Information security does not guarantee the safety of your organization or your information or your computer systems. Information security cannot, in and of itself, provide protection for your information. That being said, information security is also not a black art. There is no sorcery to implementing proper information security and the concepts that are included in information security are not rocket science. In many ways, information security is a mindset. It is a mindset of examining the threats and vulnerabilities of your organization and managing them appropriately.
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest.
“If the Internet were a city street, I would not travel it in daylight,” laments a chief information
security officer for a prestigious university.
The Internet is critical infrastructure at the world’s commerce. Cybercrime is escalating; once the
domain of hackers and script kiddies, cyber-gangs and organized criminal organizations have discovered
the business opportunities for extortion, embezzlement, and fraud that now surpasses
income from illegal drug trafficking.
Chapter 8 - Network security topologies. Objectives in this chapter: Explain network perimeter’s importance to an organization’s security policies, identify place and role of the demilitarized zone in the network, explain how network address translation is used to help secure networks, spell out the role of tunneling in network security, describe security features of virtual local area networks.
This volume contains the proceedings of the Seventh Mediterranean Ad Hoc
Networking Workshop (Med-Hoc-Net'2008), celebrated in Palma de Mallorca (llles
Balears, Spain) during June 25-27, 2008. This IFIP TC6 Workshop was organized by
the Universitat de les Illes Balears in cooperation with the Asociaci6n de Tdcnicos de
lnform~tica and sponsored by the following Working Groups: WG6.3 (Performance
of Computer Networks) and WG6.8 (Mobile and Wireless Communications).
Who This Book Is For
The target audience for this book is the Information Worker (IW), someone
who works within an organization and whose primary job responsibility
sharing, communicating, processing, or acting upon information
stored on computer systems and networks. Workers in organizations
sizes, from small businesses to large enterprises, will benefit from this book.
CIS provides benchmarks, scoring tools, software, data, information, suggestions, ideas, and other services and materials from the CIS
website or elsewhere (“Products”) as a public service to Internet users worldwide. Recommendations contained in the Products
(“Recommendations”) result from a consensus-building process that involves many security experts and are generally generic in
nature. The Recommendations are intended to provide helpful information to organizations attempting to evaluate or improve the
security of their networks, systems and devices.
The term "person" means an individual, a corporation, a partnership, an association, a joint-
stock company, a trust, any unincorporated organization, or a government or political
subdivision thereof. As used in this paragraph the term "trust" shall include only a trust
where the interest or interests of the beneficiary or beneficiaries are evidenced by a
In spite of the limited evidence about the behaviour of mutual funds in emerging
markets, mutual fund investment in these areas has grown markedly over the past decade at a
quicker pace than even the developed markets have shown. The growth in mutual fund
investment is influential because it shapes the future development in the securities market and
has important policy implications. The high proportion of institutional investors creates more
timely information and therefore makes the market more efficient.
Virtualization is one of those buzz words that has been gaining immense popularity
with IT professionals and executives alike. Promising to reduce the ever-growing
infrastructure inside current data center implementations, virtualization technologies
have cropped up from dozens of software and hardware companies. But what exactly
is it? Is it right for everyone? And how can it benefit your organization?
Virtualization has actually been around more than three decades.
For many organizations their dependence on information systems, both within the company
and networked up and down their supply chain, is now business critical. Any sustained loss
of availability of these systems would threaten the very existence of the business.
Security is a holistic issue. Vulnerabilities in physical, personnel and electronic
security all need to be addressed with equal commitment. Too many businesses still focus
on physical security without sustaining even basic precautions in personnel and electronic
A recent report by Drexel University [Eisenstein et al., 2003b] addresses the complex
issue of life safety systems tied into the BCS—a scenario that does not fit well with the
scenarios presented above. Presently all life safety systems (fire) are in parallel to the
HVAC and other elements of the BCS, with separate wiring and only connections at the
highest controller level to allow the BCS to get status information.
In this age of universal electronic connectivity, of viruses and hackers, of
electronic eavesdropping and electronic fraud, there is indeed no time at
which security does not matter. Two trends have come together to make the
topic of this book of vital interest. First, the explosive growth in computer
systems and their interconnections via networks has increased the depen-
dence of both organizations and individuals on the information stored and
communicated using these systems.
K.C. Yerrid has built his career through hard work, efficiency, and sheer determination.
He can be described as an information security thought leader and a highly-adaptable resource that solidifies the structure of information security organizations. Brandishing an entrepreneurial spirit, he demonstrates a passionate energy for assisting customers and stakeholders in challenging environments. He is fiscally conscious and subscribes to optimizing existing investments before procuring "blinky-light solutions".
In our mobile work culture, we see corporate staff, from executive to individual contributor, working
beyond the boundaries of the traditional office environment. The concept of working “any time and
anywhere” has become popular. To support this concept, many organizations are adopting mobile
solutions. As employees use these solutions, their expectations are increasing—employees want not only
access to information, but full participation in business from any location whenever it is required.
The distinction between data administration and database
The purpose and tasks associated with data administration
and database administration.
The scope of database security.
Why database security is a serious concern for an
The type of threats that can affect a database system.
How to protect a computer system using computer-based
Privacy plans, or a comprehensive set of policies and procedures to manage privacy protection, have been developed in 51.1 percent of the
organizations that participated in the 13th annual Information Systems and E-Business Spending study conducted in 2002 by Computer
Economics. This is a considerable increase from 2001, when only 33.3 percent of the respondents had developed their privacy plans.
Meanwhile, 23.4 percent of organizations have not started developing their privacy plans—almost the exact percentage that had not started
Prior to the 1990s, information and content was predominantly within the strict boundaries and control of individual states, whether through paper-based publications, audio-visual transmissions limited to a particular area or even through public demonstrations and debates. Much of the media content made available and the discussions it triggered remained confined within territorially defined areas. Today, however, information and content, with its digital transmission and widespread availability through the Internet, do not necessarily respect national rules or territorial boundaries.
Propagating information about materialized views: When a query is posed, the ﬁrst step is to consider whether
it can be answered using the data at “nearby” storage providers, and to evaluate the costs of doing so. This requires
the query initiator to be aware of existing materialized views and properties such as location and data freshness.
One direction we are exploring is to propagate information about materialized views using techniques derived
from routing protocols . In particular, a node advertises its materialized views to its neighbors.