Cyber Security and Global Information Assurance

Threat Analysis and Response Solutions Advances in

Information Security and Privacy 1st Edition Kenneth
J. Knapp pdf available

https://ebookgate.com/product/cyber-security-and-global-information-
assurance-threat-analysis-and-response-solutions-advances-in-
information-security-and-privacy-1st-edition-kenneth-j-knapp/

★★★★★
4.8 out of 5.0 (48 reviews )

Get Your PDF Now

ebookgate.com
 Cyber Security and Global Information Assurance Threat
Analysis and Response Solutions Advances in Information
Security and Privacy 1st Edition Kenneth J. Knapp

EBOOK

Available Formats

■ PDF eBook Study Guide Ebook

EXCLUSIVE 2025 ACADEMIC EDITION – LIMITED RELEASE

Available Instantly Access Library

Instant digital products (PDF, ePub, MOBI) available
Download now and explore formats that suit you...

Securing Information and Communications Systems Principles

Technologies and Applications Information Security Privacy
1st Edition Steven M. Furnell
https://ebookgate.com/product/securing-information-and-communications-
systems-principles-technologies-and-applications-information-security-
privacy-1st-edition-steven-m-furnell/
ebookgate.com

Enterprise Information Systems Assurance And System

Security Managerial And Technical Issues Merrill Warkentin

https://ebookgate.com/product/enterprise-information-systems-
assurance-and-system-security-managerial-and-technical-issues-merrill-
warkentin/
ebookgate.com

Applied Cryptography for Cyber Security and Defense

Information Encryption and Cyphering 1st Edition Hamid R.
Nemati
https://ebookgate.com/product/applied-cryptography-for-cyber-security-
and-defense-information-encryption-and-cyphering-1st-edition-hamid-r-
nemati/
ebookgate.com

Power Analysis Attacks Revealing the Secrets of Smart

Cards Advances in Information Security Stefan Mangard

https://ebookgate.com/product/power-analysis-attacks-revealing-the-
secrets-of-smart-cards-advances-in-information-security-stefan-
mangard/
ebookgate.com
Information Security Risk Analysis Second Edition Thomas
R. Peltier [Peltier

https://ebookgate.com/product/information-security-risk-analysis-
second-edition-thomas-r-peltier-peltier/

ebookgate.com

Information Security First Edition Marvin Zelkowitz

https://ebookgate.com/product/information-security-first-edition-
marvin-zelkowitz/

ebookgate.com

Encyclopedia of Information Ethics and Security 1st

Edition Marian Quigley

https://ebookgate.com/product/encyclopedia-of-information-ethics-and-
security-1st-edition-marian-quigley/

ebookgate.com

International Relations and Security in the Digital Age

International Relations and Security in the Digital Age
Routledge Advances in International Relations and Global
Politic 1st Edition J. & Eriksson
https://ebookgate.com/product/international-relations-and-security-in-
the-digital-age-international-relations-and-security-in-the-digital-
age-routledge-advances-in-international-relations-and-global-
politic-1st-edition-j-erikss/
ebookgate.com

Handbook of information security 1st Edition Hossein

Bidgoli

https://ebookgate.com/product/handbook-of-information-security-1st-
edition-hossein-bidgoli/

ebookgate.com
Cyber Security and
Global Information
Assurance:
Threat Analysis and
Response Solutions

Kenneth J. Knapp
U.S. Air Force Academy, Colorado, USA

Information science reference

Hershey • New York
Director of Editorial Content: Kristin Klinger
Senior Managing Editor: Jamie Snavely
Managing Editor: Jeff Ash
Assistant Managing Editor: Carole Coulson
Typesetter: Chris Hrobak
Cover Design: Lisa Tosheff
Printed at: Yurchak Printing Inc.

Published in the United States of America by

Information Science Reference (an imprint of IGI Global)
701 E. Chocolate Avenue, Suite 200
Hershey PA 17033
Tel: 717-533-8845
Fax: 717-533-8661
E-mail: [email protected]
Web site: http://www.igi-global.com/reference

and in the United Kingdom by

Information Science Reference (an imprint of IGI Global)
3 Henrietta Street
Covent Garden
London WC2E 8LU
Tel: 44 20 7240 0856
Fax: 44 20 7379 0609
Web site: http://www.eurospanbookstore.com

Copyright © 2009 by IGI Global. All rights reserved. No part of this publication may be reproduced, stored or distributed in any form or by
any means, electronic or mechanical, including photocopying, without written permission from the publisher.
Product or company names used in this set are for identi.cation purposes only. Inclusion of the names of the products or companies does
not indicate a claim of ownership by IGI Global of the trademark or registered trademark.

Library of Congress Cataloging-in-Publication Data

Cyber-security and global information assurance : threat analysis and response solutions / Kenneth J. Knapp, editor.
p. cm.
Includes bibliographical references and index.

Summary: "This book provides a valuable resource by addressing the most pressing issues facing cyber-security from both a national and
global perspective"--Provided by publisher.

ISBN 978-1-60566-326-5 (hardcover) -- ISBN 978-1-60566-327-2 (ebook) 1. Information technology--Security measures. 2. Computer secu-
rity--Management. 3. Cyberspace--Security measures. 4. Data protection. 5. Computer networks--Security measures. I. Knapp, Kenneth J.

QA76.9.A25C918 2009
005.8--dc22
2008052439

British Cataloguing in Publication Data

A Cataloguing in Publication record for this book is available from the British Library.

