appendix an introductory information infrastructure ...3a978-0... · appendix an introductory...
TRANSCRIPT
Appendix
An Introductory Information Infrastructure Resilience, Recovery and Security Bibliography
Introduction
This book promotes Resilience in Critical Infrastructure Protection. Primarily, Critical Information Infrastructure Protection (CIIP), combining computer and communication systems infrastructure, focusing on key issues as facilita-tors of CIIP efforts including:
● Information sharing● Data and network security● IT governance● Risk management● Cyber terrorism
Information Infrastructure is a critical cross cutting factor, which other Critical Infrastructures depend upon. CIIP is as vital as power.
This bibliography is designed to assist those who wish to understand the range of material published on subjects related to Information Infrastructure Resilience, Recovery, and Security. It does not claim to be comprehensive. Indeed the review of literature identifies a number of gaps. As will be seen reliance is placed on a wide range of associated areas of interest to bring together potentially relevant material.
For those already involved with this subject as an academic, or a practi-tioner, then this bibliography may be basic. There may be other sources not included here. Please be kind enough to inform of any glaring omission or commission errors – [email protected].
Most references before 1998 are excluded. This is a rapidly moving area where things quickly become out of date. However, where certain texts before 1998 are viewed as important they have been included.
An effort has been made to include some tacit as well as explicit sources. Clearly, key text authors are important tacit resources. All Eric Goetz’s and Sujeet Shenoi’s colleagues and teams at 13P are, for example, good sources of tacit knowledge.
Annotations are made where it is thought appropriate.
201
202 Appendix
The list of Internet links is a long one, and there is an emphasis on links in general. The subject is both relatively immature and very much concerned with online activity; therefore much of the information available is naturally online.
The discerning will notice that the balance of content is very much in reverse order: security, recovery, and resilience. It is clear that much less effort has gone into making Information Infrastructure, systems, utilities, etc. resilient than there has into working out how to recover from disaster or plug the holes. This is a reflection of the way Information Infrastructure has developed over the last decade. It is also a reflection of the balance of risk equation, which is in favor of the recovery rather than the resilience. This is broadly as it should be in a market economy, if the risks have been well thought through. However, there is increasing evidence that this is not so, the risks have not been thought through. Privatization has led to a loss of linkage between Government and strategic resources. This trend has meant even those businesses previously considered quasinational, for example BT in the UK have lost their place in the national strategic order. This in turn means that not enough thought has gone into pro-tecting vital national assets. This may be appropriate in an increasingly federal world, but not in an increasingly asymmetric world. So some redress of the bal-ance on national strategic assets and their protection/resilience is required. This is the main lesson from this literature review.
Bibliographies/Lists/Directories/Surveys/Search Engines
Areshttp://www.aresacademia.com/sistemas/pads/pads7.htm (Accessed: 3 January 2007)Spanish site, but bibliography in English.
Asymmetric Warfarehttp://www.au.af.mil/au/aul/bibs/asm/asw.htm (Accessed: 3 January 2007).
Asymmetric Warfarehttp://www.comw.org/rma/fulltext/asymmetric.html (Accessed: 3 January 2007).
Air War Collegehttp://www.au.af.mil/au/awc/awcgate/awc-thry.htm#bibs (Accessed: 3 January 2007).
Amazonhttp://www.amazon.com (Accessed: 3 January 2007)Amazon has lists of lists, which can add to the books listed in this document.
Appendix 203
British Computer Society Publicationshttp://www.bcs.org/bcs/products/publications (Accessed: 3 January 2007).
Business Continuity, etc.http://www.survive.com/Resources (Accessed: 3 January 2007).
Cambridge Scientific Abstracts, Computershttp://uk1.csa.com/csa/factsheets/computer.shtml (Accessed: 3 January 2007).
Computer Emergency Response Team (CERT) Information Security Research Papershttp://www.cert.org/research/papers.html.
CESG (2004) Directory of INFOSEC Assured Products. UK, CESG.http://www.cesg.gov.uk (Accessed: 3 January 2007).Listings of security products that meet with UK Government approval.
CESG ‘Cloud Cover’ Public Key Infrastructure Project Bibliography http://www.cesg.gov.uk/site/ast/index.cfm?menuSelected=1&displayPage=11 (Accessed: 3 January 2007).
Computer Security Bookshttp://www.epic.org/bookstore/security.html (Accessed: 3 January 2007).
Usability of Computer Securityhttp://www.sims.berkeley.edu/%7Erachna/security_usability.html (Accessed: 3 January 2007).
Dunn, M and Wigert, I (2004) Critical Information Infrastructure Protection. Zurich, Switzerland. The Swiss Federal Institute of Technology, available at http://www.isn.ethz.ch/crn (Accessed: 3 January 2007).
This has a wide ranging bibliography on Critical Information Infrastructure Protection for Australia, Austria, Canada, Finland, France, Germany, Italy, The Netherlands, New Zealand, Norway, Sweden, Switzerland, United Kingdom, United States, Critical Information Infrastructure Methods and Models, and a number of links.
Cryptography and Securityhttp://theory.lcs.mit.edu/~rivest/crypto-security.html (Accessed: 3 January 2007).
Defense Information Access Network http://www.dianepublishingcentral.com/CustomerService.asp (Accessed: 3 January 2007).
Department of Energy Information Securityhttp://doe-is.llnl.gov (Accessed: 3 January 2007).
Disaster Recovery, Emergency Planning Bookshttp://www.binomial.com/bookstore/cg040001.htm (Accessed: 3 January 2007).
204 Appendix
Ernst and Young (2004) IT Security Solutions Directory. London, UK. Showtime Media Services.This is an annual publication by Showtime Media Services, sponsored in 2004 by Ernst and Young, which lists and tables vendor solutions to security problems.
Googlehttp://www.google.co.uk (Accessed: 3 January 2007)And other search engines.
Google Scholarhttp://www.scholar.google.com (Accessed: 3 January 2007)And other search engines.
The Information Security Policies/Computer Security Policies Directoryhttp://www.information-security-policies-and-standards.com/(Accessed: 3 January 2007).
Information Warfare and Information Security on the Web http://www.fas.org/irp/wwwinfo.html (Accessed: 3 January 2007).
Institute of Directors Publicationshttp://www.iod.com/is-bin/INTERSHOP.enfinity/eCS/Store/en/-/GBP/IOD-Start (Accessed: 3 January 2007). Mainly books, articles, etc. on Corporate Governance and the security issues associated with Corporate Governance.
http://www.iso17799software.com/ (Accessed: 3 January 2007)ISO17799 Directory of Software & Security Risk Analysis.
Lancaster Index, Thehttp://www.mpr.co.uk/scripts/sweb.dll/li_home (Accessed: 20 December2004)A listing/bibliography of defense and international security literature.
Microsofthttp://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/Windows/2000/server/reskit/en-us/iisbook/c09_additional_resources.asp (Accessed: 3 January 2007)A Microsoft Security Resources List.
National Transportation Libraryhttp://ntl.bts.gov/faq/sept11.html (Accessed: 3 January 2007).
Network Security Readinghttp://www.spinics.net/linux/netsec.php (Accessed: 3 January 2007).
Network Security Libraryhttp://secinf.net/ (Accessed: 3 January 2007).
Appendix 205
Perpetuity Presshttp://www.perpetuitypress.com (Accessed: 3 January 2007)Specialises in books, journals, and manuals in the fields of crime, risk, andsecurity.
Qinetiq White Papers http://www.qinetiq.com/home/markets/security/securing_your_business/information_and_network_security/white_paper_index.html (Accessed: 3 January 2007) A series of very relevant White Papers. The Qinetiq site is also a good source of tacit knowledge.
Questia. An Online Library.http://www.questia.com (Accessed: 3 January 2007).
Price Waterhouse Coopers (2004) Information Security Breaches Survey, London, UK. Department of Trade and Industry. An annual survey on Information Security breaches. Available at http://www.security-survey.gov.uk (Accessed: 3 January 2007).
Rand Organizationhttp://www.rand.org/publications (Accessed: 3 January 2007).
Reliability Books and Related Subjectshttp://www.enre.umd.edu/rbooks.htm (Accessed: 3 January 2007).
Reliability Engineering and Risk Management. Cranfield University’s Papers.http://www.cranfield.ac.uk/sims/reliability/rermcresearchcapability03.pdf (Accessed: 3 January 2007).
Revolution in Military Affairshttp://www.comw.org/rma/index.html (Accessed: 3 January 2007).
RFID (Radio Frequency identification) Security and Privacyhttp://lasecwww.epfl.ch/~gavoine/rfid/ (Accessed: 3 January 2007).
Risk Software and Computer Riskshttp://www.riskworld.com/BOOKS/topics/risksoft.htm (Accessed: 3 January 2007).
The Rothstein Catalogue on Disaster Recoveryhttp://www.rothstein.com/ (Accessed: 3 January 2007).
Security Issues (Neil Johnson’s Bibliographies)http://www.jjtc.com/Security/bib (Accessed: 3 January 2007).
Security and Cryptology http://liinwww.ira.uka.de/bibliography/Misc/security.2.html (Accessed: 3 January 2007).
SEMPERhttp://www.semper.org/sirene/collections/booklist.html (Accessed: 3 January 2007). This is a European R&D project on eCommerce. It has a substantial booklist. Terminated in 2002, so some book references are old.
206 Appendix
Books – Arranged Alphabetically by Subject
All books on this subject tend to be, by nature, specialist and thus published by specialist companies or specialist subdivisions of major publishers. Therefore the book listings of these publishers are a further rich source of additional material and information. The books listed here are those that form the foun-dation of the resilience, recovery, and security press. Most can be found at the bookstores at the major conferences.
Apache
Apache is open software. http://www.apache.org (Accessed: 3 January 2007).
Coar, K and Bowen, R (2003) Apache Cookbook. Farnham, UK. O’Reilly.
Mobily, T, et al. (2003) Professional Apache Security. Indianapolis, Indiana, USA. Wrox Press Ltd.
Wainwright, P (2004) Professional Apache. Berkeley, CA, USA. Apress.
Auditing and SecurityMusaji, YF (2001) Auditing and Security: AS/400, NT, Unix, Networks and Disaster Recovery Plans. New York, USA. Wiley.
Backup (In Terms of Backing Up Data on Computers)
Desai, A (2000) SQL Server 2000 Backup and Recovery (Database Professional’s Library). Emeryville, CA, USA. Osborne McGraw-Hill.
Freeman, R and Hart, M (2002) Oracle9i RMAN Backup and Recovery (Oracle Press S.). USA. Osborne McGraw-Hill.
Hobbs, L, et al. (2000) OCP: Oracle8i DBA Architecture and Administration and Backup and Recovery Study Guide. CA, USA. Sybex International.
Little, DB (2003) Implementing Backup and Recovery: The Readiness Guide for the Enterprise (VERITAS S.). New York, USA. Wiley.
Stringfellow S, Klivansky M, and Barto, M (2000) Backup and Restore Practices for Sun Enterprise Servers (Sun Blueprints S.) Indianapolis, Indiana, USA. Prentice-Hall.
Velpuri, R, et al. (2000) Oracle8i Backup and Recovery (Oracle Press S.). Emeryville, CA, USA. Osborne McGraw-Hill.
CarnivoreCarnivore is a FBI computer software program looking for malpractice on the Internet.
Hatch, OG (2000) Carnivore Controversy: Electronic Surveillance and Privacy in the Digital Age: Hearing Before the Committee on the Judiciary, U.S. Senate. Collingdale, PA, USA. Diane Pub Co.
Appendix 207
Canady, CT (2000) Fourth Amendment Issues Raised by the FBI’s Carnivore Program: Hearing Before the Committee on the Judiciary, U.S. House of Representatives. Collingdale, PA, USA. Diane Pub Co.
Certification for Security ProfessionalsNote that material relevant to the Certificate of Information Security Management is contained in the links section.
Behtash, B (2004) CCSP Self-Study: CISCO Secure PIX Firewall Advanced (CSPFA). USA. Cisco Press.
Bragg, R (2002) MCSE Training Guide: (70-220) Designing Security. Indianapolis, Indiana, USA. Que.
Bragg, R (2004) MCSE Windows Server 2003 (Exam 70-98): Designing Security for a Windows Server 2003 Network: Training Kit. USA. Microsoft Press International.
Bragg, R and Tittel, E (2004) Designing Security for a Windows Server 2003 Network: Exam 70-298 (Exam Cram 2 S.). Indianapolis, Indiana, USA. Que.
Carter, E (2004) CCSP Self-study: CISCO Secure Intrusion Detection System. USA. Cisco Press.
Cockroft, L (2003) CCSP SECUR Exam Cram 2 (642-501). Indianapolis, Indiana, USA. Que.
Dubrawski I and Grey P (2003) CCSP CSI Exam Certification Guide: CCSP Self-Study. USA. Cisco Press.
Edwards, W, et al. (2003) CCSP Secure Pix and Secure VPN Study Guide (642-521 and 642-511): Secure PIX and Secure VPN Study Guide (642-521 and 642-511). CA, USA. Sybex International.
Edwards, W, et al. (2004) CCSP Study Guide Kit (642-501, 642-511, 642-521, 642-531, 642-541). CA, USA. Sybex International.
Golubski, C and Heldman, W (2001) MCSE: ISA Server 2000 Administration Study Guide. USA. Cybex International.
Hansche, S (2003) Official (ISC) 2 Guide To The CSSP Exam. USA. Auerbach Publishers Inc.
Harris, S (2003) CISSP Certification All-In-One Guide, 2nd Edition. Emeryville, CA, USA. Osborne McGraw-Hill.
Hausman, KK (2003) Security+ (Exam Cram SYO-101) (Exam Cram 2 S.). Indianapolis, Indiana, USA. Que.
Hussain, Y (2004) CCIE Security Practice Labs (CCIE Self-study). USA. Cisco Press.
208 Appendix
Information Systems Audit and Control Association Staff (2001) CISA Review Manual 2002. Rolling Meadows, IL, USA. Information Systems Audit and Control Association.
Kramer, J (2003) The CISA Prep Guide: mastering the Certified Information Systems Auditor Exam.
Krutz, R and Vines, RD (2001) The CISSP Prep Guide: Mastering the Ten Domains of Computer Security. New York, USA. Wiley.
Krutz, RL and Vines, RD (2003) Advanced CISSP Prep Guide: Exam Q and A. New York, USA. Wiley.
Krutz, RL (2004) The CISSP Prep Guide: Mastering CISSP and ISSEP. New York, USA. Wiley.
Menga, J (2003) CCSA NG Check Point Certified Security Administrator Study Guide (Certification Press). CA, USA. Sybex International.
Microsoft Press (2003) MCSA/MCSE Self Paced Training Kit: Implementing and Maintaining Security in a Windows 2000 Network Infrastructure. USA, Microsoft Press International.
Miller, LC and Gregory, PH (2002) CISSP for Dummies. New York, USA. Wiley.
Molta, D and Akin, D (2003) CWSP Certified Wireless Security Professional: Official Study Guide (Exam PWO-200). Emeryville, CA, USA. Osborne McGraw-Hill.
Newman, DP, et al. (2004) CSIDS Exam Cram 2: Exam 642-53. Indianapolis, Indiana, USA. Que.
Newcomb, MJ (2004) CCSP SECUR Exam Certification Guide. USA. Cisco Press.
Northrup, T (2004) MCSA/MCSE Self Paced Training Kit: Implementing and Administering Security in a Windows Server 2003 Network. USA. Microsoft Press International.
Reisman, B and Ruebush, M (2004) MCSE: Windows Server 2003 Network Security Design Study Guide (70-298). CA, USA. Sybex International.
Roland, J (2004) CCSP Self-study: Securing Cisco IOS Networks (SECUR). USA. Cisco Press.
Schmied, W and Shimonski, RJ (2003) Mcsa/Mcse Managing and Maintaining a Windows Server 2003 Environment for an Mcsa Certified on Windows 2000 (Exam 70-292): Study Guide and DVD Training System. Rockland, MA, USA. Syngress Media.
Shimonski, RJ and Shinder, DJ (2003) Security+ and Study Guide and DVD Training System. Rockland, MA, USA. Syngress Media.
Appendix 209
Skoudis, E (2002) The Network Security Training Course Desktop. Indianapolis, Indiana, USA. Prentice-Hall.
Tittel, E, et al. (2004) CISSP: Certified Information Systems Security Professional Study Guide. CA, USA. Sybex International.
CISCOCISCO along with a number of other key vendors, such as Microsoft, Intel, and Oracle have a wide range of resources dedicated to their products. This is because of the high market share each has in particular product areas, and their obvious desire to keep it that way.
Sedayo, J (2001) Cisco IOS Access Lists. Farnham, UK. O’Reilly.
Code (As In Computer Code)Sebastian Xambo-Descamps (2003) Block Error-correcting Codes: A Computational Primer (Universitext S.). Berlin, Germany. Springer.
Hatton, L (1994) Safer C: Developing Software in High-integrity and Safety-critical Systems (McGraw-Hill International Series in Software Engineering). Emeryville, CA, USA. McGraw-Hill Publishing Co.
Rubin, AD, et al. (2004). Exploiting Software: How to Break Code. Boston, MA, USA. Addison Wesley.
Computer SecurityAmoroso, E (1994) Fundamentals of Computer Security Technology, New Jersey, USA. AT&T.
Bishop, M (2002) Computer Security: Art and Science. Boston, MA, USA. Addison Wesley.
Gollmann, D (1999) Computer Security. New York, USA. Wiley.
Greene, TC (2004) Computer Security for the Home and Small Office. USA. Apress.
Leveson, N (1995) Safeware: System Safety and Computers. Boston, MA, USA. Addison Wesley.
Luber, A (2002) PC Fear Factor. Indianapolis, Indiana, USA. Que.
Penfold, RRC (1998) Computer Security : Businesses at Risk. London, UK. Robert Hale Limited.
Pieprzyk, J, et al. (2003) Fundamentals of Computer Security. Berlin, Germany. Springer.
Zelkowitz, MV (ed.) (2004) Advances in Computers, Vols. 40–62. New York, USA. Elsevier.
Corporate SecurityAlagna, T, et al. (2005) Larstan’s Black Book on Corporate Security. Potomac, Maryland, USA. Larstan.
210 Appendix
Crime/Forensics/Malice/MalwareAkdeniz, Y (2003) Sex on the Net: The Dilemma of Policing Cyberspace (Behind the Headlines S.). USA. South Street Press.
Benson, R (1996) Acquiring New ID: How to Easily Use the Latest Technology to Drop Out, Start Over and Get on with Your Life. Boulder, CO, USA. Paladin Press.
Casey, E (2004) Digital Evidence and Computer Crime. USA. Academic Press.
Casey, E (2001) Handbook of Computer Crime Investigation: Forensic Tools and Technology. USA. Academic Press.
Endorf, C, et al. (2003) Intrusion, Detection and Prevention: The Authoritative Guide to Detecting Malicious Activity (Security). Emeryville, CA, USA. Osborne McGraw-Hill.
Jewkes, Y (2003) Dot.cons: Crime, Deviance and Identity on the Internet. Cullompton, Devon, UK. Willan Publishing.
Kruse II, WG and Heiser, J (2001) Computer Forensics Essentials. Boston, MA, USA. Addison Wesley.
Levy, S (2002) Heroes of the Computer Revolution. UK. Penguin Books.
Mintz, A and Mintz, AP (2002) Web of Deception: Misinformation on the Internet. Toronto, ON, Canada. Cyberage Books.
Mitnick, KD and Simon, WL (2003) The Art of Deception: Controlling the Human Element of Security. New York, USA. Wiley.
Parker, D (1998) Fighting Computer Crime: A New Framework for Protecting Information. New York, USA. Wiley.
Negus, C (2004) Fedora Troubleshooting Bible. New York, USA. Wiley.
Peikari, C and Chuvakin, A (2004) Security Warrior. Farnham, UK. O’Reilly.
Prosise, C and Mandia, K (2003) Incident Response and Computer Forensics. Emeryville, CA, USA. Osborne McGraw-Hill.
Russell R, and Beale, J (2004) Stealing the Network: How to Own a Continent. Rockland, MA, USA. Syngress Media.
Russell, R (2003) Stealing the Network: How to Own the Box. Rockland, MA, USA. Syngress Media.
Phillips, A, et al. (2004) Computer Forensics and Investigations. Boston, MA, USA. Course Technology.
Sammes, AJ and Jenkinson, B (2000) Forensic Computing: A Practitioner’s Guide (Practitioner S.). Godalming, UK. Springer.
Appendix 211
Schneier, B (2004) Secrets and Lies: Digital Security in a Networked World. New York, USA. Wiley.
Skoudi, E (2003) Malware: Fighting Malicious Code. Indianapolis, Indiana, USA. Prentice-Hall.
Slatalla, M (1996) Masters of Deception: The Gang That Ruled Cyberspace. London, UK. HarperCollins.
