ABSTRACT

Charged with ensuring the confidentiality, integrity, availability, and delivery of all forms of an entity's information, Information Assurance (IA) professionals require a fundamental understanding of a wide range of specializations, including digital forensics, fraud examination, systems engineering, security risk management, privacy, and compliance. Establishing this understanding and keeping it up to date requires a resource with coverage as diverse as the field it covers.

Filling this need, the Encyclopedia of Information Assurance presents an up-to-date collection of peer-reviewed articles and references written by authorities in their fields. From risk management and privacy to auditing and compliance, the encyclopedia’s four volumes provide comprehensive coverage of the key topics related to information assurance. This complete IA resource:

  • Supplies the understanding needed to help prevent the misuse of sensitive information
  • Explains how to maintain the integrity of critical systems
  • Details effective tools, techniques, and methods for protecting personal and corporate data against the latest threats
  • Provides valuable examples, case studies, and discussions on how to address common and emerging IA challenges

Placing the wisdom of leading researchers and practitioners at your fingertips, this authoritative reference provides the knowledge and insight needed to avoid common pitfalls and stay one step ahead of evolving threats.

Also Available Online
This Taylor & Francis encyclopedia is also available through online subscription, offering a variety of extra benefits for researchers, students, and librarians, including:

 Citation tracking and alerts

 Active reference linking

 Saved searches and marked lists

 HTML and PDF format options

Contact Taylor and Francis for more information or to inquire about subscription options and print/online combination packages.
US: (Tel) 1.888.318.2367; (E-mail) e-reference@taylorandfrancis.com
International: (Tel) +44 (0) 20 7017 6062; (E-mail) online.sales@tandf.co.uk

entry |11 pages

Quantum Cryptography

entry |10 pages

Access Controls: PKI-Based

entry |7 pages

Accountability

entry |7 pages

Adaptable Protocol Framework

entry |6 pages

Advanced Encryption Standard (AES)

