review Questions/Exercises
    20.9 Optional Team Case Project
    Part Ii Managing Information Security
    Chapter 21 Information Security Essentials For It Managers: Protecting Mission-Critical Systems
    21.1 Information Security Essentials For It Managers
    21.2 Overview
    21.3 Protecting Mission-Critical Systems
    21.4 Information Security From The Ground Up
    21.5 Security Monitoring And Effectiveness
    21.6 Summary
    21.7 Chapter Review Questions/Exercises
    21.8 Optional Team Case Project
    Chapter 22 Security Management Systems
    22.1 Security Management System Standards
    22.2 Training Requirements
    22.3 Principles Of Information Security
    22.4 Roles And Responsibilities Of Personnel
    22.5 Security Policies
    22.6 Security Controls
    22.7 Network Access
    22.8 Risk Assessment
    22.9 Incident Response
    22.10 Summary
    22.11 Chapter Review Questions/Exercises
    22.12 Optional Team Case Project
    Chapter 23 Policy-Driven System Management
    23.1 Introduction
    23.2 Security And Policy-Based Management
    23.3 Classificaion And Languages
    23.4 Controls For Enforcing Security Policies In Distributed Systems
    23.5 Products And Technologies
    23.6 Research Projects
    23.7 Summary
    23.8 Chapter Review Questions/Exercises
    23.9 Optional Team Case Project
    Chapter 24 Information Technology Security Management
    24.1 Information Security Management Standards
    24.2 Other Organizations Involved In Standards
    24.3 Information Technology Security Aspects
    24.4 Summary
    24.5 Chapter Review Questions/Exercises
    24.6 Optional Team Case Project
    Chapter 25 Online Identity And User Management Services
    25.1 Introduction
    25.2 Evolution Of Identity Management Requirements
    25.3 The Requirements Fulfilled By Identity Management Technologies
    25.4 Identity Management 1.0
    25.5 Social Login And User Management
    25.6 Identity 2.0 For Mobile Users
    25.7 Summary
    25.8 Chapter Review Questions/Exercises
    25.9 Optional Team Case Project
    Chapter 26 Intrusion Prevention And Detection Systems
    26.1 What Is An ‘Intrusion’ Anyway?
    26.2 Physical Theft
    26.3 Abuse Of Privileges (The Insider Threat)
    26.4 Unauthorized Access By Outsider
    26.5 Malware Infection
    26.6 The Role Of The ‘0-Day’
    26.7 The Rogue’s Gallery: Attackers And Motives
    26.8 A Brief Introduction To Tcp/Ip
    26.9 The Tcp/Ip Data Architecture And Data Encapsulation
    26.10 Survey Of Intrusion Detection And Prevention
    26.11 Technologies
    26.12 Anti-Malware Software
    26.13 Network-Based Intrusion Detection Systems
    26.14 Network-Based Intrusion Prevention Systems
    26.15 Host-Based Intrusion Prevention Systems
    26.16 Security Information Management Systems
    26.17 Network Session Analysis
    26.18 Digital Forensics
    26.19 System Integrity Validation
    26.20 Summary
    26.21 Chapter Review Questions/Exercises
    26.22 Optional Team Case Project
    Chapter 27 Tcp/Ip Packet Analysis
    27.1 The Internet Model
    27.2 Summary
    27.3 Chapter Review Questions/Exercises
    27.4 Optional Team Case Project
    Chapter 28 The Enemy (The Intruder’s Genesis)
    28.1 Introduction
    28.2 Active Reconnaissance
    28.3 Enumeration
    28.4 Penetration amp;Amp; Gain Access
    28.5 Maintain Access
    28.6 Defend Network Against Unauthorized Access
    28.7 Summary
    28.8 Chapter Review Questions/Exercises
    28.9 Optional Team Case Project
    Chapter 29 Firewalls
    29.1 Introduction
    29.2 Network Firewalls
    29.3 Firewall Security Policies
    29.4 A Simple Mathematical Model For Policies, Rules, And Packets
    29.5 First-Match Firewall Policy Anomalies
    29.6 Policy Optimization
    29.7 Firewall Types
    29.8 Host And Network Firewalls
    29.9 Software And Hardware Firewall Implementations
    29.10 Choosing The Correct Firewall
    29.11 Firewall Placement And Network Topology
    29.12 Firewall Installation And Configuration
    29.13 Supporting Outgoing Services Through Firewall Configuration
    29.14 Secure External Services Provisioning
    29.15 Network Firewalls For Voice And Video Applications
    29.16 Firewalls And Important Administrative Service Protocols
