Handbook of Research on Information Security and Assurance

Handbook of Research on Information Security and Assurance

Jatinder N. D. Gupta, Sushil Sharma

Copyright: © 2009 |Pages: 586

ISBN13: 9781599048550|ISBN10: 1599048558|EISBN13: 9781599048567

DOI: 10.4018/978-1-59904-855-0

Cite Book Cite Book

MLA

Gupta, Jatinder N. D., and Sushil Sharma, editors. Handbook of Research on Information Security and Assurance. IGI Global, 2009. https://doi.org/10.4018/978-1-59904-855-0

APA

Gupta, J. N. & Sharma, S. (Eds.). (2009). Handbook of Research on Information Security and Assurance. IGI Global. https://doi.org/10.4018/978-1-59904-855-0

Chicago

Gupta, Jatinder N. D., and Sushil Sharma, eds. Handbook of Research on Information Security and Assurance. Hershey, PA: IGI Global, 2009. https://doi.org/10.4018/978-1-59904-855-0

Export Reference

Favorite Full-Book Download

While emerging information and internet ubiquitous technologies provide tremendous positive opportunities, there are still numerous vulnerabilities associated with technology. Attacks on computer systems are increasing in sophistication and potential devastation more than ever before. As such, organizations need to stay abreast of the latest protective measures and services to prevent cyber attacks.

The Handbook of Research on Information Security and Assurance includes 47 chapters offering comprehensive definitions and explanations on topics such as firewalls, information warfare, encryption standards, and social and ethical concerns in enterprise security. Edited by over 90 scholars in information science, this reference provides tools to combat the growing risk associated with technology.

Table of Contents

Reset

Front Materials

Title Page

Copyright Page

Editorial Advisory Board

Preface

Acknowledgment

Chapters

Enterprise Security

Chapter 1

Ransomware: A New Cyber Hijacking Threat to Enterprises (pages 1-6)

Xin Luo, Qinyu Liao

In computer virology, advanced encryption algorithms, on the bright side, can be utilized to effectively protect valuable information assets of enterprises. Yet, on the dark side, they can also be of use for malicious attackers to...

Chapter 2

E-Commerce: The Benefits, Security Risks, and Countermeasures (pages 7-17)

Joon S. Park

E-commerce has grown immensely with the increase in activity on the Internet, and this increase in activity, while immeasurable, has also presented several different security risks. As with any other means of business, it cannot be...

Chapter 3

Information Warfare: Survival of the Fittest (pages 18-28)

Pamela Ajoku

Even though weapons and money are considered important factors for running a modern world, at the end of the day, it is all about controlling and exploiting information for political, military, economic, and commercial advantage. The...

Chapter 4

Evolution of Enterprise Security Federation (pages 29-41)

Gaeil An, Joon S. Park

In this chapter, we discuss the evolution of the enterprise security federation, including why the framework should be evolved and how it has been developed and applied to real systems. Furthermore, we analyze the remaining...

Chapter 5

A Holistic Approach to Information Security Assurance and Risk Management in an Enterprise (pages 42-54)

Roy Ng

The hypergrowth of computing and communications technologies increases security vulnerabilities to organizations. The lack of resources training, the complexity of new technologies, and the slow legislation process to deter the...

Chapter 6

An Integrative Framework for the Study of Information Security Management Research (pages 55-67)

John D’Arcy, Anat Hovav

A number of academic studies that focus on various aspects of information security management (ISM) have emerged in recent years. This body of work ranges from the technical, economic, and behavioral aspects of ISM to the effect of...

Chapter 7

Information Systems Risk Management: An Audit and Control Approach (pages 68-84)

Aditya Ponnam

Organizations worldwide recognize the importance of a comprehensive, continuously evolving risk assessment process, built around a solid risk strategy that properly manages internal and external threats. A comprehensive enterprise...