entry |4 pages

Applets: Network Security

entry |7 pages

Application Layer Security

entry |9 pages

Application Layer Security: Network Protocols

entry |5 pages

Application Security

entry |11 pages

Application Security: World Wide Web

entry |6 pages

Application Service Providers: Information Assurance Considerations

entry |16 pages

Application Service Providers: Secure Relationships

entry |13 pages

Application Systems Development

entry |7 pages

Applications: Auditing

entry |5 pages

Architecture: Biological Cells

entry |10 pages

Architecture: Firewalls

entry |12 pages

Architecture: Models

entry |8 pages

Architecture: Secure

entry |11 pages

Artificial Intelligence (AI): Intrusion Analysis

entry |9 pages

Asynchronous Transfer Mode (ATM): Integrity and Security

entry |5 pages

Auditing: Self-Hacking

entry |10 pages

Awareness and Training

entry |9 pages

Awareness and Training: Appendices

entry |6 pages

Awareness and Training: Briefing for the End User

entry |10 pages

Awareness and Training: Effective Methods

entry |8 pages

Awareness and Training: Framework

entry |7 pages

Awareness and Training: Motivational and Psychological Factors

entry |9 pages

Awareness and Training: Program Elements

entry |3 pages

Bally v. Faber

entry |12 pages

Biometrics: Identification

entry |4 pages

Biometrics: New Methods

entry |5 pages

Bluesnarfing

entry |6 pages

Broadband Internet Access

entry |9 pages

Buffer Overflows: Attacks

entry |9 pages

Buffer Overflows: Stack-Based

entry |8 pages

Business Continuity Management: Maintenance Processes

entry |11 pages

Business Continuity Management: Metrics

entry |5 pages

Business Continuity Management: Priorities

entry |11 pages

Business Continuity Management: Testing

entry |6 pages

Business Continuity Management: Testing, Maintenance, Training, and Awareness

entry |6 pages

Business Continuity Planning

entry |13 pages

Business Continuity Planning: Best Practices and Program Maturity

entry |7 pages

Business Continuity Planning: Case Study

entry |7 pages

Business Continuity Planning: Collaborative Approach

entry |10 pages

Business Continuity Planning: Distributed Environment

entry |9 pages

Business Continuity Planning: Enterprise Risk Management Structure

entry |7 pages

Business Continuity Planning: Evolution in Response to Major News Events

entry |10 pages

Business Continuity Planning: Process Reengineering

entry |7 pages

Business Continuity Planning: Restoration Component

entry |6 pages

Business Continuity Planning: Strategy Selection

entry |13 pages

Business Impact Analysis: Business Process Mapping

entry |12 pages

Business Impact Analysis: Process

entry |7 pages

Business Partnerships: Validation

entry |10 pages

Capability Maturity Model

entry |4 pages

Career Management

entry |10 pages

Centralized Authentication Services

entry |12 pages

Certification and Accreditation: Methodology

entry |16 pages

Certification Testing

entry |8 pages

Committee of Sponsoring Organizations (COSO)

entry |7 pages

Common Criteria

entry |11 pages

Common Criteria: IT Security Evaluation

entry |7 pages

Communication Protocols and Services

entry |8 pages

Compliance Assurance

entry |13 pages

Computer Abuse

entry |6 pages

Computer Crime

entry |12 pages

Computer Crime: Investigations

entry |8 pages

Configuration Management

entry |13 pages

Configuration Management: Process Stages

entry |9 pages

Controls: CISSP and Common Body of Knowledge (CBK)

entry |7 pages

Cookies and Web Bugs

entry |7 pages

Corporate Governance

entry |8 pages

Corporate Security: IT Organization

entry |6 pages

Covert Channels

entry |5 pages

Covert Channels: Analysis and Recommendations

entry |7 pages

Crime Prevention: Environmental Design

entry |5 pages

Critical Business Functions

entry |8 pages

Cross-Site Scripting (XSS)

entry |13 pages

Cryptography

entry |3 pages

Cryptography: Auditing

entry |10 pages

Cryptography: Cryptosystems

entry |6 pages

Cryptography: Elliptic Curve

entry |14 pages

Cryptography: Encryption and

entry |11 pages

Cryptography: Key Management: Functions and Principles

entry |8 pages

Cryptography: Key Management: History and Myths

entry |10 pages

Cryptography: Quantum

entry |7 pages

Cryptography: Transitions

entry |8 pages

Customer Relationship Management (CRM)

entry |13 pages

Cybercrime: Council of Europe

entry |5 pages

Cybercrime: Response, Investigation, and Prosecution

entry |13 pages

Cyber-Risk Management: Enterprise-Level Security

entry |8 pages

Data Access Controls: Sensitive or Critical

entry |10 pages

Data at Rest

entry |9 pages

Data Centers: Security

entry |4 pages

Data Centers: Site Selection and Facility Design

entry |8 pages

Data Sanitization: SQL Injection

entry |16 pages

Data Warehouses: Datamarts and

entry |15 pages

Data Warehouses: Security and Privacy

entry |5 pages

Database Integrity

entry |7 pages

Defense in Depth: Network, Systems, and Applications Controls

entry |6 pages

Denial-of-Service Attacks

entry |11 pages

Digital Crime Scene Analysis (DCSA)

entry |4 pages

Digital Forensics and E-Discovery

entry |7 pages

Directory Security

entry |4 pages

Distributed Computing: Grid Environment

entry |4 pages

DoD Information Assurance Certification and Accreditation Process (DIACAP)