    29.17 Internal Ip Services Protection
    29.18 Firewall Remote Access Configuration
    29.19 Load Balancing And Firewall Arrays
    29.20 Highly Available Firewalls
    29.21 Firewall Management
    29.22 Summary
    29.23 Chapter Review Questions/Exercises
    29.24 Optional Team Case Project
    Chapter 30 Penetration Testing
    30.1 Introduction
    30.2 What Is Penetration Testing?
    30.3 How Does Penetration Testing Differ From An Actual “Hack?”
    30.4 Types Of Penetration Testing
    30.5 Phases Of Penetration Testing
    30.6 Defining What’s Expected
    30.7 The Need For A Methodology
    30.8 Penetration Testing Methodologies
    30.9 Methodology In Action
    30.10 Penetration Testing Risks
    30.11 Liability Issues
    30.12 Legal Consequences
    30.13 “Get Out Of Jail Free” Card
    30.14 Penetration Testing Consultants
    30.15 Required Skill Sets
    30.16 Accomplishments
    30.17 Hiring A Penetration Tester
    30.18 Why Should A Company Hi Re You?
    30.19 Summary
    30.20 Chapter Review Questions/Exercises
    30.21 Optional Team Case Project
    Chapter 31 What Is Vulnerability Assessment?
    31.1 Introduction
    31.2 Reporting
    31.3 The “It Won’t Happen To Us” Factor
    31.4 Why Vulnerability Assessment?
    31.5 Penetration Testing Versus Vulnerability Assessment
    31.6 Vulnerability Assessment Goal
    31.7 Mapping The Network
    31.8 Selecting The Right Scanners
    31.9 Central Scans Versus Local Scans
    31.10 Defense In Depth Strategy
    31.11 Vulnerability Assessment Tools
    31.12 Sara
    31.13 Saint
    31.14 Mbsa
    31.15 Scanner Performance
    31.16 Scan Verification
    31.17 Scanning Cornerstones
    31.18 Network Scanning Countermeasures
    31.19 Vulnerability Disclosure Date
    31.20 Proactive Security Versus Reactive Security
    31.21 Vulnerability Causes
    31.22 Diy Vulnerability Assessment
    31.23 Summary
    31.24 Chapter Review Questions/Exercises
    31.25 Optional Team Case Project
    Chapter 32 Security Metrics: An Introduction And Literature Review
    32.1 Introduction
    32.2 Why Security Metrics?
    32.3 The Nature Of Security Metrics
    32.4 Getting Started With Security Metrics
    32.5 Metrics In Action–Towards An Intelligent Security Dashboard
    32.6 Security Metrics In The Literature
    32.7 Summary
    32.8 Chapter Review Questions/Exercises
    32.9 Optional Team Case Project
    Part Iii Cyber, Network, And Systems Forensics Security And Assurance
    Chapter 33 Cyber Forensics
    33.1 What Is Cyber Forensics?
    33.2 Analysis Of Data
    33.3 Cyber Forensics In The Court System
    33.4 Understanding Internet History
    33.5 Temporary Restraining Orders And Labor Disputes
    33.6 Ntfs
    33.7 First Principles
    33.8 Hacking A Windows Xp Password
    33.9 Network Analysis
    33.10 Cyber Forensics Applied
    33.11 Testifying As An Expert
    33.12 Beginning To End In Court
    33.13 Summary
    33.14 Chapter Review Questions/Exercises
    33.15 Optional Team Case Project
    Chapter 34 Cyber Forensics And Incidence Response
    34.1 Introduction To Cyber Forensics
    34.2 Handling Preliminary Investigations
    34.3 Controlling An Investigation
    34.4 Conducting Disk-Based Analysis
    34.5 Investigating Information-Hiding Techniques
    34.6 Scrutinizing E-Mail
    34.7 Validating E-Mail Header Information
    34.8 Tracing Internet Access
    34.9 Searching Memory In Real Time
    34.10 Summary
    34.11 Chapter Review Questions/Exercises
    34.12 Optional Team Case Project
    Chapter 35 Securing E-Discovery
    35.1 Information Management
    35.2 Summary
    35.3 Chapter Review Questions/Exercises
    35.4 Optional Team Case Project
    Chapter 36 Network Forensics
    36.1 Scientific Overview
    36.2 The Principles Of Network Forensics
    36.3 Attack Traceback And Attribution
    36.4 Critical Needs Analysis
    36.5 Research Directions
    36.6 Summary
    36.7 Chapter Review Questions/Exercises
    36.8 Optional Team Case Project
    Part Iv Encryption Technology
    Chapter 37 Data Encryption
    37.1 Need For Cryptography
    37.2 Mathematical Prelude To Cryptography
    37.3 Classical Cryptography
    37.4 Modern Symmetric Ciphers