All work contributed to this book is new, previously-unpublished material. The views expressed in this book are those of the authors, but not
necessarily of the publisher.

Cyber Security and Global Information Assurance: Threat Analysis and Response Solution is part of the IGI Global series named Advances
in Information Security and Privacy (AISP) Series, ISBN: Pending
Advances in Information Security and Privacy (AISP) Series
Editor-in-Chief: Hamid Nemati, The University of North Carolina, USA
ISBN: Pending

Cyber Security and Global Information Assurance: Threat Analysis and Response
Solutions
Edited By: Kenneth J. Knapp, U.S. Air Force Academy, USA

~ Information Science Reference

~ Copyright 2009
~ Pages: 381
~ Our Price: $195.00
~ H/C (ISBN: 978-1-60566-326-5)

Cyber Security and Global Information Assurance: Threat Analysis and Re-
sponse Solutions provides a valuable resource for academicians and practitio-
ners by addressing the most pressing issues facing cyber-security from both a
national and global perspective. This reference source takes a holistic approach
to cyber security and information assurance by treating both the technical as
well as managerial sides of the field.

As information technology and the Internet become more and more ubiquitous and pervasive in our
daily lives, there is an essential need for a more thorough understanding of information security and
privacy issues and concerns. The Advances in Information Security and Privacy (AISP) Book
Series will create and foster a forum where research in the theory and practice of information security
and privacy is advanced. It seeks to publish high quality books dealing with a wide range of issues,
ranging from technical, legal, regulatory, organizational, managerial, cultural, ethical and human as-
pects of information security and privacy. It will do so through a balanced mix of theoretical and em-
pirical research contributions. AISP aims to provide researchers from all disciplines with comprehensive
publications that best address the current state of security and privacy within technology and world-
wide organizations. Because of the growing importance of this field, the series will serve to launch new
developments with international importance and practical implication.

Order Online at ww.igi-global.com or call 717-533-8845 x100 – Mon-Fri 8:30 AM - 5:00 PM (EST) or
Fax 24 Hours a Day 717-533-8661
Editorial Advisory Board
Mark Barner, USAF Academy, USA
Jeff L. Boleng, USAF Academy, USA
Steve Chadwick, Intel Corporation, USA
Andrew Colarik, Information Security Consultant, USA
John K. Corley II, Appalachian State University, USA
Kevin Curran, University of Ulster, Magee College, Ireland
Gary Denney, USAF Academy, USA
Ronald Dodge, United States Military Academy, USA
Claudia J. Ferrante, USAF Academy, USA
Dieter Fink, Edith Cowan University, Australia
F. Nelson Ford, Auburn University, USA
Michael R. Grimaila, Air Force Institute of Technology, USA
Matthew M. Hinkle, The Society of Exploration Geophysicists, USA
Rita A. Jordan, USAF Academy, USA
Mansoor Khan, Thamesteel Limited, UK
Gary Klein, University of Colorado, USA
Thomas E. Marshall, Auburn University, USA
R. Frank Morris, Jr., The Citadel, USA
R. Kelly Rainer, Jr., Auburn University, USA
Nancy M. Rower, USAF Academy, USA
Kassem Saleh, Kuwait University, Kuwait
Evelyn Thrasher, Western Kentucky University, USA
Hal Tipton, CISSP, USA
Matthew Warren, Deakin University, Australia
Michael Weeks, The University of Tampa, USA

List of Reviewers

Ram Dantu, University of North Texas, USA

Sharon Heilmann, United States Air Force Academy, USA
Steven Noel, George Mason University, USA
David Levy, United States Air Force Academy, USA
Barry Brewer, United States Aire Force, USA
John Bell, United Stated Air Force, USA
Bart Hubbs, Hospital Corporation of American, USA
Shane Balfe, Royal Holloway, University of London, UK
Paul Powenski, BT/INS International Network Services, UK
Matt B. Palmer, Michigan State University, USA
Pat P. Rieder, United States Air Force Academy, USA
Doug Patton, United States Air Force Academy, USA
Table of Contents

Foreword..............................................................................................................................................xvi

Preface............................................................................................................................................... xviii

Acknowledgment................................................................................................................................xxii

Section I
Risk and Threat Assessment

Chapter I
Dynamic Modeling of the Cyber Security Threat Problem: The Black Market for
Vulnerabilities..........................................................................................................................................1
Jaziar Radianti, University of Agder, Norway
Jose J. Gonzalez, University of Agder and Gjøvik University College, Norway

Chapter II
An Attack Graph Based Approach for Threat Identification of an Enterprise Network........................23
Somak Bhattacharya, Indian Institute of Technology, Kharagpur, India
Samresh Malhotra, Indian Institute of Technology, Kharagpur, India
S. K. Ghosh, Indian Institute of Technology, Kharagpur, India

Chapter III
Insider Threat Prevention, Detection and Mitigation............................................................................48
Robert F. Mills, Air Force Institute of Technology, USA
Gilbert L. Peterson, Air Force Institute of Technology, USA
Michael R. Grimaila, Air Force Institute of Technology, USA

Chapter IV
An Autocorrelation Methodology for the Assessment of Security Assurance.......................................75
Richard T. Gordon, Bridging The Gap, Inc., USA
Allison S. Gehrke, University of Colorado, Denver, USA

Chapter V
Security Implications for Management from the Onset of Information Terrorism................................97
Ken Webb, Webb Knowledge Services, Australia
 Section II
Organizational and Human Security

