Information Science Print Price Includes Complimentary Institutional Online Access for the Life of the Edition The premier reference source for computer science and information technology management REFERENCE New Release August 2008 Handbook of Research on Information Security and Assurance Edited by: Jatinder N. D. Gupta, The University of Alabama in Huntsville, USA and Sushil K. Sharma, Ball State University, USA 13-digit ISBN: 978-1-59904-855-0 586 pages; 2009 Copyright Price: US $265.00 (hardcover and online access*) Pre-pub price§: US $235.00 Online Access only**: US $215.00 Illustrations: figures, tables (8 1/2” x 11”) Translation Rights: World *Paperback is not available. §Pre-pub price is good through one month after publication. ** Online access is for libraries and is good for the life of the edition. While emerging information and Internet ubiquitous technologies provide tremendous positive opportunities, there are still numerous vulnerabilities “This handbook of research provides a associated with technology. Attacks on computer systems are increasing in reference resource for both information sophistication and potential devastation more than ever before. As such, science and technology researchers and organizations need to stay abreast of the latest protective measures and seralso decision makers in obtaining a greater vices to prevent cyber attacks. understanding of the concepts, issues, problems, trends, challenges and opportuThe Handbook of Research on Information Security and Assurnities related to this field of study.” ance offers comprehensive definitions and explanations on topics such as - Jatinder N. D. Gupta, The University of firewalls, information warfare, encryption standards, and social and ethical Alabama in Huntsville, USA concerns in enterprise security. Edited by scholars in information science, this reference provides tools to combat the growing risk associated with technology. Subject: IT Security/Ethics; Web Technologies; Mobile/Wireless Computing; Networking/Telecommunications; Human Aspects Technology Market: This essential reference publication is for all academic and research libraries, as well as all public administration and governmental libraries. Professionals and practitioners, as well as all computer users who are interested in protecting their information will find this publication a valuable reference. Excellent addition to your library! Recommend to your acquisitions librarian. www.info-sci-ref.com Handbook of Research on Information Security and Assurance Edited by: Jatinder N. D. Gupta, The University of Alabama in Huntsville, USA, Sushil K. Sharma, Ball State University, USA Table of Contents Chapter XVIII: Aspect-Oriented analysis of security in Section I: Enterprise security Object- Oriented Distributed Virtual Environments Chapter I: Ransomware: A New Cyber Hijacking Threat to Li Yang, University of Tennessee at Chattanooga, USA Enterprise Raimund K. Ege, Northern Illinois University, USA Xin Luo, Virginia State University Lin Luo, Florida International University, USA Qinyu Liao, University of Texas at Brownsville Chapter XIX: Information Availability Chapter II: E-Commerce: The Benefits Security Risks and Deepak Khazanchi, University of Nebraska at Omaha, USA Counter Risks Andrew P. Martin, University of Nebraska at Omaha, USA Jillian K. Lando, Syracuse University, USA Chapter XX: Formal Analysis and Design of AuthenticaJoon S. Park, Syracuse University, USA tion Protocols Chapter III:Information Warfare: Survival of the Fittest Siraj Ahmed Shaikh, United Nations University (UNU), Macau SAR Pamela Ajoku, University of Pittsburgh, U.S.A. China Chapter IV: Evolution of Enterprise Security Federation Chapter XXI: An Access Control Model for the CompoGaeil An, Electronics and Telecommunications Research Institute, nents in a Distributed System Korea Rajeev R. Raje, Indiana University Purdue University Indianapolis, Joon S. Park, Syracuse University, USA USA Chapter V: A Holistic Approach to Information Security Alex Crespi, Indiana University Purdue University Indianapolis, Assurance and Risk