Cyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso"

Transcription

1 Cyber Attacks Protecting National Infrastructure Student Edition Edward G. Amoroso ELSEVIER. AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Butterworth-Heinemann is an Imprint of Elsevier

2 CONTENTS V CONTENTS Preface Acknowledgments xi xv Chapter 1 Introduction 1 National CyberThreats, Vulnerabilities, and Attacks 4 Botnet Threat 7 National Cyber Security Methodology Components 9 Deception 11 Separation 13 Diversity 16 Consistency 17 Depth 19 Discretion 20 Collection 21 Correlation 23 Awareness 25 Response 26 Implementing the Principles Nationally 28 Protecting the Critical National Infrastructure Against Cyber Attacks 29 Summary 32 Chapter Review Questions/Exercises 33 Chapter 2 Deception 37 Scanning Stage 42 Deliberately Open Ports 43 Discovery Stage 45 Deceptive Documents 46 Exploitation Stage 48 ProcurementTricks 50 Exposing Stage 51 Interfaces Between Humans and Computers 53 National Deception Program 54

3 Vi CONTENTS The Deception Planning Process Against Cyber Attacks 55 Summary 57 Chapter Review Questions/Exercises 58 Chapter 3 Separation 63 What Is Separation? 65 Functional Separation 67 National Infrastructure Firewalls 69 DDOS Filtering 71 SCADA Separation Architecture 73 Physical Separation 75 Insider Separation 77 Asset Separation 80 Multilevel Security (MLS) 82 Protecting the Critical National Infrastructure Through Use of Separation 84 Summary 86 Chapter Review Questions/Exercises 87 Chapter 4 Diversity 91 Diversity andworm Propagation 93 Desktop Computer System Diversity 95 Diversity Paradox of Cloud Computing 98 NetworkTechnology Diversity 100 Physical Diversity 103 National Diversity Program 105 Critical Infrastructure Resilience and Diversity Initiative 106 Summary 108 Chapter Review Questions/Exercises 109 Chapter 5 Commonality 115 Meaningful Best Practices for Infrastructure Protection 119 Locally Relevant and Appropriate Security Policy 122 Culture of Security Protection 123 Infrastructure Simplification 126 Certification and Education 128 Career Path and Reward Structure 131 Responsible Past Security Practice 132 National Commonality Program 134

4 CONTENTS VII How Critical National Infrastructure Systems Demonstrate Commonality 135 Summary 137 Chapter Review Questions/Exercises 138 Chapter 6 Depth 141 Effectiveness of Depth 143 Layered Authentication 147 Layered Virus and Spam Protection 151 Layered Access Controls 152 Layered Encryption 154 Layered Intrusion Detection 156 National Program of Depth 158 Practical Ways for Achieving Information Assurance in Infrastructure Networked Environments 160 Summary 161 Chapter Review Questions/Exercises 162 Chapter 7 Discretion 167 Trusted Computing Base 168 Security Through Obscurity 171 Information Sharing 174 Information Reconnaissance 176 Obscurity Layers 178 Organizational Compartments 179 National Discretion Program 181 Top-Down and Bottom-Up Sharing of Sensitive Information 182 Summary 185 Chapter Review Questions/Exercises 186 Chapter 8 Collection 191 Collecting Network Data 194 Collecting System Data 196 Security Information and Event Management 200 Large-ScaleTrending 203 Tracking a Worm 205 National Collection Program 208 Data Collection Efforts: Systems and Assets 209 Summary 212 Chapter Review Questions/Exercises 213

5 VIII CONTENTS Chapter 9 Correlation 217 Conventional Security Correlation Methods 221 Quality and Reliability Issues in Data Correlation 223 Correlating Data to Detect a Worm 225 Correlating Data to Detect a Botnet 226 Large-Scale Correlation Process 228 National Correlation Program 230 Correlation Rules for Critical National Infrastructure Cyber Security 232 Summary 233 Chapter Review Questions/Exercises 234 Chapter 10 Awareness 239 Detecting Infrastructure Attacks 243 Managing Vulnerability Information 244 Cyber Security Intelligence Reports 246 Risk Management Process 248 Security Operations Centers 250 National Awareness Program 252 Connecting Current Cyber Security Operation Centers to Enhance Situational Awareness 254 Summary 256 Chapter Review Questions/Exercises 256 Chapter 11 Response 261 Pre-Versus Post-Attack Response 263 Indications and Warning 265 Incident Response Teams 266 Forensic Analysis 269 Law Enforcement Issues 271 Disaster Recovery 272 National Response Program 274 The Critical National Infrastructure Incident Response Framework 275 Transitioning from NIPP Steady State to Incident Response Management 276