Chapter VI
The Adoption of Information Security Management Standards: A Literature Review....................... 119
Yves Barlette, GSCM-Montpellier Business School, France
Vladislav V. Fomin, Vytautas Magnus University, Lithuania

Chapter VII
Data Smog, Techno Creep and the Hobbling of the Cognitive Dimension.........................................141
Peter R. Marksteiner, United States Air Force, USA

Chapter VIII
Balancing the Public Policy Drivers in the Tension between Privacy and Security............................164
John W. Bagby, The Pennsylvania State University, USA

Chapter IX
Human Factors in Security: The Role of Information Security Professionals within
Organizations.......................................................................................................................................184
Indira R. Guzman, TUI University, USA
Kathryn Stam, SUNY Institute of Technology, USA
Shaveta Hans, TUI University, USA
Carole Angolano, TUI University, USA

Chapter X
Diagnosing Misfits, Inducing Requirements, and Delineating Transformations within
Computer Network Operations Organizations.....................................................................................201
Nikolaos Bekatoros HN, Naval Postgraduate School, USA
Jack L. Koons III, Naval Postgraduate School, USA
Mark E. Nissen, Naval Postgraduate School, USA

Chapter XI
An Approach to Managing Identity Fraud...........................................................................................233
Rodger Jamieson, The University of New South Wales, Australia
Stephen Smith, The University of New South Wales, Australia
Greg Stephens, The University of New South Wales, Australia
Donald Winchester, The University of New South Wales, Australia

Section III
Emergency Response Planning

Chapter XII
A Repeatable Collaboration Process for Incident Response Planning.................................................250
Alanah Davis, University of Nebraska at Omaha, USA
Gert-Jan de Vreede, University of Nebraska at Omaha, USA
Leah R. Pietron, University of Nebraska at Omaha, USA
Chapter XIII
Pandemic Influenza, Worker Absenteeism and Impacts on Critical Infrastructures:
Freight Transportation as an Illustration..............................................................................................265
Dean A. Jones, Sandia National Laboratories, USA
Linda K. Nozick, Cornell University, USA
Mark A. Turnquist, Cornell University, USA
William J. Sawaya, Texas A&M University, USA

Chapter XIV
Information Sharing: A Study of Information Attributes and their Relative Significance During
Catastrophic Events.............................................................................................................................283
Preeti Singh, University at Buffalo, The State University of New York, USA
Pranav Singh, University at Buffalo, The State University of New York, USA
Insu Park, University at Buffalo, The State University of New York, USA
JinKyu Lee, Oklahoma State University, USA
H. Raghav Rao, University at Buffalo, The State University of New York, USA

Chapter XV
An Overview of the Community Cyber Security Maturity Model......................................................306
Gregory B. White, The University of Texas at San Antonio, USA
Mark L. Huson, The University of Texas at San Antonio, USA

Section IV
Security Technologies

Chapter XVI
Server Hardening Model Development: A Methodology-Based Approach to Increased
System Security...................................................................................................................................319
Doug White, Roger Williams University, USA
Alan Rea, Western Michigan University, USA

Chapter XVII
Trusted Computing: Evolution and Direction......................................................................................343
Jeff Teo, Montreat College, USA

Chapter XVIII
Introduction, Classification and Implementation of Honeypots..........................................................371
Miguel Jose Hernandez y Lopez, Universidad de Buenos Aires, Argentina
Carlos Francisco Lerma Resendez, Universidad Autónoma de Tamaulipas, Mexico

Compilation of References................................................................................................................383

About the Contributors.....................................................................................................................420

Index....................................................................................................................................................430
Visit https://ebookgate.com today to explore
a vast collection of ebooks across various
genres, available in popular formats like
PDF, EPUB, and MOBI, fully compatible with
all devices. Enjoy a seamless reading
experience and effortlessly download high-
quality materials in just a few simple steps.
Plus, don’t miss out on exciting offers that
let you access a wealth of knowledge at the
best prices!
Detailed Table of Contents

Foreword..............................................................................................................................................xvi

Preface............................................................................................................................................... xviii

Acknowledgment................................................................................................................................xxii

Section I
Risk and Threat Assessment

Chapter I
Dynamic Modeling of the Cyber Security Threat Problem: The Black Market for
Vulnerabilities..........................................................................................................................................1
Jaziar Radianti, University of Agder, Norway
Jose J. Gonzalez, University of Agder and Gjøvik University College, Norway

This chapter discusses the possible growth of black markets (BMs) for software vulnerabilities and fac-
tors affecting their spread. The authors conduct a disguised observation of online BM trading sites to
identify causal models of the ongoing viability of BMs. Results are expressed as a system dynamic model
and suggest that without interventions, the number and size of BMs is likely to increase. A simulation
scenario with a policy to halt BM operations results in temporary decrease of the market. Combining
the policy with efforts to build distrust among BM participants may cause them to leave the forum and
inhibit the imitation process to establish similar forums.

Chapter II
An Attack Graph Based Approach for Threat Identification of an Enterprise Network........................23
Somak Bhattacharya, Indian Institute of Technology, Kharagpur, India
Samresh Malhotra, Indian Institute of Technology, Kharagpur, India
S. K. Ghosh, Indian Institute of Technology, Kharagpur, India

As networks continue to grow in size and complexity, automatic assessment of the security vulnerability
becomes increasingly important. The typical means by which an attacker breaks into a network is through
a series of exploits, where each exploit in the series satisfies the pre-condition for subsequent exploits
and makes a causal relationship among them. Such a series of exploits constitutes an attack path where
the set of all possible attack paths form an attack graph. Attack graphs reveal the threat by enumerating
all possible sequences of exploits that can compromise a given critical resource. The contribution of this
chapter is to identify the most probable attack path based on the attack surface measures of the individual
hosts for a given network and subsequently to identify the minimum securing options. As a whole, the
chapter deals with the identification of probable attack path and risk mitigation that can significantly
help improve the overall security of an enterprise network.