entry |4 pages

Domain Name Service (DNS) Attacks

entry |4 pages

Downsizing: Maintaining Information Security

entry |14 pages

Due Care: Minimum Security Standards

entry |13 pages

Electronic Commerce: Auditing

entry |6 pages

E-Mail and Data Communications: Dial-In Hazards

entry |8 pages

E-Mail Retention Policy: Legal Requirements

entry |9 pages

E-Mail: Pretty Good Privacy

entry |15 pages

E-Mail: Security

entry |5 pages

E-Mail: Spam

entry |8 pages

Enclaves: Enterprise as Extranet

entry |5 pages

Encryption Key Management

entry |15 pages

End Node Security and Network Access Management

entry |5 pages

Enterprise Information Assurance: Framework

entry |9 pages

Enterprise Information Assurance: Key Components

entry |14 pages

Enterprise Information Security: Architectural Design and Deployment

entry |12 pages

Enterprise Security Capability: Common Models

entry |13 pages

Enterprise Security Information

entry |11 pages

Espionage: Counter-Economic

entry |7 pages

Ethics

entry |8 pages

Ethics: Internet

entry |10 pages

Event Management

entry |11 pages

External Networks: Secured Connections

entry |8 pages

Extranet Access Control

entry |7 pages

Fax Machines

entry |20 pages

Firewall Architectures

entry |6 pages

Firewall Architectures: Other Issues

entry |12 pages

Firewall Architectures: Platforms

entry |5 pages

Firewall Architectures: Viruses and Worms

entry |8 pages

Firewall Technologies: Comparison

entry |13 pages

Firewalls: Checkpoint Security Review

entry |5 pages

Firewalls: Internet Security

entry |4 pages

Forensics

entry |7 pages

Forensics and Legal Proceedings

entry |11 pages

Forensics: Computer Crime Investigation

entry |16 pages

Forensics: Non-Liturgical Examinations

entry |5 pages

Forensics: Operational

entry |7 pages

Forensics: Rules of Evidence

entry |4 pages

Format String Vulnerabilities

entry |16 pages

Fraud: Employee Identification

entry |10 pages

FTP: Secured Data Transfers

entry |5 pages

Global Transmissions: Jurisdictional Issues

entry |8 pages

Hackers: Attacks and Defenses

entry |9 pages

Hackers: Hiring Ex-Criminal

entry |11 pages

Hackers: Tools and Techniques

entry |5 pages

Halon Fire Suppression Systems

entry |6 pages

Hash Algorithms

entry |11 pages

Health Insurance Portability and Accountability Act (HIPAA)

entry |13 pages

Health Insurance Portability and Accountability Act (HIPAA): Requirements

entry |9 pages

Health Insurance Portability and Accountability Act (HIPAA): Security Readiness

entry |6 pages

Health Insurance Portability and Accountability Act (HIPAA): Security Requirements

entry |9 pages

Healthcare Industry

entry |8 pages

High-Tech Trade Secrets

entry |5 pages

Honeypots and Honeynets

entry |6 pages

Host-Based Firewalls: Case Study

entry |10 pages

Human Resources: Issues

entry |14 pages

Identity Management

entry |7 pages

Identity Management Systems: Components

entry |12 pages

Identity Theft

entry |8 pages

Identity-Based Self-Defending Network: 5W Network

entry |8 pages

Incident Response: Evidence Handling

entry |8 pages

Incident Response: Exercises

entry |9 pages

Incident Response: Management

entry |8 pages

Incident Response: Managing

entry |12 pages

Incident Response: Privacy Breaches

entry |9 pages

Information Classification

entry |10 pages

Information Flow

entry |6 pages

Information Flow: Emerging and Potential Techniques and Covert Channels

entry |8 pages

Information Flow: Selecting Countermeasures

entry |13 pages

Information Protection

entry |10 pages

Information Security Basics: Effective Practices

entry |7 pages

Information Security Controls: Types

entry |5 pages

Information Security Governance: Basic Corporate Organization

entry |14 pages

Information Security Governance: Corporate Organization, Frameworks, and Reporting

entry |6 pages

Information Security Management Systems (ISMSs)

entry |6 pages

Information Security Management Systems (ISMSs): Risk Diagnosis and Treatment

entry |7 pages

Information Security Management: Purpose

entry |7 pages

Information Security Policies

entry |4 pages

Information Systems Security Engineering Professional (ISSEP)

