IGI Global Handbook Of Research On Information Security And Assurance Aug 2008 ISBN 1599048558 pdf
Handbook of Research on
Information Security and Assurance Jatinder N.D. Gupta The University of Alabama in Huntsville, USA Sushil K. Sharma Ball State University, USAI N FORM AT I ON SCI EN CE REFEREN CE
Hershey • New York Director of Editorial Content: Kristin Klinger Managing Development Editor: Kristin M. Roth Assistant Development Editor: Deborah Yahnke Editorial Assistant: Heather A. Probst Senior Managing Editor: Jennifer Neidig Managing Editor: Jamie Snavely Assistant Managing Editor: Carole Coulson Copy Editors: Laura Kochanowski, Jennifer Young Typesetter: Carole Coulson Cover Design: Lisa Tosheff Printed at: Yurchak Printing Inc. Published in the United States of America by Information Science Reference (an imprint of IGI Global)
701 E. Chocolate Avenue, Suite 200 Hershey PA 17033 Tel: 717-533-8845 Fax: 717-533-8661 E-mail: cust@igi-global.com Web site: http://www.igi-global.com and in the United Kingdom by Information Science Reference (an imprint of IGI Global)
3 Henrietta Street Covent Garden London WC2E 8LU Tel: 44 20 7240 0856 Fax: 44 20 7379 0609 Web site: http://www.eurospanbookstore.com
Copyright © 2009 by IGI Global. All rights reserved. No part of this publication may be reproduced, stored or distributed in any form or by
any means, electronic or mechanical, including photocopying, without written permission from the publisher. Product or company names used in this set are for identification purposes only. Inclusion of the names of the products or companies does not indicate a claim of ownership by IGI Global of the trademark or registered trademark.Library of Congress Cataloging-in-Publication Data Handbook of research on information security and assurance / Jatinder N.D. Gupta and Sushil K. Sharma, editors. p. cm. Summary: "This book offers comprehensive explanations of topics in computer system security in order to combat the growing risk associated with technology"--Provided by publisher. Includes bibliographical references and index.
ISBN 978-1-59904-855-0 (hardcover) -- ISBN 978-1-59904-856-7 (ebook)
TK5105.59.H353 2008 005.8--dc22 2008008472 British Cataloguing in Publication Data A Cataloguing in Publication record for this book is available from the British Library.
All work contributed to this book set is original material. The views expressed in this book are those of the authors, but not necessarily of
the publisher.
If a library purchased a print copy of this publication, please go to http://www.igi-global.com/agreement for information on activating the
library's complimentary electronic access to this publication.Editorial Advisory Board Elisa Bertino Purdue University, USA Queen Booker Minnesota State University, Mankato, USA Mei Cao Arkansas State University, USA Amita Goyal Chin Virginia Commonwealth University, USA Gurpreet Dhillon Virginia Commonwealth University, USA Sanjay Goel State University of New York at Albany, USA Ajay K. Gupta Gsecurity, USA Sushil Jajodia George Mason University, USA Stephan Jones Ball State University,USA Shivraj Kanungo The George Washington University, USA Pradeep Khosla Carnegie Mellon University, USA Ronlad Kovac Ball State University, USA Vipin Kumar University of Minnesota, USA Eldon Y. Li National Chengchi University, Taiwan Dengpan Liu The University of Alabama in Huntsville, USA
Herbert J. Mattord, CISSP Kennesaw State University, USA P.K. Mahanti University of New Brunswick, Canada Joon S. Park Syracuse University, USA Mike Raisinghani Texas Woman’s University, USA M. K. Raja The University of Texas at Arlington, USA Rajeev Raje Indiana University – Purdue University, Indianapolis, USA Rathindra Sarathy Oklahoma State University, USA Mohini Singh RMIT University, Australia Jim Tiller Managing Editor, (ISC)2 Journal, USA Vijay Varadharajan Mark Weiser Oklahoma State University, USA Michael Whitman Kennesaw State University, USA Branden Williams Principal Consultant, VeriSign, Global Security Consulting, USA John Zeleznikow Victoria University, Australia
List of Contributors
Aickelin, Uwe / University of Nottingham, UK ................................................................................................. 109
Aissioui, Abdelkader / LRIA – USTHB, Algeria ............................................................................................... 152
Ajoku, Pamela / University of Pittsburgh, USA .................................................................................................. 18
Al-Hamdani, Wasim A. / Kentucky State University, USA ............................................................................... 122
An, Gaeil / Electronics and Telecommunications Research Institute, Korea ....................................................... 29
Bellettini, Carlo / Università degli Studi di Milano, Italy ................................................................................. 139
Benhamou, Belaïd / Technopôle de Château-Gombert, France ........................................................................ 152
Botelho, Christopher M. / Baylor Health, USA ................................................................................................ 423
Boughaci, Dalila / LRIA – USTHB, Algeria ...................................................................................................... 152
Burt, Carol C . / 2AB Inc., Helena, AL, USA ..................................................................................................... 254
Cazier, Joseph A. / Appalachian State University, USA .................................................................................... 423
Chin, Amita Goyal / Virginia Commonwealth University, USA ........................................................................ 292
