ABSTRACT
Charged with ensuring the confidentiality, integrity, availability, and delivery of all forms of an entity's information, Information Assurance (IA) professionals require a fundamental understanding of a wide range of specializations, including digital forensics, fraud examination, systems engineering, security risk management, privacy, and compliance. Establishing this understanding and keeping it up to date requires a resource with coverage as diverse as the field it covers.
Filling this need, the Encyclopedia of Information Assurance presents an up-to-date collection of peer-reviewed articles and references written by authorities in their fields. From risk management and privacy to auditing and compliance, the encyclopedia’s four volumes provide comprehensive coverage of the key topics related to information assurance. This complete IA resource:
- Supplies the understanding needed to help prevent the misuse of sensitive information
- Explains how to maintain the integrity of critical systems
- Details effective tools, techniques, and methods for protecting personal and corporate data against the latest threats
- Provides valuable examples, case studies, and discussions on how to address common and emerging IA challenges
Placing the wisdom of leading researchers and practitioners at your fingertips, this authoritative reference provides the knowledge and insight needed to avoid common pitfalls and stay one step ahead of evolving threats.
Also Available Online
This Taylor & Francis encyclopedia is also available through online subscription, offering a variety of extra benefits for researchers, students, and librarians, including:
ï‚· Citation tracking and alerts
ï‚· Active reference linking
ï‚· Saved searches and marked lists
ï‚· HTML and PDF format options
Contact Taylor and Francis for more information or to inquire about subscription options and print/online combination packages.
US: (Tel) 1.888.318.2367; (E-mail) e-reference@taylorandfrancis.com
International: (Tel) +44 (0) 20 7017 6062; (E-mail) online.sales@tandf.co.uk
TABLE OF CONTENTS
entry |11 pages
Quantum Cryptography
entry |10 pages
Access Controls: PKI-Based
entry |7 pages
Accountability
entry |7 pages
Adaptable Protocol Framework
entry |6 pages
Advanced Encryption Standard (AES)
entry |4 pages
Applets: Network Security
entry |7 pages
Application Layer Security
entry |9 pages
Application Layer Security: Network Protocols
entry |5 pages
Application Security
entry |11 pages
Application Security: World Wide Web
entry |6 pages
Application Service Providers: Information Assurance Considerations
entry |16 pages
Application Service Providers: Secure Relationships
entry |13 pages
Application Systems Development
entry |7 pages
Applications: Auditing
entry |5 pages
Architecture: Biological Cells
entry |10 pages
Architecture: Firewalls
entry |12 pages
Architecture: Models
entry |8 pages
Architecture: Secure
entry |11 pages
Artificial Intelligence (AI): Intrusion Analysis
entry |9 pages
Asynchronous Transfer Mode (ATM): Integrity and Security
entry |5 pages
Auditing: Self-Hacking
entry |10 pages
Awareness and Training
entry |9 pages
Awareness and Training: Appendices
entry |6 pages
Awareness and Training: Briefing for the End User
entry |10 pages
Awareness and Training: Effective Methods
entry |8 pages
Awareness and Training: Framework
entry |7 pages
Awareness and Training: Motivational and Psychological Factors
entry |9 pages
Awareness and Training: Program Elements
entry |3 pages
Bally v. Faber
entry |12 pages
Biometrics: Identification
entry |4 pages
Biometrics: New Methods
entry |5 pages
Bluesnarfing
entry |6 pages