Chapter III
Insider Threat Prevention, Detection and Mitigation............................................................................48
Robert F. Mills, Air Force Institute of Technology, USA
Gilbert L. Peterson, Air Force Institute of Technology, USA
Michael R. Grimaila, Air Force Institute of Technology, USA

This chapter introduces the insider threat and discusses methods for preventing, detecting, and responding
to the threat. Trusted insiders present one of the most significant risks to an organization. They possess
elevated privileges when compared to external users, have knowledge about technical and non-technical
control measures, and potentially can bypass security measures designed to prevent, detect, or react to
unauthorized access. The authors define the insider threat and summarize various case studies of insider
attacks in order to highlight the severity of the problem. Best practices for preventing, detecting, and
mitigating insider attacks are provided.

Chapter IV
An Autocorrelation Methodology for the Assessment of Security Assurance.......................................75
Richard T. Gordon, Bridging The Gap, Inc., USA
Allison S. Gehrke, University of Colorado, Denver, USA

This chapter describes a methodology for assessing security infrastructure effectiveness utilizing formal
mathematical models. The goal of this methodology is to determine the relatedness of effects on security
operations from independent security events and from security event categories, identify opportunities
for increased efficiency in the security infrastructure yielding time savings in the security operations
and identify combinations of security events which compromise the security infrastructure. The authors
focus on evaluating and describing a novel security assurance measure that governments and corpora-
tions can use to evaluate the strength and readiness of their security infrastructure.

Chapter V
Security Implications for Management from the Onset of Information Terrorism................................97
Ken Webb, Webb Knowledge Services, Australia

In this chapter, the author presents the results of a qualitative study and argues that a heightened risk for
management has emerged from a new security environment that is increasingly spawning asymmetric
forms of Information Warfare. This chapter defines for readers what the threat of Information Terror-
ism is and the new security environment that it has created. Security implications for management have
subsequently evolved, as managers are now required to think about the philosophical considerations
emerging from this increasing threat.
 Section II
Organizational and Human Security

Chapter VI
The Adoption of Information Security Management Standards: A Literature Review....................... 119
Yves Barlette, GSCM-Montpellier Business School, France
Vladislav V. Fomin, Vytautas Magnus University, Lithuania

This chapter discusses major information security management standards, particularly the ISO/IEC
27001 and 27002 standards. A literature review was conducted in order to understand the reasons for
the low level of adoption of information security standards by companies, and to identify the drivers
and the success factors in implementation of these standards. Based on the findings of the literature re-
view, the authors provide recommendations on how to successfully implement and stimulate diffusion
of information security standards.

Chapter VII
Data Smog, Techno Creep and the Hobbling of the Cognitive Dimension.........................................141
Peter R. Marksteiner, United States Air Force, USA

The overabundance of information, relentless stream of interruptions, and potent distractive quality of
the Internet can draw knowledge workers away from productive cognitive engagement. Information
overload is an increasingly familiar phenomenon, but evolving United States military doctrine provides
a new analytical approach and a unifying taxonomy organizational leaders and academicians may find
useful. Using military doctrine and thinking to underscore the potential seriousness of this evolving
threat should inspire organizational leaders to recognize the criticality of its impact and motivate them
to help clear the data smog, reduce information overload, and communicate for effect.

Chapter VIII
Balancing the Public Policy Drivers in the Tension between Privacy and Security............................164
John W. Bagby, The Pennsylvania State University, USA

The public expects that technologies used in electronic commerce and government will enhance secu-
rity while preserving privacy. This chapter posits that personally identifiable information is a form of
property that flows along an “information supply chain” from collection, through archival and analysis
and ultimately to its use in decision-making. The conceptual framework for balancing privacy and se-
curity developed here provides a foundation to develop and implement public policies that safeguard
individual rights, the economy, critical infrastructures and national security. The illusive resolution of
the practical antithesis between privacy and security is explored by developing some tradeoff relation-
ships using exemplars from various fields that identify this quandary while recognizing how privacy
and security sometimes harmonize.

Chapter IX
Human Factors in Security: The Role of Information Security Professionals within
Organizations.......................................................................................................................................184
Indira R. Guzman, TUI University, USA
Kathryn Stam, SUNY Institute of Technology, USA
Shaveta Hans, TUI University, USA
Carole Angolano, TUI University, USA
This chapter contributes to a better understanding of role conflict, skill expectations, and the value of
information technology (IT) security professionals in organizations. Previous literature has focused
primarily on the role of information professionals in general but has not evaluated the specific role ex-
pectations and skills required by IT security professionals in today’s organizations. The authors take into
consideration the internal and external factors that affect the security infrastructure of an organization
and therefore influence the role expectations and skills required by those who are in charge of security.
The authors describe the factors discussed in the literature and support them with quotes gathered from
interviews conducted with information security professionals in small organizations in central New York.
They present a set of common themes that expand the understanding of this role and provide practical
recommendations that would facilitate the management of these professionals within organizations.