Security Approaches, Frameworks, Tools, and Technologies

Chapter 8

Distributed Denial of Service Attacks in Networks (pages 85-97)

Udaya Kiran Tupakula

In this chapter we discuss Distributed Denial of Service (DDoS) attacks in networks such as the Internet, which have become significantly prevalent over the recent years. We explain how DDoS attacks are performed and consider the...

Chapter 9

Firewalls as Continuing Solutions for Network Security (pages 98-108)

Andy Luse

This chapter describes various firewall conventions, and how these technologies operate when deployed on a corporate network. Terms associated with firewalls, as well as related concepts, are also discussed. Highly neglected internal...

Chapter 10

An Immune-Inspired Approach to Anomaly Detection (pages 109-121)

Jamie Twycross

The immune system provides a rich metaphor for computer security: anomaly detection that works in nature should work for machines. However, early artificial immune system approaches for computer security had only limited success....

Chapter 11

Cryptography for Information Security (pages 122-138)

Wasim A. Al-Hamdani

This chapter introduces cryptography from information security phase rather than from deep mathematical and theoretical aspects, along with cryptography application in information security. The chapters introduce classical...

Chapter 12

Memory Corruption Attacks, Defenses, and Evasions (pages 139-151)

Carlo Belletini

The chapter introduces and describes representative defense mechanisms to protect from both basic and advanced exploitation of low-level coding vulnerabilities. Exploitation of low-level coding vulnerabilities has evolved from a...

Chapter 13

Design and Implementation of a Distributed Firewall (pages 152-164)

Dalila Boughaci, Brahim Oubeka, Abdelkader Aissioui, Habiba Drias, Belaïd Benhamou

This chapter presents the design and the implementation of a decentralized firewall. The latter uses autonomous agents to coordinately control the traffic on the network. The proposed framework includes a set of controllers’ agents...

Chapter 14

A Formal Verification Centred Development Process for Security Protocols (pages 165-178)

Tom Coffey

This chapter concerns the correct and reliable design of modern security protocols. It discusses the importance of formal verification of security protocols prior to their release by publication or implementation. A discussion on...

Chapter 15

Edge-to-Edge Network Monitoring to Detect Service Violations and DoS Attacks (pages 179-192)

Ahsan Habib

This chapter develops a distributed monitoring scheme that uses edge-to-edge measurements to identify congested links and capture the misbehaving flows that violate service-level-agreements and inject excessive traffic that leads...

Chapter 16

A "One-Pass" Methodology for Sensitive Data Disk Wipes (pages 193-201)

Doug White, Alan Rea

Hard disk wipes are a crucial component of computing security. However, more often than not, hard drives are not adequately processed before either disposing or reusing them within an environment. When an organization does not follow...

Chapter 17

Securing E-Mail Communication with XML Technology (pages 202-217)

Lijun Liao

This chapter deals with the issues concerning e-mail communication security. We analyze the most popular security mechanisms and standards related to the e-mail communication and identify potential threats and vulnerabilities. The...

Chapter 18

Aspect-Oriented Analysis of Security in Distributed Virtual Environment (pages 218-229)

Li Yang, Raimund K. Ege, Lin Luo

This chapter describes our approach to handle security in a complex Distributed Virtual Environment (DVE). The modules of such an environment all need to be concerned about security. An object-oriented model of a DVE allows us to...

Chapter 19

Information Availability (pages 230-239)

Deepak Khazanchi

This chapter describes the concept of information availability (IAV) which is considered an important element of information security. IAV is defined as the ability to make information and related resources accessible as needed, when...

Chapter 20

Formal Analysis and Design of Authentication Protocols (pages 240-253)

Siraj Ahmed Shaikh

The purpose of this chapter is to introduce the reader to the research area of formal analysis of authentication protocols. It briefly introduces the basic notions of cryptography and its use in authentication protocols. The chapter...

Chapter 21

Access Control Frameworks for a Distributed System (pages 254-265)

Rajeev R. Raje, Alex Crespi, Omkar J. Tilak, Andrew M. Olson

Component-based software development offers a promising technique for creating distributed systems. It does require a framework for specifying component properties, analyzing the behaviors of a system before composition, and...