Broadband Internet Access
entry |9 pages
Buffer Overflows: Attacks
entry |9 pages
Buffer Overflows: Stack-Based
entry |8 pages
Business Continuity Management: Maintenance Processes
entry |11 pages
Business Continuity Management: Metrics
entry |5 pages
Business Continuity Management: Priorities
entry |11 pages
Business Continuity Management: Testing
entry |6 pages
Business Continuity Management: Testing, Maintenance, Training, and Awareness
entry |6 pages
Business Continuity Planning
entry |13 pages
Business Continuity Planning: Best Practices and Program Maturity
entry |7 pages
Business Continuity Planning: Case Study
entry |7 pages
Business Continuity Planning: Collaborative Approach
entry |10 pages
Business Continuity Planning: Distributed Environment
entry |9 pages
Business Continuity Planning: Enterprise Risk Management Structure
entry |7 pages
Business Continuity Planning: Evolution in Response to Major News Events
entry |10 pages
Business Continuity Planning: Process Reengineering
entry |7 pages
Business Continuity Planning: Restoration Component
entry |6 pages
Business Continuity Planning: Strategy Selection
entry |13 pages
Business Impact Analysis: Business Process Mapping
entry |12 pages
Business Impact Analysis: Process
entry |7 pages
Business Partnerships: Validation
entry |10 pages
Capability Maturity Model
entry |4 pages
Career Management
entry |10 pages
Centralized Authentication Services
entry |12 pages
Certification and Accreditation: Methodology
entry |16 pages
Certification Testing
entry |8 pages
Committee of Sponsoring Organizations (COSO)
entry |7 pages
Common Criteria
entry |11 pages
Common Criteria: IT Security Evaluation
entry |7 pages
Communication Protocols and Services
entry |8 pages
Compliance Assurance
entry |13 pages
Computer Abuse
entry |6 pages
Computer Crime
entry |12 pages
Computer Crime: Investigations
entry |8 pages
Configuration Management
entry |13 pages
Configuration Management: Process Stages
entry |9 pages
Controls: CISSP and Common Body of Knowledge (CBK)
entry |7 pages
Cookies and Web Bugs
entry |7 pages
Corporate Governance
entry |8 pages
Corporate Security: IT Organization
entry |6 pages
Covert Channels
entry |5 pages
Covert Channels: Analysis and Recommendations
entry |7 pages
Crime Prevention: Environmental Design
entry |5 pages
Critical Business Functions
entry |8 pages
Cross-Site Scripting (XSS)
entry |13 pages
Cryptography
entry |3 pages
Cryptography: Auditing
entry |10 pages
Cryptography: Cryptosystems
entry |6 pages
Cryptography: Elliptic Curve
entry |14 pages
Cryptography: Encryption and
entry |11 pages
Cryptography: Key Management: Functions and Principles
entry |8 pages
Cryptography: Key Management: History and Myths
entry |10 pages
Cryptography: Quantum
entry |7 pages
Cryptography: Transitions
entry |8 pages
Customer Relationship Management (CRM)
entry |13 pages
Cybercrime: Council of Europe
entry |5 pages
Cybercrime: Response, Investigation, and Prosecution
entry |13 pages
Cyber-Risk Management: Enterprise-Level Security
entry |8 pages
Data Access Controls: Sensitive or Critical
entry |10 pages
Data at Rest
entry |9 pages
Data Centers: Security
entry |4 pages
Data Centers: Site Selection and Facility Design
entry |8 pages
Data Sanitization: SQL Injection
entry |16 pages
Data Warehouses: Datamarts and
entry |15 pages
Data Warehouses: Security and Privacy
entry |5 pages
Database Integrity
entry |7 pages
Defense in Depth: Network, Systems, and Applications Controls
entry |6 pages
Denial-of-Service Attacks
entry |11 pages
Digital Crime Scene Analysis (DCSA)
entry |4 pages
Digital Forensics and E-Discovery
entry |7 pages
Directory Security