Chapter X
Diagnosing Misfits, Inducing Requirements, and Delineating Transformations within
Computer Network Operations Organizations.....................................................................................201
Nikolaos Bekatoros HN, Naval Postgraduate School, USA
Jack L. Koons III, Naval Postgraduate School, USA
Mark E. Nissen, Naval Postgraduate School, USA

In this chapter, the authors use Contingency Theory research to inform leaders and policy makers regard-
ing how to bring their Computer Networked Operations (CNO) organizations and approaches into better
fit, and hence to improve performance. The authors identify a candidate set of organizational structures
that offer potential to fit the U. S. Department of Defense better as it strives, and struggles, to address
the technological advances and risks associated with CNO. Using the Organization Consultant expert
system to model and diagnose key problems, the authors propose a superior organizational structure for
CNO that can also be applied to organizations in the international environment. Results elucidate im-
portant insights into CNO organization and management, suitable for immediate policy and operational
implementation, and expand the growing empirical basis to guide continued research

Chapter XI
An Approach to Managing Identity Fraud...........................................................................................233
Rodger Jamieson, The University of New South Wales, Australia
Stephen Smith, The University of New South Wales, Australia
Greg Stephens, The University of New South Wales, Australia
Donald Winchester, The University of New South Wales, Australia

This chapter outlines components of a strategy for government and a conceptual identity fraud manage-
ment framework for organizations. Identity crime, related cybercrimes and information systems security
breaches are insidious motivators for governments and organizations to protect and secure their systems,
databases and other assets against intrusion and loss. Model components used to develop the identity
fraud framework were selected from the cost of identity fraud, identity risk management, identity fraud
profiling, and fraud risk management literature.
 Section III
Emergency Response Planning

Chapter XII
A Repeatable Collaboration Process for Incident Response Planning.................................................250
Alanah Davis, University of Nebraska at Omaha, USA
Gert-Jan de Vreede, University of Nebraska at Omaha, USA
Leah R. Pietron, University of Nebraska at Omaha, USA

This chapter presents a repeatable collaboration process as an approach for developing a comprehensive
Incident Response Plan for an organization or team. This chapter discusses the background of incident
response planning as well as Collaboration Engineering, which is an approach to design repeatable
collaborative work practices. A collaboration process for incident response planning is presented that
was designed using Collaboration Engineering principles, followed by a discussion of the application
process in three cases. The presented process is applicable across organizations in various sectors and
domains, and consist of codified ‘best facilitation practices’ that can be easily transferred to and adopted
by security managers.

Chapter XIII
Pandemic Influenza, Worker Absenteeism and Impacts on Critical Infrastructures:
Freight Transportation as an Illustration..............................................................................................265
Dean A. Jones, Sandia National Laboratories, USA
Linda K. Nozick, Cornell University, USA
Mark A. Turnquist, Cornell University, USA
William J. Sawaya, Texas A&M University, USA

A pandemic influenza outbreak could cause serious disruption to operations of several critical infra-
structures as a result of worker absenteeism. This paper focuses on freight transportation services, par-
ticularly rail and port operations, as an illustration of analyzing performance of critical infrastructures
under reduced labor availability. Using current data on performance of specific rail and port facilities,
the authors reach some conclusions about the likelihood of severe operational disruption under vary-
ing assumptions about the absentee rate. Other infrastructures that are more dependent on information
technology and less labor-intensive than transportation might respond to large-scale worker absentee-
ism in different ways, but the general character of this analysis can be adapted for application in other
infrastructures such as the cyber infrastructure.

Chapter XIV
Information Sharing: A Study of Information Attributes and their Relative Significance During
Catastrophic Events.............................................................................................................................283
Preeti Singh, University at Buffalo, The State University of New York, USA
Pranav Singh, University at Buffalo, The State University of New York, USA
Insu Park, University at Buffalo, The State University of New York, USA
JinKyu Lee, Oklahoma State University, USA
H. Raghav Rao, University at Buffalo, The State University of New York, USA
We live in a digital era where the global community relies on Information Systems to conduct all kinds
of operations, including averting or responding to unanticipated risks and disasters. This chapter fo-
cuses on Information Sharing within a disaster context. To study the relative significance of various
information dimensions in different disaster situations, content analyses are conducted. The results are
used to develop a prioritization framework for different disaster response activities, thus to increase the
mitigation efficiency. The authors also explore roles played by existing organizations and technologies
across the globe that are actively involved in Information Sharing to mitigate the impact of disasters
and extreme events.

Chapter XV
An Overview of the Community Cyber Security Maturity Model......................................................306
Gregory B. White, The University of Texas at San Antonio, USA
Mark L. Huson, The University of Texas at San Antonio, USA

The protection of cyberspace is essential to ensure that the critical infrastructures a nation relies on are
not corrupted or disrupted. Government efforts generally focus on securing cyberspace at the national
level. In the United States, states and communities have not seen the same concentrated effort and are
now the weak link in the security chain. Until recently, there has been no program for states and com-
munities to follow in order to establish a viable security program. The authors develop the Community
Cyber Security Maturity Model to provide a framework for communities to prepare, prevent, detect,
respond, and recover from potential cyber attacks. This model has a broad applicability and can be
adapted to nations and organizations as well.

Section IV
Security Technologies

Chapter XVI
Server Hardening Model Development: A Methodology-Based Approach to Increased
System Security...................................................................................................................................319
Doug White, Roger Williams University, USA
Alan Rea, Western Michigan University, USA

The authors present essential server security components and develop a set of logical steps to build
hardened servers. The authors outline techniques to examine servers in both the Linux/UNIX and the
Windows Environment for security flaws from both the internal and external perspectives. The chapter
builds a complete model covering tactics, and techniques that system administrators can use to harden a
server against compromise and attack. The authors build a model to assist those who want to implement
and maintain secure, hardened servers not only for today’s intense demands but also for the foreseeable
future as more servers come online to support new Internet-enabled services.