Stoll, C (2000) The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage. USA. New York, USA. Simon and Schuster Inc.
Syngress (2004) Snort 2.1 Intrusion Detection. USA, Rockland, MA, USA. Syngress Media.
The Honeynet Project (2004) Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community. Boston, MA, USA. Addison Wesley.
Thomas, D and Loader, BD (2000) Cybercrime: Law Enforcement, Security and Surveillance in the Information Age. London, UK. Routledge, an imprint of Taylor and Francis Books.
Wang, W (2000) Steal This Computer Book 2: What They Won’t Tell You About the Internet. San Francisco, CA, USA. No Starch Press.
Whittaker, J and Thompson, H (2003) How to Break Software Security. Boston, MA, USA. Addison Wesley.
Critical InfrastructureDacey, RF (2003) Critical Infrastructure Protection: Commercial Satellite Security Should Be More Fully Addressed. Collingdale, PA, USA. Diane Pub Co.
Dunn, M and Wigert, I (2004) Critical Information Infrastructure Protection, The International CIIP Handbook 2004. Zurich, Switzerland. Centre for Security Studies.Available at http://www.isn.ethz.ch/crn/publications/publications_crn.cfm?pubid=224 (Accessed: 20 December 2004).
Ware, WH (1998) The Cyber-Posture of the National Information Infrastructure. Santa Monica, CA, USA. Rand Corporation.
Cryptography
Cryptography is the process of encoding information in such a way that only the person (or computer) with the appropriate key can decode it.
Delfs, H and Knebl, H (2001) Introduction to Cryptography: Principles and Applications (Information Security and Cryptography). Berlin, Germany. Springer.
212 Appendix
Ferguson, N and Schneier, B (2003) Practical Cryptography. New York, USA. Wiley.
Hershey, J (2002) Cryptography demystified. Emeryville, CA, USA. McGraw-Hill Education.
Mao, W (2003) Modern Cryptography: Theory and Practice. Indianapolis, Indiana, USA. Prentice-Hall.
Mel, HX, et al. (2000) Cryptography Decrypted. Boston, MA, USA. Addison Wesley.
Menezes, AJ, et al. (1996) Handbook of Applied Cryptography. Boca Raton, FL, USA.CRC Press.
Rhee, MY (2003) Internet Security: Cryptographic Principles, Algorithms and Protocols. London. Wiley.
Rhee, MY (1994) Cryptography and Secure Communications (The McGraw-Hill Series on Computer Communications). Emeryville, CA, USA. McGraw-Hill Education (ISE Editions).
Schneier, B (1995) Applied Cryptography: Protocols, Algorithms and Source Code in C. New York, USA. Wiley.
Trappe, W and Washington, LC (2002) Introduction to Cryptography with Coding Theory. Indianapolis, Indiana, USA. Prentice-Hall.
Van Der Lubbe, JCA and Gee, S (1998) Basic Methods of Cryptograph. Cambridge, UK. Cambridge University Press.
Weiss, J (2004) Java Cryptography Extensions: Practical Guide for Programmers. San Francisco, CA, USA. Morgan Kaufmann.
Young, A and Yung, M (2004) Malicious Cryptography: Exposing Cryptovirology. New York, USA. Wiley.
Data/Databases and Related IssuesGary, J (2000) Database: Principles, Programming, Performance.San Francisco, CA, USA. Morgan Kaufmann.
Gill, T, et al. (1998) Introduction to Metadata. Los Angeles, CA, USA. Getty Education Institute for the Arts.
King, D and Newson, D (1999) Data Network Engineering (BT Telecommunications S.). Berlin, Germany. Kluwer (Springer-Verlag) Academic Publishers.
Klosek, J (2000) Data Privacy in the Information Age. Westport, USA. Quorum Press.
Knox, D (2004) Effective Oracle Databases 10g Security by Design (Oracle Press S.). Emeryville, CA, USA. Osborne McGraw-Hill.
Appendix 213
Sayood, K (2000) Introduction to Data Compression (The Morgan Kaufmann Series in Multimedia Information and Systems). San Francisco, CA, USA. Morgan Kaufmann.
Shani, S (2004) Data Structures, Algorithms, and Applications in C++. Summit, NJ, USA. Silicon Press.
Wang, RY, et al. (2000) Data Quality (The Kluwer International Series on Advances in Database Systems). Berlin, Germany. Kluwer (Springer-Verlag) Academic Publishers.
White, G (2001) Data and Voice Security. Indianapolis, Indiana, USA. Sams.
Data Mining (The Process of Searching Data for Specific Information)Berry, MJA (2004) Data Mining Techniques, Second Edition: for Marketing, Sales, and Customer Relationship Management. New York, USA. Wiley.
Mohammadian, M (2004) Intelligent Agents for Data Mining and Information Retrieval. Hershey, PA, USA. Idea Group Inc.
Witten, IH and Eibe, F (1999) Tools for Data Mining, Practical Machine Learning Tools and Techniques (The Morgan Kaufmann Series in Data Management Systems). San Francisco, CA, USA. Morgan Kaufman.
Disaster Recovery and Contingency Planning (Relevant To Technology)Arnell, A and Davis, D (1989) Handbook of Disaster Recovery Planning. Emeryville, CA, USA. McGraw-Hill Education.
Bernan Associates (2003) Planning for Post-disaster Recovery and Reconstruction. Lanham, MD, USA. Bernan Associates.
Broby, L (2002) Disaster Recovery and Corporate Survival Strategies: Pre-Emptive Procedures and Countermeasures (Financial Times Executive Briefings). London, UK. Financial Times/Prentice-Hall.
Brooks, C and IBM (2002) Disaster Recovery Strategies with Tivoli Storage Management (IBM Redbooks). USA. Vervante.
Buchanan, RW (2002) Network Disaster Recovery: Planning for Business Continuity and System Performance (Professional Telecommunications S.). Emeryville, CA, USA. McGraw-Hill Education.
Chase, K (2002) PC Disaster and Recovery. CA, USA. Sybex International.
Childs, DR and Dietrich, S (2002) Contingency Planning and Disaster Recovery: A Small Business Guide. New York, USA. Wiley.
Christensen, B (1999) From Management to Leadership: A History of Recovery from Disaster and Learning from the Experience. Boca Raton, FL, USA. uPublish.com.
214 Appendix
Christopher, J (2004) Full recovery: Protect Your Small Business from Disasters and Unforeseen Events. Berkeley, CA, USA. Peachpit Press.
Cougias, DJ, et al. (2003) Backup Book, The. USA. Schaser-Varten Books.
CTRC (1997) Contingency Planning and Disaster Recovery: Protecting Your Organization’s Resource. UK. CTRC Computer Technology Research Corporation.
Erbschloe, M and Vacca, JR (2003) Guide to Disaster Recovery. Boston, MA, USA. Course Technology.
Evan, W and Manion, M (2002) Minding the Machines: Preventing Technological Disasters. Indianapolis, Indiana, USA. Prentice-Hall.
Grigonis, R (2002) Disaster Survival Guide for Business Communications Networks Emeryville, CA, USA. Osborne McGraw-Hill.
Gustin, J (2002) Disaster Recovery Planning: A Guide for Facility Managers. Indianapolis, Indiana, USA. Prentice-Hall.
Hiatt, C (2000) A Primer for Disaster Recovery Planning in an IT Environment. Hershey, PA, USA. Idea Group Inc.
IBM (1999) Sap R/3 on DB2 for Os/390: Disaster Recovery. USA. Vervante.
IBM (2000) Disaster Recovery Using Hageo and Georm. USA. Vervante.
Lewis, S (2004) Disaster Recovery Yellow Pages. Newton, MA, USA. Systems Audit Group Inc.
Lang, A and Larkin, R (2001) Disaster Preparedness and Recovery: A Guide for Nonprofit Board Members and Executives. Washington, DC, USA. Board Source.
Mahdy, GE (2001) Disaster Management in Telecommunications, Broadcasting and Computer Systems. London, UK. Wiley.
Maiwald E, and Sieglein, W (2002) Security Planning and Disaster Recovery. Emeryville, CA, USA. Osborne McGraw-Hill.
Miora, M (2000) NCSA Guide to Enterprise Disaster Recovery Planning. Emeryville, CA, USA. McGraw-Hill Education.
Mellish, B and IBM (2002) IBM Total Solutions for Disaster Recovery (IBM Redbooks). USA. Vervante.
Mellish, B and IBM (2002) IBM Total Storage. USA. Vervante.
Neaga, G (1997) Fire in the Computer Room, What Now? Disaster Recovery Handbook (IBM Books). Indianapolis, Indiana, USA. Pearson Education.
Appendix 215
NIIT (2002) Disaster Recovery. Portland, OR, USA. Premier Press.
Pedersen, A (1998) NAFCU’s Contingency Planning, Disaster Recovery, and Record Retention for Credit Unions. Arlington, VA, USA. AS Pratt.
Preston, WC (1999) UNIX Backup and Recovery. Farnham, UK. O’Reilly.
QED (1995) Disaster Recovery: Contingency Planning and Programme Analysis. Boston, MA, USA. QED Technical Publishing Group.
Robinson, MK (2003) Disaster Recovery for Nonprofits. Lanham, MD, USA. University Press of America.
TechRepublic (2003) Administrator’s Guide to Disaster Planning and Recovery, Vol. 2. USA. TechRepublic.
Toigo, J (2002) Disaster Recovery Planning: Preparing for the Unthinkable. Indianapolis, Indiana, USA. Prentice-Hall.
Vacca, J (2004) The Business Case for Network Disaster Recovery Planning. USA. CISCO Press.
Wallace, M and Webber, L (2004). The Disaster Recovery Handbook. London, UK. Amacom.
Warrick, C and IBM (2004) IBM Totalstorage Solutions for Disaster Recovery. Palos Verdes, CA, USA. Vervante.
Wold, RL (1989) Disaster Recovery for Banks. Emeryville, CA, USA. William C Brown.
Zaenglein, N (1998) Disk Detective: Secrets You Must Know to Recover Information from a Computer. Boulder, Co, USA. Paladin Press.
eBusinessGhosh, AK (2001) Security and Privacy for e-Business. New York, USA. Wiley.
Matsura, JH (2001) Security, Rights and Liabilities in E-Commerce (Telecommunications Library) Norwood, MA, USA. Artech House Books.
FirewallsFirewalls are electronic barriers designed to keep destructive forces from compromising computers in particular.
Callisma (2002) Cisco Security Specialists Guide to Pix Firewall. Rockland, MA, USA. Syngress Media.
Deal, R (2002) Cisco PIX Firewalls. Emeryville, CA, USA. Osborne McGraw-Hill.
Komar, B, et al. (2003) Firewalls For Dummies. New York, USA. Wiley.
Kopparpu, C (2002) Load Balancing Servers, Fire Walls and Caches. New York, USA. Wiley.
216 Appendix
Mason, A, et al. (2003) Check Point NG FireWall-1/VPN-1 Administration (Network Professional’s Library). Emeryville, CA, USA. Osborne McGraw-Hill.
McCarty, B (2002) Red Hat Linux Firewalls. New York, USA. Wiley.
Northcutt, S (2002) Inside Network Perimeter Security: The Definitive Guide to Firewalls, Virtual Private Networks, Routers and Network Intrusion Detection. USA. New Riders.
Strassberg, K, et al. (2002) Firewalls: The Complete Reference (Complete Reference S.). Emeryville, CA, USA. Osborne McGraw-Hill.
Welch–Abernathy, D (2004) Essential Check Point Firewall 1 NG: An Installation, Configuration and Troubleshooting Guide. Boston, MA, USA. Addison Wesley.
Ziegler, R and Constantine, C (2001) Linux Firewalls. USA. New Riders.
Zwicky, ED, et al. (2000) Building Internet Firewalls. Farnham, UK. O’Reilly.
HackingThe pejorative sense of hacker is becoming more prominent largely because the popular press has coopted the term to refer to individuals who gain unaccess to computer systems for the purpose of stealing and corrupting data. Hackers, themselves, maintain that the proper term for such individuals is cracker (Webopedia).
Beaver, K (2004) Hacking for Dummies. New York, USA. Wiley.
Dr-K. (2002) A Complete Hacker’s Handbook. UK, Carlton Books.
Dr-K. (2004) Hackers’ Tales: Stories from the Electronic Front Line. London, UK. Carlton Books.
EC-Council (2004) Ethical Hacking. Chicago, IL, USA. Independent Publishers Group. OSB Publisher Pte Ltd.
Erickson, J (2003) Hacking the Art of Exploitation. San Francisco, CA, USA. No Starch Press.
Flickenger, R (2003) Linux Server Hacks. Farnham, UK. O’Reilly.
Graham, P (2004) Hackers and Painters: Essays on the Art of Programming. Farnham, UK. O’Reilly.
Gunkel, DJ (2001) Hacking Cyberspace. Boulder, CO, USA. Westview Press.
Hatch, B, et al. (2002) Hacking Exposed Linux: Linux Security Secrets and Solutions. Emeryville, CA, USA. Osborne McGraw-Hill.
Hemenway, K and Calishain, T (2003) Spidering Hacks. Farnham, UK. O’Reilly.
Appendix 217
Huang, A (2003) Hacking the Xbox: An Introduction to Reverse Engineering. San Francisco, CA, USA. No Starch Press.
Jones, K, et al. (2003) Anti-Hacker Tool Kit (Anti-Hacker Tool Kit). Emeryville, CA, USA. Osborne McGraw-Hill.
Kaspersky, K (2003) Hacker Disassembling Uncovered. UK. Computer Bookshops.
Klevinsky, TJ, et al. (2004) Hack I.T.: Security Through Penetration Testing. Boston, MA, USA. Addison Wesley.
Lockhart, A. (2004) Network Security Hacks. Farnham, UK. O’Reilly.
Mclure, S, et al. (2003) Hacking Exposed: Network Security Secrets and Solutions, 4th edition. Emeryville, CA, USA. Osborne McGraw-Hill.
Mutton, P (2004) IRC Hacks. Farnham, UK. O’Reilly.
Parker, T, et al. (2004) Cyber Adversary Characterization: Auditing the Hacker Mind. Rockland, MA, USA. Syngress Media.
Scambray, J and McClure, S (2003) Hacking Exposed Windows Server 2003 (Hacking Exposed). Emeryville, CA, USA. Osborne McGraw-Hill.
Scambray, J, et al. (2002) Hacking Exposed: Web Applications (Hacking Exposed). Emeryville, CA, USA. Osborne McGraw Hill.
Schiffman, M. (2001) Hacker’s Challenge: Test Your Incident Response Skills Using 20 Scenarios. Emeryville, CA, USA. Osborne McGraw-Hill.
Schiffman, M, et al. (2003) Hacker’s Challenge 2: Test Your Network Security and Forensic Skills (Hacking Exposed S.). Emeryville, CA, USA. Osborne McGraw-Hill.
Skoudis, E (2001) Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defense. Indianapolis, Indiana, USA. Prentice-Hall.
Syngress (2004). Hardware Hacking: Have Fun While Voiding Your Warranty. Rockland, MA, USA. Syngress Media.
Tulloch, M (2004) Windows Server Hacks. Farnham, UK. O’Reilly.
Vladimirov, A (2004) WI-FOO: The Secrets of Wireless Hacking. Boston, MA, USA. Addison Wesley.
Warren, HS (2002) Hacker’s Delight. Boston, MA, USA. Addison Wesley.
HardeningHardening is the process of making hardware and software more resilient and resistant to damage, intrusion, and attack. Initially used in the sense of preventing electromagnetic bursts from nuclear bombs destroying computer systems. The term’s use has now widened to deal with more prosaic issues.
218 Appendix
Akin, T (2002) Hardening Cisco Routers. Farnham, UK. O’Reilly.Bragg, R (2004) Hardening Windows System. Emeryville, CA, USA. Osborne McGraw-Hill.
Gharajedaghi, J (1999) Systems Thinking: Managing Chaos and Complexity. Woburn, MA, USA. Butterworth-Heinemann.
Hallows, JE (2004) Information Systems Project Management: How to Deliver Function and Value in Information Technology Projects.
Hassell, J (2004) Hardening Windows. Berkeley, CA, USA. Apress.
Mobily, T (2004) Hardening Apache. Berkeley, CA, USA. Apress.
Noona, W (2004) Hardening Network Infrastructure. Emeryville, CA, USA. Osborne McGraw-Hill.
Terpstra, JH, et al. (2004) Hardening Linux. Emeryville, CA, USA. Osborne McGraw-Hill.
Turnbull, J (2004) Hardening Linux. Berkeley, CA, USA. Apress.Incident Response.
Schultz, EE and Shumway, R (2001) Incident Response. USA. New Riders.
Mandia K, et al. (2003) Incident Response. Emeryville, CA, USA. Osborne-McGraw Hill.
Information/Information Technology Security and Assurance
Barman, S (2001) Writing Information Security Policies. USA. New Riders.
Bhargava, VK, et al. (2003) Communications, Information and Network Security. Berlin, Germany. Kluwer (Springer-Verlag) Academic Publishers.
British Chambers of Commerce (2003) The British Chambers of Commerce Guide to IT Security. UK. Microsoft Corporation.
Calder, A and Watkins, S (2003) IT Governance: A Managers Guide to Data Security and BS 7799/ISO 17799. London, UK. Kogan Page.
CSIA (2004) Protecting Our Information Systems. London, UK. Cabinet Office, UK Government.
Desman, MB (2001) Building and Information Security Awareness Program. Boca Raton. Auerbach Publishing.
Doswell, B (2000) A Guide to Information Security Management. UK. Perpetuity Press.
Doswell, B (2000) A Guide to Business Continuity Management. UK. Perpetuity Press.
Herrmann, DS (2001) A Practical Guide to Security Engineering and Information Assurance. Boca Raton, FL, USA. Auerbach Publishers.
Appendix 219
Hughes, L (1995) Actually Useful Internet Security Techniques. Indianapolis. Indiana, USA. New Riders.
Hunter, JMD (2001) An Information Security Handbook. Berlin, Germany. Springer.
IEEE (2001) 2001 Information Survivability Exposition 11(DI: Discex’01: Proceedings, 12–14 June 2001, Anaheim, California), V.1-2. Piscataway, NJ, USA. IEEE Computer Society Press.
Institute of Directors (2004) IT Security. UK. Institute of Directors/McAfee.
Kovacich, GL (1998) The Information Systems Security Officer’s Guide: Establishing and Managing an Information Protection Program, 2nd Edition. Woburn, MA, USA. Butterworth-Heinemann.
Krause, M and Tipton, HF (2000) Information Security Management Handbook. Boca Raton, Fl, USA. Auerbach Publishers.
Peltier, TR (2001) Information Security Policies, Procedures and Standards: Guidelines for Effective Information Security Management. Boca Raton, FL, USA. Auerbach Publishers.
Pipkin, D (2000) Information Security. Indianapolis, Indiana, USA. Prentice-Hall.
Proctor, PE and Byrnes, FC (2002) The Secured Enterprise: Protecting Your Information Assets. Upper Saddle River, NJ, USA. Prentice-Hall.
Tudor, JK (2004) Information Security Architecture. Boca Raton, FL, USA. Auerbach Publishers.
Tudor, JK (2000) Information Security Architecture: An Integrated Approach to Security in the Organization. Boca Raton, FL, USA. Auerbach Publishers.
JavaA high-level programming language developed by Sun Microsystems. Java was originally called OAK, and was designed for handheld devices and set-top boxes. OAK was unsuccessful so in 1995 Sun changed the name to Java and modified the language to take advantage of the burgeoning World Wide Web.Java is an object-oriented language similar to C++, but simplified to eliminate language features that cause common programming errors (Webopedia).
Oaks, S (2001) Java Security. Farnham, UK. O’Reilly.
Berg, C (2003) Designing Secure J2EE Applications and Web Services (Sun Microsystems Press Java S.). Indianapolis, Indiana, USA. Prentice-Hall.
Taylor, A, et al. (2002) J2EE and Java: Developing Secure Web Applications with Java Technology (Hacking Exposed). Emeryville, CA, USA. Osborne McGraw-Hill.
220 Appendix
KerberosAn authentication system developed at the Massachusetts Institute of Technology (MIT). Kerberos is designed to enable two parties to exchange private information across an otherwise open network. (Webopedia).
Garman, J (2003) Kerberos: The Definitive Guide. Farnham, UK. O’Reilly.
LinuxPronounced lee-nucks or lih-nucks. A freely distributable open source operating system that runs on a number of hardware platforms. The Linux kernel was developed mainly by Linus Torvalds. Because it’s free, and because it runs on many platforms, including PCs and Macintoshes, Linux has become an extremely popular alternative to proprietary operating systems (Webopedia).
Bauer, MD (2002) Building Secure Servers with Linux. Farnham, UK. O’Reilly.
Collings, T and Wall, K (2004) Red Hat Linux Networking and System Administration. New York, USA. Wiley.