Management in an Enterprise USA Roy Ng, Ryerson University, Canada Omkar J. Tilak, Indiana University Purdue University Indianapolis, Chapter VI: An Integrative Framework for the Study of USA Information Security Research Andrew M. Olson, Indiana University Purdue University IndianapoJohn D’ Arcy, University of Notre Dame, USA lis, USA Anat Hovav, Korea University, Korea Carol C. Burt, Indiana University Purdue University Indianapolis, Chapter VII: Information Systems Risk Management- An USA Audit and Control Control Approach Chapter XXII: Authentication in Electronic Banking: An Aditya Ponnam, Britta Harrison, Investigation of Implications of FFIEC Guidance Ed Watson, Louisiana State University, USA Manish Gupta, State University of New York, USA Chapter VIII: Distributed Denial of Service Attacks in JinKyu Lee, Oklahoma State University, USA Networks H.R. Rao, State Univerity of New York, Buffalo, USA Udaya Kiran Tupakula, Macquarie University, Australia Chapter XXIII: Disruptive Technology Impacts on Security Vijay Varadharajan, Macquarie University, Australia Sue Conger, University of Dallas, USA Section II: Security Approaches, Frameworks, Tools and Brett J.L.Landry, University of Dallas, USA Technologies Security Policies and Procedures Chapter IX: Firewalls: Continuing Solutions for Network Chapter XXIV: Internal Auditing for Information AssurSecurity ance Andy Luse, Iowa State University Sushma Mishra, Virginia Commonwealth University, USA Anthony Townsend, Iowa State University Amita Goyal Chin, Virginia Commonwealth University, USA Kevin Scheibe, Iowa State University Chapter XXV: IT Continuity In the Face of Mishaps Chapter X:An Immune -Inspired Approach to Aomaly William H. Friedman, University of Central Arkansas, USA detection Chapter XXVI: Business Continuity and disaster Recovery Jamie Twycross, University of Nottingham, UK Plans Uwe Aickelin, University of Nottingham, UK Yvette Ghormley, Saint Leo University, USA Chapter XI: Cryptography for Information Security Chapter XXVII:Security policies and Procedures Wasim A Al-Hamdani, Kentucky State University, USA Yvette Ghormley, Saint Leo University, USA Chapter XII: Memory Corruption Attacks, Defenses, and Chapter XXVIII: Enterprise Access Control Policy EngiEvasions neering Framework Carlo Bellettini and Julian L. Rrushi, Università degli Studi di Arjmand Samuel, Ammar Masood, Arif Ghafoor, Aditya Mathur, Milano, Italy Purdue University, USA Chapter XIII: Design and Implementation of a Distributed Chapter XXIX: Security Policy Firewall using Autonomous Agents Sushil K. Sharma, Ball State University, USA Dalila Boughaci, Brahim Oubeka, Abdelkader Aissioui, Habiba Drias Jatinder N.D. Gupta, University of Alabama at Huntsville, USA LRIA – USTHB, Algeria Chapter XXX: Guide to Non-Disclosure Agreements for Belaïd Benhamou, Technopôle de Château-Gombert Researchers Chapter XIV: Formal Verification Centered Development Paul D. Witman, and Kapp L. Johnson, California Lutheran Uniprocess for Security Protocols versity, USA Tom Coffey, University of Limerick, Ireland Chapter XXI: Assurance for Temporal Compatibility Using Reiner Dojen, University of Limerick, Ireland Contracts Chapter XV: Edge-to-Edge Network Monitoring to Detect Omkar J. Tilak,Rajeev R. Raje, Andrew M. Olson , Indiana UniverService Violations and DoS Attacks sity Purdue University Ahsan Habib, Siemens TTB Center, Berkeley, USA Indianapolis,USA Chapter XVI: A”One-Pass” Methodology for Hard Disk Chapter XXXII: Spatial Authentication Using Cell Phones Wipes of Sensitive Data Arjan Durresi Indiana University Purdue University Indianapolis, Doug White, Roger Williams University USA Alan Rea, Western Michigan University MITIGATING SECURITY RISKS Chapter XVII: Securing Email Communication with XML Chapter XXXIII: Plugging Security Holes in Online EnviTechnology ronment Lijun Liao, Mark Manulis, Jörg Schwenk, Horst-Görtz Institute for Sushil K. Sharma, Ball State University, USA IT Security, Germany Jatinder N.D. Gupta,University of Alabama in Huntsville, USA Ajay Gupta, Gsecurity, Inc, USA Chapter XXXIV: Six Keys to Improving