Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

Transcription

1 Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted. Administrative Awareness Case Study: Government Offices Certification and Accreditation: Government Offices - possible sub-sections for details on the need for the CEH, CISSP, etc. Compliance Program Governance Employee Testing EU Countries: Training and Awareness Programs Hiring and Pre-Employment Inquiries Information Security Policies Information Security Policies: Collaborating with Leaders throughout the Enterprise Information Security Policies: Creating around ISO Information Security Procedures Information Security Program Governance Job Applicants and Prescreening Personnel and Employment Privacy: Governance Privacy: Guidelines Privacy: Policies Privacy: Procedures Privacy: Standards Privacy: Defining Personal Information - implementing privacy protections within the SDLC; sharing information with third parties; breach detection; breach response; face recognition systems; Small- to Medium-Sized Business Requirements: Information Security Program Governance Training - Suggested new employee overview Examples Prevention against social engineering, password best practices, peer awareness, Do s & Don ts, etc. Environmental Backup Power Supplies Building Automation Systems Facility Perimeter and Entry Heating, Ventilation, and Air Conditioning (HVAC) Internal Facility Security Mobile Device Physical Security Pandemics Physical Security Forensics - Lock Picking Pros and cons for the types of locks (electric, keypad, key-card, padlock, thumb scanner, etc) Many of these are tied to computers and servers as well - more security needed

2 Work Area Physical Security Economics with Information Assurance and Security - A discussion on the trade-offs or Security, Cost, Usability Ethics Issues Ethical computing Ethics considerations for the use of personal information for marketing Ethics considerations for the use of personal information for research Legal Compliance Contracts Cybercrime - due to broad area of topic, more specific entries will be required Due Care Forensics: Formal Models Forensics: Tools and Techniques - best practices, do s and don ts, etc. Insurance Intellectual Property Rights - Data Protection Laws and Regulations US EU Canada Asia Australia New Zealand South America Africa Legal Cases Smart Grid (or Energy Grid) - Smart meters, smart appliances, energy usage apps, use by law enforcement, use by investigators, standards Grid Communication Grid Scheduling Surveillance - GPS, geo-tagging and other geo-location apps Surveillance and Monitoring Terrorism Operational Access Controls Access Controls: Automation

3 Access Controls: Government Issues Access Controls: Methods Access Controls: Models Access Controls: Separation of Duties Applications and Systems Development: Maintenance and Retirement Applications Software Maintenance Audit and Compliance Audit and Compliance: Log Authorize Processing: Certification and Accreditation Biometrics Business Partner Management Capability Maturity Model Cloud Computing - privacy, security technology, public policy; maintaining compliance when using Define who owns the data on the cloud Where does it officially reside Who has diresdiction over it for investigations Overseas storage/computing Customer Preference Management and Customer Relationship Management Data Backups - policies (Example - typically not in the same location as main network) - security backups are just as vulnerable as main computers encrypted connections (both between main systems and stand alone connections) Data Flow Mapping Data Integrity Data Inventory Disaster Recovery Processes Emergency Preparedness Employee Management Hardware Maintenance Human Resources Data Management Identity Management and Customer Validation Identity Verification: Live Identity theft: medical identity theft; criminal identity theft; financial identity theft; identity spoofing; impersonation - Possible entries discuss online ID theft for forums, websites, social sites, etc. This could allow someone to gain access to information about the user s personal data as well to other people and connections. For example, if John is thinking he s talking to Mike, he may reveal more info. Or high-jacking a Google doc. International Data Flows: Creating data flow maps International Data Flows: Cross border data flow methods Mobile computing: IDS systems for mobile computing devices Mobile computing: Malware prevention Mobile computing: Creating and maintaining inventories Mobile computing: ireader (e.g., Kindles) security risks and risk mitigation Mobile computing: Tablets (e.g., ipads) security risks and risk mitigation Mobile computing: USB drive security risks and risk mitigation