Purdy, GN (2004) Linux IPTables Pocket Reference. Farnham, UK. O’Reilly.
Microsoft and Microsoft Windows GeneralAlexander, Z (2001) Microsoft ISA Server 2000. Indianapolis, Indiana, USA. Sams.
Bott, E (2002) Windows XP/2000 Security Inside Out. USA. Microsoft Press International.
Brown, K (2000) Programming Windows Security. New Jersey, USA. Pearson.
Brown, T (2001) Windows 2000 Network Disaster Recovery. Indianapolis, Indiana, USA. Sams.
Craft, M (2002) Configuring Citrix MetaFrame XP for Windows. Rockland, MA, USA. Syngress Media.
Daily, SK (2001) Admin 911 Windows 2000 Disaster Recovery. Emeryville, CA, USA. McGraw-Hill Osborne Media.
De Clerq, J (2003) Windows Server 2003 Security Infrastructures: Core Security Features of Windows.Net. Woburn, MA, USA. Butterworth Heinemann.Komar, B (2004) Windows Server 2003 PKI and Certificate Security. USA. Microsoft Press International.
Microsoft Press (2001) Internet Security and Acceleration Server 2000 (MCSE Training Kit). USA. Microsoft Press International.
Appendix 221
Swiderski, F (2004) Threat Modeling. USA. Microsoft Press International.
Robinson, G (2003) Real World Microsoft Access Database Protection and Security. Berkeley, CA, USA. Apress.
Walther, H and Santry, P (2004) CYA Securing Exchange Server 2003 and Outlook Web Access. Rockland, MA, USA. Syngress Media.
Mobile Communications/MobilityAl-Mualla, M, et al. (2002) Video Coding for Mobile Communications: Efficiency, Complexity and Resilience (Signal Processing and Its Applications). New Jersey, USA. Academic Press.
Davies, I (2002) Security Interests in Mobile Equipment. Aldershot, UK. Dartmouth.
Grimes, RA (2001) Malicious Mobile Code: Virus Protection for Windows. Farnham, UK. O’Reilly.
McGraw G, and Felten, EW (1998) Getting Down to Business with Mobile Code: A Guide to Creating and Managing Secure Mobile Code. New York, USA. Wiley.
Mitchell, C (2003) Security for Mobility (Telecommunications S.). London, IEE.
Vigna, G (1998) Mobile Agents and Security (Lecture Notes in Computer Science S.). Berlin, Germany. Springer.
.NET
.NET is a widely used networking software product.
Brown, K (2004) The .NET Developer’s Guide to Windows Security. Boston, MA, USA. Addison Wesley.
Freeman, A and Jones, A (2003) Programming .NET Security. Farnham, UK. O’Reilly.
Gaster, B, et al. (2002) ASP.NET Security. Indianapolis, Indiana, USA. Wrox Press Ltd.
Microsoft Press (2003) Building Secure ASP.NET Applications. USA. Microsoft Press International.
Network SecurityAllen, JH (2001) The CERT Guide to System and Network Security Practices. Boston, MA, USA. Addison Wesley.
Brenton, C and Hunt, C (1999) Active Defense, A Comprehensive Guide To Network Security. CA, USA. Sybex International.
222 Appendix
Buchanan, RW (2002) Network Disaster Recovery: Planning for Business Continuity and System Performance (Professional Telecommunications S.) Emeryville, CA, USA McGraw-Hill Education.
Canavan, JE (2001) Fundamentals of Network Security (Telecommunications Library). Norwood, MA, USA. Artech House Books.
Chey, C (2002) Network Security for Dummies (For Dummies S.). New York, USA. Wiley.
Cisco Systems Inc., Cisco Networking Academy Program. (2003) Cisco Networking Academy Program Fundamentals of Network Security: Companion Guide. USA, Cisco Press.
Harris, J (2002) Cisco Network Security Little Black Book. Phoenix, AZ, USA. Paraglyph Press.
Hendry, M (1995) Practical Computer Network Security. Norwood, MA, USA. Artech.House
Kaeo, M (2004) Designing Network Security. New Zealand. Penguin Books (NZ).
Liotine, M (2003) Mission Critical Network Planning (Telecommunications Library) Norwood, MA, USA. Artech House Books.
Maiwald, E (2001) Network Security: A Beginner’s Guide. Emeryville, CA, USA. McGraw-Hill.
Maxwell, D and Amon, C (2002) Nokia Network Security Solutions Handbook. Rockland, MA, USA. Syngress Media.
MCI (2002) Business Continuity Guide. UK. MCI Available at http://www.mci.com/uk/bcinterest (Accessed: 3 December 2004).
Mikalsen, A and Borgesen, P (2002) Local Area Network Management, Design and Security: A Practical Approach. London, UK. Wiley.
McNab, C (2004) Network Security Assessment. Farnham, UK. O’Reilly.
Panko, R (2003) Corporate Computer and Network Security. Indianapolis, Indiana, USA. Prentice-Hall.
Powell, G and Bejtlich, R (2004) The Tao of Network Security Monitoring: Beyond Intrusion Detection. Boston, MA, USA. Addison Wesley.Rozenblit, M (2000) Security for Telecommunications Network Management. New York, USA. Wiley.
Sonnenreich, W and Albanese, J (2003). Network Security Illustrated. Emeryville, CA, USA. McGraw-Hill Education.
Stallings, W (2002) Network Security Essentials:(United States Edition). Indianapolis, Indiana, USA. Prentice-Hall.
Appendix 223
Thomas, T (2004) Network Security First-Step (First Step S.). Cisco Press.
Viega, J, et al. (2002) Network Security with OpenSSL. Farnham, UK. O’Reilly.Wilson, J, et al. (1998) Telecom and Network Security: Telecommunications Reports Toll Fraud and Telabuse Update. New York, USA. Telecommunications Reports.
Operational RiskFrost, C, et al.(2001). Operational Risk and Resilience. USA. Butterworth-Heinemann.
Public Key Infrastructure (PKI).A system of digital certificates, Certificate Authorities, and other registration authorities that verify and authenticate the validity of each party involved in an Internet transaction (Webopedia).
Austin, T (2001) PKI. New York, USA. Wiley.
Adans, C and Lloyd, S (2002) Understanding PKI: Concepts, Standards, and Deployment Consideration. Indianapolis, Indiana, USA. Sams.
Positive MessagesPurba, S (2003) High-Value IT Consulting: 12 Keys to a Thriving Practice. Emeryville, CA, USA. Osborne McGraw-Hill.
Reeher, G, et al. (2002) Click on Democracy: The Internet’s Power to Change Political Apathy into Civic Action. Boulder, CO, USA. Westview Press.
ReliabilityKececioglu, D (1995) Reliability Engineering Handbook. Indianapolis, Indiana, USA. Prentice-Hall.
Radio Frequency Identification (RFID)Finkenzeller, K (2003) RFID Handbook. New York, USA.Wiley.
Securing and SecurityAhuja, V (1996) Secure Commerce on the Internet. Orlando, FL, USA. AP Professional.
Amon, C (2004) Check Point Next Generation with Application Intelligence Security Administration. Rockland, MA, USA. Syngress Media.
Amoroso, E (1999) Intrusion Detection. New Jersey, USA. AT&T.
Anderson, R (2001) Security Engineering: A Guide to Building Dependable Distributed Systems. New York, USA. Wiley. A key text.
Bace, R and Melnick, D (2003) PDA Security: Incorporating Handhelds into Your Enterprise. Emeryville, CA, USA. McGraw-Hill Education.
Ballard, J (2002) Internet Security and Acceleration Server 2000 Technical Reference. USA. Microsoft Press International.
224 Appendix
Barratt, DJ, et al. (2003) Linux Security Cookbook. Farnham, UK. O’Reilly.
Barrett, DJ, et al. (2001) SSH, the Secure Shell: The Definitive Guide. Farnham, UK. O’Reilly.
Birkholz, EP, et al. (2004) Security Sage’s Guide to Hardening the Network Infrastructure. Rockland, MA, USA. Syngress Media.
Carter, J (2004) The Expert Guide to PeopleSoft Security. Lincoln, NE, USA. iUniverse Inc.
Carroll, B (2004) Cisco Access Control Security: AAA Administration Services. Indiana, USA. Cisco Press.
Cheah, CH, et al. (2004) CYA Securing IIS 6.0. Rockland, MA, USA. Syngress Media.
Cox, KJ and Gerg, C (2004) Managing Security with SNORT and IDS Tools. Farnham, UK. O’Reilly.
Delp, EJ and Wong, PW (2003) Security and Watermarking of Multimedia Contents: V (Proceedings of SPIE). Bellingham, WA, USA. Society of Photo-Optical Instrumentation Engineers (SPIE).
Dournaee, B. (2004) XML Security. Emeryville, CA, USA. McGraw-Hill.
Drew, G, et al. (1998) Using SET for Secure Electronic Transactions. Indianapolis, Indiana, USA. Prentice-Hall.
Dwivedi, H (2003) Implementing SSH: Strategies for Optimizing the Secure Shell. New York, USA. Wiley.
France, P (2003) Local Access Network Technologies (Telecommunications S.). Stevenage, UK. IEE.
Graff, MG and Van Wyk, KR (2003) Secure Coding: Principles and Practices. Farnham, UK. O’Reilly.
Gehrmann, C, et al. (2004) Bluetooth Security. Norwood, MA, USA. Artech House Books.
Gritzalis, D, et al. (2003) Security and Privacy in the Age of Uncertainty (IFIP International Federation for Information Processing S.). Berlin, Germany. Kluwer (Springer-Verlag) Academic Publishers.
Gupta, A and Laliberte, S (2004) Defend I.T.: Security by Example. Boston, MA, USA. Addison Wesley.
Hendry, M (2001) Smart Card Security and Applications (Telecommunications Library). Norwood, MA, USA. Artech House Books.
Hope, P (2004) Freebsd and Openbsd Security Solutions. Indianapolis, Indiana, USA. Sams.
Appendix 225
Howard, M (2002) Writing Secure Code. USA, Microsoft Press International.
Howlett, T (2004) Open Source Security Tools: Securing Your Unix or Windows Systems. Boston, MA, USA. Addison Wesley.
IEEE Computer Society Staff. (2003) 16th Computer Security Foundations Workshop (Csfw 16–2003). Piscataway, NJ, USA. IEEE Press.
Jancezewski, L (2000) Internet and Intranet Security, Management, Risks and Solutions. Hershey, PA, USA. Idea Group Inc.
Kabatiansky, G (2004) Error Correcting Coding and Security for Data Networks: Analysis of the Superchannel Concept. London, UK. Wiley.
Koziol, J (2004) The Shellcoder’s Handbook: Discovering and Exploiting Security Holes. New York, USA. Wiley.
Kuhn, RD (2003) PBX Vulnerability: Finding Holes In Your PBX Before Someone Else Does. Collingdale, PA, USA. Diane Pub Co.
Kuhn, DR (2003) Role-Based Access Control (Artech House Computer Security Series) Norwood, MA, USA. Artech House Books.
Kuhn, RD, et al. (2003) Security for Telecommuting and Broadband Communications: Recommendations of the National Institute of Standards and Technology. Collingdale, PA, USA. Diane Pub Co.
Lail, BM (2002) Broadband Network and Device Security (RSA Press S.). Emeryville, CA, USA. Osborne McGraw-Hill.
Lippert, E (2002) Visual Basic.NET Code Security Handbook. Indinapolis, Indiana, USA. Wrox Press Ltd.
Nazario, J and Palmer, B (2004) Secure Architectures: With OpenBSD. Boston, MA, USA. Addison Wesley.
Niemi, V and Nyberg, K (2003) UMTS Security. London, UK. Wiley.
Oppliger, R (2000) Secure Messaging with PGP and S/MIME (Artech House Computer Security Series). Norwood, MA, USA. Artech House Books.
Pansini, AJ (2004) Transmission Line Reliability and Security. New York, USA. Marcel Dekker.
Phaltankar, KM (2000) Implementing Secure Intranets and Extranets (Telecommunications Library). Norwood, MA, USA. Artech House Books.
Polk, WT (2000) Anti Virus Tools and Techniques for Computer Systems (Advanced Computing and Telecommunications Series). Norwich, New York, USA. Noyes Publications.
Ranum, MJ (2003) Myth of Homeland Security. New York, USA. Wiley.
226 Appendix
Rescorla, E (2000) SSL and TLS: Building and Designing Secure Systems. Boston, MA, USA. Addison Wesley.
Rockley, A, et al. (2002) Managing Enterprise Content: A Unified Content Strategy. USA. New Riders.
Rosenberg, J and Remy, D (2004) Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature and XML Encryption. Indianapolis, Indiana, USA. Que.
Shinder, TW and Shimonski, RJ (2003) Building DMZs for Enterprise Networks. Rockland, MA, USA. Syngress Media.
Sutton, R (2001) Secure Communications: Applications and Management (Wiley Series in Communications Networking). London, UK. Wiley.
Thomas, S (2000) SSL and TLS Essentials: Securing the Web. New York, USA. Wiley.
Tolchin, M and SJ (1992) Selling Our Security. New York, USA. Knopf.
Trudel, R and Convery, S (2004) Designing Secure Enterprise NE. USA. Cisco Press.
Viega, J and McGraw, G (2001) Building Secure Software: How to Avoid Security Problems the Right Way. Boston, MA, USA. Addison Wesley.
SniffingA sniffer analyzes networks and protocols and ‘smells’ what’s coming in and out of the network, good, and bad.
Orebaugh, AD, et al. (2004) Ethereal Packet Sniffing. Rockland, MA, USA. Syngress Media.
Shimonski, R (2002) Sniffer Network Optimization and Troubleshooting Handbook. Rockland, MA, USA. Syngress Media.
SpamElectronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited e-mail (Webopedia).
Feinstein, K and McAneny, M (2004) How to Do Everything to Fight Spam, Viruses, Pop-ups and Spyware (How to Do Everything S.). Emeryville, CA, USA. Osborne McGraw-Hill.
Schwartz, A (2004) SpamAssassin. Farnham, UK. O’Reilly.
Scott, C, et al. (2004) Anti-Spam Tool Kit. Emeryville, CA, USA. Osborne McGraw-Hill.
SteganographyThe process of hiding messages or files in other messages or files. For example hiding a document in a photograph.
Appendix 227
Petitcolas, F, et al. (1999) Information Hiding Techniques for Steganography and Digital Watermarking (Computing S.). Norwood, MA, USA. Artech House Books.
Virtual Private Networks (VPNs)Davis, C (2001) IPSec: Securing VPNs (RSA Press S.). Emeryville, CA, USA. Osborne McGraw-Hill.
Mairs, J (2001) VPNs: A Beginner’s Guide (Network Professional’s Library) Emeryville, CA, USA. Osborne McGraw-Hill.
Tan, NK (2003) Building VPNs: With IPSec and MPLS (Pro Tel S.) Emeryville, CA, USA. McGraw-Hill Education.
Warfare and Politics
Berkowitz, B (2003) The New Face of War: How War Will Be Fought in the 21st Century. New York, USA. Simon and Schuster International.
Cheswick, WR and Brabigan, S (2004) High-Tech Crimes Revealed: Cyberwar Stories from the Digital Front. Boston, MA, USA. Addison Wesley.
Fialka, JJ (1997) War By Other Means. New York, USA. Norton.
Golden, JR (1994) Economics and National Strategy in the Information Age: Global Networks, Technology Policy and Cooperative Competition. Oxford, UK. Praeger Publishers.
Gongora, T and Von Riekhoff, H (2000) Toward a Revolution in Military Affairs? Defense and Security at the Dawn of the Twenty-First Century. Oxford, UK. Greenwood Press.
Nichols, R, et al. (2002) Infowar: Protecting Telecom and Information Systems (ProTel). Emeryville, CA, USA. McGraw-Hill.
Petrakis, GJ (1998) Are You Ready for Information Warfare?: Security for Personal Computers, Networks and Telecommunications Systems. Toronto, ONT, Canada. Productive Publications.
Poisel, RA (2002) Introduction to Communication Electronic Warfare Systems (Artech House Information Warfare Library). Norwood, MA, USA. Artech House Books.
Stacy, JR (2001) Inside 911. Philadelphia, PA, USA. Xlibris Corporation.
Wilkin, P (2001) The Political Economy of Global Communication: An Introduction (Human Security in the Global Economy S.). Sydney, Australia. Pluto Press Limited.
Yourdon, E (2002) Byte Wars: The Impact of September 11 on Information Technology. Indianapolis, Indiana, USA. Prentice-Hall.
228 Appendix
WirelessBarken, L (2003) How Secure is Your Wireless Network?: Safeguarding Your WI-Fi LAN. Indianapolis, Indiana, USA. PrenticeHall.
Carter, B and Shumway, R (2002) Wireless Security End to End (End to End). New York, USA. Wiley.
Edney, J and Arbaugh, B (2003) Real 802.11 Security: Wi-Fi Protected Access and 802.11i. Boston, MA, USA. Addison Wesley.
Held, G (2003) Securing Wireless LANs: A Practical Guide for Network Managers, LAN Administrators and the Home Office User. London, UK. Wiley.
Hurley, C, et al. (2004) Wardriving - Drive, Detect, Defend: A Guide to Wireless Security. Rockland, MA, USA. Syngress Media.
Maxim, M and Pollino, D (2002) Wireless Security. Emeryville, CA, USA. McGraw-Hill.
Miller, S (2003) WiFi Security. Emeryville, CA, USA. McGraw-Hill Education.
Nichols, RK, et al. (2004) Wireless Security: Models, Threats, and Solutions. Emeryville, CA, USA. McGraw-Hill.
Nichols, R and Lekkas, P (2001) Wireless Security: Models, Threats and Solutions (McGraw-Hill Telecom Professional S.). Emeryville, CA, USA. McGraw-Hill.
Perrig, A and Tygar, JD (2002) Secure Broadcast Communication: In Wired and Wireless Networks ? Berlin, Germany. Kluwer (Springer-Verlag) Academic Publishers.
Potter, B and Fleck, B (2003) 802.11 Security. Farnham, UK. O’Reilly.
Schaefer, G (2004) Security in Fixed and Wireless Networks: An Introduction to Securing Data Communications. London, UK. Wiley.
Swaminatha, T and Elden, C (2002) Wireless Security and Privacy: Best Practices and Design Techniques. Boston, MA, USA. Addison Wesley.
Temple, R and Regnault, J (2002) Internet and Wireless Security (BTexact Communications Technology S.). Stevenage, UK. IEE.
WordPerfectAcklen, L (2004) Absolute Beginner’s Guide to WordPerfect 12. Indianapolis, Indiana, USA. Que.
Articles – Arranged Alphabetically By Subject
This is by no means a definitive list of articles. However, these articles give an insight into different aspects of the subject, sometimes quite obtuse. They can be used as a starting to point to explore for different authors and articles on similar subjects.
Appendix 229
Asymmetric WarfareAllen, RH (1997) Asymmetric Warfare: Is the Army ready? Available at http://www.amsc.belvoir.army.mil/asymmetric_warfare.htm (Accessed: 14 November 2004).
Corbin, M (2001) Reshaping the Military for Asymmetric Warfare’ Center for Defense Information 5 October. Available at http://www.cdi.org/terrorism/asymmetric.cfm (Accessed: 14 November 2004).
Goulding, JG (2000) Back to the Future with Asymmetric Warfare, Parameters, Winter. Available at http://carlisle-www.army.mil/usawc/Parameters/00Winter/goulding.htm (Accessed: 3 January 2007).
Staten, CL (1999) Asymmetric Warfare, the Evolution and devolution of Terrorism: The Coming Challenge for Emergency and National Security Forces. Journal of Counterterrorism and Security International, Winter. Available at http://www.emergency.com/asymetrc.htm (Accessed: 3 January 2007).
Hyslop, MP (2003) Asymmetric Warfare, Proceedings International Conference on Politics and Information Systems: Technologies and Applications (PISTA ’03), Orlando, Florida, USA. 31 July 2003 – 2 August 2003.
BankingBanking Development Department Hong Kong Monetary Authority (2002) Business Continuity Planning After 9/11, Hong Kong Monetary Authority Quarterly Bulletin, 11.
BS7799ISO/IEC 17799: Code of Practice for Information Security Management is a generic set of best practices for the security of information systems. Considered the foremost security specification document in the world, the code of practice includes guidelines for all organizations, no matter what their size or purpose. 17799 was originally published in the United Kingdom as a Department of Trade and Industry Code of Practice, and then later as BS 7799.
There are many available articles on BS 7799.
eEye Digital Security and ECSC Limited (2004) Attaining BS7799 Compliance with Retina Vulnerability Assessment Technology, ECSC Limited Whitepaper. ECSC.
Critical Infrastructure
Robinson, PC, et al. (1998) Critical Infrastructure. Issues in Science and Technology, Vol. 15, Fall.
CryptographyThe art of protecting information by transforming it (encrypting it) into an unreadable format, called cipher text. Only those who possess a secret key can decipher (or decrypt) the message into plain text (Webopedia).