entry |4 pages

Information Systems Security Officer: Roles and Responsibilities

entry |10 pages

Information Technology Infrastructure Library (ITIL®)

entry |7 pages

Information Warfare

entry |17 pages

Information Warfare: Tactics

entry |6 pages

Insider Threats

entry |4 pages

Insider Threats: System and Application Weaknesses

entry |6 pages

Inspection Technologies: Deep Packets

entry |12 pages

Instant Messaging

entry |7 pages

Integrated Threat Management

entry |6 pages

Intelligent Agents: Network Security

entry |11 pages

International Issues

entry |8 pages

Internet Mobile Code

entry |7 pages

Internet Security

entry |10 pages

Internet Service Providers (ISPs): Accountability

entry |4 pages

Intranets: Risk

entry |8 pages

Intrusion Detection Systems (IDSs)

entry |8 pages

Intrusion Detection Systems (IDSs): Implementation

entry |10 pages

Intrusion Prevention Systems

entry |7 pages

IP Security Protocol Working Group (IPSec)

entry |5 pages

IPv6: Expanding Internet Support

entry |5 pages

ISO Standards and Certification

entry |4 pages

IT Governance Institute (ITGI)

entry |4 pages

Java

entry |9 pages

Kerberos™

entry |12 pages

Kerberos™: Management

entry |8 pages

Kerberos™: Ongoing Development

entry |17 pages

Kerberos™: Services and Functions

entry |15 pages

LAN/WAN Security

entry |9 pages

Laws and Regulations: e-Discovery

entry |12 pages

Malicious Code

entry |3 pages

Malicious Code: Fast-Scanning Worms

entry |9 pages

Malicious Code: Organized Crime

entry |15 pages

Malicious Code: Quasi-Intelligence

entry |8 pages

Malicious Code: Rootkits

entry |10 pages

Managed Security Service Providers (MSSPs)