    37.5 Algebraic Structure
    37.6 The Internal Functions Of Rijndael In Aes Implementation
    37.7 Use Of Modern Block Ciphers
    37.8 Public-Key Cryptography
    37.9 Cryptanalysis Of Rsa
    37.10 Diffie-Hellman Algorithm
    37.11 Elliptic Curve Cryptosystems
    37.12 Message Integrity And Authentication
    37.13 Triple Data Encryption Algorithm (Tdea) Block Cipher
    37.14 Summary
    37.15 Chapter Review Questions/Exercises
    37.16 Optional Team Case Project
    Chapter 38 Satellite Encryption
    38.1 Introduction
    38.2 The Need For Satellite Encryption
    38.3 Implementing Satellite Encryption
    38.4 Pirate Decryption Of Satellite Transmissions
    38.5 Summary
    38.6 Chapter Review Questions/Exercises
    38.7 Optional Team Case Project
    Chapter 39 Public Key Infrastructure
    39.1 Cryptographic Background
    39.2 Overview Of Pki
    39.3 The X.509 Model
    39.4 X.509 Implementation Architectures
    39.5 X.509 Certificate Validation
    39.6 X.509 Certificate Revocation
    39.7 Server-Based Certificate Validity Protocol
    39.8 X.509 Bridge Certification Systems
    39.9 X.509 Certificate Format
    39.10 Pki Policy Description
    39.11 Pki Standards Organizations
    39.12 Pgp Certificate Formats
    39.13 Pgp Pki Implementations
    39.14 W3c
    39.15 Is Pki Secure
    39.16 Alternative Pki Architectures
    39.17 Modified X.509 Architectures
    39.18 Alternative Key Management Models
    39.19 Summary
    39.20 Chapter Review Questions/Exercises
    39.21 Optional Team Case Project
    Chapter 40 Password-Based Authenticated Key Establishment Protocol
    [Toc Tbd]
    Chapter 41 Instant-Messaging Security
    41.1 Why Should I Care About Instant Messaging?
    41.2 What Is Instant Messaging?
    41.3 The Evolution Of Networking Technologies
    41.3 Game Theory And Instant Messaging
    41.4 The Nature Of The Threat
    41.5 Common Im Applications
    41.6 Defensive Strategies
    41.7 Instant-Messaging Security Maturity And Solutions
    41.8 Processes
    41.9 Summary
    41.10 Example Answers To Key Factors
    41.11 Chapter Review Questions/Exercises
    41.12 Optional Team Case Project
    Part V Privacy And Access Management
    Chapter 42 Privacy On The Internet
    42.1 Privacy In The Digital Society
    42.2 The Economics Of Privacy
    42.3 Privacy-Enhancing Technologies
    42.4 Network Anonymity
    42.5 Summary
    42.6 Chapter Review Questions/Exercises
    42.7 Optional Team Case Project
    Chapter 43 Privacy-Enhancing Technologies
    43.1 The Concept Of Privacy
    43.2 Legal Privacy Principles
    43.3 Classification Of Pets
    43.4 Traditional Privacy Goals Of Pets
    43.5 Privacy Metrics
    43.6 Data Minimization Technologies
    43.7 Transparency-Enhancing Tools
    43.8 Summary
    43.9 Chapter Review Questions/Exercises
    43.10 Optional Team Case Project
    Chapter 44 Personal Privacy Policies
    44.1 Introduction
    44.2 Content Of Personal Privacy Policies
    44.3 Semiautomated Derivation Of Personal Privacy Policies
    44.4 Specifying Well-Formed Personal Privacy Policies
    44.5 Preventing Unexpected Negative Outcomes
    44.6 The Privacy Management Model
    44.7 Discussion And Related Work
    44.8 Summary
    44.9 Chapter Review Questions/Exercises
    44.10 Optional Team Case Project
    Chapter 45 Detection Of Conflicts In Security Policies
    45.1 Introduction
    45.2 Conflicts In Security Policies
    45.3 Conflicts In Executable Security Policies
    45.4 Conflicts In Network Security Policies
    45.5 Semantic Web Technology For Conflict Detection
    45.6 Summary
    45.7 Chapter Review Questions/Exercises
    45.8 Optional Team Case Project
    Chapter 46 Supporting User Privacy Preferences In Digital Interactions
    46.1 Introduction
    46.2 Basic Concepts And Desiderata
    46.3 Cost-Sensitive Trust Negotiation
    46.4 Point-Based Trust Management
    46.5 Logical-Based Minimal Credential Disclosure
    46.6 Privacy Preferences In Credential-Based Interactions
    46.7 Fine-Grained Disclosure Of Sensitive Access Policies
    46.8 Open Issues
    46.9 Summary
    46.10 Chapter Review Questions/Exercises
    46.11 Optional Team Case Project