entry |4 pages
Distributed Computing: Grid Environment
entry |4 pages
DoD Information Assurance Certification and Accreditation Process (DIACAP)
entry |4 pages
Domain Name Service (DNS) Attacks
entry |4 pages
Downsizing: Maintaining Information Security
entry |14 pages
Due Care: Minimum Security Standards
entry |13 pages
Electronic Commerce: Auditing
entry |6 pages
E-Mail and Data Communications: Dial-In Hazards
entry |8 pages
E-Mail Retention Policy: Legal Requirements
entry |9 pages
E-Mail: Pretty Good Privacy
entry |15 pages
E-Mail: Security
entry |5 pages
E-Mail: Spam
entry |8 pages
Enclaves: Enterprise as Extranet
entry |5 pages
Encryption Key Management
entry |15 pages
End Node Security and Network Access Management
entry |5 pages
Enterprise Information Assurance: Framework
entry |9 pages
Enterprise Information Assurance: Key Components
entry |14 pages
Enterprise Information Security: Architectural Design and Deployment
entry |12 pages
Enterprise Security Capability: Common Models
entry |13 pages
Enterprise Security Information
entry |11 pages
Espionage: Counter-Economic
entry |7 pages
Ethics
entry |8 pages
Ethics: Internet
entry |10 pages
Event Management
entry |11 pages
External Networks: Secured Connections
entry |8 pages
Extranet Access Control
entry |7 pages
Fax Machines
entry |20 pages
Firewall Architectures
entry |6 pages
Firewall Architectures: Other Issues
entry |12 pages
Firewall Architectures: Platforms
entry |5 pages
Firewall Architectures: Viruses and Worms
entry |8 pages
Firewall Technologies: Comparison
entry |13 pages
Firewalls: Checkpoint Security Review
entry |5 pages
Firewalls: Internet Security
entry |4 pages
Forensics
entry |7 pages
Forensics and Legal Proceedings
entry |11 pages
Forensics: Computer Crime Investigation
entry |16 pages
Forensics: Non-Liturgical Examinations
entry |5 pages
Forensics: Operational
entry |7 pages
Forensics: Rules of Evidence
entry |4 pages
Format String Vulnerabilities
entry |16 pages
Fraud: Employee Identification
entry |10 pages
FTP: Secured Data Transfers
entry |5 pages
Global Transmissions: Jurisdictional Issues
entry |8 pages
Hackers: Attacks and Defenses
entry |9 pages
Hackers: Hiring Ex-Criminal
entry |11 pages
Hackers: Tools and Techniques
entry |5 pages
Halon Fire Suppression Systems
entry |6 pages
Hash Algorithms
entry |11 pages
Health Insurance Portability and Accountability Act (HIPAA)
entry |13 pages
Health Insurance Portability and Accountability Act (HIPAA): Requirements
entry |9 pages
Health Insurance Portability and Accountability Act (HIPAA): Security Readiness
entry |6 pages
Health Insurance Portability and Accountability Act (HIPAA): Security Requirements
entry |9 pages
Healthcare Industry
entry |8 pages
High-Tech Trade Secrets
entry |5 pages
Honeypots and Honeynets
entry |6 pages
Host-Based Firewalls: Case Study
entry |10 pages
Human Resources: Issues
entry |14 pages
Identity Management
entry |7 pages
Identity Management Systems: Components
entry |12 pages
Identity Theft
entry |8 pages
Identity-Based Self-Defending Network: 5W Network
entry |8 pages
Incident Response: Evidence Handling
entry |8 pages
Incident Response: Exercises
entry |9 pages
Incident Response: Management
entry |8 pages
Incident Response: Managing
entry |12 pages
Incident Response: Privacy Breaches
entry |9 pages
Information Classification
entry |10 pages
Information Flow
entry |6 pages
Information Flow: Emerging and Potential Techniques and Covert Channels
entry |8 pages
Information Flow: Selecting Countermeasures
entry |13 pages
Information Protection
entry |10 pages
Information Security Basics: Effective Practices
entry |7 pages