230 Appendix
Dam, KW (1997) The Role of Private Groups in Public Policy: Cryptography and the National Research Council. University of Chicago Law School Occasional Paper No.38.
Stansfield, EV and Walker, M (1995) Coding and Cryptography for Speech and Vision, Proc. 5th Cryptography and Coding IMA Conference, pp. 213–236.
Computer Crime and SecurityCadoree, M (1994) Computer Crime and Security. Resource Materials, Library of Congress, Library of Congress.
Cyberwar and NetwarArquilla, JJ and Ronfeldt, DF (1995) Cyberwar and Netwar: New Modes, Old Concepts, of Conflict Rand Research Review, Fall.
Clash of CivilizationsHuntington, SP (1993) The Clash of Civilizations, Foreign Affairs. Summer, v72, n3, p22(28).
Data RelatedWare, WH (1994) Policy Considerations for Data Networks. Computing Systems, 7(1), Winter, pp. 1–44
Yeung, PC (1986) The environment and the implementation of data security in the world of telecommunications. Technical Report, University of Kansas, Computer Science.
DefenseUK Ministry of Defense (2004) The Future Strategic Context for Defense. Available at http://www.mod.uk/issues/strategic_context/military.htm (Accessed: 3 January 2007).
Digital DevelopmentHammond, A (2001) Digitally Empowered Development, Foreign Affairs pp. 96–106.Dot Com DreamsBloor, R (2000) The Destruction of Dot Com Dreams. Available at http://www.it-analysis.com/article.php?articleid=1429 (Accessed: 3 January 2007).
ElectionsCramer, R, et al. (1997) A Secure and Optimally Efficient Multi-Authority Election Scheme. European Transactions on Telecommunications, 8(5), September.
Electronic IntrusionFrizzell, J, Phillips, T, and Groover, T (1994) The Electronic Intrusion Threat to National Security and Emergency Preparedness Telecommu-nications: An Awareness Document. Proc. 17th NIST-NCSC National Computer Security Conference, pp. 378–399.
Appendix 231
Electronic MailJones, RL (1995) Client Confidentiality: A Lawyer’s Duties with Regard to Internet E-Mail. Computer Law Section of the State Bar of Georgia, August 16, 1995.
United States. Congress. House. Committee on Commerce. Subcommittee on Telecommunications, Trade, and Consumer Protection (1997)The Security and Freedom through Encryption (SAFE) Act: Hearing before the Subcommittee on Telecommunications, Trade, and Consumer Protection of the Committee on Commerce, House of Representatives, One Hundred Fifth Congress, first session, on H.R. 695, September 4, 1997. Technical Report, United States Government Printing Office, Number Serial no. 105–39 (United States. Congress. House. Committee on Commerce), p. iii + 121, United States Government Printing Office, 1997.
Electronic SignatureEuropean Telecommunications Standards Institute. Electronic Signature Standardization for Business Transactions, August 1999. Available at http://webapp.etsi.org/workprogram/Report_WorkItem.asp?WKI_ID=13387 (Accessed: 3 January 2007).
ErlangA unit of measurement of traffic density in a telecommunications system. The erlang describes the total traffic volume of one hour, or 3600 seconds.
Castro, M (2000) Design Issues for a High Reliability Environment for Erlang,12 November. Available athttp://www.erlang-projects.org/Public/documentation/serc/?pp=1(Accessed: 3 January 2007).
EnvironmentHomer-Dixon, TF (1991) On the Threshold: Environmental Changes as Causes of Acute Conflict, Trudeau Centre for Peace and Conflict Studies, University of Toronto International Security, Vol. 16, No. 2 (Fall) pp. 76–116.
Freedom of InformationAftergood, S. Making Sense of Government Information restrictions: Panic After September 11 Led to Bad Policy. Issues in Science and Technology, Vol. 18, Summer.
Gompert, DC (1998) Right Makes Might: Freedom and Power in the Information Age, McNair paper 59, Chap. 3, May. Available at http://www.rand.org/publications/MR/MR1016/MR1016.chap3.pdf (Accessed: 3 January 2007).
Lewis, C (2002) Freedom of Information under Attack. Nieman Reports, Vol. 56.
232 Appendix
Fuel CrisisTownsend, M and Bright, M. Army Guard on Food if Fuel Crisis Flares, The Observer, 6 June 2004.
Information Security and Warfare, etc.Lohmeyer, DF, et al. (2002) Managing Information Security. The McKinsey Quarterly, Summer.
Nearon, BH (2000) Information Technology Security Engagements: An Evolving Specialty. The CPA Journal, Vol. 70.
Small, DW (1997) Information Security Awareness for Small to Medium Sized Telecommunications Organizations. Technical Report, Saint Mary’s University of Minnesota.
United States. Congress. House. Committee on Energy and Commerce. Subcommittee on Telecommunications and Finance. Computer security: virus highlights need for improved Internet management: report to the chairman, Subcommittee on Telecommunications and Finance, Committee on Energy and Commerce, House of Representatives. Technical Report, U.S. General Accounting Office, p. 48, U.S. General Accounting Office, 1989.
Fogleman, RR, et al. (2003) Cornerstones of Information Warfare. Available at http://www.af.mil/lib/corner.html (Accessed: 3 January 2007).
MI5 (2004) Protecting Your Information.Available at http://www.mi5.gov.uk/output/Page236.html (Accessed: 3 January 2007).
Whitaker, R (1998) Information Warfare. Available at http://www.informatik.umu.se/~rwhit/IW.html (Accessed: 3 January 2007).
WIPRO. Information Security Challenges in the Energy industry. WIPRO White Paper. USA/India. Available at http://www.wipro.com/insights/infosecuritychallenges.htm (Accessed: 3 January 2007).
Zekos, G (1999), Internet or Electronic Technology: A Threat to State Sovereignty, Commentary, The Journal of Information, Law and Technology (JILT (3) ).Available at http://elj.warwick.ac.uk/jilt/99-3/zekos.html (Accessed: 3 January 2007).
JavaA definition of Java is in the book section.
Garthwaite, A and Nettles, S (1998) Transactions for Java. Proceedings of the 1998 International Conference on Computer Languages. IEEE Computer Society Press. pp. 16–27.
Appendix 233
Microsoft and CiscoReardon, M (2004) Microsoft and Cisco Clash on Security. CNET.news.com, 17 September. Available at http://insight.zdnet.co.uk/internet/security/0,39020457,39166968,00.htm (Accessed: 3 January 2007).
National Information InfrastructureUnited States. House of Representatives (1996) The Cyber-Posture of the National Information Infrastructure. Washington. Chairman: Wlillis H Ware. Available at http://www.rand.org/publications/MR/MR976/mr976.html. (Accessed: 3 January 2007).
Network SecurityCirrincione, G, Cirrincione, M, and Piglione, F. (1996) A neural network architecture for static security mapping in power systems. MELECON ’96. 8th Mediterranean Electrotechnical Conference. Industrial Applications in Power Systems, Computer Science and Telecommunications. Proceedings, Vol. 3, IEEE. pp. 1611–14.
Shenoy, DR and Medhi, D (1999) A network management framework for multiple layer survivable networks: Protocol development and implementation. Technical Report, Computer Science Telecommunications Program. University of Missouri, Kansas City, 1999.
SafeNet (2004) Delivering Government Approved Security. Safenet White Paper. USA. SafeNet. Available at http://www.safenet-inc.com (Accessed: 3 January 2007).
Optimistic Message LoggingWang, YM and Huang, Y. (1995) Why Optimistic Message Logging Has Not Been Used in Telecommunications Systems. Institute of Electrical and Electronics Engineers, Inc., June.
Open SystemsAnderson, R (2002) Security In Open versus Closed Systems – The Dance of Boltzmann, Coase and Moore. Available at http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/toulouse.pdf(Accessed: 3 January 2007).An important paper, as is his recent work on economics as the basis of security.
Obstructive MarketingHyslop, MP (1999) Obstructive Marketing: Challenges to Globalizing Companies, M.Sc. Thesis, Huddersfield University Business School/Chartered Institute of Marketing.
Resilience, Robustness, ReliabilityGrotberg, E (1998) The International Resilience Project, 55th Annual Convention, International Council of Psychologists, Graz Austria, July 14–18, 1997 (published 1998).
234 Appendix
Kendra, JM, et al. (2003) Elements of Resilience After the World Trade Centre Disaster: Reconstituting New York City’s Emergency Operations Centre. Disasters, 27(1) pp 37–53.
Little, RG (2002) Toward More Robust Infrastructure: Observations on Improving the Resilience and Reliability of Critical Systems. Proceedings of the 36th Hawaii International Conference on Systems Access, Hawaii, January 06–09, 2003.
Rochlin, GI, et al. (1987) The Self-Designing High reliability Organization: Aircraft Carrier Flight Operations at Sea, Naval War College Review, Autumn.
Saffre, F and Ghanea Hercock, R (2000) Increasing Robustness Of Future Telecommunications Networks. Available at http://discuss.santafe.edu/robustness/stories (Accessed: 3 January 2007), also a site with similar articles.
Radio Frequency Identification (RFID)Claburn, T and Hulme, GV (2004) RFID Security Information Week, 15 November. Available at http://www.informationweek.com/story/showArticle.jhtml?articleID=52601030&tid=13690 (Accessed: 3 January 2007).
Security, etc.Arbaugh, WA, Davin, JR, Farber, DJ, Smith JM (1998) Security for Virtual Private Intranets. Computer, 31(9), pp. 48–54.
Dasgupta, P, et al. (2000) The Security Architecture for MAgNET: A Mobile Agent E-commerce System. Third International Conference on Telecommunications and E-commerce.
Donnelly, C (2003) Security in the 21st Century – New Challenges and Responses. 1st ETR2A Conference, Newcastle-upon-Tyne, UK, 23 June 2003. Available at http://www.etr2a.org (Accessed: 3 January 2007).
Hendry, M (2001) Smart Card Security and Applications.The Artech House Telecommunications Library, p. xviii + 305, Artech House Inc.
Hill, P (2002) Bankrupt Worldcom Called a Security Risk. The Washington Times, July 3.
Lacoste, G, Steiner, M (1999) SEMPER: A Security Framework for the Global Electronic Marketplace. COMTEC – the magazine for telecom-munications technology, 77(9), pp. 56–63, September 1999.
Murray, WH (1984) Security Considerations for Personal Computers. IBM Systems Journal, 23(3), pp. 297–304.
Today (2004) Will the Number of Casinos Rise After the Changes to the Gambling Bill, BBC Radio 4, 19 October 2004, 07.32 hours. Available at http://www.bbc.co.uk (Accessed: 3 January 2007).
Appendix 235
Popp, R, Froehlich, M, Jefferies, N (1995) Security Services for Telecommunications Users. Lecture Notes in Computer Science, Vol. 998, pp. 28ff.
Wong, A (2003) Before and Beyond Systems: An Empirical Modeling Approach, Ph.D. Thesis. Department of Computer Science, University of Warwick, UK, January. Available at http://www.dcs.warwick.ac.uk/~allan (Accessed: 3 January 2007).
Strategic Information WarfareThe Futurist (1997) Strategic Information Warfare. Vol. 31, September.
Telecommunications NetworksAhn, I (1994) Database Issues in Telecommunications Network ManagementSIGMOD Record (ACM Special Interest Group on Management of Data), 23(2), pp. 37–43, June 1994.
Chuah, MC, et al. Performance of two TCP implementations in mobile computing environments. Conference Record/IEEE Global Telecommunications Conference, Vol. 1, pp. 339–344, 1996.
Fowler, J, Seate, RC (1997) Threats and Vulnerabilities for C4I in Commercial Telecommunications: A Paradigm for Mitigation. Proc. 20th NIST-NCSC National Information Systems Security Conference, pp. 612–618.
Varadharajan, V (1994) Security Requirements for Customer Network Management in Telecommunications. Proc. 17th NIST-NCSC National Computer Security Conference, pp. 327–338.
Sinclair, MC (1992) Single-moment analysis of unreliable trunk networks employing $K$-shortest-path routing. Proc. IEE Colloq. Resilience in Optical Networks, p. 3/1–6, Oct 1992.
Trusted ComputingAnderson, R (2004) Trusted Computing. Available at http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html(Accessed: 3 January 2007).
URL (Uniform or Universal Resource Locator – Web Address) SecurityWernick, P (1995) British Telecom URL Security: Project Outline, BT,November
UtilitiesHyslop (2004) How Can the Financial Sector Be Reassured That in the Event of an Incident, Their Utilities Supplies Will Be Uninterrupted? Is This a Viable and Feasible Request? Comments to the Resilience (2004) Conference, Millennium Hotel, London. 22/23/24, September 2004
236 Appendix
Video CodingFaerber, N, et al. (1999) Analysis of Error Propagation in Hybrid Video Coding with Application to Error Resilience, Proceedings of the 1999 International Conference on Image Processing (ICIP-99, pp. 550–554, IEEE, Oct 24–28, 1999.
Wire PiratesWallich, P (1994) Wire Pirates, Scientific American, 270(3), pp. 90ff (Intl. ed. pp72ff), March 1994.
Year 2000 Issues (Y2K)The Eos Life – Work Resource Centre Y2K Update. Available at http://www.eoslifework.co.uk/Y2Kupdate.htm (Accessed: 3 January 2007).
Regular Publications – Arranged Alphabetically By Title
Business Facilities and associated titleshttp://www.busfac.com (Accessed: 3 January 2007).
Online Advice for Economic Developmenthttp://www.facilitycity.com (Accessed: 3 January 2007).
Call Center Magazinehttp://www.callcentermagazine.com (Accessed: 3 January 2007).
CIO (Chief Information Officer) Magazinehttp://www.cio.com (Accessed: 3 January 2007).
Communication News Magazinehttp://www.comnews.com (Accessed: 3 January 2007).
Computer Worldhttp://www.computerworld.com (Accessed: 3 January 2007).
Consulting Specifying Engineering Magazinehttp://www.csemag.com (Accessed: 3 January 2007).
CPA (Certified Public Accountant) Journal, Thehttp://www.capamag.com (Accessed: 3 January 2007).
Crime Preventionhttp://www.perpetuitypress.com/acatalog/Crime_Prevention_and_Community_Safety.html (Accessed: 3 January 2007).
Continuity and Risk Magazinehttp://www.cirmagazine.com (Accessed: 3 January 2007).
CSO (Chief Security Officer) Magazinehttp://www.csoonline.com (Accessed: 3 January 2007).
Appendix 237
Economist, Thehttp://www.economist.com (Accessed: 3 January 2007).
EDPACS (Electronic Data Processing Audit, Control and Security Newsletter)http://www.info-edge.com/product_detail.asp?sku1=418& (Accessed: 3 January 2007).
Financial Times, The Online IT pages.http://news.ft.com/reports/ftit (Accessed: 3 January 2007).
Financial Times, FT Corporate Security.http://www.ft.com/corporatesecurity2004 and related items at http://www.ft.com/specialreports (Accessed: 3 January 2007).
Futurist, Thehttp://www.wfs.org/futurist.htm (Accessed: 3 January 2007).
Government Technologyhttp://www.govtech.net (Accessed: 3 January 2007).
Harvard Business Onlinehttp://harvardbusinessonline.com (Accessed: 3 January 2007).
HotWirehttp://www.weibull.com/hotwire (Accessed: 3 January 2007).
Government Security Newshttp://www.gsnmagazine.com (Accessed: 3 January 2007).
Information and Communications Technology Lawhttp://journalsonline.tandf.co.uk (Accessed: 3 January 2007).
Information, Communication and Societyhttp://journalsonline.tandf.co.uk (Accessed: 3 January 2007).
Information Securityhttp://infosecuritymag.techtarget.com (Accessed: 3 January 2007).
Information Technologyhttp://journalsonline.tandf.co.uk (Accessed: 3 January 2007).
Information Storage and Security Journalhttp://www.issjournal.com (Accessed: 3 January 2007).
Information Systems Managementhttp://www.auerbach-publications.com/home.asp (Accessed: 3 January 2007).
Information Systems Securityhttp://www.auerbach-publications.com/home.asp (Accessed: 3 January 2007).
238 Appendix
International Review of Law, Computers and Technologyhttp://journalsonline.tandf.co.uk (Accessed: Accessed: 20December 2004).
Internet Workshttp://www.iwks.com (Accessed: 3 January 2007).
Intersechttp://www.intersec.co.uk/ns/ddjune.html (Accessed: 3 January 2007).
Journal of Technology Law and Policy, University of Floridahttp://journal.law.ufl.edu/~techlaw/ (Accessed: 3 January 2007).
Linux Magazinehttp://www.linux-mag.com (Accessed: 3 January 2007).
McKinsey Quarterlyhttp://www.mckinseyquarterly.com (Accessed: 3 January 2007).
.NEThttp://www.netmag.co.uk (Accessed: 3 January 2007).
New Scientisthttp://www.newscientist.com (Accessed: 3 January 2007).
Operational Riskhttp://www.operationalriskonline.com (Accessed: 3 January 2007).
PC (Personal Computer) magazinehttp://www.pcmag.com (Accessed: 3 January 2007).
PC (Personal Computer) Worldhttp://www.pcworld.com (Accessed: 3 January 2007).
Public CIO (Chief Information Officer)http://www.public-cio.com (Accessed: 3 January 2007).
Review of Businesshttp://www.questia.com (Accessed: 3 January 2007).
Risk Managementhttp://www.perpetuitypress.com/acatalog/Risk_Management_An_International_Journal.html (Accessed: 3 January 2007).
SC magazinehttp://www.infosecnews.com/home/index.cfm (Accessed: 3 January 2007).
Security Magazinehttp://www.securitymagazine.com (Accessed: 3 January 2007).
Security Journalhttp://www.perpetuitypress.com/acatalog/Security_Journal_Volume_17_number_3_Abstracts.html (Accessed: 3 January 2007).
Appendix 239
Security Studieshttp://journalsonline.tandf.co.uk (Accessed: 3 January 2007).
Sys Adminhttp://www.samag.com (Accessed: 3 January 2007).
Telecommunications Magazinehttp://www.telecommagazine.com (Accessed: 3 January 2007).
The Information Societyhttp://journalsonline.tandf.co.uk (Accessed: 3 January 2007).
The Information Weekhttp://www.informationweek.securitypipeline.com (Accessed: 3 January 2007).
Wireless Business and Technologyhttp://www.sys-con.com (Accessed: 3 January 2007).
Links – Arranged Alphabetically by Subject and Site Name
Academia
http://www.cerias.purdue.edu/ (Accessed: 3 January 2007).CERIAS/Purdue University Information Security Site.
http://www.cerias.purdue.edu/about/history/coast/ (Accessed: 3 January 2007). Centre of Education and Research on Information Assurance and Security at the University of Purdue.
http://www.cerias.purdue.edu/about/history/coast_resources/firewalls/ (Accessed: 3 January 2007).Definitive guide to Firewalls.
http://ftp.cerias.purdue.edu/pub/papers/taimur-aslam/aslam-krsul-spaf-taxonomy.pdf (Accessed: 3 January 2007).A taxonomy of Security Faults.
http://www.cs.columbia.edu.ids (Accessed: 3 January 2007).University of Columbia in New York.
http://www.ee.columbia.edu/~liebenau/E6901.html (Accessed: 3 January 2007).Topics in EE: Resilient Communication Networks.
http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/guidelines.txt (Accessed: 3 January 2007).Clinical System Security.
http://www.cl.cam.ac.uk/users/rja14 (Accessed: 3 January 2007).The Web site of Ross Anderson – A leading Computer Security Academic.
240 Appendix
http://www.cl.cam.ac.uk/users/rja14/ Med (Accessed: 3 January 2007).Security of Medical Information Systems and other Notes from Ross Anderson at University of Cambridge Computer Laboratory (EU/UK).
http://www.coventry.ac.uk/cms/jsp/polopoly.jsp?d=957&a=7974 (Accessed: 3 January 2007).Coventry University’s Disaster Management Site.
http://dit.unitn.it/research/seminario?id=02-016 (Accessed: 3 January 2007).A 2002 Seminar on ‘Theoretical questions in practical network reliability analysis’ given by Dr. Laszlo Jereb of Budapest University at the University of Trento.
http://www.rmcs.cranfield.ac.uk/ddmsa/index_html/view (Accessed: 3 January 2007).Cranfield University’s Relevant Site.
http://iip.ist.psu.edu/faculties/vs.htm (Accessed: 3 January 2007).Website of Dr Bin Zhang – Chinese Visiting Scholar to Penn State University Institute for Information Policy – a leading Chinese Scholar. Also an access point for other Penn State Information Policy information.
http://www.isg.rhul.ac.uk/ (Accessed: 3 January 2007).Information Security group at Royal Holloway College, University of London.
http://www.ja.net/CERT/JANET-CERT/incidents/coping-with-intrusions.html(Accessed: 3 January 2007).JANET’s (UK Joint Academic Network) Computer Emergency Response Team.
http://www.ja.net/documents/gn-ddos.pdf (Accessed: 3 January 2007).JANET’s (UK Joint Academic Network) guide to denial of service attacks.
http://online.northumbria.ac.uk/geography_research/ddc (Accessed: 3 January 2007).Disaster and Development Centre at Northumbria University.
http://law.richmond.edu/jolt/index.asp (Accessed: 3 January 2007).Richmond Online Law Review – Contains Some Articles on Security (USA).
http://www.som.cranfield.ac.uk/som/scr (Accessed: 3 January 2007).Concerns have surfaced in recent years that an eagerness to reduce waste, and thereby the risks associated with suboptimal supply chain performance, has meant that other less obvious risks to supply chains have been overlooked. This Web site deals with the issue.