    Chapter 47 Privacy And Security In Environmental Monitoring Systems: Issues And Solutions
    47.1 Introduction
    47.2 System Architectures
    47.3 Environmental Data
    47.4 Security And Privacy Issues In Environmental Monitoring
    47.5 Countermeasures
    47.6 Summary
    47.7 Chapter Review Questions/Exercises
    47.8 Optional Team Case Project
    Chapter 48 Virtual Private Networks
    48.1 History
    48.2 Who Is In Charge?
    48.3 Vpn Types
    48.4 Authentication Methods
    48.5 Symmetric Encryption
    48.6 Asymmetric Cryptography
    48.7 Edge Devices
    48.8 Passwords
    48.9 Hackers And Crackers
    48.10 Mobile Vpn
    48.11 Ssl Vpn Deployments
    48.12 Summary
    48.13 Chapter Review Questions/Exercises
    48.14 Optional Team Case Project
    Chapter 49 Identity Theft
    49.1 Experimental Design
    49.2 Results And Analysis
    49.3 Implications For Crimeware
    49.4 Summary
    49.5 Chapter Review Questions/Exercises
    49.6 Optional Team Case Project
    Chapter 50 Voip Security
    50.1 Introduction
    50.2 Overview Of Threats
    50.3 Security In Voip
    50.4 Future Trends
    50.5 Summary
    50.6 Chapter Review Questions/Exercises
    50.7 Optional Team Case Project
    Part Vi Storage Security
    Chapter 51 San Security
    51.1 Organizational Structure
    51.2 Access Control Lists (Acl) And Policies
    51.3 Physical Access
    51.4 Change Management
    51.5 Password Policies
    51.6 Defense In Depth
    51.7 Vendor Security Review
    51.8 Data Classification
    51.9 Security Management
    51.10 Auditing
    51.11 Security Maintenance
    51.12 Host Access: Partitioning
    51.13 Data Protection: Replicas
    51.14 Encryption In Storage
    51.15 Application Of Encryption
    51.16 Summary
    51.17 Chapter Review Questions/Exercises
    51.18 Optional Team Case Project
    Chapter 52 Storage Area Networking Security Devices
    52.1 What Is A San?
    52.2 San Deployment Justifications
    52.3 The Critical Reasons For San Security
    52.4 San Architecture And Components
    52.5 San General Threats And Issues
    52.6 Owasp
    52.7 Osstmm
    52.8 Issa
    52.9 Isaca
    52.10 Summary
    52.11 Chapter Review Questions/Exercises
    52.12 Optional Team Case Project
    Chapter 53 Risk Management
    53.1 The Concept Of Risk
    53.2 Expressing And Measuring Risk
    53.3 The Risk Management Methodology
    53.4 Risk Management Laws And Regulations
    53.5 Risk Management Standards
    53.6 Summary
    53.7 Chapter Review Questions/Exercises
    53.8 Optional Team Case Project
    Part Vii Physical Security
    Chapter 54 Physical Security Essentials
    54.1 Overview
    54.2 Physical Security Threats
    54.3 Physical Security Prevention And Mitigation Measures
    54.4 Recovery From Physical Security Breaches
    54.5 Threat Assessment, Planning, And Plan Implementation
    54.6 Example: A Corporate Physical Security Policy
    54.7 Integration Of Physical And Logical Security
    54.8 Physical Security Checklist
    54.9 Summary
    54.10 Chapter Review Questions/Exercises
    54.11 Optional Team Case Project
    Chapter 55 Disaster Recovery
    55.1 Introduction
    55.2 Measuring Risk And Avoiding Disaster
    55.3 The Business Impact Assessment (Bia)
    55.4 Summary
    55.5 Chapter Review Questions/Exercises
    55.6 Optional Team Case Project
    Chapter 56 Biometrics
    56.1 Relevant Standards
    56.2 Biometric System Architecture
    56.3 Using Biometric Systems
    56.4 Security Considerations
    56.5 Summary
    56.6 Chapter Review Questions/Exercises
    56.7 Optional Team Case Project
    Chapter 57 Homeland Security
    57.1 Statutory Authorities
    57.2 Homeland Security Presidential Directives
    57.3 Organizational Actions
    57.4 Summary
    57.5 Chapter Review Questions/Exercises
    57.6 Optional Team Case Project
    Chapter 58 Cyber Warfare
    58.1 Cyber Warfare Model
    58.2 Cyber Warfare Defined
    58.3 Cw: Myth Or Reality?
    58.4 Cyber Warfare: Making Cw Possible
    58.5 Legal Aspects Of Cw
    58.6 Holistic View Of Cyber Warfare
    58.7 Summary
    58.8 Chapter Review Questions/Exercises
    58.9 Optional Team Case Project
    Chapter 59 System Security
    59.1 Foundations Of Security
    59.2 Basic Countermeasures