Wireless Security Erik Graham, General Dynamics C4 Systems, USA Paul John Steinbart, Arizona State University, USA Chapter XXXV: Human Factors in Information Security and Privacy Robert W. Proctor, Purdue University, USA E. Eugene Schultz, High Tower Technologies, USA Kim-Phuong L. Vu, California State University, USA Chapter XXXVI: Threat Modeling and Secure Software Engineering Process Wm. Arthur Conklin, University of Houston ,USA Chapter XXXVII: Guarding Corporate data from Social Emgineering Christopher M. Botelho, Appalachian State University Joseph A. Cazier, Appalachian State University Chapter XXXVIII: Data Security for Storage Area Networks Tom Clark, Brocade Communications, USA Chapter XXXIX: Security Awareness: Virtual Environments and E-learning Edgar Weippi , Vienna University of Technology and Science , Austria Chapter XL: Security-Efficient Identity Management Using Service Provisioning (Markup Language) Manish Gupta, State University of New York, Buffalo Raj Sharman, State University of New York, Buffalo Chapter XLI: A Strategy for Enterprise VoIP Security Dwayne Stevens, SouthEast Telephone David T. Green, Morehead State University Chapter XLII: Critical Success Factors and Indicators to Improve Information Systems security Management Actions Jose M. Torres, TECNUN University of Navarra. Jose M. Sarriegi, TECNUN, University of Navarra. Javier Santos, TECNUN University of Navarra. Chapter XLIII: Privacy, Societal and Ethical Concerns in Security Rebecca H. Rutherfoord, Southern Polytechnic State University, USA Chapter XLIV: An MDA Compliant Approach for Designing Secure data Warehouse Rodolfo Villarroel, Universidad Católica del Maule, Chile Eduardo Fernández-Medina and Mario Piattini, Universidad de Castilla-La Mancha, Spain Juan Trujillo Universidad de Alicante, Spain Chapter XLV: Survivability Evaluation Modeling Techniqes and Measures Hai Wang and Peng Liu, Pennsylvania State University Chapter XLVI: The last Line of defense: A comparison of Windows and Linux Authentication and Authorization Features Art Taylor , Rider University Chapter XLVII: Bioterrism and Biosecurity M. Pradhan and Y. Xia, Indiana University- Purdue University, Indianapolis About the Main Editor: Jatinder (Jeet) N. D. Gupta is currently Eminent Scholar of Management of Technology, Professor of Management Information Systems, Industrial and Systems Engineering and Engineering Management at the University of Alabama in Huntsville. Most recently, he was professor of management, information and communication sciences, and industry and technology at Ball State University (Muncie, Indiana). He holds a PhD in industrial engineering (with specialization in Production Management and Information Systems) from Texas Tech University. His current research interests include information security, e-Commerce, supply chain management, information and decision technologies, scheduling, planning and control, organizational learning and effectiveness, systems education, knowledge management, and enterprise integration. Sushil K. Sharma is a Professor of information systems in the Department of Information Systems and Operations Management at Ball State University, Muncie, Indiana. Sharma has the distinction of having earned two doctoral degrees one in MIS and the other in management. Prior to joining the faculty at Ball State, Sharma has held the Associate Professor position at the Indian Institute of Management (India) and as a Visiting Research Associate Professor at the Department of Management Science at the University of Waterloo, Canada. Sharma has authored over 100 refereed research papers in many peer-reviewed national and international MIS journals, conferences, proceedings and books. His research, primarily involving e-commerce, computer-mediated communications, information systems security, e-government, ERP systems, community and social informatics, human computer interaction (HCI) and knowledge management has appeared in several reputed MIS and management journals. Excellent addition to your library! Recommend to your acquisitions librarian. www.info-sci-ref.com