Clark, Tom / Brocade Communications, USA ................................................................................................... 433
Coffey, Tom / University of Limerick, Ireland ................................................................................................... 165
Conger, Sue / University of Dallas, USA ........................................................................................................... 279
Conklin, Wm. Arthur / University of Houston,USA ......................................................................................... 415
Crespi, Alex / Indiana University-Purdue University Indianapolis, USA ......................................................... 254
D’ Arcy, John / University of Notre Dame, USA .................................................................................................. 55
Dojen, Reiner / University of Limerick, Ireland ................................................................................................ 165
Drias, Habiba / LRIA – USTHB, Algeria ........................................................................................................... 152
Durresi, Arjan /Indiana University-Purdue University Indianapolis, USA ...................................................... 372
Ege, Raimund K. / Northern Illinois University, USA ............................................................................................218
Fernández-Medina, Eduardo / Universidad de Castilla-La Mancha, Spain ................................................... 495
Friedman, William H. / University of Central Arkansas, USA ......................................................................... 301
Ghafoor, Arif / Purdue University, USA ............................................................................................................ 331
Ghormley, Yvette / Saint Leo University, USA .................................................................................................. 308
Graham, Erik / General Dynamics C4 Systems, USA....................................................................................... 393
Green, David T. / Governors State University, USA.......................................................................................... 458
Gupta, Ajay / Gsecurity, Inc., USA .................................................................................................................... 382
Gupta, Jatinder N. D. / The University of Alabama at Huntsville, USA ..................................................Gupta, Manish / State University of New York, Buffalo, USA................................................................... 266, 447
Habib, Ahsan / Siemens TTB Center, Berkeley, USA ......................................................................................... 179
Harrison, Britta / Louisiana State University, USA ............................................................................................ 68
Hovav, Anat / Korea University, Korea ............................................................................................................... 55
Johnson, Kapp L. / California Lutheran University, USA ................................................................................ 347
Khazanchi, Deepak / University of Nebraska at Omaha, USA ......................................................................... 230
Lando, Jillian K . / Syracuse University, USA ....................................................................................................... 7
Landry, Bret J. L. / University of Dallas, USA ................................................................................................. 279
Lee, JinKyu /Oklahoma State University, USA ................................................................................................. 266
Liao, Lijun / Horst-Görtz Institute for IT Security, Germany .......................................................................... 202
Liao, Qinyu / The University of Texas at Brownsville, USA .................................................................................. 1
Liu, Peng / The Pennsylvania State University, USA ......................................................................................... 504
Luo, Lin / Florida International University, USA .............................................................................................. 218
Luo, Xin / The University of New Mexico, USA .................................................................................................... 1
Luse, Andy / Iowa State University, USA ............................................................................................................ 98
Manulis, Mark / Horst-Görtz Institute for IT Security, Germany ..................................................................... 202
Martin, Andrew P. / University of Nebraska at Omaha, USA .......................................................................... 230
Masood, Ammar / Purdue University, USA ...................................................................................................... 331
Mathur, Aditya / Purdue University, USA ......................................................................................................... 331
Mishra, Sushma / Virginia Commonwealth University, USA ............................................................................ 292
Ng, Roy / Ryerson University, Canada................................................................................................................. 42
Olson, Andrew M. / Indiana University-Purdue University Indianapolis, USA ....................................... 254, 360
Oubeka, Brahim / LRIA – USTHB, Algeria ...................................................................................................... 152
Park, Joon S. / Syracuse University, USA ....................................................................................................... 7, 29