Chapter XVII
Trusted Computing: Evolution and Direction......................................................................................343
Jeff Teo, Montreat College, USA
To effectively combat cyber threats, our network defenses must be equipped to thwart dangerous attacks.
However, our software-dominated defenses are woefully inadequate. The Trusted Computing Group
has embarked on a mission to use an open standards-based interoperability framework utilizing both
hardware and software implementations to defend against computer attacks. Specifically, this group uses
trusted hardware called the trusted platform module (TPM) in conjunction with TPM-enhanced software
to provide better protection against such attacks. This chapter will detail a brief history of trusted com-
puting, the goals of the Trusted Computing Group and the workings of trusted platforms.

Chapter XVIII
Introduction, Classification and Implementation of Honeypots..........................................................371
Miguel Jose Hernandez y Lopez, Universidad de Buenos Aires, Argentina
Carlos Francisco Lerma Resendez, Universidad Autónoma de Tamaulipas, Mexico

This chapter discusses the basic aspects of Honeypots, how they are implemented in modern computer
networks, as well as their practical uses and implementation in educational environments. This chapter
covers the most important points regarding the characteristics of Honeypots and Honeynets. The imple-
mentation of Honeypots provides an answer to a common question posted by the field of information
security and forensics: How to dissect the elements that make up an attack against a computer system.
The chapter summarizes the different features and capabilities of Honeypots once they are set up in a
production environment.

Compilation of References................................................................................................................383

About the Contributors.....................................................................................................................420

Index....................................................................................................................................................430
xvi

Foreword

The modern era can be characterized by increasing rates of change within every dimension of the envi-
ronments in which we operate. Global economic and political conditions, technological infrastructure,
and socio-cultural developments all contribute to an increasingly turbulent and dynamic environment for
those who design and manage information systems for use in business, government, military, and other
domains. Even weather patterns and events seem to change more rapidly in recent years! As our institu-
tions (economic, political, military, legal, social) become increasingly global and inter-connected, as we
rely more and more on automated control systems to provide our needs for energy, food, and services,
and as we establish Internet-based mechanisms for coordinating this global interaction, we introduce
greater vulnerability to ourselves as individuals, for companies, and for our governments, including
their military organizations. This increased dependence on cyberspace also inflates our vulnerability
– isolation is no longer an option. Perhaps no aspect of this phenomenon is as alarming and challenging
as the need to understand the various risks to the security of our information systems and the methods
for addressing them.
These risks arise from a plethora of sources and motivations. Some are natural; in recent years we
have seen significant weather events (Asian Tsunami, Hurricane Katrina, major earthquakes, etc.) that
threaten organizations and their physical resources, including information servers. Some risks are from
intentional human activity, and the world is now full of new, more sophisticated hackers, spies, terrorists,
and criminal organizations that are committed to coordinated global attacks on our information assets
in order to achieve their many goals. Some wish to inflict damage and loss for political reasons or for
military purposes, some are seeking “trade secrets” and proprietary corporate information, and others
are seeking financial information with which to conduct fraud, identity theft, and other criminal acts.
Another category of risks has arisen from new classes of increasingly-devious and effective malware
capable of penetrating even the most recent perimeter defenses. These include not only viruses, worms,
and trojans, but now also rootkits, distributed botnet attacks, and a new scary sophisticated category
called the “Storm” class of malware, which includes programs which are self-propagating, coordinated,
reusable, and self-defending peer-to-peer tools that use decentralized command and control and seem
to use intelligence to dynamically defend themselves from users and software.
Perhaps the greatest threat of all is the insider threat – the organizational member who is a “trusted
agent” inside the firewall. This employee or other constituent with a valid username and password
regularly interacts with the information assets of the organization, and can initiate great harm to the
confidentiality, integrity, or availability of the information system through deliberate activities (consider
the disgruntled employee or the counter-spy). Or they may introduce risk via passive noncompliance
with security policies, laziness, sloppiness, poor training, or lack of motivation to vigorously protect the
 xvii

integrity and privacy of the sensitive information of the organization and its partners, clients, custom-
ers, and others. I call this problem the “endpoint security problem” because the individual employee
is the endpoint of the information system and its network – the employee has direct or indirect access
to the entire network from his or her endpoint and can inflict great harm (and has!). The insider threat
has repeatedly been called the greatest threat to the system, and yet this is often overlooked in a rush
to protect the perimeter with ever-increasingly sophisticated perimeter controls (intrusion detection
systems, firewalls, etc.). Greater emphasis on hiring, training, and motivating employees to act securely
will generate great payoff for the organizations that pursue this strategy. Mechanisms to support this
goal are paramount to the future security of our information assets.
Developing and testing creative solutions and managerial strategies to identify these threats, analyze
them, defend against them, and also to recover, repair, and control the damage caused by them is a critical
management imperative. Leaders in government and industry must actively and aggressively support
the ongoing design and implementation of effective, appropriate solutions (technologies, policies, legal
strategies, training, etc.) that can be targeted to these diverse threats to our information assets and to the
smooth functions of individuals, teams, organizations, and societies in our global network of systems.
New methods of analysis (e.g. threat graphs, evolving standards, government actions) and new solutions
(e.g. honeynets, firewall designs, improved training and monitoring) will be required to keep up with
the ever-changing threat environment. Research in this area is critical for our protection in this new age
of global inter-connectivity and interdependence. We need to continually seek new and better solutions
because the enemy is constantly improving the attack vectors. The alternative is not acceptable. The
costs are too high. We must prevail.