Chapter 22

Implications of FFIEC Guidance on Authentication in Electronic Banking (pages 266-278)

Manish Gupta, JinKyu Lee, H. R. Rao

The Internet has emerged as the dominant medium in enabling banking transactions. Adoption of e-banking has witnessed an unprecedented increase over the last few years. In today’s online financial services environment, authentication...

Chapter 23

Disruptive Technology Impacts on Security (pages 279-291)

Sue Conger

Historically, companies have automated a security model that analogizes the concept of a “guardian” who monitors incoming and outgoing activities and data, and this has worked with emerging technologies to this point. This chapter...

Security Policies and Procedures

Chapter 24

Internal Auditing for Information Assurance (pages 292-300)

Sushma Mishra

Internal auditing has become increasingly important in current business environments. In this era of the Sarbanes- Oxley Act and other similar legislations, regulatory compliance requires elaborate organizational planning. Auditing...

Chapter 25

IT Continuity in the Face of Mishaps (pages 301-307)

William H. Friedman

This chapter is management oriented. It first proposes a general theoretical context for IT disasters within the wider class of all types of disasters to which a business is subject—whether caused by natural or human action. After...

Chapter 26

Business Continuity and Disaster Recovery Plans (pages 308-319)

Yvette Ghormley

This chapter describes the tools that businesses can use to create a Business Continuity and Disaster Recovery Plan. Utilizing business modeling, business impact analysis, risk analysis, and mitigation strategies, businesses can...

Chapter 27

Security Policies and Procedures (pages 320-330)

Yvette Ghormley

The number and severity of attacks on computer and information systems in the last two decades has steadily risen and mandates the use of security policies by organizations to protect digital as well as physical assets. Although the...

Chapter 28

Enterprise Access Control Policy Engineering Framework (pages 331-340)

Arjmand Samuel

This chapter outlines the overall access control policy engineering framework in general and discusses the subject of validation of access control mechanisms in particular. Requirements of an access control policy language are...

Chapter 29

Information Security Policies: Precepts and Practices (pages 341-346)

Sushil K. Sharma, Jatinder N.D. Gupta

The purpose of the information security policy is to establish an organization-wide approach to prescribe mechanisms that help identify and prevent the compromise of information security and the misuse of organization’s data...

Chapter 30

A Guide to Non-Disclosure Agreements for Researchers (pages 347-359)

Paul D. Witman

This chapter provides a set of guidelines to assist information assurance and security researchers in creating, negotiating, and reviewing non-disclosure agreements, in consultation with appropriate legal counsel. It also reviews the...

Chapter 31

Assurance for Temporal Compatibility Using Contracts (pages 360-371)

Omkar J. Tilak

Software realization of a large-scale Distributed Computing System (DCS) is achieved through the Componentbased Software Development (CBSD) approach. A DCS consists of many autonomous components that interact with each other to...

Chapter 32

Spatial Authentication Using Cell Phones (pages 372-381)

Arjan Durresi

The latest estimates suggest that there are over two billion cell phone users worldwide. The massive worldwide usage has prompted technological advances which have resulted in more features being packed in the same phone. New dual...

Mitigating Security Risks

Chapter 33

Plugging Security Holes in Online Environment (pages 382-392)

Sushil K. Sharma, Jatinder N.D. Gupta, Ajay K. Gupta

The ability to perform E-Commerce over the Internet has become the driver of the new digital economy. As it has opened up opportunities for businesses and consumers to conduct online transactions on a 24/7 basis, at the same time, it...

Chapter 34

Six Keys to Improving Wireless Security (pages 393-401)

Erik Graham, Paul John Steinbart

This chapter presents a step-by-step approach to improving the security of wireless networks. It describes the basic threats to achieving the security objectives of confidentiality, integrity, and availability when using wireless...