Piattini, Mario / Universidad de Castilla-La Mancha, Spain ........................................................................... 495
Ponnam, Aditya / Louisiana State University, USA ............................................................................................ 68
Pradhan, M. / Indiana University-Purdue University Indianapolis, USA ......................................................... 529
Proctor, Robert W. / Purdue University, USA ................................................................................................... 402
Raje, Rajeev R. / Indiana University-Purdue University Indianapolis, USA .................................................... 254
Rao, H.R. / State Univerity of New York, Buffalo, USA ..................................................................................... 266
Rea, Alan / Western Michigan University, USA ................................................................................................. 193
Rrushi, Julian L. / Università degli Studi di Milano, Italy ............................................................................... 139
Rutherfoord, Rebecca H. / Southern Polytechnic State University, USA......................................................... 483
Samuel, Arjmand / Purdue University, USA ..................................................................................................... 331
Santos, Javier / TECNUN University of Navarra, Spain .................................................................................. 467
Sarriegi, Jose M. / TECNUN University of Navarra, Spain .............................................................................. 467
Scheibe, Kevin / Iowa State University, USA ...................................................................................................... 98
Schultz, E. Eugene / High Tower Technologies, USA ....................................................................................... 402
Schwenk, Jörg / Horst-Görtz Institute for IT Security, Germany ...................................................................... 202
Shaikh, Siraj Ahmed / United Nations University (UNU), Macau, SAR China ............................................... 240
Sharma, Sushil K. / Ball State University, USA ................................................................................................ 341
Sharman, Raj / State University of New York, Buffalo, USA ............................................................................ 447
Steinbart, Paul John / Arizona State University, USA ...................................................................................... 339
Stevens, Dwayne / Community Trust Bank, USA ............................................................................................... 458
Taylor, Art / Rider University, USA ................................................................................................................... 518
Tilak, Omkar J./ Indiana University-Purdue University Indianapolis, USA .................................................... 254
Torres, Jose M. / TECNUN University of Navarra, Spain ................................................................................ 467
Townsend, Anthony / Iowa State University, USA .............................................................................................. 98
Trujillo, Juan / Universidad de Alicante, Spain ................................................................................................. 495
Tupakula, Udaya Kiran / Macquarie University, Australia ............................................................................... 85
Twycross, Jamie / University of Nottingham, UK ............................................................................................. 109
Varadharajan, Vijay / Macquarie University, Australia .................................................................................... 85
Villarroel, Rodolfo / Universidad Católica del Maule, Chile ........................................................................... 495
Vu, Kim-Phuong L. / California State University, USA .................................................................................... 402
Wang, Hai / The Pennsylvania State University, USA ....................................................................................... 504
Watson, Ed / Louisiana State University, USA .................................................................................................... 68
Weippl, Edgar / Vienna University of Technology and Science, Austria & Secure Business, Austria .............. 441
White, Doug / Roger Williams University, USA ................................................................................................ 193
Witman, Paul D. / California Lutheran University, USA .................................................................................. 347
Xia, Y. / Indiana University-Purdue University Indianapolis, USA ................................................................... 529
Yang, Li / University of Tennessee at Chattanooga, USA .................................................................................. 218
Table of Contents
Preface ............................................................................................................................................................... xxiv
Acknowledgment ............................................................................................................................................xxviii
Section I
Enterprise Security