Appendix 241
http://theory.lcs.mit.edu/~cis/ (Accessed: 3 January 2007).Massachusetts Institute of Technology, Cryptography and Information Security Group.
http://www.yale.edu/its/security/disaster.htmDisaster Recovery Tips for New PC Owners.
Associations/Institutes/Societies/Organizations, etc.http://www.antiphishing.org (Accessed: 3 January 2007).Anti-Phishing Working Group.
http://www.bsi-global.com (Accessed: 3 January 2007).British Standards Institute.
http://www.business-continuity-online.com/ (Accessed: 3 January 2007).Online business continuity exhibition.
http://www.disasterrecoveryworld.com (Accessed: 3 January 2007).The Business Continuity Planning and Disaster Recovery Planning Directory.
http://www.ddsi.org (Accessed: 3 January 2007).Dependability Development Support Initiative.
http://www.ewis.jrc.it (Accessed: 3 January 2007).European Warning and Information System Forum.
http://www.fas.org/irp/nsa/rainbow.htm (Accessed: 3 January 2007).Federation of American Scientists access point to the ‘Rainbow’ Series, which is defined as the following: The Rainbow Series is six-foot tall stack of books on evaluating ‘Trusted Computer Systems’ according to the National Security Agency. The term ‘Rainbow Series’ comes from the fact that each book is a different colour. The main book (upon which all other expand) is the Orange Book.
http://www.gbde.org (Accessed: 3 January 2007).Global Business Dialogue on Electronic Commerce.
http://www.hipaa.org (Accessed: 3 January 2007).The Health Insurance Portability and Accountability Act of 1996.
www.iaac.org.uk/initiatives/BT_IAAC.pdf (Accessed: 3 January 2007).Information Assurance Guidelines for Boards and Senior Managers.
http://www.idra.com (Accessed: 3 January 2007).International Disaster Recovery Association (IDRA) is a group originally comprised of those having a special interest in the voice, data, image, and sensory telecommunications aspects of Disaster Recovery Planning (DRP), Contingency Planning and Business Continuation.
242 Appendix
http://www.insme.info/documenti/040707%20Draft%20Program%20GF%202004.pdf(Accessed: 3 January 2007).Global IT Forum 2004 – The Broad Convergence.
http://www.isaca.org (Accessed: 3 January 2007).The home site of the Information Systems Audit and Control Association (ISACA).
http://www.isaca.org/Template.cfm?Section=CISM_Certification (Accessed: 3 January 2007).Certified Information Security Manager, ISACA’s next generation qualification for Information Security now gaining widespread acceptance, information site.
http://www.isc2.org (Accessed: 3 January 2007).Training and education. Promoting 2005 as the year of the Information Security Professional.
http://www.iwf.org.uk (Accessed: 3 January 2007).Internet Watch Foundation.
http://nerc.com/~oc/twg.html (Accessed: 3 January 2007).North American Electric Reliability Council Telecommunications Working Group.
http://www.rusi.org (Accessed: 3 January 2007).The Royal United Services Institute’s purpose is to study, promote debate, report and provide options on all issues relating to national and international defense and security.
http://www.sans.org/rr/ (Accessed: 3 January 2007).SANS (SysAdmin, Audit, Network, Security) Information Security Reading Room.
http://www.seattlewireless.net/index.cgi/LinksysWrt54g (Accessed: 3 January 2007).Wireless Community Support Site including Security.
http://www.securityforum.org/html/frameset.htm (Accessed: 3 January 2007).Information Security Forum.
http://www.securitypark.co.uk (Accessed: 3 January 2007).Security Park – Online news for security professionals.
http://www.survive.com (Accessed: 3 January 2007).A Business Continuity Association.
http://www.thebci.org/ (Accessed: 3 January 2007).The Business Continuity Institute.
http://www.theirm.org/ (Accessed: 3 January 2007).The Institute of Risk Management.
Appendix 243
http://www.thebci.org/PAS56.html (Accessed: 3 January 2007).The NEW Guide to Business Continuity Management from the British Standards Institute.
http://www.the-eps.org/ (Accessed: 3 January 2007).The Emergency Planning Society.
http://www.terena.nl/ (Accessed: 3 January 2007).Trans European Research and Education Networking Association. TERENA carries out technical activities and provides a platform for discussion to encourage the development of a high-quality computer-networking infrastructure for the European research community.
http://www.w3.org/(Accessed: 3 January 2007).The World Wide Web Consortium.
Asymmetric and Information Warfarehttp://www.amsc.belvoir.army.mil/asymmetric_warfare.htm (Accessed: 3 January 2007).US Army Management Staff College – Asymmetric Warfare.
http://www.au.af.mil/au/aul/bibs/asw/asw.htm (Accessed: 3 January 2007).Asymmetric Warfare.http://www.comw.org/rma/fulltext/asymmetric.html (Accessed: 3 January 2007).Revolution in Military Affairs – Asymmetric Warfare.
http://www.ctrasymwarfare.org (Accessed: 3 January 2007).A Centre for Asymmetric Warfare.
http://carlisle-www.army.mil/ (Accessed: 3 January 2007).Asymmetric Warfare.
http://emergency.com (Accessed: 3 January 2007).Asymmetric warfare. Emergency Response and Research Institute. Crisis, Conflict, and Emergency Service News, Analysis and Reference.
http://europa.eu.int/scadplus/leg/en/lvb/l33193.htm (Accessed: 3 January 2007).Attacks Against Information Systems: To strengthen criminal judicial cooperation on attacks against information systems by developing effective tools and procedures.
http://www.fas.org/irp/wwwinfo.html (Accessed: 3 January 2007).Information Warfare, Information Security Resource.
http://www.iwar.org.uk/comsec (Accessed: 3 January 2007).Information Warfare Site.
http://nationalstrategy.com (Accessed: 3 January 2007).Asymmetric Warfare.
244 Appendix
http://www.psycom.net/iwar.1.html (Accessed: 3 January 2007).Institute for the Advanced Study of Information Warfare.
http://www.theestimate.com/public/110300.html(Accessed: 3 January 2007).Asymmetric Warfare.
Australiahttp://www.ag.gov.au (Accessed: 3 January 2007).Australian Attorney General’s site.
http://www.isn.ethz.ch/dossiers/ciip/index.cfm (Accessed: 3 January 2007).Defining Critical Information Infrastructure Protection.
http://www.auscert.org.au (Accessed: 3 January 2007).Australian Computer Emergency Response Team.
http://www.asio.gov.au (Accessed: 3 January 2007).Australian Security Intelligence Organization.
http://www.ahtcc.gov.au (Accessed: 3 January 2007).Australian High Tech Crime Centre.
http://www.dsto.defense.gov.au (Accessed: 3 January 2007).Australian Defense Science and Technology Organization.
http://noie.gov.au (Accessed: 3 January 2007).Australian National Office for the Information Economy.
http://www.defense.gov.au/predict (Accessed: 3 January 2007).Australian Infrastructure Core Requirements Tool.
http://www7.health.gov.au/hsdd/gp/phim.htm (Accessed: 3 January 2007).Australian Personal Health Information Management in General Practice.
http://www.pm.gov.au (Accessed: 3 January 2007).Australia’s Prime Minister Site.
http://www.stratwise.com (Accessed: 3 January 2007).Australian Strategic Intelligence Site.
http://www.cript.gov.au (Accessed: 3 January 2007).Trusted Information Sharing Network for Critical Infrastructure Protection.
AustriaAustria is an important reference country for this subject because it leads Europe, and the world, in terms of placing legislation online.
http://www.cio.gv.at (Accessed: 3 January 2007).Austrian Chief Information Office.
Appendix 245
http://www.bmi.gv.at (Accessed: 3 January 2007).Austrian Internal Ministry.
http://www.circa.at/index.html (Accessed: 3 January 2007).Austrian Computer Incident Response Co-ordination.
http://www.bka.gv.at (Accessed: 3 January 2007).Austrian Chancellery.
http://www.a-sit.at (Accessed: 3 January 2007).Austrian Centre for Information Technology.
CanadaCanada has been at the forefront of the information technology revolution.
http://www.cancert.ca (Accessed: 3 January 2007).Canada’s National Computer Emergency Response Team.
http://www.nrc.ca (Accessed: 3 January 2007).Canadian National research Council.
http://www.crc.ca (Accessed: 3 January 2007).Canada’s Communication Research Centre.
http://www.dnd.ca (Accessed: 3 January 2007).Canada Defense Net.
http://www.faso-afrs.ca (Accessed: 3 January 2007).Canadian federal Association of Security Officials.
http://www.gol-ged.gc.ca (Accessed: 3 January 2007).Canadian Government Online.
http://www.iit.nrc.ca (Accessed: 3 January 2007).Canadian Institute for Information Technology.
http://www.nce.gc.ca (Accessed: 3 January 2007).Canadian Networks of centers of Excellence.
http://www.ocipep-bgiepc.gc.ca (Accessed: 3 January 2007).Canada’s Office of Critical Infrastructure Protection and Emergency Preparedness.
http://www.tbs-sct.gc.ca (Accessed: 3 January 2007).Canada’s Treasury Board Secretariat.
European UnionThe European Union places the subject of information security amongst its highest priorities.
http://www.cert.dfn.de/eng/csir/europe/certs.html (Accessed: 3 January 2007).List of some European Computer Emergency Response Teams (CERTs).
246 Appendix
http://www.etsi.com (Accessed: 3 January 2007).European Telecommunications Standards Institute (EU).
http://www.etr2a.org (Accessed: 3 January 2007).The Web site of the European Telecommunications Resilience and Recovery Network (EU).
http://www.europa.eu.int/abc/index2_en.htm (Accessed: 3 January 2007).The Europa Web site re European Commission.
http://europa.eu.int/egovernment-research (Accessed: 3 January 2007).eGovernment Website.
http://www.europol.eu.int (Accessed: 3 January 2007).The Europol Site – With Information on Crime (EU).
http://www.eurosmart.com (Accessed: 3 January 2007).The Voice of the European Smart Card Industry (EU).
http://www.ejustice.eu.com/index.html (Accessed: 3 January 2007).An EC Framework 6 project looking at different, justice related, approaches to information and computer security.
http://europa.eu.int/scadplus/leg/en/lvb/l33164.htm (Accessed: 3 January 2007).Organised crime: Council of Europe Convention on Cyber Crime: To combat misuse of new technologies (EU).
http://europa.eu.int/scadplus/leg/en/lvb/l24153.htm (Accessed: 3 January 2007).Establishment of a European Network and Information Security Agency (ENISA). Communication networks and information systems have become ubiquitous utilities and their security is of increasing concern to society. In order to guarantee users the best possible security, the European Union has decided to establish a European Network and Information Security Agency (ENISA) to advise Member States and coordinate measures they are taking to secure their networks and information systems. Its objective will also be to enhance cooperation between different actors operating in this field, and particularly between the Commission and the Member States, in order to prevent, address and respond to network and information security problems (EU).
http://www.eurim.org/ (Accessed: 3 January 2007).The European Information Society Group (EU).
FinlandFinland has completely reinvented itself as a consequence of pursuing the information and telecommunications revolution.
Appendix 247
http://www.nesa.fi (Accessed: 3 January 2007).Finland’s National Emergency Supply Agency.
http://www.ficora.fi (Accessed: 3 January 2007).Finnish Communications Regulatory Authority.
http://www.ficora.fi/englanti/tietoturva/certfi.htm (Accessed: 3 January 2007).Finland’s Computer Emergency Response Team.
http://www.tieke.fi (Accessed: 3 January 2007).Finland’s Information Society development Centre.
http://www.tietoyhteiskuntaohjelma.fi (Accessed: 3 January 2007).Finland’s information society site.
http://www.valtioneuvosto.fi/vn/liston/base.lsp?k=en (Accessed: 3 January 2007).Finland’s Government Site.
http://www.e.finland.fi/ (Accessed: 3 January 2007).eFinland.http://www.defmin.fi (Accessed: 3 January 2007).Finland’s Ministry of Defense.
FranceFrance is developing very sophisticated information security tools.
http://www.clusif.asso.fr/en/clusif/present/ (Accessed: 3 January 2007).French Association for Information Security Systems.
http://www.certa.ssi.gouv.fr/ (Accessed: 3 January 2007).French Computer Emergency Response Team.
http://www.cert-ist.com (Accessed: 3 January 2007).French Computer Emergency response team: Industry, Services and Trade.
http://www.internet.gouv.fr/ (Accessed: 3 January 2007).France’s information society site.
http://www.renater.fr/ (Accessed: 3 January 2007).French National Network of Telecommunications for Technology, Education and Research.
http://www.ssi.gouv.fr/fr/index.html (Accessed: 3 January 2007).French Site on Security of Information Systems.
http://csti.pm.gouv.fr (Accessed: 3 January 2007).French Strategic Advisory Board on Information Technologies.
GermanyGermany is a leader in the academic field of information security.
248 Appendix
http://www.aksis.de (Accessed: 3 January 2007).German Infrastructure Protection Group.
http://www.bka.de (Accessed: 3 January 2007).German Federal Law Enforcement Agency.
http://www.bsi.de (Accessed: 3 January 2007).German Information Security Site.
http://www.bitkom.org (Accessed: 3 January 2007).BITKOM.
http://www.bsi.bund.de/certbund/index.htm (Accessed: 3 January 2007).German Computer Emergency Response Team.
http://www.econbiz.de/fach/FS_VWL0190300.shtml?step=20&l0=0 (Accessed: 3 January 2007).Germany’s Risk Management Site.
http://www.bundestag.de (Accessed: 3 January 2007).Deutscher Bundestag.
http://www.cert.dfn.de (Accessed: 3 January 2007).DFN-CERT.
http://www.eurubits.de (Accessed: 3 January 2007).European Institute for Information Security.
http://www.denis.bund.de (Accessed: 3 January 2007).German Emergency Preparedness Information System.
http://www.bmi.bund.de (Accessed: 3 January 2007).German Ministry of the Interior.
http://www.iid.de/iukdg/ (Accessed: 3 January 2007).German Information and Communication Site.
http://www.initiatived21.de (Accessed: 3 January 2007).Initiative D21.
http://www.iid.de (Accessed: 3 January 2007).German Information Initiative.
http://www.juris.de (Accessed: 3 January 2007).Juris Gmbh.
http://rayserv.upb.de/FIFF/Veroeffentlichungen/Extern/Fortress_Europe_36.html(Accessed: 3 January 2007).Fortress Europe No. 36: Germany curtails unobserved telecommunications.
http://www.regtp.de/en/index.html (Accessed: 3 January 2007).German Regulatory Agency for Telecommunications and Posts.
Appendix 249
http://www.secunet.de (Accessed: 3 January 2007).Secunet Security Networks.
http://www.sicherheit-im-internet.de (Accessed: 3 January 2007).Internet Security.
http://www.s-cert.de (Accessed: 3 January 2007).Financial services CERT.
http://www.telekom.de (Accessed: 3 January 2007).Deutsche Telekom AG.
http://www.thw.de/english/ (Accessed: 3 January 2007).An informative site in English.
International Organizationshttp://www.cosin.org/ (Accessed: 3 January 2007).Coevolution and Self-Organization in Dynamical Networks.
http://www.ctose.org (Accessed: 3 January 2007).Cyber Tools On-Line Search for Evidence.
http://www.e-europestandards.org (Accessed: 3 January 2007).eEurope Standards.
http://cybercrime-forum.jrc.it/default/ (Accessed: 3 January 2007).EU Forum on Cybercrime.
http://coras.sourceforge.net/ (Accessed: 3 January 2007).EU-funded CORAS project.
http://www.iabg.de/acip.index.html (Accessed: 3 January 2007).Analysis and Assessment for critical infrastructure Protection.
http://www.itu.int (Accessed: 3 January 2007).International Telecommunications Union.
http://www.oecd.org/document/42/0,2340,en_2649_33703_15582250_1_1_1_1,00.html (Accessed: 3 January 2007).OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security (adopted as a recommendation by the OECD Council at its 1037th Session 25 July 2002).
http://info.worldbandk.org.ict/ICT_ssp.html (Accessed: 3 January 2007).Information and Communication Technologies – A World Bank Group Strategy.
http://www.worldbank.org/mdf/mdf1/modern.htm (Accessed: 3 January 2007).Modernising telecommunications through public–private partnerships.
http://rru.worldbank.org/toolkits/telecomsregulation/details.aspx (Accessed: 3 January 2007).Privatisation toolkit telecommunications regulation.
250 Appendix
ItalyItaly leads a number of the European Union’s network and security policies.
http://www.dico.unimi.it (Accessed: 3 January 2007).Italian department of Informatics and Communications.
http://www.iritaly.org (Accessed: 3 January 2007).Italian Incident Response.
http://www.clusit.it/indexe.htm (Accessed: 3 January 2007).Italian Association for Security in Informatics.
http://www.innovazione.gov.it/ (Accessed: 3 January 2007).Italy’s information society site.
http://www.innovazione.gov.it/eng/ (Accessed: 3 January 2007).Italian Ministry for Innovation and Technologies.
http://www.communicazioni.it/en (Accessed: 3 January 2007).Italian Ministry of Communication.
http://www.cnipa.gov.it (Accessed: 3 January 2007).National centre for Informatics in the Public Administration.
http://www.poliziadistato.it/pds/english/ (Accessed: 3 January 2007).Italian State Security System.
LawyersIt’s a little invidious to single out particular law practices. Most large, international firms, have strong telecommunication practices. Here are a few others that have provided some very innovative approaches to difficult problems.
http://www.dickinson-dees.co.uk (Accessed: 3 January 2007).Law Firm with top security specialist.
http://www.eversheds.com (Accessed: 3 January 2007).Leading International Electronic Law Firm.
http://www.faegreandbenson.com (Accessed: 3 January 2007).Leading USA Electronic Law Firm.
http://www.robertmuckle.co.uk (Accessed: 3 January 2007).Leading Uk Electronic/Technology Law Firm.
http://www.wardhadaway.com (Accessed: 3 January 2007).Leading UK Electronic Law Firm.
Policehttp://www.europol.net (Accessed: 3 January 2007).Access to all European National Police Sites – And Information on Crime.
http://www.interpol.int (Accessed: 3 January 2007).International Crime Intelligence Site.
Appendix 251
http://www.nhtcu.org/ (Accessed: 3 January 2007).National Hi-Tech Crime Unit.
http://www.police.uk (Accessed: 3 January 2007).UK Police Site.
http://www.pito.org.uk/ (Accessed: 3 January 2007).UK Police Information Technology Organization.
The NetherlandsDuring its presidency of the European Union in 2004, the Netherlands launched a number of significant information security initiatives.
http://www.fas.org/irp/world/netherlands/bvd.htm (Accessed: 3 January 2007).Netherlands National Intelligence and Security Agency.
http://www.www.nlip.nl (Accessed: 3 January 2007).Dutch Internet Providers Consortium.
http://www.minvenw.nl/dgtp/home/ (Accessed: 3 January 2007).Dutch Directorate General of Post and Telecommunications.
http://www.Govcert.nl (Accessed: 3 January 2007).Dutch Government Computer Emergency Response Team.
http://www.infodrome.nl (Accessed: 3 January 2007).INFODROME.
http://www.kwint.org (Accessed: 3 January 2007).KWINT.
http://www.minvenw.nl (Accessed: 3 January 2007).Dutch Ministry of Water and Sewage.
http://www.minbzk.nl (Accessed: 3 January 2007).Dutch Ministry of the Interior.
http://www.Nlip.nl (Accessed: 3 January 2007).Dutch Internet providers.
http://cert-nl.surnet.nl/home-eng.html (Accessed: 3 January 2007).SURFnet Computer Security Incident Response Team.
http://www.aivd.nl (Accessed: 3 January 2007).Dutch General Intelligence and Security Service.
http://www.ecp.nl/ENGLISH/index.html (Accessed: 3 January 2007).Dutch Electronic Business Site.
http://www.tno.nl (Accessed: 3 January 2007).TNO.
http://www.waarschuwingsdienst.nl (Accessed: 3 January 2007).Waarschuwingsdienst – A Computer Emergency Response Team.
