University of Oregon Applied Information Management Master's Degree Program Managing IT/IS Security Summer 2011 Course Resources Books and Articles Anonymous. (2008, April 30). Background checks: How not to hire an information security officer who's on parole. Retrieved from http://www.csoonline.com/article/332264/background-checks-how-not-to-hire-aninformation-security-officer-who-s-on-parole Biswas, A. (2009, October 19). Change management - the ITIL way. Retrieved from http://www.articlesbase.com/information-technology-articles/change-managementthe-itil-way-1356376.html Cavit, D., Faulhaber, J., Gullotto, V., Jones, J., Kuo, J., Meyer, M., … Zink, T. (2011). Microsoft security intelligence report: Volume 10. Retrieved from http://www.microsoft.com/security/sir/ Chickowski, E. (2011, May 4). Sony still digging its way out of breach investigation, fallout. Dark Reading. Retrieved from http://www.darkreading.com/databasesecurity/167901020/security/attacks-breaches/229402823/sony-still-digging-itsway-out-of-breach-investigation-fallout.html CIO Update Staff. (2010, December 14). Top 10 technology security trends for 2011. CIO Update. Retrieved from http://www.cioupdate.com/research/article.php/3917131/Top-10-TechnologySecurity-Trends-for-2011.htm Croy, M. (2005). Landing on your feet: Being prepared in the 21st century. Disaster Recovery Journal, 18(Winter). Retrieve from http://www.drj.com/pre-2006/winter2005/landing-on-your-feet-being-prepared-in-the-21st-century.html Gaudin, S. (2006, December 7. Are Background Checks Necessary For IT Workers? Ask UBS PaineWebber. InformationWeek. Retrieved from http://www.informationweek.com/news/security/showArticle.jhtml?articleID=196602 415 GoogleApps. (n.d.). Google data center security [Video clip]. Available from http://www.google.com/apps/intl/en/business/infrastructure_security.html ESET Latin America's Lab and Harley, D. (2010, November 22). Trends for 2011: Botnets and dynamic malware. Retrieved from http://www.eset.com/resources/whitepapers/Trends-for-2011.pdf Headlines. (2011, May 20). Symantec: SMB's lack understanding of mobile security [Web log post]. Retrieved from https://www.infosecisland.com/blogview/13887-SMBsLack-Understanding-of-Mobile-Device-Security.html?amp& Information Assurance Solutions Group. National Security Agency. (n.d.). Defense in depth. Retrieved from http://www.nsa.gov/ia/_files/support/defenseindepth.pdf Information Systems Audit and Control Association. (2005). Critical elements of information security program success. Rolling Meadows, IL: Author. Retrieved from http://www.isaca.org/Knowledge-Center/Research/Documents/CritElemInfoSec.pdf Kadam, A. (2002, December). Identifying and classifying assets. Network Magazine. Retrieved from http://www.networkmagazineindia.com/200212/security2.shtml Kadam, A. (2003, March). A cautious approach to information exchange. Network Magazine. Retrieved from http://www.networkmagazineindia.com/200303/security2.shtml Kissel, R. (Ed.). (2011, February). Glossary of key information security terms. Retrieved from http://csrc.nist.gov/publications/nistir/ir7298-rev1/nistir-7298-revision1.pdf Kissel, R., Stine, K., Scholl, M., Rossman, H., Fahlsing, J., & Gulick, J. (2008, October). Information security (NIST Special Publication 800-64 Revision 2). Gaithersburg, MD. Retrieved from Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology: http://csrc.nist.gov/publications/nistpubs/800-64-Rev2/SP800-64-Revision2.pdf Messmer, E. (2008, July 30). Telecommuting poses security, privacy risks. Retrieved from http://www.csoonline.com/article/440074/Telecommuting_Poses_Security_Privacy_R isks?page=1 Praxiom Research Group Limited. (2011, May 10). ISO IEC 27001 2005: Translated into plain English. Retrieved from http://www.praxiom.com/iso-27001.htm