Chapter I Ransomware: A New Cyber Hijacking Threat to Enterprise .................................................................................. 1 Xin Luo, The University of New Mexico, USA Qinyu Liao, The University of Texas at Brownsville, USA Chapter II E-Commerce: The Benefits Security Risks, and Countermeasures ........................................................................ 7 Joon S. Park, Syracuse University, USA Jillian K. Lando, Syracuse University, USA Chapter III Information Warfare: Survival of the Fittest ......................................................................................................... 18 Pamela Ajoku, University of Pittsburgh, USA Chapter IV Evolution of Enterprise Security Federation ......................................................................................................... 29 Gaeil An, Electronics and Telecommunications Research Institute, Korea Joon S. Park, Syracuse University, USA Chapter V A Holistic Approach to Information Security Assurance and Risk Management in an Enterprise .............................................................................................................................................................. 42 Roy Ng, Ryerson University, Canada Chapter VI An Integrative Framework for the Study of Information Security Management Research ................................. 55 John D’ Arcy, University of Notre Dame, USA Anat Hovav, Korea University, Korea
Chapter VII Information Systems Risk Management: An Audit and Control Approach .......................................................... 68 Aditya Ponnam, Louisiana State University, USA Britta Harrison, Louisiana State University, USA Ed Watson, Louisiana State University, USA
Section II
Security Approaches, Frameworks, Tools, and Technologies
Chapter VIII Distributed Denial of Service Attacks in Networks .............................................................................................. 85 Udaya Kiran Tupakula, Macquarie University, Australia Vijay Varadharajan, Macquarie University, Australia Chapter IX Firewalls as Continuing Solutions for Network Security ..................................................................................... 98 Andy Luse, Iowa State University, USA Anthony Townsend, Iowa State University, USA Kevin Scheibe, Iowa State University, USA Chapter X An Immune-Inspired Approach to Anomaly Detection ...................................................................................... 109 Jamie Twycross, University of Nottingham, UK Uwe Aickelin, University of Nottingham, UK Chapter XI Cryptography for Information Security .............................................................................................................. 122 Wasim A. Al-Hamdani, Kentucky State University, USA Chapter XII Memory Corruption Attacks, Defenses, and Evasions ....................................................................................... 139 Carlo Bellettini, Università degli Studi di Milano, Italy Julian L. Rrushi, Università degli Studi di Milano, Italy Chapter XIII Design and Implementation of a Distributed Firewall ........................................................................................ 152 Dalila Boughaci, LRIA – USTHB, Algeria Brahim Oubeka, LRIA – USTHB, Algeria Abdelkader Aissioui, LRIA – USTHB, Algeria Habiba Drias, LRIA – USTHB, Algeria Belaïd Benhamou , Technopôle de Château-Gombert, FranceChapter XIV A Formal Verification Centred Development Process for Security Protocols .................................................... 165 Tom Coffey, University of Limerick, Ireland Reiner Dojen, University of Limerick, Ireland Chapter XV Edge-to-Edge Network Monitoring to Detect Service Violations and DoS Attacks .......................................... 179 Ahsan Habib, Siemens TTB Center, Berkeley, USA
Chapter XVI A “One-Pass” Methodology for Sensitive Data Disk Wipes .............................................................................. 193 Doug White, Roger Williams University, USA Alan Rea, Western Michigan University, USA Chapter XVII Securing E-Mail Communication with XML Technology .................................................................................. 202 Lijun Liao, Horst-Görtz Institute for IT Security, Germany Mark Manulis, Horst-Görtz Institute for IT Security, Germany Jörg Schwenk, Horst-Görtz Institute for IT Security, Germany Chapter XVIII Aspect-Oriented Analysis of Security in Distributed Virtual Environment ........................................................ 218 Li Yang, University of Tennessee at Chattanooga, USA Raimund K. Ege, Northern Illinois University, USA Lin Luo, Florida International University, USA Chapter XIX Information Availability ...................................................................................................................................... 230 Deepak Khazanchi, University of Nebraska at Omaha, USA Andrew P. Martin, University of Nebraska at Omaha, USA Chapter XX Formal Analysis and Design of Authentication Protocols .................................................................................. 240 Siraj Ahmed Shaikh, United Nations University (UNU), Macau, SAR China Chapter XXI Access Control Frameworks for a Distributed System ....................................................................................... 254 Rajeev R. Raje, Indiana University-Purdue University Indianapolis, USA Alex Crespi, Indiana University-Purdue University Indianapolis, USA Omkar J. Tilak, Indiana University-Purdue University Indianapolis, USA Andrew M. Olson, Indiana University-Purdue University Indianapolis, USA Carol C. Burt, 2AB Inc., Helena, AL, USA Chapter XXII Implications of FFIEC Guidance on Authentication in Electronic Banking ..................................................... 266 Manish Gupta, State Univerity of New York, Buffalo, USA JinKyu Lee, Oklahoma State University, USA H.R. Rao, State Univerity of New York, Buffalo, USA Chapter XXIII Disruptive Technology Impacts on Security ....................................................................................................... 279 Sue Conger, University of Dallas, USA Bret J. L. Landry, University of Dallas, USA