252 Appendix
New ZealandNew Zealand, with Australia, has led much information security development.
http://www.security.govt.nz (Accessed: 3 January 2007).New Zealand Security Policy and Guidance.
http://www.standards.co.nz (Accessed: 3 January 2007).Standards New Zealand.
http://www.ccip.govt.nz (Accessed: 3 January 2007).New Zealand Centre for Critical Infrastructure Protection.
http://www.defense.govt.nz (Accessed: 3 January 2007).New Zealand Ministry of Defense.
http://www.executive.govt.nz (Accessed: 3 January 2007).New Zealand Cabinet.
http://www.gcsb.govt.nz (Accessed: 3 January 2007).New Zealand Government Communications Security Bureau.
http://www.dpmc.govt.nz (Accessed: 3 January 2007).Department of the Prime Minister and Cabinet.
http://www.ssc.govt (Accessed: 3 January 2007).State Services Commission.
http://www.nzcs.org.nz (Accessed: 3 January 2007).New Zealand Computer Society.
http://www.auscert.org.au (Accessed: 3 January 2007).Australian Computer Emergency response Team (JV with New Zealand).
http://www.cologic.co.nz (Accessed: 3 January 2007).New Zealand E-Secure-IT ALERT and Early Warning Service.
NorwayNorway leads on a number of critical infrastructure processes.
http://www.norsis.no/indexe.php (Accessed: 3 January 2007).Norwegian Centre for Information Security.
http://www.dsb.no (Accessed: 3 January 2007).Norwegian Directorate for Civil Protection and Emergency Planning.
http://odin.dep.no/nhd/engeslsk/ (Accessed: 3 January 2007).Norwegian Ministry of Trade and Industry.
http://www.ntia.doc.gov (Accessed: 3 January 2007).Norwegian telecommunications and Information Administration.
http://www.nsm.stat.no/index.html (Accessed: 3 January 2007).Norwegian National Security.
Appendix 253
http://www.okokrim.no (Accessed: 3 January 2007).The Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime.
http://cert.uninett.no (Accessed: 3 January 2007).The Norwegian Network for Research and Education.
Russiahttp://president.kremlin.ru/eng/articles/institut04.shtml (Accessed: 3 January 2007). Responsibility for Information Security in Russia.
SwedenSweden has one of the most active information security sectors.
http://forsvar.regeringen.se (Accessed: 3 January 2007).Swedish Ministry of Defense.
http://kth.se/eng (Accessed: 3 January 2007).Swedish Royal Institute of Technology.
http://www.ocb.se (Accessed: 3 January 2007).Part of the warning system of the Swedish Emergency Management Agency.
http://www.gea.nu (Accessed: 3 January 2007).Swedish Alliance for Electronic Commerce.
http://www.fmv.se (Accessed: 3 January 2007).Swedish Defense Material Administration.
http://www.foi.se/english/ (Accessed: 3 January 2007).Swedish Defense Research Agency.
http://www.krisberedskapsmyndigheten.se/english/index.jsp (Accessed: 3 January 2007).Swedish Emergency Management Agency.
http://www.sitic.se (Accessed: 3 January 2007).Swedish IT Incident Centre.
http://www.fhs.se (Accessed: 3 January 2007).Swedish national Defense College.
http://www.fra.se/english.shtml (Accessed: 3 January 2007).Swedish National Defense Radio Establishment.
http://www.psycdef.se/english/ (Accessed: 3 January 2007).The National Board of Psychological Defense.
SwitzerlandSwitzerland the academic home of the Critical Information Infrastructure Handbook.
http://www.bbt.admin.ch (Accessed: 3 January 2007).Swiss Federal Office for Professional Education and Technology.
254 Appendix
http://www.empa.ch/plugin/template/empa/*/4523/—/1=2 (Accessed: 3 January 2007).Reliability of Telecommunications Networks (Switzerland).
http://www.switch.ch/cert/ (Accessed: 3 January 2007).Swiss Computer Emergency Response Team SWITCH.
http://www.fsk.ehtz.ch (Accessed: 3 January 2007).Swiss centre for Security Studies.
http://www.snhta.ch/www-support/institutions/cti-fopet.htm (Accessed: 3 January 2007).Swiss Commission for Technology and Innovation.
http://www.isn.ethz.ch/crn/ (Accessed: 3 January 2007).Swiss Comprehensive Risk Analysis and Management Network.
http://www.vbs.admin.ch/internet/GST/AIOS/e/index.htm (Accessed: 3 January 2007).Swiss Division for Information Security and Facility Protection.
http://www.bakom.ch/en/index.html (Accessed: 3 January 2007).Swiss Federal Office for Communication.
http://www.bwl.admin.ch/ (Accessed: 3 January 2007).Swiss Federal Office for National Economic Supply.
http://internet.bap.admin.ch (Accessed: 3 January 2007).Swiss Federal Office for Police.
http://www.informatik.admin.ch/ (Accessed: 3 January 2007).Swiss Federal Office of Information Technology, Systems and Telecommunications.
http://www.isb.admin.ch/ (Accessed: 3 January 2007).Swiss Federal Strategy Unit for Information Technology.
http://www.infosurance.org (Accessed: 3 January 2007).Swiss Infosurance Foundation.
http://www.zurich.ibm.com (Accessed: 3 January 2007).IBM Zurich Research Laboratory.
http://www.ifi.unizh.ch/ikm/research.html (Accessed: 3 January 2007).Swiss Information and Communication Management Research Group.
http://www.isps.ch (Accessed: 3 January 2007).Swiss Information Society Co-ordination group.
http://www.isn.ethz.ch (Accessed: 3 January 2007).Swiss International Relations and Security Network.
http://www.naz.ch (Accessed: 3 January 2007).Swiss National Emergency Operations Centre.
Appendix 255
http://www.lasecwww.epfl.ch (Accessed: 3 January 2007).Swiss Security and Cryptography Laboratory.
http://www.softnet.ch (Accessed: 3 January 2007).Softnet – Related Swiss Federal Project.
http://www.sfa.admin.ch (Accessed: 3 January 2007).Strategic Leadership Training.
http://www.cybercrime.admin.ch (Accessed: 3 January 2007).Swiss Co-ordination Unit for Cybercrime.
http://www.privacy-security.ch (Accessed: 3 January 2007).Symposium on Privacy and Security.
United KingdomThe United Kingdom has one of the most developed environments for information and critical infrastructure protection.
http://www.cabinet-office.gov.uk/CSIA (Accessed: 3 January 2007).The Web site of the Central Sponsor for Information Assurance.
http://www.cesg.gov.uk (Accessed: 3 January 2007).UK National Technical Authority for Information Assurance.
http://www.dti.gov.uk/bestpractice/technology/index.htm (Accessed: 3 January 2007).The Department of Trade and Industry (EU/UK) IT and Security best practice site – includes information previously contained on the UK online for business site.
http://www.dti.gov.uk/industries/information_security (Accessed: 3 January 2007). Information Security overview.
http://www.epcollege.gov.uk (Accessed: 3 January 2007).Emergency Planning College (EU).
http://www.financialsectorcontinuity.gov.uk (Accessed: 3 January 2007).This Web site has been established by the UK’s tripartite financial authorities (HM Treasury, the Bank of England and the Financial Services Authority) to provide a central point of information about work on continuity planning that is relevant to the UK’s financial sector (EU/UK).
http://www.go-ne.gov.uk/resilience/resilience_business_continuity.htm(Accessed: 3 January 2007).Each regional government office in the UK has a resilience page like this one.
http://homeoffice.gov.uk (Accessed: 3 January 2007).Information on a range of relevant subjects in the publications section.
http://www.londonprepared.gov.uk/ (Accessed: 3 January 2007).Information and advice on London’s resilience and preparations for, and responses to, major incidents and emergencies.
256 Appendix
http://www.niscc.gov.uk/ (Accessed: 3 January 2007).National Infrastructure Security Coordination Centre – includes a business good practice guide for telecommunications resilience.
http://www.security-survey.gov.uk (Accessed: 3 January 2007).DTI Information Security Breaches Survey.
http://www.uniras.gov.uk (Accessed: 3 January 2007).Unified Incident Reporting and Alert Scheme.
http://www.ukonlineforbusiness.gov.uk has been superseded by http://www.dti.gov.uk/bestpractice (Accessed: 3 January 2007).
http://www.ukresilience.info/ (Accessed: 3 January 2007).UK Resilience, Civil Contingencies Secretariat. Information on the Civil Contingencies Bill is at http://www.ukresilience.info/ccbill/index.htm
http://www.warp.gov.uk (Accessed: 3 January 2007)UK Government Warning Advice and Reporting Point site for co-ordinating reaction to information security breaches, etc.
United StatesIt’s a cliché but since 11 September 2001 the USA has paid much more attention to some of the very original research in its Government departments and Industrial Sectors regarding information and critical infrastructure protection.
http://www.alw.nih.gov/Security/Docs/passwd.html (Accessed: 3 January 2007).Selecting good passwords.
http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html (Accessed: 3 January 2007).Improving the Security of Your Site by Breaking into It.
http://www.cdt.org (Accessed: 3 January 2007).USA Centre for Democracy and Technology.
http://www.cert.org (Accessed: 3 January 2007).USA Computer Emergency Response Team.
http://www.cia.gov/cia/publications/factbook (Accessed: 3 January 2007).For number of Internet users by country.
http://www.ciao.org (Accessed: 3 January 2007).USA Critical Infrastructure Assurance Office.
http://www.cybercrime.gov (Accessed: 3 January 2007).Government Cybercrime Site.
http://shield.dmpsi.dc.gov (Accessed: 3 January 2007).http://www.ftc.gov/privacy/glbact/ (Accessed: 3 January 2007).Financial Modernisation Act of 1999.
Appendix 257
http://www.ftc.gov/privacy/index.html (Accessed: 3 January 2007).USA Federal Trade Commission.
http://csrc.ncsl.nist.gov/secpubs/ (Accessed: 3 January 2007).Listing of Publications on Computer Security from National Institute of Standards and Technology Sources.
http://csrc.ncsl.nist.gov/secpubs/rainbow/ (Accessed: 3 January 2007).National Institute of Standards and Technology (NIST) listing of the ‘Rainbow Series.’The Rainbow Series is six-foot tall stack of books on evaluating ‘Trusted Computer Systems’ according to the National Security Agency. The term ‘Rainbow Series’ comes from the fact that each book is a different color. The main book (upon which all other expound) is the Orange Book.
http://www.whitehouse.gov/deptofhomeland (Accessed: 3 January 2007).USA Department of Homeland Security.
http://www.eia.doe.gov/emeu/security/ (Accessed: 3 January 2007).Energy Information Agency – all types of security attacks on worldwide energy resources.
http://www.energyisac.com (Accessed: 3 January 2007).USA Energy Information Sharing and Analysis Centre.
http://www.ey.com/security (Accessed: 3 January 2007).Ernst and Young Security Site.
http://www.fbi.gov (Accessed: 3 January 2007).USA Federal Bureau of Investigation.
http://www.fedcirc.gov (Accessed: 3 January 2007).USA Federal Computer Incident Response Centre.
http://www.fas.org (Accessed: 3 January 2007).USA Federation of American Scientists.
http://www.fsisac.co (Accessed: 3 January 2007).USA Financial Services Information Sharing and Analysis Centre.
http://www.ftc.gov/infosecurity/ (Accessed: 3 January 2007).The Federal Trade Commission has created this Web site for consumers and businesses as a source of information about computer security and safeguarding personal information.
http://www.hhs.gov/ocr/hipaa/ (Accessed: 3 January 2007).Medical Privacy – National Standards to Protect the Privacy of Personal Health Information.
http://www.it-isac.org (Accessed: 3 January 2007).USA Information Technology Sharing and Analysis Centre.
258 Appendix
http://www.ncs.gov/ncc/ (Accessed: 3 January 2007).USA National Co-ordinating Centre for Telecommunications.
http://www.nipc.org (Accessed: 3 January 2007).USA National Infrastructure Protection Centre.
http://www.nerc.com (Accessed: 3 January 2007).North American Electric Reliability Council.
http://www.oag.state.ny.us/ (Accessed: 3 January 2007).Eliot Spitzer – New York State Attorney General Site re Governance.
http://www.ostp.gov/ (Accessed: 3 January 2007).USA Office of Science and Technology Policy.
http://www.cert.otg/octave/ (Accessed: 3 January 2007).USA Operationally Critical Threat, Asset and Vulnerability Evaluation.
http://www.pcis.org (Accessed: 3 January 2007).USA Partnership for Critical Infrastructure Protection.
http://www.staysafeonline.info (Accessed: 3 January 2007).USA Stay Safe Online.
http://www.sec.gov/news/testimony/021203tsrc.htm (Accessed: 3 January 2007).Protecting Capital Markets Against Terrorism.
http://www.surfacetransportationisac.org (Accessed: 3 January 2007).USA Surface Transportation Information Sharing and Analysis Centre.
http://www.dhs.gov (Accessed: 3 January 2007).USA Department of Homeland Security.
http://www.us-cert.gov/federal/ (Accessed: 3 January 2007).United States Computer Emergency Readiness Team.
http://www.whitehouse.gov (Accessed: 3 January 2007).USA White House.
Vendor SitesThere are of course many more vendors than are listed here. There has been no selection process. These links are those known to be of interest to this subject area.
http://www.almaden.ibm.com (Accessed: 3 January 2007).IBM Research Establishment.
http://www.availability.sungard.com/ (Accessed: 3 January 2007).Sungard Data Recovery/Disaster Recovery.
http://www.business-systems.bt.com/ (Accessed: 3 January 2007).BT Solutions.
Appendix 259
http://www.bt.com/business/broadband (Accessed: 3 January 2007).BT Data Recovery/Disaster Recovery.
http://www.bt.com/commsure (Accessed: 3 January 2007).BT CommSure – Total Business Continuity.
http://www.buysunonline.com/ (Accessed: 3 January 2007).Sun Microsystems Data Recovery.
http://www.crg.com (Accessed: 3 January 2007).Control Risk Group – international business risk consultants.
http://www.datamobilitygroup.com (Accessed: 3 January 2007).Data and Storage second opinions.
http://www.disklabs.com/ (Accessed: 3 January 2007).DiskLabs Data recovery.
http://www.drsolomon.com/ (Accessed: 3 January 2007).Dr Solomon, a McAfee Company Anti Virus Centre.
http://www.datafellows.com/ (Accessed: 3 January 2007).F-PROT Virus Protector.
http://www.easynet.com/ (Accessed: 3 January 2007).Easynet Data Recovery.
http://www.etsec.com (Accessed: 3 January 2007).ETSEC Staying ahead of the Security Curve.
http://www.foundstone.com (Accessed: 3 January 2007).Security Products.
http://www.hp.com (Accessed: 3 January 2007).Hewlett Packard’s Site – HP Trust and Security.
http://www.intel.com (Accessed: 3 January 2007).Intel includes security advice.
http://www.intersolve-tech.com (Accessed: 3 January 2007).Advanced Security with FINREAD CSP.
http://www.jjtc.com (Accessed: 3 January 2007).Johnson and Johnson (Consultants) Computer Security.
http://www.kavado.com (Accessed: 3 January 2007).ScanDo from Kavado.
http://www.mcafee.com/uk/ (Accessed: 3 January 2007).McAfee Computer Security Products.
http://www.mci.com/uk/bcinterest (Accessed: 3 January 2007).Business Continuity the MCI way.
260 Appendix
http://research.microsoft.com/security/ (Accessed: 3 January 2007).Microsoft Research.
http://www.microsoft.com/security/default.mspx (Accessed: 3 January 2007).Microsoft Security Site.
http://www.microsoft.com/technet/security/sourcead.asp (Accessed: 3 January 2007).Microsoft TechNet, Source Address Spoofing.
http://www.microsoft.com/technet/security/topics/hardsys/default.mspx (Accessed: 3 January 2007).Hardening.
http://www.pinkertons.com (Accessed: 3 January 2007).Pinkertons.
http://www.qinetiq.com/home/markets/security.html (Accessed: 3 January 2007).Qinetiq’s Introduction to Security.
http://www.qinetiq.com/home/markets/security/securing_your_business/information_and_network_security.html(Accessed: 3 January 2007).Qinetiq Information Security.
http://www.rsasecurity.com/ (Accessed: 3 January 2007).RSA Security USA Security Consultants.
http://www.sanctum.com (Accessed: 3 January 2007).Appscan from Sanctum/Watchfire – Vendor.
http://www.safenet-inc.com/ (Accessed: 3 January 2007).The ‘Foundation’ of Information Security.
http://www.sapphire.net/(Accessed: 3 January 2007).Information technology security company.
http://securityresponse.symantec.com (Accessed: 3 January 2007).Symantec Computer Security Site.
http://www.spiresecurity.com (Accessed: 3 January 2007).Spire Security.
http://www.srm-solutions.com (Accessed: 3 January 2007).Security Risk Management Limited.
http://www.spidynamics.com (Accessed: 3 January 2007).WebInspect from SPI Dynamics.
http://www.stiller.com/ (Accessed: 3 January 2007).Stiller Research, Computer Security.
Appendix 261
http://www.symantec.com/avcenter/ (Accessed: 3 January 2007).Symantec Anti Virus Centre.
http://community.whitehatsec.com (Accessed: 3 January 2007).Sentinel from White Hat Security.
http://www.xerxes.com/security.html (Accessed: 3 January 2007).Xerxes Security Site.
http://www.zonelabs.com (Accessed: 3 January 2007).ZoneAlarm, Computer Security Protection.
General Information – Alphabetically by Sitehttp://www.as400security.net/AS/400 (an IBM mid-range product) Security Portal.
http://www.bofh.sh/CodeRed/index.html (Accessed: 3 January 2007).Re: the CodeRed Worm.
http://www.cert.org (Accessed: 3 January 2007).CERT (Computer Emergency Response Teams) Coordination Centre.
http://www.continuitycentral.com (Accessed: 3 January 2007).Portal Publishing Limited’s excellent site on business continuity and security matters of all kinds.
http://www.cigital.com/javasecurity/links.html (Accessed: 3 January 2007).Java Security Hotlist.
http://cgi.nessus.org/plugins/dump.php3?family=Backdoors (Accessed: 3 January 2007).A current list of ‘backdoors’ recognized by Nessus. The ‘Nessus’ Project aims to provide to the Internet community a free, powerful, up-to-date and easy to use remote security scanner.
http://www.continuitycentral.com/ (Accessed: 3 January 2007).Online Site about all things Business Continuity.
http://www.computer-security.qck.com/(Accessed: 3 January 2007).Computer Security reference site.
http://www.crisis.solutions.com (Accessed: 3 January 2007).
http://www.crm-strategy.net/ (Accessed: 3 January 2007).Customer Relationship Management Resources.
http://www.denialinfo.com/ (Accessed: 3 January 2007).Links and links and links on Denial of Service attacks.
http://encyclopedia.thefreedictionary.com/Telecommunications%20service(Accessed: 3 January 2007).Free Dictionary with wide ranging definitions.
262 Appendix
http://www.enteract.com/~lspitz/linux.html (Accessed: 3 January 2007).Armoring Linux.
http://www.eon-commerce.com/riskanalysis/index.htm (Accessed: 3 January 2007).Alternative Risk Analysis Site.
http://www.epic.org/privacy/carnivore (Accessed: 3 January 2007)EPIC 2002, The Carnivore FOIA Litigation.
http://www.e-securityworld.com/ (Accessed: 3 January 2007).Unix, Linux, iSeries, NT and OS/390 Security Specialists.
http://www.freecpd.co.uk/learning_materials/information_technology/identifying_and_assessing_risk_in_it_systems__1 (Accessed: 3 January 2007).Identifying and Assessing Risk in IT Systems.
http://www.globalcontinuity.com (Accessed: 3 January 2007).This site is a Web-portal focused exclusively on business continuity issues.
http://www.globalsecurity.org/org/staff/pike.htm (Accessed:3 January 2007).John Pike, one of the world’s leading experts on defense, space and intelligence policy.
http://www.gocsi.com (Accessed: 3 January 2007).Computer Security Institute.
http://grc.com/dos/grcdos.htm (Accessed: 3 January 2007).The story of a Denial of Service Attack.
http://www.ukhomecomputing.co.uk (Accessed: 3 January 2007).Home Computing Initiatives.
http://icm-computer.co.uk/risks (Accessed: 3 January 2007).
http://www.idc.com (Accessed: 3 January 2007).IT and telecommunications global market intelligence and advice.
http://www.identityrestore.com (Accessed: 3 January 2007).Getting your stolen electronic identity back.
http://www.infosec.co.uk (Accessed: 3 January 2007).Infosecurity Europe (annual security event).
http://www.it-analysis.com/column.php?section=24 (Accessed: 3 January 2007).Robin Bloor’s Home Page – for a different view on Security.
http://www.internetsecuritynews.com/ (Accessed: 3 January 2007).Computer security related news, analysis and assessments.
http://www.internetworldstats.com/stats.htm(Accessed: 3 January 2007).Internet World Statistics.