    59.3 Summary
    59.4 Chapter Review Questions/Exercises
    59.5 Optional Team Case Project
    Chapter 60 Securing The Infrastructure
    60.1 Communication Security Goals
    60.2 Attacks And Countermeasures
    60.3 Summary
    60.4 Chapter Review Questions/Exercises
    60.5 Optional Team Case Project
    Chapter 61 Access Controls
    61.1 Infrastructure Weaknesses: Dac, Mac, And Rbac
    61.2 Strengthening The Infrastructure: Authentication Systems
    61.3 Summary
    61.4 Chapter Review Questions/Exercises
    61.5 Optional Team Case Project
    Chapter 62 Assessments And Audits
    62.1 Assessing Vulnerabilities And Risk: Penetration Testing And Vulnerability Assessments
    62.2 Risk Management: Quantitative Risk Measurements
    62.3 Summary
    62.4 Chapter Review Questions/Exercises
    62.5 Optional Team Case Project
    Chapter 63 Fundamentals Of Cryptography
    63.1 Assuring Privacy With Encryption
    63.2 Summary
    63.3 Chapter Review Questions/Exercises
    63.4 Optional Team Case Project
    Part Ix Advanced Security
    Chapter 64 Security Through Diversity
    64.1 Ubiquity
    64.2 Example Attacks Against Uniformity
    64.3 Attacking Ubiquity With Antivirus Tools
    64.4 The Threat Of Worms
    64.5 Automated Network Defense
    64.6 Diversity And The Browser
    64.7 Sandboxing And Virtualization
    64.8 Dns Example Of Diversity Through Security
    64.9 Recovery From Disaster Is Survival
    64.10 Summary
    64.11 Chapter Review Questions/Exercises
    64.12 Optional Team Case Project
    Chapter 65 Online E-Reputation Management Services
    65.1 Introduction
    65.2 The Human Notion Of Reputation
    65.3 Reputation Applied To The Computing World
    65.4 State Of The Art Of Attack--Resistant Reputation Computation
    65.5 Overview Of Current Online Reputation Service
    65.6 Summary
    65.7 Chapter Review Questions/Exercises
    65.8 Optional Team Case Project
    Chapter 66 Content Filtering
    66.1 Defining The Problem
    66.2 Why Content Filtering Is Important
    66.3 Content Categorization Technologies
    66.4 Perimeter Hardware And Software Solutions
    66.5 Categories
    66.6 Legal Issues
    66.7 Circumventing Content Filtering
    66.8 Additional Items To Consider: Overblocking And Underblocking
    66.9 Related Products
    66.10 Summary
    66.11 Chapter Review Questions/Exercises
    66.12 Optional Team Case Project
    Chapter 67 Data Loss Protection
    67.1 Precursors Of Dlp
    67.2 What Is Dlp?
    67.3 Where To Begin
    67.4 Data Is Like Water
    67.5 You Don’t Know What You Don’t Know
    67.6 How Do Dlp Applications Work?
    67.7 Eat Your Vegetables
    67.8 It’s A Family Affair, Not Just It Security’s Problem
    67.9 Vendors, Vendors Everywhere! Who Do You Believe?
    67.10 Summary
    67.11 Chapter Review Questions/Exercises
    67.12 Optional Team Case Project
    Chapter 68 Satellite Cyber Attack Search And Destroy
    68.1 Hacks, Interference And Jamming
    68.2 Summary
    68.3 Chapter Review Questions/Exercises
    68.4 Optional Team Case Project
    Chapter 69 Verifiable Voting Systems
    69.1 Security Requirements
    69.2 Verifiable Voting Schemes
    69.3 Building Blocks
    69.4 Survey Of Noteworthy Schemes
    69.5 Prêt À Voter
    69.6 Threats To Verifiable Voting Systems
    69.7 Summary
    69.8 Chapter Review Questions/Exercises
    69.9 Optional Team Case Project
    Chapter 70 Advanced Data Encryption
    70.1 Mathematical Concepts Reviewed
    70.2 The Rsa Cryptosystem
    70.3 Summary
    70.4 Chapter Review Questions/Exercises
    70.5 Optional Team Case Project
    Part X Appendices
    Appendix A Configuring Authentication Service On Microsoft Windows 7
    Appendix B Security Management and Resiliency
    Appendix C List of Top Information and Network Security Implementation and Deployment Companies
    Appendix D List of Security Products
    Appendix E List of Security Standards
    Appendix F List of Miscellaneous Security Resources
    Appendix G Ensuring Built-in Frequency Hopping Spread Spectrum Wireless Network Security
    Appendix H Configuring Wireless Internet Security Remote Access
    Appendix I Frequently Asked Questions
    Appendix J Case Studies