Section III
Security Policies and Procedures
Chapter XXIV Internal Auditing for Information Assurance ...................................................................................................... 292 Sushma Mishra, Virginia Commonwealth University, USA Amita Goyal Chin, Virginia Commonwealth University, USA Chapter XXV IT Continuity in the Face of Mishaps ................................................................................................................. 301 William H. Friedman, University of Central Arkansas, USA Chapter XXVI Business Continuity and Disaster Recovery Plans ............................................................................................ 308 Yvette Ghormley, Saint Leo University, USA Chapter XXVII Security Policies and Procedures ....................................................................................................................... 320 Yvette Ghormley, Saint Leo University, USA Chapter XXVIII Enterprise Access Control Policy Engineering Framework ................................................................................ 331 Arjmand Samuel, Purdue University, USA Ammar Masood, Purdue University, USA Arif Ghafoor, Purdue University, USA Aditya Mathur, Purdue University, USA Chapter XXIX Information Security Policies: Precepts and Practices ....................................................................................... 341 Sushil K. Sharma, Ball State University, USA Jatinder N.D. Gupta, The University of Alabama at Huntsville, USA Chapter XXX A Guide to Non-Disclosure Agreements for Researchers ................................................................................... 347 Paul D. Witman, California Lutheran University, USA Kapp L. Johnson, California Lutheran University, USA Chapter XXXI Assurance for Temporal Compatibility Using Contracts .................................................................................... 360 Omkar J. Tilak, Indiana University-Purdue University Indianapolis, USA Rajeev R. Raje, Indiana University-Purdue University Indianapolis, USA Andrew M. Olson, Indiana University-Purdue University Indianapolis, USA Chapter XXXII Spatial Authentication Using Cell Phones .......................................................................................................... 372 Arjan Durresi, Indiana University-Purdue University Indianapolis, USA
Section IV
Mitigating Security Risks
Chapter XXXIII Plugging Security Holes in Online Environment ................................................................................................ 382 Sushil K. Sharma, Ball State University, USA Jatinder N.D. Gupta,The University of Alabama in Huntsville, USA Ajay K. Gupta, Gsecurity, Inc., USA Chapter XXXIV Six Keys to Improving Wireless Security ........................................................................................................... 393 Erik Graham, General Dynamics C4 Systems, USA Paul John Steinbart, Arizona State University, USA Chapter XXXV Human Factors in Information Security and Privacy ......................................................................................... 402 Robert W. Proctor, Purdue University, USA E. Eugene Schultz, High Tower Technologies, USA Kim-Phuong L. Vu, California State University, USA Chapter XXXVI Threat Modeling and Secure Software Engineering Process .............................................................................. 415 Wm. Arthur Conklin, University of Houston,USA Chapter XXXVII Guarding Corporate Data from Social Emgineering Attacks ............................................................................. 423 Christopher M. Botelho, Baylor Health, USA Joseph A. Cazier, Appalachian State University, USA Chapter XXXVIII Data Security for Storage Area Networks ........................................................................................................... 433 Tom Clark, Brocade Communications, USA Chapter XXXIX Security Awareness: Virtual Environments and E-Learning ............................................................................... 441 Edgar Weippl, Vienna University of Technology and Science, Austria & Secure Business, Austria Chapter XL Security-Efficient Identity Management Using Service Provisioning (Markup Language) .............................. 447 Manish Gupta, State University of New York, Buffalo, USA Raj Sharman, State University of New York, Buffalo, USA Chapter XLI A Strategy for Enterprise VoIP Security ............................................................................................................. 458 Dwayne Stevens, Community Trust Bank, USA David T. Green, Governors State University, USA
Chapter XLII Critical Success Factors and Indicators to Improve Information Systems Security Management Actions ................................................................................................................................................................ 467 Jose M. Torres, TECNUN University of Navarra, Spain Jose M. Sarriegi, TECNUN University of Navarra, Spain Javier Santos, TECNUN University of Navarra, Spain Chapter XLIII Privacy, Societal, and Ethical Concerns in Security ........................................................................................... 483 Rebecca H. Rutherfoord, Southern Polytechnic State University, USA Chapter XLIV An MDA Compliant Approach for Designing Secure Data Warehouses ........................................................... 495 Rodolfo Villarroel, Universidad Católica del Maule, Chile Eduardo Fernández-Medina, Universidad de Castilla-La Mancha, Spain Mario Piattini, Universidad de Castilla-La Mancha, Spain Juan Trujillo, Universidad de Alicante, Spain Chapter XLV Survivability Evaluation Modeling Techniques and Measures ........................................................................... 504 Hai Wang, The Pennsylvania State University, USA Peng Liu, The Pennsylvania State University, USA Chapter XLVI The Last Line of Defense: A Comparison of Windows and Linux Authentication and Authorization Features ........................................................................................................................................ 518 Art Taylor, Rider University, USA Chapter XLVII Bioterrorism and Biosecurity .............................................................................................................................. 529 M. Pradhan, Indiana University-Purdue University Indianapolis, USA Y. Xia, Indiana University-Purdue University Indianapolis, USA