6 CONTENTS IX Summary 278 Chapter Review Questions/Exercises 278 Appendix A: National Infrastructure Protection Criteria 283 Appendix B: Case Studies by John R. Vacca 291 Index 305

Network Security: A Practical Approach. Jan L. Harrington

Network Security: A Practical Approach. Jan L. Harrington Network Security: A Practical Approach Jan L. Harrington ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann is an imprint of

More information

Securing the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER

Securing the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER Securing the Cloud Cloud Computer Security Techniques and Tactics Vic (J.R.) Winkler Technical Editor Bill Meine ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO

More information

Open Source Toolkit. Penetration Tester's. Jeremy Faircloth. Third Edition. Fryer, Neil. Technical Editor SYNGRESS. Syngrcss is an imprint of Elsevier

Open Source Toolkit. Penetration Tester's. Jeremy Faircloth. Third Edition. Fryer, Neil. Technical Editor SYNGRESS. Syngrcss is an imprint of Elsevier Penetration Tester's Open Source Toolkit Third Edition Jeremy Faircloth Neil Fryer, Technical Editor AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS. SAN DIEGO SAN FRANCISCO. SINGAPORE SYDNEY

More information

IMPROVEMENT THE PRACTITIONER'S GUIDE TO DATA QUALITY DAVID LOSHIN

IMPROVEMENT THE PRACTITIONER'S GUIDE TO DATA QUALITY DAVID LOSHIN i I I I THE PRACTITIONER'S GUIDE TO DATA QUALITY IMPROVEMENT DAVID LOSHIN ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann

More information

Customer Relationship Management

Customer Relationship Management Customer Relationship Management Concepts and Technologies Second edition Francis Buttle xlloillvlcjx. AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY

More information

Metrics and Methods for Security Risk Management

Metrics and Methods for Security Risk Management Metrics and Methods for Security Risk Management Carl S. Young ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is an imprint of

More information

Network Security. Windows 2012 Server. Securing Your Windows. Infrastructure. Network Systems and. Derrick Rountree. Richard Hicks, Technical Editor

Network Security. Windows 2012 Server. Securing Your Windows. Infrastructure. Network Systems and. Derrick Rountree. Richard Hicks, Technical Editor Windows 2012 Server Network Security Securing Your Windows Network Systems and Infrastructure Derrick Rountree Richard Hicks, Technical Editor AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN

More information

Contents. Foreword. Acknowledgments Introduction

Contents. Foreword. Acknowledgments Introduction The Manager's Handbook for Corporate Security Establishing and Managing a Successful Assets Protection Program Dr. Gerald L Kovacich Edward P. Halibozek ilu TTERWORTH I N E M A N N An imprint of Elsevier

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

Risk Analysis and the Security Survey

Risk Analysis and the Security Survey Risk Analysis and the Security Survey Fourth Edition James F. Broder Eugene Tucker ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Butterworth-Heinemann

More information

for the Entire Organization

for the Entire Organization Enterprise Risk Management A Common Framework for the Entire Organization Philip E. J. Green ELSEVIER AMSTERDAM. BOSTON. HEIDELBERG. LONDON NEW YORK OXFORD. PARIS. SAN DIEGO SAN FRANCISCO. SINGAPORE. SYDNEY.

