part I Access Control Systems and Methodology -- chapter 1 Enhancing Security through Biometric Technology / chapter 2 Biometrics: What is New? -- chapter 3 Controlling FTP: Providing Secured Data Transfers -- chapter 4 Privacy in the Healthcare Industry -- chapter 5 The Case for Privacy / chapter 6 Biometric Identification / chapter 7 Single Sign-On for the Enterprise / chapter 8 Centralized Authentication Services (RADIUS, TACACS, DIAMETER) / chapter 9 An Introduction to Secure Remote Access / chapter 10 Hacker Tools and Techniques -- chapter 11 A New Breed of Hacker Tools and Defenses -- chapter 12 Social Engineering: The Forgotten Risk / chapter 13 Breaking News: The Latest Hacker Attacks and Defenses -- chapter 14 Counter-Economic Espionage / chapter 15 Penetration Testing / chapter 16 Penetration Testing -- part II TELECOMMUNICATIONS, NETWORK, AND INTERNET SECURITY -- chapter 17 Understanding SSL -- chapter 18 Packet Sniffers and Network Monitors -- chapter 19 Secured Connections to External Networks / chapter 20 Security and Network Technologies -- chapter 21 Wired and Wireless Physical Layer Security Issues / chapter 22 Network Router Security / chapter 23 What's Not So Simple About SNMP? -- chapter 24 Network and Telecommunications Media: Security from the Ground Up / chapter 25 Security and the Physical Network Layer -- chapter 26 Security of Wireless Local Area Networks -- chapter 27 Securing Wireless Networks / chapter 28 Wireless Security Mayhem: Restraining the Insanity of Convenience -- chapter 29 Wireless LAN Security Challenge -- chapter 30 ISO/OSI and TCP/IP Network Model Characteristics -- chapter 31 Enclaves: The Enterprise as an Extranet / chapter 32 IPSec Virtual Private Networks -- chapter 33 Firewalls: An Effective Solution for Internet Security / chapter 34 Internet Security: Securing the Perimeter / chapter 35 Extranet Access Control Issues / chapter 36 Application-Layer Security Protocols for Networks / chapter 37 Application Layer: Next Level of Security / chapter 38 Security of Communication Protocols and Services / chapter 39 An Introduction to IPSec / chapter 40 VPN Deployment and Evaluation Strategy / chapter 41 How to Perform a Security Review of a Checkpoint Firewall / chapter 42 Comparing Firewall Technologies / chapter 43 The (In)Security of Virtual Private Networks -- chapter 44 Cookies and Web Bugs: What They are and How They Work Together -- chapter 45 Leveraging Virtual Private Networks -- chapter 46 Wireless LAN Security -- chapter 47 Security for Broadband Internet Access Users / chapter 48 New Perspectives on VPNs / chapter 49 An Examination of Firewall Architectures -- chapter 50 Instant Messaging Security Issues / chapter 51 Voice Security -- chapter 52 Secure Voice Communications (VoI) -- chapter 53 Packet Sniffers: Use and Misuse / chapter 54 ISPs and Denial-of-Service Attacks / part III INFORMATION SECURITY MANAGEMENT -- chapter 55 The Human Side of Information Security -- chapter 56 Security Management -- chapter 57 Measuring ROI on Security.

chapter 58 Security Patch Management / chapter 59 Configuration Management: Charting the Course for the Organization -- chapter 60 Information Classification: A Corporate Implementation Guide / chapter 61 A Matter of Trust -- chapter 62 Trust Governance in a Web Services World -- chapter 63 Risk-Management and Analysis -- chapter 64 New Trends in Information Risk Management / chapter 65 Information Security in the Enterprise / chapter 66 Managing Enterprise Security Information / chapter 67 Risk Analysis and Assessment / chapter 68 Security Assessment -- chapter 69 Cyber-Risk Management: Technical and Insurance Controls for Enterprise-Level Security -- chapter 70 A Progress Report on the CVE Initiative -- chapter 71 Roles and Responsibilities of the Information Systems Security Officer / chapter 72 Information Protection: Organization, Roles, and Separation of Duties -- chapter 73 Organizing for Success: Some Human Resources Issues in Information Security -- chapter 74 Ownership and Custody of Data / chapter 75 Hiring Ex-Criminal Hackers -- chapter 76 Information Security Policies from the Ground Up -- chapter 77 Policy Development -- chapter 78 Toward Enforcing Security Policy: Encouraging Personal Accountability for Corporate Information Security Policy -- chapter 79 The Common Criteria for IT Security Evaluation / chapter 80 A Look at the Common Criteria / chapter 81 The Security Policy Life Cycle: Functions and Responsibilities / chapter 82 Maintaining Management’s Commitment / chapter 83 Making Security Awareness Happen / chapter 84 Making Security Awareness Happen: Appendices / chapter 85 Maintaining Information Security during Downsizing / chapter 86 The Business Case for Information Security: Selling Management on the Protection of Vital Secrets