Appendix 263
http://www.jjtc.com/Steganography/ (Accessed: 3 January 2007).Johnson and Johnson’s (Consultants) introduction to Steganography.
http://web.mit.edu/kerberos/www/#what_is (Accessed: 3 January 2007).Kerberos is a network authentication protocol, this site explains it.
http://library.ahima.org/xpedio/groups/public/documents/ahima/pub_bok1_021875.html (Accessed: 3 January 2007).Medical Practice Brief: Information Security-An Overview.
http://www.lockdown.co.uk/ (Accessed: 3 January 2007).Lockdown – The Home Computer Security Centre.
http://www.nessus.org/index2.html (Accessed: 3 January 2007).The ‘Nessus’ Project aims to provide to the Internet community a free, powerful, up-to-date and easy to use remote security scanner.
http://www.netsurf.com/nsf/ (Accessed: 3 January 2007).Netsurfer Focus. A chronicle on Internet Players.
http://networkintrusion.co.uk (Accessed: 3 January 2007).Talisker Security Wizardry Portal – Excellent Summary of the global state of network intrusion attacks.
http://www.newsfactor.com (Accessed: 3 January 2007).Technical News Site.
http://www.nscwip.info/ (Accessed: 3 January 2007).National Steering Committee for Warning and Informing the Public (EU).
http://www.nym-infragard.us/ (Accessed: 3 January 2007).InfraGard is an FBI program dedicated to promoting ongoing dialogue and timely communication between the private sector and the FBI concerning critical infrastructure protection issues.
http://www.openenterprise.ca (Accessed: 3 January 2007).Open Enterprise Solutions including security.
http://owasp.org (Accessed: 3 January 2007).Open Web Application Security Project.
http://research.lumeta.com/ches/map/index.html (Accessed: 3 January 2007).Internet mapping project.
http://retailindustry.about.com/cs/security/ (Accessed: 3 January 2007).The rather limited approach of the retail industry.
http://www.riskserver.co.uk/bs7799/ (Accessed: 3 January 2007).The BS7799 Launch Pad.
http://www.securityfocus.com (Accessed: 3 January 2007).Security site dealing comprehensively with Computer Security threats.
264 Appendix
http://www.securitypolicy.co.uk/bs-7799/index.htm (Accessed: 3 January 2007).Another Alternative for compliance with BS 7799.
http://www.schneier.com (Accessed: 3 January 2007).Leading Cryptography Author, Bruce Schneier (USA).
http://www.sgrm.com/Resources.htm (Accessed: 3 January 2007).A collection of computer crime and security references that is particularly strong regarding white-collar computer-related crime (Canada).
http://www.snort.org (Accessed: 3 January 2007).Snort – the Lightweight Network Intrusion Detection System.
http://sunsolve.sun.com/pub-cgi/show.pl?target=content/content7 (Accessed: 3 January 2007).Sunsolve: The Solaris Fingerprint Database.
http://techrepublic.com.com/ (Accessed: 3 January 2007).Part of CDnet and a good site for current threats.
http://www.theregister.co.uk/2004/04/30/spam_biz/ (Accessed: 3 January 2007).The Register is an alternative security site carrying much useful information.
http://www.searchsecurity.techtarget.com (Accessed: 3 January 2007).Information technology and related definitions/explanations.
http://www.securityauditor.net/ (Accessed: 3 January 2007).Resources for Security Policies, Security Audit & Security Risk Analysis.
http://www.security.kirion.net/securitypolicy/ (Accessed: 3 January 2007).Compliance with Internal Security Policies.
http://www.sysd.com (Accessed: 3 January 2007).System Threat Detection.
http://tms.symantec.com/documents/040617-Analysis- Financial InstitutionCompromise.pdf (Accessed: 3 January 2007).Analysis of a Compromised Laptop.
http://ue.eu.int/uedocs/cmsUpload/79635.pdf (Accessed: 3 January 2007).The View of the EU on Combating Terrorism.
http://www.vmyths.com/ (Accessed: 3 January 2007).Computer Virus Myths (USA).
http://www.vnunet.com/security (Accessed: 3 January 2007).VNUnet – Computer/Security Publisher’s security support site.
http://www.webopedia.com (Accessed: 3 January 2007).Information technology and related definitions.
http://www.weibull.com/hotwire/issue3/hottopics3.htm (Accessed: 3 January 2007).Determining Reliability for Complex Systems.
Appendix 265
http://www.whitehats.com (Accessed: 3 January 2007).Whitehats.com is an online community resource to provide support for those who are interested in network security, including network and security administrators.Whitehats Network Security Resource: online community resource to provide support for those who are interested in network security.
http://www.wired.com (Accessed: 3 January 2007).A Lycos technology news site.
http://world.std.com/~franl/crypto/cryptography.html (Accessed: 3 January 2007).Introduction to Cryptography.
http://www.ynet.co.il (Accessed: 3 January 2007).Israeli news-site (A knowledge of Hebrew helps).
http://www.y2k.com (Accessed: 3 January 2007).Some issues, including alternative, on the Y2K problem.
http://www.year2000.com (Accessed: 3 January 2007).Information about the Y2K issues, includes some links to White Papers on security and recovery.
http://www.zdnet.com (Accessed: 3 January 2007).A premier technology and security News Site.
Index
11 September 2001, 20, 99, 100, 159, 160, 161, 169, 174, 256
7/07, 1999/11, 19, 154, 160, 199, 229
AAdministration, 31, 35, 78Advice Brokering Service, 74Afghanistan, 4, 54, 77, 80, 164, 180Africa, 48, 95, 157Agents, 37, 38, 154, 155AIDS, 49, 59Air Force(s), 3, 17, 179, 182, 198Aircraft carriers, 2, 162, 197Airport, 5Al Qaeda, 165Alarms, 3Algeria, 53Ambulance, 16Amsterdam, 151Anderson, R., 64, 160, 161, 164, 169,
223, 233, 235, 239, 240Antarctic, 54Anti-spam service, 72Anti-terror legislation, 5APEC, 42Arab- Israeli, 56Armed conflict, 2Armed forces, 6, 43Armed might, 1Armies, 3, 42, 182Arms, 14, 192Army, ix, 10, 11, 17, 170, 179, 182, 198,
229, 232, 243Asia-Pacific Economic Co-Operation, 42
Assets, 3, 6, 20–24, 26, 27, 31, 36, 64, 67, 69, 88, 108, 109, 127, 128, 174, 202
Asymmetric warfare, 2–6, 51, 79, 100, 102, 155, 158, 164–167, 170, 174, 175, 177, 179, 191, 196–199, 202, 229, 243, 244
Atlantic ocean, 46Attack, 3, 31, 37–39, 41, 50, 54, 60, 69,
70, 72, 73, 75, 79, 80, 87, 92, 98, 100, 170–172, 174, 188, 191, 217
Attitude, 5, 50, 81, 180Australia, 1, 8, 19, 33, 34, 40, 48, 179,
190, 203, 227, 244, 252Authentication, 39, 42, 118, 137, 138,
220, 263Automation, 40, 156Automotive, 53Avalon project, 55Avian flu, 49
BB2B, 158Balance, 4, 44, 57, 83, 105, 156, 164,
195, 202Bank(s), 16, 20, 41, 49, 63, 86, 88–90, 95,
102, 189, 195Bank of England, 16, 88, 255Banking, 19, 27, 28, 35, 41, 62, 79, 94,
95, 97Barcelona, 54Barley, 48Basel II, 126–144Basle, 88–90, 174Battle, 2, 3Battleground, 3
267
268 Index
Behavior, 9, 12, 32, 81, 92, 188Belgium, 1, 152, 154Berlin wall, 1, 54, 168Bloomberg, 158Bloor, 158, 230, 262Border controls, 5Botnets, 42BP, 16Bridges, 19Britain, 3, 15, 54, 145, 170, 172British, 3, 49, 97, 145, 147, 159, 163,
171, 180, 203, 218, 235, 241, 243British Standard, 77, 97, 99Broadband, 42, 156, 157, 259Brussels, 189BS 25999, 94, 97, 163BT, 16, 63, 202, 212, 235, 241, 258, 259Buddhist, 54Bulgaria, 52Bureaucrats, 6Burtles, J., 86Bush, G.W., 77Business, 4, 9, 15, 18, 20–22, 33–35, 39,
47, 53, 55, 60, 62, 63, 65, 74, 81, 82, 84, 88–92, 94, 95, 97–103, 105, 106, 116, 117, 120, 123, 140, 142, 147, 149, 150, 152, 153, 156, 163, 164, 166, 172, 174, 177, 186, 195, 196, 205, 241, 255, 256, 258–262
Business continuity, 9, 94, 97–100, 105, 123, 130, 132, 134, 142, 160, 163, 196, 203, 213, 218, 222, 229, 241–243, 259, 261
Business effectiveness, 3Business week, 158Buyer, 83
CCadmium, 59Call centers, 150, 154Campaign, 3, 4, 72, 164Canterbury cathedral, 54Capitalism, 4, 13, 15, 16, 77, 81, 99, 102,
145, 146, 165, 166, 168, 169, 174Catastrophe, 9, 18CERTS, 71, 73, 175, 195Checkpoint, 63Chicago, 99, 216, 230
China, 46–48, 52–54, 58, 59, 63, 81, 82, 88, 102, 146–148, 150, 167, 168, 185
Chips, 40, 64Christian, 15, 84, 145, 146CIA, 44CIP, 5, 11, 12, 33, 34Cisco, 39, 64, 161, 169, 207–209, 215,
218, 222–224, 226, 233Citizens, 14, 18, 32, 52, 56, 64, 75, 170,
173, 181, 189Civil Contingencies Act, 52, 77, 86, 87,
170, 181Civil service, 17Clausewitz, Karl von, 18, 79, 80Climate change, 7, 46Coal, 45, 170COBIT, 103, 104, 126Cold war, 1, 81, 87, 146, 197Colorado, 151Communications, 4, 12, 16, 23, 25,
27, 30–34, 63, 73, 97, 103, 104, 113–116, 132–135, 152, 165, 171, 173, 179, 186, 201, 212, 214, 218, 221, 225, 226, 228, 237, 247, 250, 252, 263
Community , 6, 23, 25, 28, 31, 56, 74, 75, 172, 175, 211, 236, 242
Companies, 2, 16, 41, 52, 53, 58, 63, 65, 66, 70, 81–83, 89–91, 94, 95, 97, 100, 102, 106, 146, 147, 151, 153–157, 163, 169, 171–174, 180, 197, 206
Complexity, 40, 177, 197Compliance, 87, 89, 90, 97, 100, 102,
105, 123–125, 127, 128, 143, 144, 156, 196, 199, 229, 264
Computer, 12, 18, 26, 32, 35, 39–41, 71, 72, 79, 83, 92, 95, 96, 110, 115, 117–122, 136–138, 151, 158, 189, 201, 203, 206, 211, 216, 217, 243, 246, 257, 261, 262, 264
Computer Emergency Response Team (s), 71, 72, 203, 240, 244, 245, 247, 248, 251, 254, 256, 261
Conduit, 4, 165, 188Conflict, 2, 56, 79, 91, 179, 191Connectivity, 11, 12, 62, 63, 76Constitution, 14, 15, 20
Index 269
Consultants, 40, 64, 259Contingency planning, 46Contractors, 37, 40, 95Control risks, 94Cooperation, 21, 24, 27, 29, 33, 34,
67, 148, 175, 178, 243, 246Copenhagen, 84Cork, 154Corn, 48Corporate governance, 88–90CorpTracker, 53Cost, 27, 39, 52, 53, 74, 83, 89, 91, 146,
151, 153–157, 193Crete, 185Crime prevention, 33Criminal law, 40Critical Information Infrastructure, 1, 7,
8, 10–13, 15, 18, 20, 31, 32, 42, 43, 61–64, 66, 69–71, 76, 77, 93, 106, 145, 177, 179–182, 184, 185, 187, 189–198, 200–203, 211, 244, 253
Critical Information Infrastructure Protection, 198
Critical Infrastructure(s), 1–10, 12, 13, 16–23, 25, 30–34, 36, 37, 41–45, 50–52, 59–62, 64, 70, 76, 77, 79, 80, 83–88, 93, 94, 159, 176, 178–180, 182, 184–198, 200, 201, 211, 229, 244, 245, 252, 256, 258
Critical mass, 146Critical National Infrastructure, 13, 31,
69, 73, 86Customer(s), 4, 35, 41, 62, 64, 66, 91,
154–156, 165, 166, 169, 175Cybercrime, 40, 249, 255, 256Cyber-threats, 11, 12Czech Republic, 1, 52, 152
DDams, 20Dartmouth, 69, 221Data, 8, 16, 30, 43, 63, 68, 72, 85, 91,
94–100, 111, 112, 115–117, 121, 124–144, 146, 147, 153, 155, 156, 172, 188, 216, 230, 241
Debt, 47, 80Declaration of Independence, 13, 15Decoys, 3
Defense, 1–4, 6, 7, 10, 14, 15, 20, 21, 31–34, 42–44, 51, 52, 83, 161, 163, 169, 177, 178, 180–182, 187, 190, 191, 197–200, 204, 242, 244, 252, 262
Defense of the Realm, 2Dell, 64Deloitte, 64Democracy, 1, 13, 77–79, 83, 173, 180,
190, 195, 197Denial of service, 38, 41, 42, 240Department, 21, 22, 28, 31–34, 42, 43,
49, 51, 59, 84, 250Department of Homeland Security, 31,
66, 257, 258Detroit, 83Deutsche Bank, 48Digital technology, 1, 39Digital world, 1Disaster, 34, 91, 92, 94, 97, 99, 100, 151,
152, 156, 161, 163, 180, 202, 213, 241Disaster recovery, 9, 94, 152, 196, 203,
205, 206, 213–215, 220, 222, 241, 258, 259
Diseases, 2, 49, 50, 59Disposable income, 151Distribution, 4, 35, 47, 56, 57, 67, 72,
81, 165, 166Disturbance, 8, 9DNA, 99, 105, 199Doswell, B., 97Dublin, 151Dunn, M., 10–12, 20, 43, 76, 182, 189
EEcology, 9ecommerce, 147, 205Economic, 2, 4–6, 10, 11, 15, 16, 20, 26,
31, 34, 42, 52, 55, 57, 58, 60, 77, 80, 81, 84, 88, 91, 93, 145, 146, 149, 151, 153, 159, 161, 164, 167–170, 172, 173, 179, 181, 190, 191, 194, 196, 197
Economist, The, 158, 177EDS, 163Education, 3, 10, 59–61, 73, 84, 85, 110,
117, 153, 165, 166, 176, 212–214, 222, 223, 227, 228, 239, 242, 243, 247, 253
270 Index
Education/intellectual Property, 10Effort, 4, 11, 31, 32, 70, 164, 166, 189,
201, 202eGovernment, 50, 246Egypt, 53, 57, 58Electricity, 3, 33, 35, 38, 46, 85, 170, 184Electricity pylons, 3Electronic, 1, 2, 31, 40, 42, 62, 67, 69,
73, 75, 80, 95, 99, 100, 102, 110, 117, 126–144, 149, 164, 174, 175, 178–180, 189, 196, 215, 262
Electronic environment, 2, 178Email, 95Emergency services, 16, 31Enemies, 2, 54, 171Energy, 9, 16, 18, 19, 21, 23, 25, 27, 28,
31, 45–47, 56, 61, 62, 85, 102, 203, 232, 257
English, 150–153, 157, 173, 181, 202, 249ENISA, 69, 185, 192, 193, 246Enron, 89, 99, 100, 149Entrepreneurs, 6Environment, 2, 40, 42, 43, 58, 59, 74,
81, 87, 92, 102, 132, 145, 146, 151, 153, 169, 171, 175, 177, 196, 230
Environment Agency, 58Environmental, 31, 77, 93, 111, 112, 131,
146, 153, 161, 170, 173, 197Equipment, 39, 62, 63, 83, 92, 95, 96,
117, 118, 131, 137, 163Ernst & Young, 52, 83, 204ETH, 192, 193, 198Euphrates, 57Europa, 158, 171, 246Europe, 8, 19, 33, 40, 46, 48, 50, 52–55,
58, 69, 71, 82, 89, 90, 94, 95, 99, 100, 102, 146–149, 151, 155, 168, 171, 178, 179, 189, 191, 196, 244, 246, 248, 262
European Commission, 32, 33, 56, 88, 90, 148, 179, 185, 189, 246
European Investment Monitor, 52European Network and Information
SecurityAgency, 185, 246European Telecommunications
Resilience and Recovery Association, 145
European Union (EU), 32, 33, 40, 46, 48, 51, 52, 55, 56, 88, 90, 100, 103,
105, 126, 146, 148, 171, 184, 185, 189, 240, 245, 246, 249–251, 255, 263, 264
Europol, 185, 246Evaluation, 32, 124, 258Evolution, 12, 169Executive Club of Chicago, 99Executive order, 20, 24, 27, 28, 30,
31, 65, 66Exercise, 14, 49, 50, 87, 171, 173,
177, 191
FFaegre and Benson, 174Far east, 52, 53, 99, 145, 146FCC, 66FDA 21 CFR, 97, 107Fences, 3FERC/NERC, 104, 105, 107FFIEC & GLBA, 126Fialka, 169, 227Fiber, 11, 63Fiber optic, 11, 151Filtered Warning Service, 74Finance, 10, 16, 31, 52, 61, 62, 83,
85, 232Financial Services Authority, 88, 255Fire, 16, 63, 214, 215Fire stations, 20Fish and Chips, 3, 54Fish stocks, 59Flanders, 154Flood, 2, 98Food, ix, 2, 5, 6, 10, 16, 31, 45, 47–49,
57–59, 61, 62, 83, 85, 98, 102, 152, 165, 170, 177, 187, 199, 200, 232
Food supply, 10, 61, 85Foreign exchange, 57Formula, 1, 3Framework, 32, 33, 80, 87, 88, 102, 107,
126, 189, 233France, 1, 51, 184, 199, 203,
224, 247Frankfurt, 99Free trade, 55Freedom of speech, 14Friedman, T.L., 15, 82Fuel, 5, 46, 48, 56, 85, 87, 170, 232Funding, 17, 32, 58
Index 271
GG8, 152, 184–186Gas, 19, 33, 45, 46, 56, 58, 83, 170GDP, 80, 82, 151Germans, 2Glasnost, 54Global Crossing, 63Global warming, 45, 50, 84Globalization, 1, 2, 12, 53, 81, 82,
99, 145, 159, 166, 168, 197Goetz, Eric, 201Gompert, 173, 231Goods, 4, 16, 52, 55, 63, 83, 146, 150,
151, 154, 166Governance, 3, 6, 82, 88–90, 147, 149,
190, 199, 201, 204, 218, 258Government, 2, 3, 6, 10, 13, 14, 16, 17,
19, 21–29, 31–36, 40–42, 50, 51, 53, 60, 61, 65–70, 73, 75, 77, 79, 85–87, 146, 152, 154, 170–172, 181, 194, 202, 203, 218, 231, 233, 237, 245, 247, 251, 252, 255, 256
Government Department, 3, 17Graduates, 54, 59, 60Grain, 13, 48Gravelines, 184Greece, 1, 185Greeley, 154Grotberg, 162, 163, 176, 233Group of Eight, 184, 185
HHackers, 37Hacking, 32, 38, 40Hague Convention, 54Hammond, A., 172, 230Happiness, 14, 78Hardware, 62, 64, 76, 91, 92, 152, 169,