More information

Supply Chain Strategies

Supply Chain Strategies Supply Chain Strategies Customer-driven and customer-focused Tony Hines ELSEVIER BUTTERWORTH HEINEMANN AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY

More information

Virtualization and Forensics

Virtualization and Forensics Virtualization and Forensics A Digital Forensic Investigator's Guide to Virtual Environments Diane Barrett Gregory Kipper Technical Editor Samuel Liles ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK

More information

Big Data Analytics From Strategie Planning to Enterprise Integration with Tools, Techniques, NoSQL, and Graph

Big Data Analytics From Strategie Planning to Enterprise Integration with Tools, Techniques, NoSQL, and Graph Big Data Analytics From Strategie Planning to Enterprise Integration with Tools, Techniques, NoSQL, and Graph David Loshin ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN

More information

Computing. Federal Cloud. Service Providers. The Definitive Guide for Cloud. Matthew Metheny ELSEVIER. Syngress is NEWYORK OXFORD PARIS SAN DIEGO

Computing. Federal Cloud. Service Providers. The Definitive Guide for Cloud. Matthew Metheny ELSEVIER. Syngress is NEWYORK OXFORD PARIS SAN DIEGO Federal Cloud Computing The Definitive Guide for Cloud Service Providers Matthew Metheny ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO

More information

Configuration. Management for. Senior Managers. Essential Product Configuration. and Lifecycle Management

Configuration. Management for. Senior Managers. Essential Product Configuration. and Lifecycle Management Configuration Management for Senior Managers Essential Product Configuration and Lifecycle Management for Manufacturing Frank B. Watts ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS

More information

Master Data Management

Master Data Management Master Data Management David Loshin AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO Ик^И V^ SAN FRANCISCO SINGAPORE SYDNEY TOKYO W*m k^ MORGAN KAUFMANN PUBLISHERS IS AN IMPRINT OF ELSEVIER

More information

Eleventh Hour Security+

Eleventh Hour Security+ Eleventh Hour Security+ Exam SYO-201 Study Guide I do Dubrawsky Technical Editor Michael Cross AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO SYNGRESS.

More information

Managing Data in Motion

Managing Data in Motion Managing Data in Motion Data Integration Best Practice Techniques and Technologies April Reeve ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY

More information

Cloud Computing. Theory and Practice. Dan C. Marinescu. Morgan Kaufmann is an imprint of Elsevier HEIDELBERG LONDON AMSTERDAM BOSTON

Cloud Computing. Theory and Practice. Dan C. Marinescu. Morgan Kaufmann is an imprint of Elsevier HEIDELBERG LONDON AMSTERDAM BOSTON Cloud Computing Theory and Practice Dan C. Marinescu AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO M< Morgan Kaufmann is an imprint of Elsevier

More information

Service Operations Management

Service Operations Management Third Edition Robert Johnston and Graham Clark Service Operations Management Improving Service Delivery Prentice Hall FINANCIAL TIMES An imprint of Pearson Education Harlow, England London New York Boston

More information

Human Performance Improvement

Human Performance Improvement Human Performance Improvement Building Practitioner Competence Second Edition William J. Rothwell Carolyn K. Hohne Stephen B. King ELoEVIElx AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN

More information

Fixed/Mobile Convergence and Beyond AMSTERDAM BOSTON. HEIDELBERG LONDON

Fixed/Mobile Convergence and Beyond AMSTERDAM BOSTON. HEIDELBERG LONDON Fixed/Mobile Convergence and Beyond Unbounded Mobile Communications Richard Watson AMSTERDAM BOSTON. HEIDELBERG LONDON NEW YORK. OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY. TOKYO ELSEVIER

More information

Network Security Essentials:

Network Security Essentials: Network Security Essentials: Applications and Standards Fifth Edition William Stallings International Editions contributions by B. R. Chandavarkar National Institute of Technology Karnataka, Surathkal

More information

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of Elsevier

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of Elsevier Trading and Money Management in a Student-Managed Portfolio Brian Bruce Jason Greene ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic

More information

Data Warehousing in the Age of Big Data

Data Warehousing in the Age of Big Data Data Warehousing in the Age of Big Data Krish Krishnan AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD * PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann is an imprint of Elsevier

More information

Delivery. Enterprise Software. Bringing Agility and Efficiency. Global Software Supply Chain. AAddison-Wesley. Alan W. Brown.