Information Security Controls: Types
entry |5 pages
Information Security Governance: Basic Corporate Organization
entry |14 pages
Information Security Governance: Corporate Organization, Frameworks, and Reporting
entry |6 pages
Information Security Management Systems (ISMSs)
entry |6 pages
Information Security Management Systems (ISMSs): Risk Diagnosis and Treatment
entry |7 pages
Information Security Management: Purpose
entry |7 pages
Information Security Policies
entry |4 pages
Information Systems Security Engineering Professional (ISSEP)
entry |4 pages
Information Systems Security Officer: Roles and Responsibilities
entry |10 pages
Information Technology Infrastructure Library (ITIL®)
entry |7 pages
Information Warfare
entry |17 pages
Information Warfare: Tactics
entry |6 pages
Insider Threats
entry |4 pages
Insider Threats: System and Application Weaknesses
entry |6 pages
Inspection Technologies: Deep Packets
entry |12 pages
Instant Messaging
entry |7 pages
Integrated Threat Management
entry |6 pages
Intelligent Agents: Network Security
entry |11 pages
International Issues
entry |8 pages
Internet Mobile Code
entry |7 pages
Internet Security
entry |10 pages
Internet Service Providers (ISPs): Accountability
entry |4 pages
Intranets: Risk
entry |8 pages
Intrusion Detection Systems (IDSs)
entry |8 pages
Intrusion Detection Systems (IDSs): Implementation
entry |10 pages
Intrusion Prevention Systems
entry |7 pages
IP Security Protocol Working Group (IPSec)
entry |5 pages
IPv6: Expanding Internet Support
entry |5 pages
ISO Standards and Certification
entry |4 pages
IT Governance Institute (ITGI)
entry |4 pages
Java
entry |9 pages
Kerberosâ„¢
entry |12 pages
Kerberosâ„¢: Management
entry |8 pages
Kerberosâ„¢: Ongoing Development
entry |17 pages
Kerberosâ„¢: Services and Functions
entry |15 pages
LAN/WAN Security
entry |9 pages
Laws and Regulations: e-Discovery
entry |12 pages
Malicious Code
entry |3 pages
Malicious Code: Fast-Scanning Worms
entry |9 pages
Malicious Code: Organized Crime
entry |15 pages
Malicious Code: Quasi-Intelligence
entry |8 pages
Malicious Code: Rootkits
entry |10 pages
Managed Security Service Providers (MSSPs)
entry |7 pages
Management Commitment
entry |13 pages
Management Commitment: Security Councils
entry |4 pages
Management Compliance: Confidential Information
entry |7 pages
Management Support of IT: Survey
entry |5 pages
Mashups and Composite Applications
entry |16 pages
Mergers and Acquisitions
entry |6 pages
Message Digests
entry |7 pages
Mobile Data Security
entry |12 pages
NERC Corporation: Compliance
entry |11 pages
Network and Telecommunications: Media
entry |3 pages
Network Content Filtering and Leak Prevention
entry |5 pages
Network Layer Security
entry |8 pages
Network Router Security
entry |7 pages
Network Security
entry |4 pages
Network Security: Trapping Intruders
entry |14 pages
Network Technologies
entry |15 pages
Neural Networks and Information Assurance Uses
entry |7 pages
Next-Generation Security Application Development
entry |5 pages
Object-Based Applications: Testing
entry |5 pages
Object-Oriented Databases: Security Models
entry |5 pages
Object-Oriented Programming
entry |9 pages
Offshore Development
entry |14 pages
Open Source
entry |8 pages
Open Standards
entry |9 pages
Operations Security: Abuses
entry |9 pages
Operations Security: Controls
entry |5 pages
Operations Security: Support and Control
entry |16 pages
Organization Culture
entry |11 pages
Outsourcing
entry |6 pages
Ownership and Custody of Data
entry |7 pages
Packet Sniffers
entry |18 pages
Passwords and Policy Threat Analysis
entry |4 pages
Patch Management
entry |12 pages