and Products -- chapter 87 How to Work with a Managed Security Service Provider -- chapter 88 Considerations for Outsourcing Security / chapter 89 Outsourcing Security -- part IV APPLICATION PROGRAM SECURITY -- chapter 90 Security Models for Object-Oriented Databases / chapter 91 Web Application Security -- chapter 92 Security for XML and Other Metadata Languages / chapter 93 XML and Information Security / chapter 94 Application Security / chapter 95 Covert Channels / chapter 96 Security as a Value Enhancer in Application Systems Development -- chapter 97 Open Source Versus Closed Source -- chapter 98 Reflections on Database Integrity / chapter 99 Digital Signatures in Relational Database Applications / chapter 100 Security and Privacy for Data Warehouses: Opportunity or Threat? -- chapter 101 Enterprise Security Architecture / chapter 102 Certification and Accreditation Methodology -- chapter 103 System Development Security Methodology / chapter 104 A Security-Oriented Extension of the Object Model for the Development of an Information System -- chapter 105 A Look at Java Security

chapter 106 Malware and Computer Viruses / chapter 107 Methods of Auditing Applications / part V Cryptography -- chapter 108 Three New Models for the Application of Cryptography / chapter 109 Auditing Cryptography: Assessing System Security / chapter 110 Message Authentication -- chapter 111 Stegnography: The Art of Hiding Messages -- chapter 112 An Introduction to Cryptography -- chapter 113 Hash Algorithms: From Message Digests to Signatures / chapter 114 A Look at the Advanced Encryption Standard (AES) / chapter 115 Principles and Applications of Cryptographic Key Management / chapter 116 Preserving Public Key Hierarchy / chapter 117 PKI Registration / chapter 118 Implementing Kerberos in Distributed Systems -- chapter 119 Methods of Attacking and Defending Cryptosystems / part VI Enterprise Security Architecture -- chapter 120 Security Infrastructure: Basics of Intrusion Detection Systems -- chapter 121 Firewalls, Ten Percent of the Solution: A Security Architecture Primer -- chapter 122 The Reality of Virtual Computing -- chapter 123 Overcoming Wireless LAN Security Vulnerabilities / chapter 124 Formulating and Enterprise Information Security Architecture -- chapter 125 Security Architecture and Models -- chapter 126 Common System Design Flaws and Security Issues / part VII Operations Security -- chapter 127 Operations: The Center of Support and Control -- chapter 128 Why Today's Security Technologies are So Inadequate: History, Implications, and New Approaches -- chapter 129 Physical Access Control / chapter 130 Auditing the Electronic Commerce Environment -- chapter 131 Improving Network-Level Security Through Real-Time Monitoring and Intrusion Detection -- chapter 132 Intelligent Intrusion Analysis: How Thinking Machines can Recognize Computer Intrusions -- chapter 133 Directory Security -- part VIII Business Continuity Planning -- chapter 134 Reengineering the Business Continuity Planning Process -- chapter 135 The Changing Face of Continuity Planning -- chapter 136 The Role of Continuity Planning in the Enterprise Risk-Management Structure -- chapter 137 Restoration Component of Business Continuity Planning / chapter 138 Business Resumption Planning and Disaster Recovery: A Case History -- chapter 139 Business Continuity Planning: A Colloborative Approach -- chapter 140 The Business Impact Assessment Process -- part IX LAW, INVESTIGATION, AND ETHICS -- chapter 141 Jurisdiction Issues in Global Transmissions -- chapter 142 Liability for Lax Computer Security in DDoS Attacks / chapter 143 The Final HIPAA Security Rule is Here! Now What? / chapter 144 HIPAA 201: A Framework Approach to HIPAA Security Readiness -- chapter 145 Computer Crime Investigations: Managing a Process Without any Golden Rules -- chapter 146 Computer Crime Investigation and Computer Forensics -- chapter 147 Operational Forensics / chapter 148 What Happened? -- chapter 149 The International Dimensions of Cyber-Crime -- chapter 150 Honeypot Essentials / chapter 151 CIRT: Responding to Attack -- chapter 152 Incident Response Management -- chapter 153 Managing the Response to a Computer Security Incident -- chapter 154 Cyber-Crime: Response, Investigation, and Prosecution -- chapter 155 Incident Response Exercises -- chapter 156 Software Forensics / chapter 157 Ethics and the Internet / part X Physical Security -- chapter 158 Physical Security: A Foundation For Information Security / chapter 159 Physical Security: Controlled Access and Layered Defense / chapter 160 Computing Facility Physical Security / chapter 161 Closed-Circuit Television and Video Surveillance -- chapter 162 Types of Information Security Controls / chapter 163 Physical Security: The Threat After September 11, 2001.