Delivery. Enterprise Software. Bringing Agility and Efficiency. Global Software Supply Chain. AAddison-Wesley. Alan W. Brown. Enterprise Software Delivery Bringing Agility and Efficiency Global Software Supply Chain to the Alan W. Brown AAddison-Wesley Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto

More information

Schneps, Leila; Colmez, Coralie. Math on Trial : How Numbers Get Used and Abused in the Courtroom. New York, NY, USA: Basic Books, 2013. p i.

Schneps, Leila; Colmez, Coralie. Math on Trial : How Numbers Get Used and Abused in the Courtroom. New York, NY, USA: Basic Books, 2013. p i. New York, NY, USA: Basic Books, 2013. p i. http://site.ebrary.com/lib/mcgill/doc?id=10665296&ppg=2 New York, NY, USA: Basic Books, 2013. p ii. http://site.ebrary.com/lib/mcgill/doc?id=10665296&ppg=3 New

More information

INTERNATIONAL MONEY AND FINANCE

INTERNATIONAL MONEY AND FINANCE INTERNATIONAL MONEY AND FINANCE EIGHTH EDITION MICHAEL MELVIN AND STEFAN C. NORRBIN ELSEVIER Amsterdam Boston Heidelberg London New york Oxford Paris San Diego San Francisco Singapore Sydney Tokyo Academic

More information

Rapid System Prototyping with FPGAs

Rapid System Prototyping with FPGAs Rapid System Prototyping with FPGAs By R.C. Coferand Benjamin F. Harding AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Newnes is an imprint of

More information

Digital Forensics with Open Source Tools

Digital Forensics with Open Source Tools Digital Forensics with Open Source Tools Cory Altheide Harlan Carvey Technical Editor Ray Davidson AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO

More information

Agile Development & Business Goals. The Six Week Solution. Joseph Gee. George Stragand. Tom Wheeler

Agile Development & Business Goals. The Six Week Solution. Joseph Gee. George Stragand. Tom Wheeler Agile Development & Business Goals The Six Week Solution Bill Holtsnider Tom Wheeler George Stragand Joseph Gee AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE

More information

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty EMERGING THREATS & STRATEGIES FOR DEFENSE Stephen Coty Chief Security Evangelist @StephenCoty Industry Analysis 2014 Data Breaches - Ponemon Ponemon 2014 Data Breach Report *Statistics from 2013 Verizon

More information

Introduction to Cyber Security / Information Security

Introduction to Cyber Security / Information Security Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be

More information

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO DW2.0 The Architecture for the Next Generation of Data Warehousing W. H. Inmon Forest Rim Technology Derek Strauss Gavroshe Genia Neushloss Gavroshe AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS

More information

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1 Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3

More information

Implementing Database Security and Auditing

Implementing Database Security and Auditing Implementing Database Security and Auditing A guide for DBAs, information security administrators and auditors Ron Ben Natan ELSEVIER DIGITAL PRESS Amsterdam Boston Heidelberg London New York Oxford P

More information

superseries FIFTH EDITION

superseries FIFTH EDITION Prelims-I046413.qxd 3/19/07 1:04 PM Page i Institute of Leadership & Management superseries Motivating to Perform in the Workplace FIFTH EDITION Published for the Institute of Leadership & Management AMSTERDAM

More information

Private Equity and Venture Capital in Europe

Private Equity and Venture Capital in Europe Private Equity and Venture Capital in Europe Markets, Techniques, and Deals Stefano Caselli AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO ELSEVIER

More information

Computer Security Literacy

Computer Security Literacy Computer Security Literacy Staying Safe in a Digital World Douglas Jacobson and Joseph Idziorek CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis

More information

Data Model ing Essentials

Data Model ing Essentials Data Model ing Essentials Third Edition Graeme C. Simsion and Graham C. Witt MORGAN KAUFMANN PUBLISHERS AN IMPRINT OF ELSEVIER AMSTERDAM BOSTON LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE

More information

Securing SQL Server. Protecting Your Database from. Second Edition. Attackers. Denny Cherry. Michael Cross. Technical Editor ELSEVIER

Securing SQL Server. Protecting Your Database from. Second Edition. Attackers. Denny Cherry. Michael Cross. Technical Editor ELSEVIER Securing SQL Server Second Edition Protecting Your Database from Attackers Denny Cherry Technical Editor Michael Cross AMSTERDAM BOSTON HEIDELBERG LONDON ELSEVIER NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO

More information

Measuring and. Communicating. Security's Value. A Compendium of Metrics. for Enterprise Protection

Measuring and. Communicating. Security's Value. A Compendium of Metrics. for Enterprise Protection Measuring and Communicating Security's Value A Compendium of Metrics for Enterprise Protection George Campbell AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE

More information

Bellevue University Cybersecurity Programs & Courses

Bellevue University Cybersecurity Programs & Courses Undergraduate Course List Core Courses: CYBR 250 Introduction to Cyber Threats, Technologies and Security CIS 311 Network Security CIS 312 Securing Access Control CIS 411 Assessments and Audits CYBR 320

More information

CESG Certification of Cyber Security Training Courses

CESG Certification of Cyber Security Training Courses CESG Certification of Cyber Security Training Courses Supporting Assessment Criteria for the CESG Certified Training (CCT) Scheme Portions of this work are copyright The Institute of Information Security

More information

RESILIENT. SECURE and SOFTWARE. Requirements, Test Cases, and Testing Methods. Mark S. Merkow and Lakshmikanth Raghavan. CRC Press

RESILIENT. SECURE and SOFTWARE. Requirements, Test Cases, and Testing Methods. Mark S. Merkow and Lakshmikanth Raghavan. CRC Press SECURE and RESILIENT SOFTWARE Requirements, Test Cases, and Testing Methods Mark S. Merkow and Lakshmikanth Raghavan CRC Press Taylor & Francis Group Boca Raton London New York CRC Press Is an imprint

More information

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security

More information

CALNET 3 Category 7 Network Based Management Security. Table of Contents

CALNET 3 Category 7 Network Based Management Security. Table of Contents State of California IFB STPD 12-001-B CALNET 3 Category 7 Network Based Security Table of Contents 7.2.1.4.a DDoS Detection and Mitigation Features... 1 7.2.2.3 Email Monitoring Service Features... 2 7.2.3.2

More information

Hacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS

Hacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS Hacking Web Apps Detecting and Preventing Web Application Security Problems Mike Shema Technical Editor Jorge Blanco Alcover AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO

More information

Job Hazard Analysis. A Guide for Voluntary Compliance and Beyond. From Hazard to Risk: Transforming the JHA from a Tool to a Process

Job Hazard Analysis. A Guide for Voluntary Compliance and Beyond. From Hazard to Risk: Transforming the JHA from a Tool to a Process Job Hazard Analysis A Guide for Voluntary Compliance and Beyond From Hazard to Risk: Transforming the JHA from a Tool to a Process James E. Roughton Nathan Crutchfield E L S E V I E R AMSTERDAM. BOSTON.

More information

Measuring Data Quality for Ongoing Improvement

Measuring Data Quality for Ongoing Improvement Measuring Data Quality for Ongoing Improvement A Data Quality Assessment Framework Laura Sebastian-Coleman ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE

More information

PRINCIPLES AND PRACTICE OF INFORMATION SECURITY

PRINCIPLES AND PRACTICE OF INFORMATION SECURITY PRINCIPLES AND PRACTICE OF INFORMATION SECURITY Protecting Computers from Hackers and Lawyers Linda Volonino, Ph.D. Canisius College Stephen R. Robinson Verity Partners, LLC with contributions by Charles

More information

CONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker

CONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker ALL ElNis ONE CEH Certified Ethical Hacker EXAM GUIDE Matt Walker Mc Grain/ New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto McGraw-Hill

More information

University of Central Florida Class Specification Administrative and Professional. Information Security Officer

University of Central Florida Class Specification Administrative and Professional. Information Security Officer Information Security Officer Job Code: 2534 Serve as the information security officer for the University. Develop and computer security system standards, policies, and procedures. Serve as technical team

More information

Data Security and Healthcare

Data Security and Healthcare Data Security and Healthcare Complex data flows Millions of electronic medical records across many systems New and emerging business relationships Changing and maturing compliance frameworks Diverse population