Patch Management: Process
entry |5 pages
PBX Firewalls
entry |5 pages
Penetration Testing
entry |10 pages
Penetration Testing: Policies
entry |9 pages
PeopleSoft Security
entry |9 pages
Perimeter Security
entry |6 pages
Personal Accountability: Corporate Information Security Policy
entry |4 pages
Personnel: Practices
entry |12 pages
Personnel: Security Roles
entry |12 pages
Personnel: Security Screening
entry |6 pages
Phishing
entry |13 pages
Physical Access Control
entry |6 pages
Physical Layer Security: Networks
entry |6 pages
Physical Layer Security: Wired and Wireless Connections
entry |7 pages
Physical Security
entry |9 pages
Physical Security: Controlled Access and Layered Defense
entry |7 pages
Physical Security: Facilities
entry |3 pages
Physical Security: Mantraps and Turnstiles
entry |3 pages
Physical Security: Melding with Information Systems Security
entry |16 pages
Physical Security: Mission-Critical Facilities and Data Centers
entry |17 pages
Physical Security: Threat after September 11th, 2001
entry |5 pages
Planning for the Future: Challenges
entry |4 pages
Pod Slurping: Concepts
entry |2 pages
Pod-Slurping: Other Vulnerabilities
entry |16 pages
Policy Development: Needs
entry |5 pages
Portable Computing Environments
entry |10 pages
Privacy Breaches: Policies, Procedures, and Notification
entry |9 pages
Privacy Governance: Effective Methods
entry |8 pages
Privacy: Healthcare Industry
entry |3 pages
Privacy: Legal Issues
entry |4 pages
Privacy: Policy Formation
entry |4 pages
Proxy Servers
entry |5 pages
Public Key Hierarchy
entry |8 pages
Public Key Infrastructure (PKI)
entry |11 pages
Public Key Infrastructure (PKI): E-Business
entry |10 pages
Public Key Infrastructure (PKI): Registration
entry |5 pages
Quantum Computing
entry |4 pages
Radio Frequency Identification (RFID)
entry |8 pages
RADIUS: Access Control
entry |12 pages
Reduced Sign-On
entry |5 pages
Redundant Arrays of Independent Disks (RAID)
entry |9 pages
Relational Database Access Controls: SQL
entry |10 pages
Relational Database Security
entry |9 pages
Remote Access: Secure
entry |3 pages
Return on Investment (ROI)
entry |8 pages
Risk Analysis and Assessment: Risk Assessment Tasks
entry |9 pages
Risk Analysis and Assessment: Risk Management Tasks
entry |3 pages
Risk Analysis and Assessment: Terms and Definitions
entry |6 pages
Risk Assessment
entry |6 pages
Risk Management
entry |6 pages
Risk Management and Analysis
entry |6 pages
Risk Management Model: Technology Convergence
entry |10 pages
Risk Management: Enterprise
entry |5 pages
Risk Management: Trends
entry |9 pages
Role-Based Access Control
entry |8 pages
Sarbanes-Oxley Act of 2002 (SOX)
entry |7 pages
Sarbanes-Oxley Act of 2002 (SOX): Compliance
entry |9 pages
Secure Socket Layer (SSL)
entry |7 pages
Security Breaches: Reporting
entry |6 pages
Security Controls: Dial-Up
entry |6 pages
Security Development Lifecycle
entry |7 pages
Security Incident Response
entry |8 pages
Security Information and Event Management (SIEM)
entry |6 pages
Security Information Management: Myths and Facts
entry |10 pages
Security Management Program: Prioritization
entry |6 pages
Security Management Team Organization
entry |12 pages
Security Policy Development and Distribution: Web-Based
entry |9 pages
Security Policy Lifecycle: Functions and Responsibilities
entry |12 pages
Security Risk: Goals Assessment
entry |11 pages
Security Teams: Effective Methods
entry |8 pages
Security Test and Evaluation
entry |6 pages
Server Security Policies
entry |4 pages
Service Level Agreements
entry |12 pages
Service Oriented Architecture (SOA)
entry |7 pages
Simple Network Management Protocol (SNMP)