217, 220Hayek, 15Hazards, 34, 111, 112, 131Health, 2, 10, 17, 19, 21, 23, 25, 31, 34,
47, 49, 50, 59, 61, 84, 85, 89, 102, 118, 241, 244, 257
Heathrow, 55Heraklion, 185Hewlett Packard, 63, 259HIPAA, 102, 104, 107Home Office, 170, 228
Home workers, 156Homeland, 10, 20, 66, 67Homer-Dixon, 173, 231Hong Kong, 99, 160, 229Horses, 2, 6, 38Hospitals, 19, 35Hosting, 62House of Representatives, 161, 174, 207,
231–233Humanitarian, 7, 46Hungary, 1, 52Huntington, 169, 230Hussein, S., 54Hyslop, M., 2, 4, 56, 81, 99, 164, 165, 167,
168, 171, 172, 174, 177, 229, 233, 235
II3P, xi, 69, 192, 193, 198ICC Cyber Crime, 192, 193Icons, 10, 54, 61, 85Identity theft, 42Ideological, 15IDM, 42Illness, 2IMF, 86Impact assessment, 91India, 47, 48, 52–54, 58, 59, 82, 88, 102,
145–149, 154, 156, 157, 196, 232Industry associations, 33, 34Inequality, 84Information, 1, 5, 10–12, 16, 18–24,
26–30, 33, 34, 39, 41, 42, 44, 48, 49, 55, 62–75, 77, 79, 80, 85, 86, 88–90, 94, 95, 97–100, 105–110, 112, 117, 120, 121, 124, 126–128, 130, 132, 136, 139–141, 143, 147, 148, 155, 157, 163, 171–175, 181, 185, 196, 197, 202, 204–206, 211, 220, 229, 240, 242, 243, 245–247, 250–253, 255–257, 260, 262, 264
Information Infrastructure, 1, 11–13, 15, 18, 24, 27, 29, 43, 44, 50, 61–64, 69, 76, 88, 91, 94, 106, 150, 153, 158–161, 163–165, 169–175, 178, 179, 182, 184, 196, 197, 201–203, 211, 233
Infrastructure, 4, 6, 11, 12, 18–24, 26–29, 32–41, 45, 50–52, 56, 66–68, 70, 76, 79, 91, 120, 132, 140, 151, 152, 154,
272 Index
Infrastructure (continued) 156, 157, 160, 161, 164, 165, 169,
171, 179, 180, 182, 194, 201, 243, 249, 252, 255, 256, 263
In-house, 154Institut Pericles, 145Institutions, 2, 20, 80, 86, 88, 171, 180,
191, 254Insurance, 23, 46, 47, 63Intel, 64, 209, 259Intellectual property, 2, 59, 60Intelligence, 5, 30, 60, 65–69, 171, 172,
180, 182, 185, 188, 262Interconnectors, 56International, 4–6, 12, 16, 18, 24, 27, 34,
40, 41, 43, 45–48, 50, 51, 53–59, 62, 66, 70, 76, 81, 84, 88–90, 95, 146, 151, 153, 166, 173, 174, 176, 179, 184–197, 204, 242, 250, 259
International Financial Reporting Standard, 90, 91
International Law Commission, 192International relations, 4, 58, 166, 191Internet, 4, 6, 11, 12, 15, 33, 38, 39, 41, 42,
62, 63, 72, 75, 83, 99, 147, 148, 165, 169, 171–173, 175, 202, 206, 210–212, 216, 219, 220, 223, 225, 228, 231, 232, 238, 242, 251, 256, 261–263
Iran, 78Iraq, 4, 51, 52, 54, 57, 77, 80, 164, 180Ireland, 1, 152–154, 178Islam, 84, 166ISO 17799, 97, 98, 102–105, 107, 126,
187, 218Israel, 57Issue groups, 38IT, 12, 35, 37–41, 71, 72, 91, 94, 126,
128, 132, 143, 144, 156, 172, 186, 201, 204, 214, 218, 219, 223, 237, 242, 252, 253, 255, 262
ITIL, 103, 104, 126, 129, 131, 134, 136, 137, 140–142
ITU, 62
JJANET-CERT, 71, 240Japan, 1, 53, 78Jordan, 57Judiciary, 51, 206, 207Just in Time, 5, 6
KKennedy, J., 19Kendra, J.M., 161–163, 234Kent, 184Ki work, 155–157Knowledge, 38, 40, 49, 64, 75, 106, 146,
148, 175, 179, 185, 186, 188, 205, 265
Knowledge Economy, 52Korea, 1, 53Kroll, 94
LLangchao, 63Law and order, 10, 51, 61, 85Law enforcement, 19, 24, 33, 41, 66–70,
86, 188Lebanon, 57Leeds, 151Lefever, Ernest W., 77Legal, 4, 23, 41, 77, 81, 93, 102,
146, 161, 165, 166, 170, 189, 194, 196, 197
Lenin, 54Liberalization, 33Liberty, 14, 77, 78, 190Libya, 57Life, 5, 8, 14, 16, 31, 50, 52, 56, 57, 87,
156, 159, 176Lincoln, A., 78Linux, 73, 216, 218, 220, 224, 238,
262Lisbon, 146, 148, 149, 184Literacy, 176London, 33, 47, 60, 75, 85, 94, 95,
97, 99, 149, 174, 204, 205, 209, 211–216, 218, 221, 222, 225, 226, 228, 235, 240, 255
London Stock Exchange, 149Lucent, 19
MMadrid, 33Magna Carta, 3, 51, 54Malthusian, 59Malware, 38, 42, 65MAN-CERT, 71, 72Manchester, 63, 73Manchester University, 71Manufacturer, 4, 63, 81, 153, 165, 166
Index 273
Manufacturing, 10, 21, 28, 52–54, 61, 62, 83, 85, 146, 148, 197
Market forces, 12Market research, 91, 151, 153Marketing, 4, 53, 81, 82, 100, 102,
151–153, 158, 166, 178Marsh, 63Marx, K., 15Marxism, 16Masera, M., 185Mass migrations, 55Materials science, 9Mecca, 54Media, 12, 80, 94, 109, 112, 115Medical, 53Mexico, 1, 157MI5, 31, 171, 178, 232Microsoft, 39, 40, 64, 65, 82, 161, 169,
204, 207–209, 218, 220, 221, 223, 225, 233, 260
Middle East, 56–58, 147Militia, 14Ministry of Defense, 2, 171, 182, 230,
247, 252, 253Mobile, 43, 120, 139, 150, 153, 169,
235Model, 15, 36, 83, 91–93, 146, 148, 149,
178, 180–183Monarchy, 3Money, 15, 16, 47, 58, 86, 88, 93,
146, 150, 151, 157, 166, 169, 178, 193
Monitoring, 32, 88, 139, 190Moore’s Law, 83Morocco, 53MRSA, 49
NNation states, 1, 13, 55National Guard, 10National Information Security
Co-ordination Centre, 12, 190National interest, 6NATO, 6, 50, 184, 187, 188, 190–193,
197, 198Navies, 3, 182Navy, 17, 179, 182, 198Nelson’s Column, 3, 54Netherlands, 1, 15, 55, 152, 154, 203,
251
Network (s), 11, 12, 21, 23, 26, 30, 33–35, 38, 39, 43, 63, 64, 73, 95, 96, 115, 119, 121, 124, 125, 134–137, 156, 157, 160, 161, 163, 169, 173–175, 181, 186, 189, 205, 220, 226, 233, 235, 240, 246, 249, 250, 260, 263, 265
New World, 1, 83New York, 69, 82, 95, 97, 99, 159, 161,
169, 173, 181, 195, 206, 208–213, 215, 216, 220–228, 234, 239, 258
New Zealand, 1, 8, 19, 35, 36, 38, 39–42, 179, 190, 203, 222, 252
Newcastle-upon-Tyne, 54, 234Nice, 145, 146Niebuhr, R., 79Nigeria, 49Nile, 56, 57NISCC, 69, 70, 73–75, 181, 186Noord-Brabant, 154North, 46, 53, 102, 152, 190, 191, 242, 258North Sea, 46Northumberland, 51Northumbria, 145, 146, 240Nottinghamshire, 51Nuclear energy, 45Numeracy, 176
OObesity, 49Obstructive marketing, 2–6, 81, 82, 84,
93, 102, 164–167, 170, 174, 175, 177, 178, 195–199, 233
OECD, 1, 8, 9, 13, 15, 16, 18, 42–44, 46–50, 52, 54, 61, 70, 71, 77, 84, 97, 99, 145, 149, 159, 164, 169, 172, 173, 176, 178, 180, 181, 184–187, 190, 193, 196–200, 249
OFCOM, 70Oil, 16, 19, 45, 46, 50, 56, 57, 102, 147Operating systems, 39, 71, 220Organization, 9, 18, 51, 74, 82, 91–93,
95, 99, 106–108, 126, 128, 137, 162, 172, 177, 181, 182, 184, 187, 193
Organized crime, 38, 166, 168, 179, 180
Outsource service providers, 156, 157Outsourced, 35, 108, 128, 150, 154, 196Outsourcing, 6, 150, 154, 155, 196
274 Index
Ownership, 16, 17, 35Oxford Intelligence, 52, 53
PParliament, 3, 87Partnership, 3, 5, 6, 21, 29, 34, 179,
180, 197Pas de Calais, 184Passport, 55, 102Password(s), 38, 71, 96, 117–119, 137,
138, 256Patriot Act, 77, 86PC, 64, 73, 83, 96, 209, 213, 229, 230,
238, 241Pearson, B., 177Pearson, T., 214Pelgrin, W., 69People, 10, 13, 14, 60, 61, 73, 85Perturbation, 9Peter Le Magnen, 52Petrochemical(s), 59, 62Petroleum industry, 62Petroleum institute, 62Philippines, 154, 157Phishing, 42, 63Pipelines, 20, 56Pipes, 3Planes, 5, 180Poland, 1, 52, 152Poles, 2, 6Police, 16, 17, 35, 41, 179, 182, 250,
251, 254Police forces, 3Policy, 19–21, 32, 33, 41, 42, 79, 87, 92,
106, 107, 110, 119, 126, 130, 133, 139, 186, 190, 262
Polio, 49Politech institute, 189, 192, 193Political, 1, 2, 12, 13, 16, 18, 31, 47, 55,
57, 58, 60, 77–79, 84, 87, 93, 146, 147, 151, 161, 167–173, 179, 181, 182, 184, 185, 189, 190, 191, 193, 194, 196
Political will, 1, 47, 185Politics, 4, 18, 79, 166Ports, 20Post Office, 16Power distribution, 5
Power plants, 19President, 19–22, 24–26, 28–30, 56, 77, 78PriceWaterhouseCoopers, 64Private, 5, 12, 14–18, 21–23, 26, 28, 29,
35, 41, 42, 44, 56, 58, 62, 66–71, 80, 82, 87, 88, 94, 95, 150, 175, 179–182, 184, 185, 187, 192, 220, 249, 263
Private property, 14Private sector, 3, 5, 22, 26, 73Privatization, 5, 56Privatized, 3, 170Processes, 3, 5, 9, 53, 62, 81, 88, 93,
97, 106, 123, 124, 126, 142, 143, 156, 184, 252
Professional bodies, 33, 34Protected, 2, 3, 5, 31, 34, 35, 68, 111,
112, 131, 170, 181Protection, v, 2, 3, 5–7, 10–12, 14, 15,
18, 20–26, 28, 30, 32–34, 37, 42, 43, 63–65, 69, 70, 76, 86, 87, 103, 104, 106–129, 133, 135, 155, 175, 179, 183, 185, 187–192, 194–196, 201–203, 211, 219, 231, 244, 245, 248, 249, 252, 254, 255, 256, 258, 261, 263
Psychology, 9Public, 5, 14, 16–19, 21, 29, 31, 33, 34,
41, 42, 44, 56, 58, 62, 65, 67, 69, 71, 80, 82, 87, 115, 121, 134, 175, 179–181, 184, 185, 189, 190, 192, 238, 244, 249, 263
Public safety, 17, 31Public sector, 41, 180Public service, 17, 31Public transit operators, 20Public-private partnership, 3, 5, 181, 195
QQinetiq, 163, 205, 260Quangos, 17
RRail, 55, 56Rand, A., 15Reagan, R., 78Reardon, M., 161, 169, 233Recovery, 5, 23, 24, 33, 91, 94, 95,
97–100, 105, 106, 114, 123,
Index 275
150–152, 156, 158, 160, 163, 164, 170, 174, 175, 180, 181, 196, 202, 206, 214, 241, 259, 265
Redundancy, 5, 162–164Regulation, 34, 88, 94, 97, 100, 146,
196, 199, 249Regulator(s), 33, 34, 70, 88Religion, 14, 54, 195Research and development, 24, 53, 54,
64, 173Resilience, 1, 5, 7–9, 13, 14, 16, 18, 20,
31, 32, 33, 34, 42, 43, 44, 46, 47, 49, 50, 51, 54, 55, 58, 59, 60, 63, 66, 69, 76, 77, 86, 91, 94, 99, 100, 102, 105, 106, 145, 150, 156, 158, 160, 161, 162, 163, 164, 170, 174, 175, 176, 177, 179, 181, 183, 184, 189, 190, 192–202, 206, 221, 223, 233, 234, 235, 236, 246, 255, 256
Resiliency, 9Resilient, 2, 5, 7, 18, 55, 60, 80, 92, 100,
106, 160, 162–164, 170, 175, 176, 188, 197, 202, 217
Resources, 2, 4, 28, 34, 38, 46, 57, 58, 66, 67, 70, 72, 79, 80, 87, 96, 113, 119, 124–126, 129, 132, 133, 147, 148, 164, 168, 170, 173, 174, 184, 185, 189, 190, 192–194, 201, 202, 204, 209, 239, 257, 261
Revolution, 18, 21, 58, 83, 168, 169, 171, 173, 245, 246
RFID, 43, 205, 223, 234Riccardo, D., 15Rice, C., 78Riga, 188, 191Risk, 5, 29, 32–34, 36–38, 40, 41, 43,
46, 65, 66, 69, 74, 75, 77, 88, 90–94, 102, 106, 121, 131, 141, 147, 151, 153, 172, 196, 202, 205, 259, 262
Risk management, 6, 92, 194, 195Rivers, 57–59Road, 55, 56, 64, 65Rochlin, 162, 163, 177, 234Romania, 52RSA, 63, 225, 227, 260Russia, 46, 47, 52, 58, 82, 147,
148, 253
SSadat, A., 56Safety, 2, 34, 85, 89, 178Sarbanes-Oxley, 82, 88, 89, 107Satellites, 11, 67Saudi, 57Schipol, 55Scotland, 152Sect, 57Sector, 11, 12, 17, 21–23, 26, 28, 29, 32,
35, 41, 53, 66–70, 74, 88, 94, 150, 155, 174, 175, 180–182, 187, 192, 255, 263
Secunia, 71Security, 3, 5, 10, 12, 14, 19–28, 30–34,
36, 38–43, , 62–65, 67, 68, 71–74, 76, 79, 88, 90, 94–98, 102–105, 107–144, 146, 147, 158, 160, 161, 163, 164, 169, 171–175, 178–181, 185–187, 189– 191, 195–197, 200–265
Self-sufficiency, 46Seller, 83Service provider, 4, 81, 165, 166Services, 2, 4, 9, 11, 12, 19, 21, 23, 28,
30, 31, 34, 36, 50–53, 55, 62, 69, 71, 74, 75, 83, 87, 88, 95, 97, 106, 117, 126–144, 150–155, 166, 171, 172, 188, 189, 249
Sewage, 2, 58, 251Shakespeare, 79Shareholder, 41, 168Shaw, G.B., 6Shell, 46, 224Shenoi, Sujeet, 201Shock, 8Siberia, 46Silicon Valley, 154Smith, A., 15Sniffers, 5Social, 6, 10, 16, 20, 31, 51, 58, 60, 77,
84, 93, 146–149, 161, 170, 172, 173, 194, 195, 197
Society, 2, 3, 5, 8, 13, 15, 18, 23, 45, 50, 51, 54, 56, 59, 60, 69, 84, 161, 171, 177, 181, 186, 189, 194, 197, 246, 247, 250
Software, 11, 42, 62, 64–66, 74, 76, 91, 96, 98, 114–116, 133, 135, 140, 152, 160, 164, 169, 206, 217, 221
276 Index
South America, 48, 58, 147, 157Soviet Union, 54Spain, 1, 54Spanish, 157, 202Staff, 26, 30, 37, 38, 40, 155, 156, 172,
188, 262Stakeholders, 31, 33, 87, 189Stalin, 59, 150Standard of living, 2, 146, 148Steel, 79, 170Steganographic, 4Stockpiles, 3, 5, 48Strategic National Asset, 3Stress, 9, 18, 156, 162Sudan, 58Sun Microsystems, 63, 219, 259Sunderland, 154SunGard, 63Supermarkets, 48, 170Supply chain(s), 34, 62, 83, 147, 178, 240Survival, 1, 3, 56, 98, 100, 158Sweden, 1, 11, 43, 181, 182, 190, 203, 253Swiss, 12, 43, 203, 253–255Switzerland, 1, 10, 43, 181, 182, 190,
203, 211, 253, 254Syria, 57
TTags, 43Taliban, 54Tanks, 2, 148Target, 4, 77, 165, 264Tea, 3Technological, 5, 11–13, 40, 42, 46, 51,
52, 57, 67, 77, 153, 161, 170, 173, 194, 197
Technology, 1, 8, 12, 16, 18, 21, 23–25, 30, 39, 40, 43, 51, 53, 64, 65, 67, 68, 74, 83, 85, 90, 98–100, 103, 140, 146, 147, 150–152, 154–156, 165–167, 169–173, 181, 186, 187, 194, 203, 209, 210, 213, 214, 218–220, 225, 227–229, 231, 232, 234, 237–239, 241, 244, 245, 247, 250, 251, 253–258, 260, 262, 264, 265
Telecom, 35, 223, 227, 228, 235Telecommunications, 1, 5, 8, 11, 16, 18,
21, 23, 29, 35, 38, 62, 67, 69, 70, 76, 90, 91, 150, 153, 158, 160, 163, 181,
230–232, 234, 241, 246, 248, 249, 252, 256, 262
Telephone, 19, 83, 95, 96, 154, 169, 178Telephony, 39Telstra Saturn, 35Ten Commandments, 15Territorial Army, 10Terrorism, 5, 20, 32–34, 42, 66, 68, 77,
79, 98, 165, 178–180, 185, 187, 198, 201, 229, 258, 264
Terrorist groups, 2Theft, 37, 38, 40, 42, 110, 112, 115, 129,
132, 135, 171Tigris, 57Timing, 4, 164Tolchin, M., 173Tolchin, S.J., 173Tompkins, J., 86Townsend, 170, 232Trains, 5Transport, 10, 17, 31, 56, 61, 62, 85Transportation, 2, 19, 21, 23, 28, 55, 56Trendle, 173Trial, 14, 15Troy, 154Trudeau centre, 173, 231Trusted Sharing Service, 74Tunisia, 53Turkey, 1, 57Tyco, 89
UUN’s International Law Commission,
198Uncertainty, 82, 83, 91, 173United Kingdom (UK), 1, 2, 5, 6, 8, 11,
12, 16–19, 31, 32, 46–51, 53–56, 58–60, 62, 63, 69–73, 77, 82, 86–90, 94, 97, 100, 103, 126, 152, 154, 155, 160, 170–173, 175, 178–181, 184, 190, 202–206, 209–230, 234, 235, 240, 250, 251, 255, 256
United Nations(UN), 78, 84, 146, 184, 186, 187, 190, 191
United States of America (USA), 2–5, 8, 10, 13–15, 19, 20, 47, 51, 52, 63, 65, 70, 76, 77, 79, 80–83, 86, 88, 89, 97, 99, 100, 102, 106, 146–149, 151, 152, 154, 155, 158, 164, 167,
Index 277
171, 173–175, 178–181, 184, 189, 196, 206–229, 232, 233, 240, 250, 256–258, 260, 264
Universities, 3, 145, 146, 153University of Toronto, 173, 231Unix, 39, 73, 206, 225, 262Utah, 151Utilities, 5, 96, 174, 202, 246
VVatican, 54Verizon, 63Viruses, 38, 50, 169
WWalls, 3War, 2, 4, 14, 18, 45, 46, 49, 51, 54–56,
78–80, 146, 148, 162, 164, 168–170, 182, 195, 202, 227, 234
War Office, 2Warning Action and Reporting Points,
73WARPs, 71, 73–76, 195Washington Times, 77, 234Water, ix, 2, 19, 21, 23, 45, 47, 56–59, 79,
85, 98, 200Water, 10, 17, 32, 56–59, 61, 85, 165, 251Way of life, 2, 3, 5, 13, 15, 51Weapons, 19, 81, 179, 180, 187Weapons of Mass Destruction, 178, 179Wembley, 3, 54Wenger and Metzger, 76Wheat, 47, 48Wigert, I., 10–12, 20, 43, 76, 182, 189
Windows, 39, 40, 204, 207, 208, 217, 218, 220, 221, 225
Wireless, 12, 43, 151, 152, 189Wong, A., 160, 235Wong, P.W., 224Wood, 177Wilson, W., 78The World, 2, 4, 6–9, 46–48, 55, 64, 65,
70, 77, 80, 82, 84, 90, 100, 146, 147, 151, 164, 166, 168–171, 179, 196, 229, 230, 244, 262
Work, 3, 8, 23, 24, 26–29, 42, 43, 51, 56, 69, 70, 73, 74, 76, 80, 83, 86, 87, 98, 110, 126, 130, 145, 150, 155, 156, 159, 173, 180, 181, 185, 187, 188, 190, 192, 195, 196, 233, 255
Workstations, 73World heritage sites, 54World Trade Centre, 3, 54, 159, 161,
169, 234World Trade Organization, 147World Wide Web, 12, 99, 160, 169, 175,
219, 243WorldCom, 89, 149Worms, 38
YY2K, 1, 98, 158, 236, 265Yale, 55
ZZambia, 59Zekos, 171, 172, 232Zurich, 10–12, 203, 211, 254