Product details

  • No. of pages: 1200
  • Language: English
  • Copyright: © Morgan Kaufmann 2013
  • Published: November 5, 2012
  • Imprint: Morgan Kaufmann
  • eBook ISBN: 9780123946126

About the Editor

John Vacca

John Vacca

John Vacca is an information technology consultant, researcher, professional writer, editor, reviewer, and internationally-known best-selling author based in Pomeroy, Ohio. Since 1982, John has authored/edited 85 books (some of his most recent books include):

    •Smart Cities Policies and Financing: Approaches and Solutions, 1st Edition (Publisher: Elsevier Inc.) (January 24, 2022) •Cloud Computing Security: Foundations and Challenges, 2nd Edition (Publisher: CRC Press (an imprint of Taylor & Francis Group, LLC) (November 2, 2020)) •Solving Urban Infrastructure Problems Using Smart City Technologies: Handbook on Planning, Design, Development, and Regulation, 1st Edition (Publisher: Elsevier Inc.) (September 30, 2020)) •Online Terrorist Propaganda, Recruitment, and Radicalization, 1st Edition (Publisher: CRC Press (an imprint of Taylor & Francis Group, LLC) (August 9, 2019)) •Nanoscale Networking and Communications Handbook, 1st Edition (Publisher: CRC Press (an imprint of Taylor & Francis Group, LLC) (July 22, 2019)) •Computer and Information Security Handbook, 3E (Publisher: Morgan Kaufmann (an imprint of Elsevier Inc.) (June 10, 2017)) •Security in the Private Cloud (Publisher: CRC Press (an imprint of Taylor & Francis Group, LLC) (September 1, 2016)) •Cloud Computing Security: Foundations and Challenges (Publisher: CRC Press (an imprint of Taylor & Francis Group, LLC) (August 19, 2016)) •Handbook of Sensor Networking: Advanced Technologies and Applications (Publisher: CRC Press (an imprint of Taylor & Francis Group, LLC) (January 14, 2015)) •Network and System Security, Second Edition, 2E (Publisher: Syngress (an imprint of Elsevier Inc.) (September 23, 2013)) •Cyber Security and IT Infrastructure Protection (Publisher: Syngress (an imprint of Elsevier Inc.) (September 23, 2013)) •Managing Information Security, Second Edition, 2E (Publisher: Syngress (an imprint of Elsevier Inc.) (September 23, 2013)) •Computer and Information Security Handbook, 2E (Publisher: Morgan Kaufmann (an imprint of Elsevier Inc.) (May 31, 2013)) •Identity Theft (Cybersafety) (Publisher: Chelsea House Pub (April 1, 2012 )

    He has written more than 600 articles in the areas of advanced storage, computer security and aerospace technology (copies of articles and books are available upon request).

    John was also a configuration management specialist, computer specialist, and the computer security official (CSO) for NASA's space station program (Freedom) and the International Space Station Program, from 1988 until his retirement from NASA in 1995.

    In addition, John is also an independent online book reviewer. Finally, John was one of the security consultants for the MGM movie titled: "AntiTrust," which was released on January 12, 2001. A detailed copy of John's author bio can be viewed at URL: John can be reached at:

Affiliations and Expertise

Technology Consultant, TechWrite, USA

Ratings and Reviews

Write a review

There are currently no reviews for "Computer and Information Security Handbook"