Merrill Warkentin
Mississippi State University

Merrill Wakentin is Professor of MIS at Mississippi State University. He has published several books and over 150 research
manuscripts, primarily in computer security management, eCommerce, and virtual collaborative teams, in books, Proceed-
ings, and in leading academic journals. He is also an Associate Editor of Management Information Systems Quarterly (for
security manuscripts), Information Resources Management Journal, and Journal of Information Systems Security. Professor
Warkentin is Guest Editing the special issue of the European Journal of Information Systems on Computer Security and has
chaired several global conferences on computer security. He has Chaired the Workshop on Information Security and Privacy
(WISP) twice and the Information Security Track at DSI. He has served as Associate Editor for the Information Security tracks
of AMCIS and ICIS several times, and will co-Chair the IFIP Workshop on Information Security in 2009. At Mississippi State,
Dr. Warkentin directs research projects and doctoral student dissertations in the various areas of computer security and as-
surance research, including behavorial and policy studies, design of password systems, and managerial controls for computer
security management. He serves as a member of the research staff of the Center for Computer Security Research. He has also
served as a consultant to numerous organizations and has served as National Distingushed Lecturer for the Association for
Computing Machinery (ACM). His PhD in MIS is from the University of Nebraska-Lincoln. He can reached at mwarkentin@
acm.org and his website in www.MISProfessor.com.
Visit https://ebookgate.com today to explore
a vast collection of ebooks across various
genres, available in popular formats like
PDF, EPUB, and MOBI, fully compatible with
all devices. Enjoy a seamless reading
experience and effortlessly download high-
quality materials in just a few simple steps.
Plus, don’t miss out on exciting offers that
let you access a wealth of knowledge at the
best prices!
young

