1. Brief History and Mission of Information System Security
2. History of Computer Crime
3. Toward a New Framework for Information Security
4. Hardware Elements of Security
5. Data Communications and Information Security
6. Local Area Network Topologies, Protocols, and Design
7. Encryption
8. Using a Common Language for Computer Security Incident Information
9. Mathematical Models of Computer Security
10. Understanding Studies and Surveys of Computer Crime
11. Fundamentals of Intellectual Property Law
PART II THREATS AND VULNERABILITIES
12. The Psychology of Computer Criminals
13. The Insider Threat
14. Information Warfare
15. Penetrating Computer Systems and Networks
16. Malicious Code
17. Mobile Code
18. Denial-of-Service Attacks
19. Social-Engineering and Low-Tech Attacks
20. Spam, Phishing, and Trojans: Attacks Meant to Fool
21. Web-Based Vulnerabilities
22. Physical Threats to the Information Infrastructure
PART III PREVENTION: TECHNICAL DEFENSES
23. Protecting the Physical Information Infrastructure
24. Operating System Security
25. Local Area Networks
26. Gateway Security Devices
27. Intrusion Detection and Intrusion Prevention Devices
28. Identification and Authentication
29. Biometric Authentication
30. E-Commerce andWeb Server Safeguards
31. Web Monitoring and Content Filtering
32. Virtual Private Networks and Secure Remote Access
33. 802.11Wireless LAN Security
34. Securing VoIP
35. Securing P2P, IM, SMS, and Collaboration Tools
36. Securing Stored Data
37. PKI and Certificate Authorities
38. Writing Secure Code
39. Software Development and Quality Assurance
40. Managing Software Patches and Vulnerabilities
41. Antivirus Technology
42. Protecting Digital Rights: Technical Approaches
PART IV PREVENTION: HUMAN FACTORS
43. Ethical Decision Making and High Technology
44. Security Policy Guidelines
45. Employment Practices and Policies
46. Vulnerability Assessment
47. Operations Security and Production Controls
48. Email and Internet Use Policies
49. Implementing a Security-Awareness Program
50. Using Social Psychology to Implement Security Policies
51. Security Standards for Products
PART V DETECTING SECURITY BREACHES
52. Application Controls
53. Monitoring and Control Systems
54. Security Audits
55. Cyber Investigation
PART VI RESPONSE AND REMEDIATION
56. Computer Security Incident Response Teams
57. Data Backups and Archives
58. Business Continuity Planning
59. Disaster Recovery
60. Insurance Relief
61. Working with Law Enforcement
PART VII MANAGEMENT’S ROLE IN SECURITY
62. Quantitative Risk Assessment and Risk Management
63. Management Responsibilities and Liabilities
64. U.S. Legal and Regulatory Security Issues
65. The Role of the CISO
66. Developing Security Policies
67. Developing Classification Policies for Data
68. Outsourcing and Security
PART VIII PUBLIC POLICY AND OTHER CONSIDERATIONS
69. Privacy in Cyberspace: U.S. and European Perspectives
70. Anonymity and Identity in Cyberspace
71. Healthcare Security and Privacy
72. Legal and Policy Issues of Censorship and Content Filtering
73. Expert Witnesses and the Daubert Challenge
74. Professional Certification and Training in Information Assurance
75. The Future of Information Assurance