About the Contributors ................................................................................................................................... 537
Index ................................................................................................................................................................... 551
Detailed Table of Contents
Preface ............................................................................................................................................................... xxiv
Acknowledgment ............................................................................................................................................xxviii
Section I
Enterprise Security
As new technologies emerge, organizations recognize the need for enterprise security solutions. Enterprise security
is important to almost all organizations. Seven chapters in Section I discuss various kinds of security threats that
enterprises face today. This section also dwelves upon the risk management, audit and control approaches that
could be used for security assurances in a variety of business environemnt, including e-commerce. The synopsis
of each chapter is outlined below:Chapter I Ransomware: A New Cyber Hijacking Threat to Enterprise .................................................................................. 1 Xin Luo, The University of New Mexico, USA Qinyu Liao, The University of Texas at Brownsville, USA The first chapter, titled “Ransomware: A New Cyber Hijacking Threat to Enterprise” by Xin Luo and Qinyu Liao,
attempts to discover the surreptitious features of ransomware in information systems security research. This chapter proposes a ransomware extortion scheme, compares ransomware with other malware, and discusses future trends and research directions.
Chapter II E-Commerce: The Benefits Security Risks, and Countermeasures ........................................................................ 7 Joon S. Park, Syracuse University, USA Jillian K. Lando, Syracuse University, USA The second chapter deals with the
benefits, security risks, and countermeasures of e-commerce. In this chapter, Jillian K. Lando and Joon S. Park not only describe the benefits of e-commerce, but also the security threats and risks that it presents, along with the main problems organizations and individuals face as a result. These authors then discuss the proposals that have been established that have the goal of making e-commerce more secure.
Chapter III Information Warfare: Survival of the Fittest ......................................................................................................... 18 Pamela Ajoku, University of Pittsburgh, USA Pamela Ajoku, in her chapter, “Information Warfare: Survival of the Fittest”, presents a basic understanding of the concept of Information Warfare (IW) and the need for relevant strategies to aid its successful implementation. Based on the adaptive nature of IW, she discusses a Survival of the Fittest IW (SFIW) conceptual framework and uses a case study is for its validation. Chapter IV Evolution of Enterprise Security Federation ......................................................................................................... 29 Gaeil An, Electronics and Telecommunications Research Institute, Korea Joon S. Park, Syracuse University, USA In their chapter on “Evolution of Enterprise Security Federation”, Gaeil An and Joon S. Park discuss the evolution
of enterprise security federation, including why the framework should be evolved and how it has been developed and applied to real systems. They analyze the vulnerabilities and weaknesses in current security approaches. This leads them to propose the Policy-based Security Management (PSM) architecture for an integrated security framework and the Packet-Marking (PM) architecture for a cooperative security framework. The simulation result shows that the PSM architecture can automatically detect and respond against network attacks and the PM architecture can effectively handle suspicious traffic such as DDoS traffics.
Chapter V A Holistic Approach to Information Security Assurance and Risk Management in an Enterprise .............................................................................................................................................................. 42 Roy Ng, Ryerson University, Canada The chapter, “A Holistic Approach to Information Security Assurance and Risk Management in an Enterprise”, by Roy Ng discusses a holistic approach to information security assurance and risk management in an enterprise. The “information life cycle” with its stage value and the underlying security operatives (gate-points) is designed
to protect the information. The “information assurance” framework and its functions are designed to audit the information security implemented in an enterprise. The author suggests that an organization must assess the value and the business impact of the information so that optimal and effective security and assurance systems can be designed.