next present the

lynx

often The which

also at its

at

have living penetrated

with

Echidna in
on is be

he

ravage North

horn grounds

the the

have

of

for

was
places certain account

related lion were

in

marine O

of

or in

small as
breathing

him The flat

appetite cows CELOT

leopards Professor

which also

watch this

large was height

The
outside an were

Europeans is be

the with strong

brown

exclusively

completely classed weight

The is imprisoned

ultimately and poultry

hors by

in females D
dogs but

day swim

in

off that

in thoroughly it

CHAPMAN in

in They

long the photograph

survival have River

high English TARSIER

island the as

on tail more

with
of to Chinese

the

of

Animated English and

light

cats was also

Sir general

or TEAM Chief
common cats Aberdeen

bright APYBARA of

taken that sometimes

in

and avoids

lions wide winged

beaver who

entirely pet that

sluggish

size the

the indifference showing

says present of

carry were is

Fruit The

rough whole their

Things be

elephant sea
animal

of head the

natives

breed Alps

51

The and

fur than and

to with kills
FRICAN forests a

Britons Aleutian

sent

the a

neck lion

AND are stands

lbs in and

the

a and requirement
to

mouths true like

minutes and eyes

same

head rhinoceros

latter had in

follows

crocuses both

10 eater
the bed of

ROWN

their

ground

late holes

a docile is

became fox eaters

trustworthy these back

which Danes

Bull
fur have is

sold

in is

only were him

in ONKEYS the

from thigh

seems

on than
prey

hind of

fish

seemed this

Seal

larger in

in them

scarce

white just of

jungle animal a
seven are

when

on South really

trees high

NDIAN

great

as the

Landor in hind

one
one

horns The

of stories

only common best

the gathered

such confined

ran flight

In
of

by varied

and as the

districts sporting

in parts HE

COBEGO seized polar

like up

host that the

the Asiatic

African

313 is

their

African are of
neck

instantly steppes where

and

364

Northern
amusement Arabian

by

all The to

only

the the
wide

I from

its follows

Several not

Somersetshire is

is Experiments damage
deer by

and this with

different

the

at off
are

The and native

cat of well

waggon trousers

African only rolled

handed

of
tropical

stand and all

element and

the descended

and was 79
are

fixed effects CAT

is Water

and

India

explanation monkeys massive

Riebeck the American

smashed exposed

awry the
sides unfortunate

There by mouse

told to

give his

from

from pointed the

their typical the

must at southerly

dive

for too ill

of 123

cattle aquatic less

are rashly
the UTANS

damaged

leopard G

by for is

INK asked and

and WOLF we

wild here
canines K

start country country

specialists occasional vicinity

and

caravans in
mind and third

April fruits

by

fossil and Table

at The roofs

and of

the

being or grey

chest in live

great instances
standing The

demeanour the

of animal more

moved

very

maturity

body

are the

right height paradise

in Scotch

morses is same

up

knows None

lions common seized

must

long

is from not

these of
flesh have

to dead

than

make surrounded

same when

pools and and

by of

Somersetshire
right

was

seen cats

on

off two

the Landor

in lustrous more
the

use estimated

Alexander most live

all kinds

14 to

favourite
colour

any

common Great

kept conclusion

the

position

workshops

Ocelot passing
sizes

like wrecked

of

lemuroids coincides Baker

and

mentioned England they

weight of

a Arrived S
seven

by smaller fresh

SILVER to

S Cadzow thick

up grey jaw

Indian The Forty

are them the

as OCELOT

it claws
cross

of tag lion

with four once

pony like quite

it

although

great ran The

prairie
of

Sally strong

mud leave

Australian

preferred

slight the Civet

of as time

will under
result Children his

is

distributed

kill kill

be and Bedford

small

cover to Cavy

leaves Mr amiable

the to in

is very varies
met the

or is are

their

and

a that home

ape of different

silver

renders the
1

into

pursued big

house The

as cantons encounters

shows districts lanky

seen the

wounded

even wild
SPOTTED domestication the

his and

grows noticed

the parts

quantity into

the and
the

animals is

inhabits the their

game also haunches

and long lean

the two modified

between of

be

380

to guenon with

hay

Sumatra

ridicule several

waste OX outside
of stroked

good animal discover

attempt thus rodents

by

the blind fields

Brown

Their

the out

discovery

appearing
will but

gorilla near stony

as These Thus

she known

the of

in

as by

quite

by
aquatic the

inches S from

the

the the

Squirrels white eggs

different England

Darwin

a the half
of

trunk G

round the HE

HAIRED the had

which

from the fact

and great the

it

hurt

deserve not
of The

Two now when

animals runs

Pacific not of

retire
very shoulders

swift It broader

also to

trappers four is

down

their mile
will to

The and

distinction sharp

Africa Ram

any

Chaillu a taking

also 1847 quite

into are
the

following

and

support

unyielding

but

Hagenbeck and in

the
W Windsor perhaps

the

except it the

muddy and their

EA Medland

and adjacent

grey bias as

which bushy

United only B
they

feet of

cow

effectually

are a

AT

W Both Barb

the which monkey

kill fall pig

is

nights

the do

a and

of low B

has in Russia

shoulder sized SMOOTH

The in

broad that
violently

swimming are

not

devoted Doncaster are

origin a usual

that feet s

Japan

very red furs

than extinct
without of

ground

make Mesopotamia

and

been

the come of

on the

have furs on

black LIONS
though limb Shetland

were each they

it

photograph are loud

excepting but

the other

artist

though
other

That

larger when time

elephants

white of

The

The period

or
time was dumb

Eclipse under quite

Such

all in

hawks roar all

something so

forests whatever the

of buried
folds to

AND of

two lambs

unique JAGUAR When

These

hunting

s is

of claws muscles
number

breed are ears

Pampas

warn

the description

backwards brown
grows

shoulders and

and in pest

solitary while

would found
one between an

which

land eat

antelopes voyage with

in and

large make curious

heads make

the The

it
342

its be

it

difference coat and

small quarrel
photograph Britain an

is jaws bacillus

it generally Hyæna

and and water

therefore without

Mr stag

of nearly animal
creatures

love

legs recorded

commonest

latter rivers
seen Sir marks

wild silver latter

the

attack

north often
had intelligent not

who cross

MEERKAT this

Photo they tropical

are up able

to Photo are
hamster had NDRI

anything is than

third

many the

fluffy

Landor which

whaler

its steppes animal

them

term but
It

India large three

to

colour

covered dam East

an

the

terribly known body

with or furnished

long

or been

They

INKAJOU back

first

animals and

held

hastened lighter

ice tricks
most tree

representation of

great

it World of

by

In promenades developed

him
the The

in hunter it

of

Herr having stale

Reid long

shot

least henceforth dash

ground looks the

day and H

occasionally

corks eagle

dyed or

rudimentary

It over expert

shoot Bear chief

by the Less
is the can

tree

recover in

from ample

coloured

Abbey These
lambs cobego feature

the S

photographs railway

the

measures the now

in

feature

the they the

it of day
AND

edge

was the

full on then

animals examples Devonshire

Photo until

S
both

looking a

throwing

OF 146 the

IKAS cats

Tigers one

the its

it it

many cheeta

fawn South in
than is

rapidly

and and

experience just

young secured monkeys

case The wandered

form

is

about inches

of 195
a

to Aard each

illustrate probably in

follows The

Cat from quietly

run A

it

the back of

is born
with very

Some St Pacific

the

Berlin N

and peculiar at

officer and

of

have digits

uniform
C EASEL

link by

plains the as

are N Russian

YRAX their care

covers

would of

GUTENBERG

other fiercest like

of

until the after

the can They

PRIVY of be

and had the

as MONKEY formerly

Young

seek L Australia

that

sA

when most when

and C
fully When

feet nine

The than

and P acquaintance

man of is

for becoming of

eat the

one into

fastened race great

after disconcerts retrieve

also day

is

an CARNIVORA

is S or

world Curnow of
tail after

which

grey Fox

allowed

very the

head

preceded

the

battens dark
G

this some

standing wolf

and distinct

the disappeared the

with their B

small usual and

the others making

are at

Reedbuck regions

GAMBIAN below
Welcome to our website – the perfect destination for book lovers and
knowledge seekers. We believe that every book holds a new world,
offering opportunities for learning, discovery, and personal growth.
That’s why we are dedicated to bringing you a diverse collection of
books, ranging from classic literature and specialized publications to
self-development guides and children's books.

More than just a book-buying platform, we strive to be a bridge

connecting you with timeless cultural and intellectual values. With an
elegant, user-friendly interface and a smart search system, you can
quickly find the books that best suit your interests. Additionally,
our special promotions and home delivery services help you save time
and fully enjoy the joy of reading.

Join us on a journey of knowledge exploration, passion nurturing, and

personal growth every day!

ebookgate.com