More information

COPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction

COPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction Contents Acknowledgments Introduction 1. Governance Overview How Do We Do It? What Do We 1 Get Out of It? 1.1 What Is It? 1 1.2 Back to Basics 2 1.3 Origins of Governance 3 1.4 Governance Definition 5

More information

IT Manager's Handbook

IT Manager's Handbook IT Manager's Handbook Getting your new job done Third Edition Bill Holtsnider Brian D. Jaffe AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan

More information

CRYPTOGRAPHY AND NETWORK SECURITY

CRYPTOGRAPHY AND NETWORK SECURITY CRYPTOGRAPHY AND NETWORK SECURITY PRINCIPLES AND PRACTICE SIXTH EDITION William Stallings International Edition contributions by Mohit P Tahiliani NITK Surathkal PEARSON Boston Columbus Indianapolis New

More information

Situational Awareness A Discussion

Situational Awareness A Discussion Situational Awareness A Discussion Dean Weber March, 2012 The Current Situation take one spending incidents financial losses overall risk grows resources applied grows but no real progress The situation

More information

Finance Sector Background & User Needs

Finance Sector Background & User Needs Finance Sector Background & User Needs Brussels, October 2014 Finance European top 25 Ranking Bank Assets ( bn) Capital ( bn) 1 Deutsche Bank AG, Frankfurt am Main, Germany 2,052 2.43 2 BNP Paribas SA,

More information

Audio Over IP. Building Pro AolP Systems. with Livewire. Skip Pizzi. Steve Church. Focal. Press ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON

Audio Over IP. Building Pro AolP Systems. with Livewire. Skip Pizzi. Steve Church. Focal. Press ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON Audio Over IP Building Pro AolP Systems with Livewire Steve Church Skip Pizzi ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Focal press

More information

^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS017799 ALAN CALDER STEVE WATKINS. KOGAN PAGE London and Sterling, VA

^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS017799 ALAN CALDER STEVE WATKINS. KOGAN PAGE London and Sterling, VA ^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS017799 ALAN CALDER STEVE WATKINS KOGAN PAGE London and Sterling, VA Contents Foreword by Nigel Turnbull How to use this book

More information

The Crossroads of Accounting & IT

The Crossroads of Accounting & IT The Crossroads of Accounting & IT Donna Kay, MBA, PhD, CPA, CITP Maryville University of Saint Louis Ali Ovlia, MS, DM Webster University Pearson Boston Columbus- Indianapolis New York San Francisco Upper

More information

Policy Title: HIPAA Security Awareness and Training

Policy Title: HIPAA Security Awareness and Training Policy Title: HIPAA Security Awareness and Training Number: TD-QMP-7011 Subject: HIPAA Security Awareness and Training Primary Department: TennDent/Quality Monitoring/Improvement Effective Date of Policy:

More information

HAROLD CAMPING i ii iii iv v vi vii viii ix x xi xii 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52

More information

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings Computer Security Principles and Practice Second Edition William Stailings Lawrie Brown University ofnew South Wales, Australian Defence Force Academy With Contributions by Mick Bauer Security Editor,

More information

CIMA'S Official Learning System

CIMA'S Official Learning System cima CIMA'S Official Learning System Strategic Level Paul M. Collier Sam Agyei-Ampomah ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Contents

More information

Cyril Onwubiko Networking and Communications Group http://ncg. ncg.kingston.ac.

Cyril Onwubiko Networking and Communications Group http://ncg. ncg.kingston.ac. Cyril Onwubiko Networking and Communications Group http://ncg ncg.kingston.ac..ac.uk http://ncg.kingston.ac.uk +44 (0)20 8547 2000 Security Threats & Vulnerabilities in assets are two most fundamental

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Glasnost or Tyranny? You Can Have Secure and Open Networks!

Glasnost or Tyranny? You Can Have Secure and Open Networks! AT&T is a proud sponsor of StaySafe Online Glasnost or Tyranny? You Can Have Secure and Open Networks! Steven Hurst CISSP Director - AT&T Security Services and Technology AT&T Chief Security Office 2009

More information

How Secure is Your SCADA System?