4 Mobile computing: Smartphone security risks and risk mitigation Mobile computing: MP3 player (e.g., ipods) security risks and risk mitigation Outsourcing Penetration Testing - Wireless Penetration testing - Network Penetration testing - Physical Penetration testing Personnel Security Privacy: Breach Response Production and Input/Output Controls Response Procedures RFID - privacy, security, security controls, public policy, used for tracking criminals, used for monitoring patients Risk Analysis: U.K. Perspective (or U.S. perspective?) Risk Assessment Method: General description Risk Assessment Method: NIST SP Risk Assessment Method: OCTAVE Risk Assessment Method: FRAP Risk Assessment Method: FARES Risk Assessment Method: FAIR Risk Assessment Method: DIACAP Risk Management Systems Software Maintenance Threats and Vulnerabilities Other Case Studies Corporate Certifications Data Center Physical Security Document Classification Document Disposal Document Retention E-Commerce and Related Vulnerabilities Information Warfare Information Warfare: Cybercrime Case Studies Research and Surveys Securing Small Devices (gaming consoles to smart phones) - USB Drives/Thumb Drives - X-Boxes - Wiis - Printer security and privacy - Fax security and privacy Small Mobile Devices (Tablets, Phones) - Cross-service attack - Identification theft via application - Android Market it s hard to prevent malware installation if the user authorizes it

5 Social media: legal issues for business use; scams; malware; laws governing public use - SNS - cross-sns identify theft a lot of advertisement malware, viruses, keyloggers, etc. (Especially in cross-site hacking) Social Media: Security Issues Overview Social Media: Privacy Issues Overview Social Media: Tracking Social Media: Phishing Scams Social Media: Facebook Security Social Media: Facebook Privacy Social Media: Twitter Security Social Media: Twitter Privacy Social Media: LinkedIn Security Social Media: LinkedIn Privacy Social Media: YouTube Security Social Media: YouTube Privacy Social Media: Apps Security Social Media: Apps Privacy Social Media: Instant Messaging and Chat Security Social Media: Instant Messaging and Chat Privacy Mobile Apps: Security Mobile Apps: Privacy U.S. Government Standards and Generally Accepted Practices BS15000 Committee of Sponsoring Organizations of the Treadway Commission (COSO) Control Objectives for Information and Related Technology (COBIT) Generally Accepted System Security Principles (GASSP) ITIL Implementation Standards and Generally Accepted Practices: Miscellaneous - EU Standard - Fair Information Privacy Principles - Generally Accepted Privacy Principles - OECD Privacy Principles Technical Access Controls: Methods Access Controls: Systems Artificial Intelligence Authentication Authentication Methods: International Implementation Authentication Systems: Maintenance and Management Authentication: Systems Cloud computing: Overview Cloud computing: Infrastructure Security

6 Cloud computing: Validating the security of a cloud service provider Cloud computing: Securing delivery models Cloud computing: Security certifications Cloud computing: Access controls Cloud computing: Privacy concerns Cloud computing: Auditing Cloud computing: Cloud Security Alliance Cryptography Attacks Cryptography: Systems Cryptography: Data Hiding Cryptography: Digital Watermark Embedded Systems Encryption - Communication - Data transfer - Information security (ex. encrypting hard drive than need to de-crypted before booting) Firewall Technologies and Architecture Identity Verification: Online Intrusion Detection - Intrusion Prevention Investigative Controls Logical Access Controls Online Data Collection Preventative Controls Privacy: Notice Mechanisms Programming Languages Public Key Infrastructure Reactive Controls Reactive Controls: Active Response Remote Access Methods Remote Access Methods: Implementation across Multiple Worldwide Locations Supervisory Control and Data Acquisition (SCADA) Telecommunications and Network Communications Unified Communications and VoIP Web 2.0 and Other Web Technologies Wireless Network and Communication: Bluetooth Wireless Network and Communication: WiFi Threats and Vulnerabilities Backdoor Insider Threats s Found thumb-drives Legal Bomb Malware Advanced Persistent Threat (all facets) Phishing Programming Bugs

7 Spam Spyware Threats and Vulnerabilities: Emerging Website threats redirects, fake sites, impostor sites, pop-ups, auto installs, etc