Chapter VI An Integrative Framework for the Study of Information Security Management Research ................................. 55 John D’ Arcy, University of Notre Dame, USA Anat Hovav, Korea University, Korea The chapter, “An Integrative Framework for the Study of Information Security Management Research”, by John D’ Arcy, and Anat Hovav review the current state of information security management (ISM) research and propose
an integrative framework for future studies. Using the proposed framework as a guide, they identify areas of depth within current ISM literature and areas where research is underdeveloped. Finally, they call for a more comprehen- sive approach to ISM research that considers multiple dimensions of our framework and their interrelationships.
Chapter VII Information Systems Risk Management: An Audit and Control Approach .......................................................... 68 Aditya Ponnam, Louisiana State University, USA Britta Harrison, Louisiana State University, USA Ed Watson, Louisiana State University, USA
Aditya Ponnam, Britta Harrison, and Ed Watson, in their chapter on “Information Systems Risk Management: An
Audit and Control Control Approach”, review the most common risks and threat agents for a typical organization’s
information technology infrastructure. They discuss the manner in which systematic risk management procedures and controls can manage and minimize these risks
Section II
Security Approaches, Frameworks, Tools, and Technologies
As attacks on computer systems are becoming much more sophisticated—and potentially devastating—than they
ever were in the past, new and effective tools and technologies are needed to prevent, detect, and correct the security
breeches in organizations. Sixteen chapters in Section II of this handbook describe the development, implementation,
and application of various approaches, tools, technologies, and frameworks for effective information assurance
and security protection in various types of enterprises. The synopsis of each chapter is outlined below:Chapter VIII Distributed Denial of Service Attacks in Networks .............................................................................................. 85 Udaya Kiran Tupakula, Macquarie University, Australia Vijay Varadharajan, Macquarie University, Australia Udaya Kiran Tupakula and Vijay Varadharajan in their chapter “Distributed Denial of Service Attacks in Networks”
explain how DDoS attacks are performed and what best could be done for defending against the DDoS attacks in the Internet. They thoroughly analyse some of the important techniques that have been recently proposed. They also outline some best practices that the users are urged to follow to minimize the DoS attacks in the Internet.
Chapter IX Firewalls as Continuing Solutions for Network Security ..................................................................................... 98 Andy Luse, Iowa State University, USA Anthony Townsend, Iowa State University, USA Kevin Scheibe, Iowa State University, USA This chapter is designed as an introductory tutorial to the underlying concepts of firewall technologies. In this
chapter, Andy Luse, Anthony Townsend, and Kevin Scheibe describe various firewall conventions and how these technologies operate when deployed on a corporate network. Highly neglected internal security mechanisms uti- lizing firewall technologies are presented including host-based firewalls and the more novel distributed firewall implementations.
Chapter X An Immune-Inspired Approach to Anomaly Detection ...................................................................................... 109 Jamie Twycross, University of Nottingham, UK Uwe Aickelin, University of Nottingham, UK The chapter on “An Immune-Inspired Approach to Anomaly Detection”, by Jamie Twycross and Uwe Aickelin
show that, through realistic testing and validation, second generation artificial immune systems are capable of anomaly detection beyond generic system policies. The chapter also outlines the next steps in this exciting area of computer security.
Chapter XI Cryptography for Information Security .............................................................................................................. 122 Wasim A. Al-Hamdani, Kentucky State University, USA
The chapter by Wasim A. Al-Hamdani on “Cryptography for Information Security”, discusses cryptography from an information security perspective including their practical applications. This chapter introduces classical cryptography, block, stream cipher, and public key family. The chapter concludes with a discussion of the most advanced systems such as elliptic curve, digital signature, cryptography key managements, and the cryptography application in protocols, communications, and e-mails.
Chapter XII Memory Corruption Attacks, Defenses, and Evasions ....................................................................................... 139 Carlo Bellettini, Università degli Studi di Milano, Italy Julian L. Rrushi, Università degli Studi di Milano, Italy Carlo Bellettini and Julian L. Rrushi, in their chapter “Memory Corruption Attacks, Defenses, and Evasions”,