How Secure is Your SCADA System? How Secure is Your SCADA System? Charles Drobny GlobaLogix, Inc. Houston, TX, USA Our Industry is a Target 40% of cyber attacks on Critical Infrastructure targets are aimed at the Energy Industry The potential

More information

Private Cloud Computing

Private Cloud Computing Private Cloud Computing Consolidation, Virilization, and Service-Oriented Infrastructure Stephen R. Smoot Nam K. Tan ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO M< SAN FRANCISCO

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control Requirements Cyber Security For Suppliers Categorised as High Cyber Risk Cyber Security Requirement Description Why this is important 1. Asset Protection and System Configuration

More information

Architectures, and. Service-Oriented. Cloud Computing. Web Services, The Savvy Manager's Guide. Second Edition. Douglas K. Barry. with.

Architectures, and. Service-Oriented. Cloud Computing. Web Services, The Savvy Manager's Guide. Second Edition. Douglas K. Barry. with. Web Services, Service-Oriented Architectures, and Cloud Computing The Savvy Manager's Guide Second Edition Douglas K. Barry with David Dick ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS

More information

Engineering DOCUMENTATION CONTROL HANDBOOK

Engineering DOCUMENTATION CONTROL HANDBOOK Engineering DOCUMENTATION CONTROL HANDBOOK CONFIGURATION MANAGEMENT AND PRODUCT LIFECYCLE MANAGEMENT FOURTH EDITION FRANK B. WATTS Amsterdam Boston Heidelberg London New York Oxford Paris San Diego San

More information

Integrated Reservoir Asset Management

Integrated Reservoir Asset Management Integrated Reservoir Asset Management Integrated Reservoir Asset Management Principles and Best Practices John R. Fanchi AMSTERDAM. BOSTON. HEIDELBERG. LONDON NEW YORK. OXFORD. PARIS. SAN DIEGO SAN FRANCISCO.

More information

(Instructor-led; 3 Days)

(Instructor-led; 3 Days) Information Security Manager: Architecture, Planning, and Governance (Instructor-led; 3 Days) Module I. Information Security Governance A. Introduction to Information Security Governance B. Overview of

More information

Financial Statement Analysis

Financial Statement Analysis Financial Statement Analysis Valuation Credit analysis Executive compensation Christian V. Petersen and Thomas Plenborg Financial Times Prentice Hall is an imprint of Harlow, England London New York Boston

More information

The Protection Mission a constant endeavor

The Protection Mission a constant endeavor a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring

More information

Information Security Policy

Information Security Policy Information Security Policy Steve R. Hutchens, CISSP EDS, Global Leader, Homeland Security Agenda Security Architecture Threats and Vulnerabilities Design Considerations Information Security Policy Current

More information

A Cyber Security Integrator s perspective and approach

A Cyber Security Integrator s perspective and approach A Cyber Security Integrator s perspective and approach Presentation to Saudi Arabian Monetary Agency March 2014 What is a Cyber Integrator? Security system requirements - Finance Building a specific response

More information

TUSKEGEE CYBER SECURITY PATH FORWARD

TUSKEGEE CYBER SECURITY PATH FORWARD TUSKEGEE CYBER SECURITY PATH FORWARD Preface Tuskegee University is very aware of the ever-escalating cybersecurity threat, which consumes continually more of our societies resources to counter these threats,

More information

Can Your Budget Reshape Your Threat Landscape?

Can Your Budget Reshape Your Threat Landscape? Robert Richardson Editorial Director SearchSecurity.com Can Your Budget Reshape Your Threat Landscape? 1 A Tiny Bit of History 2 Yay! Firewalls! 3 2014 Survey Demographics 459 Total NA Respondents What

More information

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Driving Company Security is Challenging. Centralized Management Makes it Simple. Driving Company Security is Challenging. Centralized Management Makes it Simple. Overview - P3 Security Threats, Downtime and High Costs - P3 Threats to Company Security and Profitability - P4 A Revolutionary

More information

Secure Code Development

Secure Code Development ISACA South Florida 7th Annual WOW! Event Copyright Elevate Consult LLC. All Rights Reserved 1 Agenda i. Background ii. iii. iv. Building a Business Case for Secure Coding Top-Down Approach to Develop

More information

Global ediscovery Client Data Security. Managed technology for the global legal profession

