Vulnerabilities in Information Systems Introduction Measuring Vulnerability Avoiding Vulnerabilities through Secure Coding Mistakes Can Be Good Threats Classification Threat Modeling Process Security Starts at Home Security in Applications International Awareness Exercises Vulnerabilities in the Organization Introduction Common Organizational Vulnerabilities Access Authorization and Authentication Human Factors Security Services External Technologies Wireless Networks Bluetooth Passive Vulnerabilities Active Vulnerabilities Precautions Wireless Fidelity Wi-Fi Precautions at Home Wi-Fi Precautions at the Hotspot Wi-Fi Precautions at the Enterprise Worldwide Interoperability Microwave Access WiMAX Features Cloud Computing Exercises Risks in Information Systems Infrastructure Introduction Risks in Hardware Risks in Software Risks in People Risks in Laptops Risks in Cyberspace Risk Insurance in Cyberspace Exercises Secure Information Systems Introduction Assets Identification Assets Communication Assets Storage Resource Access Control Facility Securing the Email Communications Email Server Side Email Client Side Information Security Management Exercises Cybersecurity and the CIO Introduction CIO: Personality Trust and Ethics Communication and Intelligence Leadership and Entrepreneurship Courage and Limitations CIO: Education University Degrees Certifications CIO: Experience Experience CIO: Responsibilities Data Backup and Archiving Culture of Security Cyber Training Contingency Plans Liability CIO: Information Security Internal Information Security Components Access Control--Electronic Access Control--Physical Cyber Policies Cyber Awareness and Training Training Business Continuity CIO: The Changing Role Exercises Building a Secure Organization Introduction Business Continuity Planning Business Impact Analysis (BIA) Business Recovery Strategy (BRS) Drafting of the BCP Testing of the BCP Training in the BCP Implementation BCP Performance Indicators System Access Control System Development and Maintenance Physical and Environmental Security Compliance Personnel Security Security Organization Computer and Network Management Asset Classification and Control Security Policy Exercises Cyberspace Intrusions Introduction IDPS Configuration Sensors Processor Consoles Network IDPS Capabilities Information Acquisition Information Loggings Detection Techniques Prevention Actions IDPS Management Implementation Step One: Features Step Two: Architecture Step Three: Installation Step Four: Testing Step Five: Activation Operation Maintenance IDPS Classification Host-Based IDPS Network-Based IDPS Network Behavior Analysis System Wireless IDPS IDPS Comparison Exercises Cyberspace Defense Introduction File Protection Applications File Backup Disaster Recovery History Deletion Shredding and Wiping File Undelete File Encryption Loggers Anti-Loggers PC Performance Applications Registry Repair Anti-Rootkits Antivirus Junk Files Fragmentation Protection Tools Security Analyzer Password Analyzer Firewalls Packet-Level Filtering Circuit-Level Filtering Application-Level Gateway Email Protection Exercises Cyberspace and the Law Introduction International Laws Europe United Nations North Atlantic Treaty Organization INTERPOL Impediments to Cyber Law Enforcement Cyber-Related Laws in the United States The Commercial Privacy Bill of Rights Act of 2011 The Cybersecurity Act of 2010 The Federal Information Security Management Act of 2002 The USA PATRIOT Act of 2001 The Communications Assistance for Law Enforcement Act of 1994 Computer Security Act of 1987 The Privacy Act of 1974 Cybercrime Trends in Cyber Abuse Combating Cybercrime Exercises Cyber Warfare and Homeland Security Introduction Cyber Warfare Cyber Weapons Convention Cyber Terrorism Cyber Espionage Homeland Security National Cyber Security Division Cybersecurity Preparedness Challenges Distributed Defense Countermeasures The Cyber Defense Ecosystem Cybersecurity Training Cyber Simulation and Exercises Exercises References Index.
Cyberspace and Cybersecurity