entry |15 pages
Single Sign-On: Enterprise
entry |8 pages
Smartcards
entry |10 pages
Social Engineering: Mitigation
entry |8 pages
Software Development Lifecycles: Security Assessments
entry |5 pages
Software Piracy
entry |10 pages
Sploits
entry |4 pages
Spoofing and Denial of Service Attacks
entry |14 pages
Spyware
entry |10 pages
Spyware: Ethical and Legal Concerns
entry |5 pages
Standards
entry |4 pages
State of Washington v. Heckel
entry |4 pages
Steganography
entry |4 pages
Steganography: Detection
entry |12 pages
Storage Area Networks
entry |6 pages
Surveillance: Closed-Circuit Television and Video
entry |7 pages
System Design Flaws
entry |12 pages
System Development Security: Methodology
entry |11 pages
Systems Development: Object-Oriented Security Model
entry |7 pages
Systems Integrity Engineering: Distributed Processing Concepts and Corresponding Security-Relevant Issues
entry |4 pages
Systems Integrity Engineering: Interoperable Risk Accountability Concepts
entry |10 pages
Systems Integrity Engineering: Methodology and Motivational Business Values and Issues
entry |13 pages
Systems Management: Third-Party Applications and Systems
entry |4 pages
Tape Backups: Validation
entry |8 pages
Technology Convergence: People, Process and Technology
entry |5 pages
Technology Convergence: Security
entry |10 pages
Telephony Systems: Auditing
entry |4 pages
Tokens: Authentication
entry |8 pages
Tokens: Evaluation
entry |6 pages
Tokens: Role and Authentication
entry |6 pages
Transformation: Department-Level
entry |7 pages
Transport Layer Security (TLS)
entry |9 pages
Uniform Resource Locators (URLs): Obscuring
entry |5 pages
UNIX Security
entry |12 pages
Virtual Network Computing (VNC) Systems
entry |13 pages
Virtual Private Networks (VPNs)
entry |13 pages
Virtual Private Networks (VPNs): Deployment and Evaluation Strategy
entry |9 pages
Virtual Private Networks (VPNs): Leverage
entry |6 pages
Virtual Private Networks (VPNs): Perspectives
entry |8 pages
Virtual Private Networks (VPNs): Remote Access
entry |9 pages
Virtualization and Digital Investigations
entry |10 pages
Voice Communications: Voice-over-Internet (VoI)
entry |8 pages
Voice Communications: Voice-over-IP (VoIP) Protocols
entry |10 pages
Voice Communications: Voice-over-IP (VoIP) Security
entry |7 pages
Voice over WLAN
entry |8 pages
Voice Security
entry |2 pages
Web Applications: Firewalls
entry |8 pages
Web Applications: Security
entry |8 pages
Web Services
entry |12 pages
Wireless Internet Security: Portable Internet Devices
entry |7 pages
Wireless Local Area Networks (WLANs)
entry |10 pages
Wireless Local Area Networks (WLANs): Challenges
entry |11 pages
Wireless Local Area Networks (WLANs): Security
entry |4 pages
Wireless Local Area Networks (WLANs): Vulnerabilities
entry |6 pages
Wireless Penetration Testing
entry |4 pages
Workplace Violence
entry |13 pages
World Wide Web
entry |6 pages
XML
entry |6 pages
XML and Other Metadata Languages
entry |19 pages
Binary Gravitational Search Algorithm (BGSA): Improved Efficiency
entry |12 pages
Information Lifecycle: Approach to Governance, Risk, and Compliance Management
entry |12 pages
Principle of Least Privilege (PLP): Implementation
entry |16 pages
Chaos-Based Cryptosystems: Optimized Neural Network Models
entry |10 pages
Virtual Team Management: Perspective and Guidelines
entry |13 pages
Artificial Neural Network Models for Intrusion Detection
entry |9 pages
Access Controls: Implementation
entry |12 pages
Chaotic-Based Communication Systems
entry |14 pages
Fuzzy Models for Intrusion Detection
entry |11 pages
Cryptographic Hash Functions
entry |11 pages
Authentication Methods