entry |7 pages

Management Commitment

entry |13 pages

Management Commitment: Security Councils

entry |4 pages

Management Compliance: Confidential Information

entry |7 pages

Management Support of IT: Survey

entry |5 pages

Mashups and Composite Applications

entry |16 pages

Mergers and Acquisitions

entry |6 pages

Message Digests

entry |7 pages

Mobile Data Security

entry |12 pages

NERC Corporation: Compliance

entry |11 pages

Network and Telecommunications: Media

entry |3 pages

Network Content Filtering and Leak Prevention

entry |5 pages

Network Layer Security

entry |8 pages

Network Router Security

entry |7 pages

Network Security

entry |4 pages

Network Security: Trapping Intruders

entry |14 pages

Network Technologies

entry |15 pages

Neural Networks and Information Assurance Uses

entry |7 pages

Next-Generation Security Application Development

entry |5 pages

Object-Based Applications: Testing

entry |5 pages

Object-Oriented Databases: Security Models

entry |5 pages

Object-Oriented Programming

entry |9 pages

Offshore Development

entry |14 pages

Open Source

entry |8 pages

Open Standards

entry |9 pages

Operations Security: Abuses

entry |9 pages

Operations Security: Controls

entry |5 pages

Operations Security: Support and Control

entry |16 pages

Organization Culture

entry |11 pages

Outsourcing

entry |6 pages

Ownership and Custody of Data

entry |7 pages

Packet Sniffers

entry |18 pages

Passwords and Policy Threat Analysis

entry |4 pages

Patch Management

entry |12 pages

Patch Management: Process

entry |5 pages

PBX Firewalls

entry |5 pages

Penetration Testing

entry |10 pages

Penetration Testing: Policies

entry |9 pages

PeopleSoft Security

entry |9 pages

Perimeter Security

entry |6 pages

Personal Accountability: Corporate Information Security Policy

entry |4 pages

Personnel: Practices

entry |12 pages

Personnel: Security Roles

entry |12 pages

Personnel: Security Screening

entry |6 pages

Phishing

entry |13 pages

Physical Access Control

entry |6 pages

Physical Layer Security: Networks

entry |6 pages

Physical Layer Security: Wired and Wireless Connections

entry |7 pages

Physical Security

entry |9 pages

Physical Security: Controlled Access and Layered Defense

entry |7 pages

Physical Security: Facilities

entry |3 pages

Physical Security: Mantraps and Turnstiles

entry |3 pages

Physical Security: Melding with Information Systems Security

entry |16 pages

Physical Security: Mission-Critical Facilities and Data Centers

entry |17 pages

Physical Security: Threat after September 11th, 2001

entry |5 pages

Planning for the Future: Challenges

entry |4 pages

Pod Slurping: Concepts

entry |2 pages

Pod-Slurping: Other Vulnerabilities

entry |16 pages

Policy Development: Needs

entry |5 pages

Portable Computing Environments

entry |10 pages

Privacy Breaches: Policies, Procedures, and Notification

entry |9 pages

Privacy Governance: Effective Methods

entry |8 pages

Privacy: Healthcare Industry

entry |3 pages

Privacy: Legal Issues

entry |4 pages

Privacy: Policy Formation

entry |4 pages

Proxy Servers

entry |5 pages

Public Key Hierarchy

entry |8 pages

Public Key Infrastructure (PKI)

entry |11 pages

Public Key Infrastructure (PKI): E-Business

entry |10 pages

Public Key Infrastructure (PKI): Registration

entry |5 pages

Quantum Computing

entry |4 pages

Radio Frequency Identification (RFID)

entry |8 pages

RADIUS: Access Control

entry |12 pages

Reduced Sign-On

entry |5 pages

Redundant Arrays of Independent Disks (RAID)

entry |9 pages

Relational Database Access Controls: SQL

entry |10 pages

Relational Database Security

entry |9 pages

Remote Access: Secure

entry |3 pages

Return on Investment (ROI)

entry |8 pages

Risk Analysis and Assessment: Risk Assessment Tasks

entry |9 pages

Risk Analysis and Assessment: Risk Management Tasks

entry |3 pages

Risk Analysis and Assessment: Terms and Definitions

entry |6 pages

Risk Assessment

entry |6 pages

Risk Management

entry |6 pages

Risk Management and Analysis

entry |6 pages

Risk Management Model: Technology Convergence

entry |10 pages

Risk Management: Enterprise

entry |5 pages

Risk Management: Trends

entry |9 pages

Role-Based Access Control

entry |8 pages

Sarbanes-Oxley Act of 2002 (SOX)

entry |7 pages

Sarbanes-Oxley Act of 2002 (SOX): Compliance

entry |9 pages

Secure Socket Layer (SSL)

entry |7 pages

Security Breaches: Reporting

entry |6 pages

Security Controls: Dial-Up

entry |6 pages

Security Development Lifecycle

entry |7 pages

Security Incident Response

entry |8 pages

Security Information and Event Management (SIEM)

entry |6 pages

Security Information Management: Myths and Facts

entry |10 pages

Security Management Program: Prioritization

entry |6 pages

Security Management Team Organization

entry |12 pages

Security Policy Development and Distribution: Web-Based

entry |9 pages

Security Policy Lifecycle: Functions and Responsibilities

entry |12 pages

Security Risk: Goals Assessment

entry |11 pages

Security Teams: Effective Methods

entry |8 pages

Security Test and Evaluation

entry |6 pages

Server Security Policies

entry |4 pages

Service Level Agreements

entry |12 pages

Service Oriented Architecture (SOA)

entry |7 pages

Simple Network Management Protocol (SNMP)