Chapter 35

Human Factors in Information Security and Privacy (pages 402-414)

Robert W. Proctor, E. Eugene Schultz, Kim-Phuong L. Vu

Many measures that enhance information security and privacy exist. Because these measures involve humans in various ways, their effectiveness depends on the human factor. This chapter reviews basic components of information security...

Chapter 36

Threat Modeling and Secure Software Engineering Process (pages 415-422)

Wm. Arthur Conklin

Software defects lead to security vulnerabilities, which cost businesses millions of dollars each year and threaten the security of both individuals and the nation. Changes to the software engineering process can help to reduce the...

Chapter 37

Guarding Corporate Data from Social Engineering Attacks (pages 423-432)

Christopher M. Botelho, Joseph A. Cazier

The threat of social engineering attacks is prevalent in today’s society. Even with the pervasiveness of mass media’s coverage of hackers and security intrusions, the general population is not aware of the possible damage that could...

Chapter 38

Data Security for Storage Area Networks (pages 433-440)

Tom Clark

Data storage is playing an increasingly visible role in securing application data in the data center. Today virtually all large enterprises and institutions worldwide have implemented networked storage infrastructures to provide high...

Chapter 39

Security Awareness: Virtual Environments and E-Learning (pages 441-446)

Edgar Weippl

This chapter outlines advanced options for security training. It builds on previous publications (Weippl 2005, 2006) and expands them by including aspects of European-wide cooperation efforts in security awareness. Various examples...

Chapter 40

Security-Efficient Identity Management Using Service Provisioning (Markup Language) (pages 447-457)

Manish Gupta

Enterprises are increasingly interested in new and cost effective technologies to leverage existing investments in IT and extend capabilities to reduce costs and improve security and productivity. User account and password management...

Chapter 41

A Strategy for Enterprise VoIP Security (pages 458-466)

Dwayne Stevens, David T. Green

Voice over Internet Protocol (VoIP) networks signal an evolution in telecommunications that is accelerating the convergence of the Internet and the public switched telephone network (PSTN). Offering decreased costs and other...

Chapter 42

Critical Success Factors and Indicators to Improve Information Systems Security Management Actions (pages 467-482)

Jose M. Torres

This chapter presents an Information Systems Security Management Framework (ISSMF) which encapsulates eleven Critical Success Factors (CSFs) along with a set of 62 indicators to properly manage and track the evolution of security...

Chapter 43

Privacy, Societal, and Ethical Concerns in Security (pages 483-494)

Rebecca H. Rutherfoord

This chapter will deal with issues of privacy, societal, and ethical concerns in enterprise security. Security for a company is defined as protecting a company from attack. Yet, the soft side of this attack deals with protecting the...

Chapter 44

An MDA Compliant Approach for Designing Secure Data Warehouses (pages 495-503)

Rodolfo Villarroel, Eduardo Fernández-Medina, Juan Trujillo, Mario Piattini

This chapter presents an approach for designing secure Data Warehouses (DWs) that accomplish the conceptual modeling of secure DWs independently from the target platform where the DW has to be implemented, because our complete...

Chapter 45

Survivability Evaluation Modeling Techniques and Measures (pages 504-517)

Hai Wang

This chapter introduces the survivability evaluation, especially on the corresponding evaluation criteria and modeling techniques. The content of this chapter includes an overview of the literature of computer system dependability or...

Chapter 46

The Last Line of Defense: A Comparison of Windows and Linux Authentication and Authorization Features (pages 518-528)

Art Taylor

With the rise of the Internet, computer systems appear to be more vulnerable than ever from security attacks. Much attention has been focused on the role of the network in security attacks, but evidence suggests that the computer...

Chapter 47

Bioterrorism and Biosecurity (pages 529-536)

M. Pradhan

Information Technology can be used at all levels to counter attack bioterrorism. This article gives an overview of use of Information Technology for Biosecurity measures. Biosecurity measures involve information with respect to...

Back Materials

About the Contributors

Index

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.

Username or email: *

Password: *

Forgot individual login password?

Create individual account