Global ediscovery Client Data Security. Managed technology for the global legal profession Global ediscovery Client Data Security Managed technology for the global legal profession Epiq Systems is a global leader in providing fully integrated technology products and services for ediscovery and

More information

Valvation. Theories and Concepts. Rajesh Kumar. Professor of Finance, Institute of Management Technology, Dubai, UAE

Valvation. Theories and Concepts. Rajesh Kumar. Professor of Finance, Institute of Management Technology, Dubai, UAE Valvation Theories and Concepts Rajesh Kumar Professor of Finance, Institute of Management Technology, Dubai, UAE ELSEVIER AMSTERDAM BOSTON CAMBRIDGE HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN

More information

Obj ect-oriented Construction Handbook

Obj ect-oriented Construction Handbook Obj ect-oriented Construction Handbook Developing Application-Oriented Software with the Tools & Materials Approach Heinz Züllighoven IT'Workplace Solutions, Inc., and LJniversity of Hamburg, Germany as

More information

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table BAE Systems PCI Essentail PCI Requirements Coverage Summary Table Introduction BAE Systems PCI Essential solution can help your company significantly reduce the costs and complexity of meeting PCI compliance

More information

Cyber Protection for Building Automation and Energy Management Systems

Cyber Protection for Building Automation and Energy Management Systems Cyber Protection for Building Automation and Energy Management Systems IT and Network Operations Managers Perspective PROTECT YOUR INVESTMENT Reinforcing the Integrity of Enterprise Networks The intersection

More information

SharePoint 2010. Overview, Governance, and Planning. (^Rll^^fc^ i ip?"^biifiis:'iissiipi. Scott Jamison. Susan Hanley Mauro Cardarelli.

SharePoint 2010. Overview, Governance, and Planning. (^Rll^^fc^ i ip?^biifiis:'iissiipi. Scott Jamison. Susan Hanley Mauro Cardarelli. Ec,V$%fMM SharePoint 2010 i ip?"^biifiis:'iissiipi Overview, Governance, (^Rll^^fc^ and Planning Ipft^'" Scott Jamison Susan Hanley Mauro Cardarelli Upper Saddle River, NJ Boston Indianapolis San Francisco

More information

TCOM 562 Network Security Fundamentals

TCOM 562 Network Security Fundamentals TCOM 562 Network Security Fundamentals George Mason University Fall 2009 Jerry Martin Fairfax Campus Tel: (703) 993-3810 Email: gmartin@gmu.edu Office Hours: by appointment only 1. Announcements The class

More information

INCIDENT RESPONSE CHECKLIST

INCIDENT RESPONSE CHECKLIST INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged

More information

Winning the Hardware-Software Game

Winning the Hardware-Software Game Winning the Hardware-Software Game Using Game Theory to Optimize the Pace of New Technology Adoption Ruth D. Fisher PRENTICE Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto Montreal

More information

IT Networking and Security

IT Networking and Security elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer

More information

superseries FIFTH EDITION

superseries FIFTH EDITION Prelims-I046416.qxd 3/17/07 11:43 AM Page i Institute of Leadership & Management superseries Managing Conflict in the Workplace FIFTH EDITION Published for the Institute of Leadership & Management AMSTERDAM

More information

C. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer)

C. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer) I. Title A. Name: Information Systems Security Incident Response Policy B. Number: 20070103-secincidentresp C. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer)

More information

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM May 2015 Nguyễn Tiến Đức ASEAN Security Specialist Agenda Modern Malware: State of the Industry Dynamic Threat Intelligence on the Firewall

More information

RFID Field Guide. Deploying Radio Frequency Identification Systems. Manish Bhuptani Shahram Moradpour. Sun Microsystems Press A Prentice Hall Title

RFID Field Guide. Deploying Radio Frequency Identification Systems. Manish Bhuptani Shahram Moradpour. Sun Microsystems Press A Prentice Hall Title RFID Field Guide Deploying Radio Frequency Identification Systems Manish Bhuptani Shahram Moradpour Sun Microsystems Press A Prentice Hall Title PRENTICE HALL PTR Prentice Hall Professional Technical Reference

More information