entry |15 pages

Single Sign-On: Enterprise

entry |8 pages

Smartcards

entry |10 pages

Social Engineering: Mitigation

entry |8 pages

Software Development Lifecycles: Security Assessments

entry |5 pages

Software Piracy

entry |10 pages

Sploits

entry |4 pages

Spoofing and Denial of Service Attacks

entry |14 pages

Spyware

entry |10 pages

Spyware: Ethical and Legal Concerns

entry |5 pages

Standards

entry |4 pages

State of Washington v. Heckel

entry |4 pages

Steganography

entry |4 pages

Steganography: Detection

entry |12 pages

Storage Area Networks

entry |6 pages

Surveillance: Closed-Circuit Television and Video

entry |7 pages

System Design Flaws

entry |12 pages

System Development Security: Methodology

entry |11 pages

Systems Development: Object-Oriented Security Model

entry |7 pages

Systems Integrity Engineering: Distributed Processing Concepts and Corresponding Security-Relevant Issues

entry |4 pages

Systems Integrity Engineering: Interoperable Risk Accountability Concepts

entry |10 pages

Systems Integrity Engineering: Methodology and Motivational Business Values and Issues

entry |13 pages

Systems Management: Third-Party Applications and Systems

entry |4 pages

Tape Backups: Validation

entry |8 pages

Technology Convergence: People, Process and Technology

entry |5 pages

Technology Convergence: Security

entry |10 pages

Telephony Systems: Auditing

entry |4 pages

Tokens: Authentication

entry |8 pages

Tokens: Evaluation

entry |6 pages

Tokens: Role and Authentication

entry |6 pages

Transformation: Department-Level

entry |7 pages

Transport Layer Security (TLS)

entry |9 pages

Uniform Resource Locators (URLs): Obscuring

entry |5 pages

UNIX Security

entry |12 pages

Virtual Network Computing (VNC) Systems

entry |13 pages

Virtual Private Networks (VPNs)

entry |13 pages

Virtual Private Networks (VPNs): Deployment and Evaluation Strategy

entry |9 pages

Virtual Private Networks (VPNs): Leverage

entry |6 pages

Virtual Private Networks (VPNs): Perspectives

entry |8 pages

Virtual Private Networks (VPNs): Remote Access

entry |9 pages

Virtualization and Digital Investigations

entry |10 pages

Voice Communications: Voice-over-Internet (VoI)

entry |8 pages

Voice Communications: Voice-over-IP (VoIP) Protocols

entry |10 pages

Voice Communications: Voice-over-IP (VoIP) Security

entry |7 pages

Voice over WLAN

entry |8 pages

Voice Security

entry |2 pages

Web Applications: Firewalls

entry |8 pages

Web Applications: Security

entry |8 pages

Web Services

entry |12 pages

Wireless Internet Security: Portable Internet Devices

entry |7 pages

Wireless Local Area Networks (WLANs)

entry |10 pages

Wireless Local Area Networks (WLANs): Challenges

entry |11 pages

Wireless Local Area Networks (WLANs): Security

entry |4 pages

Wireless Local Area Networks (WLANs): Vulnerabilities

entry |6 pages

Wireless Penetration Testing

entry |4 pages

Workplace Violence

entry |13 pages

World Wide Web

entry |6 pages

XML

entry |6 pages

XML and Other Metadata Languages

entry |19 pages

Binary Gravitational Search Algorithm (BGSA): Improved Efficiency

entry |12 pages

Information Lifecycle: Approach to Governance, Risk, and Compliance Management

entry |12 pages

Principle of Least Privilege (PLP): Implementation

entry |16 pages

Chaos-Based Cryptosystems: Optimized Neural Network Models

entry |10 pages

Virtual Team Management: Perspective and Guidelines

entry |13 pages

Artificial Neural Network Models for Intrusion Detection

entry |9 pages

Access Controls: Implementation

entry |12 pages

Chaotic-Based Communication Systems

entry |14 pages

Fuzzy Models for Intrusion Detection

entry |11 pages

Cryptographic Hash Functions

entry |11 pages

Authentication Methods