Rashid, F. Y. (2011, April 20). Oak Ridge National Laboratory breached by phishing email, IE exploit. eWeek. Retrieved from http://www.eweek.com/c/a/Security/Oak-RidgeNational-Laboratory-Breached-by-Phishing-Email-IE-Exploit-361033/ Rashid, F. Y. (2011, May 3). Epsilon data breach to cost billions in worst-case scenario. IT Security and Network Security News & eWeek. Retrieved from http://www.eweek.com/c/a/Security/Epsilon-Data-Breach-to-Cost-Billions-inWorstCase-Scenario-459480/ Rosen, C. B. (2008, January 4). Conducting employee background checks: Navigating current rules. The Legal Intelligencer. Retrieved from http://www.law.com/jsp/cc/PubArticleCC.jsp?id=1199354727551 The SANSTM Institute. (2011). SANS glossary of terms used in security and intrusion detection. Retrieved from http://www.sans.org/resources/glossary.php Scalet, S. D. (2005, November 1). 19 ways to build physical security into a data center. Retrieved from http://www.csoonline.com/read/110105/datacenter.html Scarfone, K., Grance, T., & Masone, K. (2008, March). Computer security incident handling guide (NIST Special Publication 800-61, Revision 1). Gaithersburg, MD. Retrieved from Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology: http://csrc.nist.gov/publications/nistpubs/800-61-rev1/SP800-61rev1.pdf Schwartz, M. (2011). Texas data breach exposed 3.5 million records. InformationWeek. Retrieved from http://www.informationweek.com/news/security/attacks/229401489 Seagate. (2007, October). Drive disposal best practices: Guidelines for removing sensitive data prior to drive disposal (Publication No. TP582.1-0710US). Retrieved from http://www.seagate.com/docs/pdf/whitepaper/Disposal_TP582-1-0710US.pdf Separation of Duties. (n.d.). In Wikipedia. Retrieved from http://en.wikipedia.org/wiki/Separation_of_duties Sollia, D. (2010). Compliance for compliance sake? ISACA Journal. Retrieved from http://www.isaca.org/Journal/Past-Issues/2010/Volume-1/Pages/Compliance-forCompliance-s-Sake-1.aspx Stoneburner, G., Goguen, A., & Feringa, A. (2002, July). Risk management guide for information technology systems: Recommendations of the National Institute of Standards (NITS Special Publication 800-30). Gaithersburg, MD. National Institute of Standards and Technology. Retrieved from Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology: http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf Taylor, L. (2003, November 10). Access control 101. Intranet Journal. Retrieved from http://www.intranetjournal.com/articles/200311/ij_11_10_03a.html Toigo, J. W. (2003). Chapter 3: Facility protection. In J. W. Toigo Disaster recover planning: Preparing for the unthinkable (3rd ed.). Upper Saddle River, NJ: Prentice Hall PTR. Vijayan, J. (2011, April 19). Oak Ridge National Lab shuts down Internet, email after cyberattack Computerworld. http://www.computerworld.com/s/article/9215962/Oak_Ridge_National_Lab_shuts_ down_Internet_email_after_cyberattack Whitman, M.E., and Mattord, H.J. (2010). Management of information security (3rd ed.). Boston, MA: Course Technology. ISBN: 1435488849 or 978-1435488847. Web Sites CSO: Security and Risk http://www.csoonline.com/ Dark Reading http://www.darkreading.com/ HIPAA o Security Rule http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/index.html o GLBA http://www.ftc.gov/privacy/privacyinitiatives/glbact.html o FERPA http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html o FISMA http://csrc.nist.gov/drivers/documents/FISMA-final.pdf IBM: Internet Security Systems http://xforce.iss.net/ SANS http://www.sans.org/top-cyber-security-risks/ SecurityNewsPortal.com http://www.securitynewsportal.com/index.shtml SearchSecurity.com http://searchsecurity.techtarget.com/ Uptime Institute: The Global Data Center Authority http://www.uptimeinstitute.org/