Information Science
Print Price Includes Complimentary Institutional
Online Access for the Life of the Edition
The premier reference source for computer science
and information technology management
REFERENCE
New Release
August 2008 Handbook of Research on Information Security
and Assurance
Edited by: Jatinder N. D. Gupta, The University of Alabama
in Huntsville, USA and Sushil K. Sharma, Ball State
University, USA
13-digit ISBN: 978-1-59904-855-0
586 pages; 2009 Copyright
Price: US $265.00 (hardcover and online access*)
Pre-pub price§: US $235.00 Online Access only**: US $215.00
Illustrations: figures, tables (8 1/2” x 11”) Translation Rights: World
*Paperback is not available. §Pre-pub price is good through one month after publication.
** Online access is for libraries and is good for the life of the edition.
While emerging information and Internet ubiquitous technologies provide
tremendous positive opportunities, there are still numerous vulnerabilities
“This handbook of research provides a
associated with technology. Attacks on computer systems are increasing in
reference resource for both information
sophistication and potential devastation more than ever before. As such,
science and technology researchers and
organizations need to stay abreast of the latest protective measures and seralso decision makers in obtaining a greater
vices to prevent cyber attacks.
understanding of the concepts, issues,
problems, trends, challenges and opportuThe Handbook of Research on Information Security and Assurnities related to this field of study.”
ance offers comprehensive definitions and explanations on topics such as
- Jatinder N. D. Gupta, The University of
firewalls, information warfare, encryption standards, and social and ethical
Alabama in Huntsville, USA
concerns in enterprise security. Edited by scholars in information science,
this reference provides tools to combat the growing risk associated with
technology.
Subject:
IT Security/Ethics; Web Technologies; Mobile/Wireless Computing;
Networking/Telecommunications; Human Aspects Technology
Market:
This essential reference publication is for all academic and research
libraries, as well as all public administration and governmental
libraries. Professionals and practitioners, as well as all computer users
who are interested in protecting their information will find this publication a valuable reference.
Excellent addition to your library! Recommend to your acquisitions librarian.
www.info-sci-ref.com
Handbook of Research on Information Security and Assurance Edited by: Jatinder N. D. Gupta, The University of Alabama in Huntsville, USA, Sushil K. Sharma, Ball State University, USA
Table of Contents
Chapter XVIII: Aspect-Oriented analysis of security in
Section I: Enterprise security
Object- Oriented Distributed Virtual Environments
Chapter I: Ransomware: A New Cyber Hijacking Threat to
Li Yang, University of Tennessee at Chattanooga, USA
Enterprise
Raimund K. Ege, Northern Illinois University, USA
Xin Luo, Virginia State University
Lin Luo, Florida International University, USA
Qinyu Liao, University of Texas at Brownsville
Chapter XIX: Information Availability
Chapter II: E-Commerce: The Benefits Security Risks and
Deepak Khazanchi, University of Nebraska at Omaha, USA
Counter Risks
Andrew P. Martin, University of Nebraska at Omaha, USA
Jillian K. Lando, Syracuse University, USA
Chapter XX: Formal Analysis and Design of AuthenticaJoon S. Park, Syracuse University, USA
tion Protocols
Chapter III:Information Warfare: Survival of the Fittest
Siraj Ahmed Shaikh, United Nations University (UNU), Macau SAR
Pamela Ajoku, University of Pittsburgh, U.S.A.
China
Chapter IV: Evolution of Enterprise Security Federation
Chapter XXI: An Access Control Model for the CompoGaeil An, Electronics and Telecommunications Research Institute,
nents in a Distributed System
Korea
Rajeev R. Raje, Indiana University Purdue University Indianapolis,
Joon S. Park, Syracuse University, USA
USA
Chapter V: A Holistic Approach to Information Security
Alex Crespi, Indiana University Purdue University Indianapolis,
Assurance and Risk Management in an Enterprise
USA
Roy Ng, Ryerson University, Canada
Omkar J. Tilak, Indiana University Purdue University Indianapolis,
Chapter VI: An Integrative Framework for the Study of
USA
Information Security Research
Andrew M. Olson, Indiana University Purdue University IndianapoJohn D’ Arcy, University of Notre Dame, USA
lis, USA
Anat Hovav, Korea University, Korea
Carol C. Burt, Indiana University Purdue University Indianapolis,
Chapter VII: Information Systems Risk Management- An
USA
Audit and Control Control Approach
Chapter XXII: Authentication in Electronic Banking: An
Aditya Ponnam, Britta Harrison,
Investigation of Implications of FFIEC Guidance
Ed Watson, Louisiana State University, USA
Manish Gupta, State University of New York, USA
Chapter VIII: Distributed Denial of Service Attacks in
JinKyu Lee, Oklahoma State University, USA
Networks
H.R. Rao, State Univerity of New York, Buffalo, USA
Udaya Kiran Tupakula, Macquarie University, Australia
Chapter XXIII: Disruptive Technology Impacts on Security
Vijay Varadharajan, Macquarie University, Australia
Sue Conger, University of Dallas, USA
Section II: Security Approaches, Frameworks, Tools and
Brett J.L.Landry, University of Dallas, USA
Technologies
Security Policies and Procedures
Chapter IX: Firewalls: Continuing Solutions for Network
Chapter XXIV: Internal Auditing for Information AssurSecurity
ance
Andy Luse, Iowa State University
Sushma Mishra, Virginia Commonwealth University, USA
Anthony Townsend, Iowa State University
Amita Goyal Chin, Virginia Commonwealth University, USA
Kevin Scheibe, Iowa State University
Chapter XXV: IT Continuity In the Face of Mishaps
Chapter X:An Immune -Inspired Approach to Aomaly
William H. Friedman, University of Central Arkansas, USA
detection
Chapter XXVI: Business Continuity and disaster Recovery
Jamie Twycross, University of Nottingham, UK
Plans
Uwe Aickelin, University of Nottingham, UK
Yvette Ghormley, Saint Leo University, USA
Chapter XI: Cryptography for Information Security
Chapter XXVII:Security policies and Procedures
Wasim A Al-Hamdani, Kentucky State University, USA
Yvette Ghormley, Saint Leo University, USA
Chapter XII: Memory Corruption Attacks, Defenses, and
Chapter XXVIII: Enterprise Access Control Policy EngiEvasions
neering Framework
Carlo Bellettini and Julian L. Rrushi, Università degli Studi di
Arjmand Samuel, Ammar Masood, Arif Ghafoor, Aditya Mathur,
Milano, Italy
Purdue University, USA
Chapter XIII: Design and Implementation of a Distributed
Chapter XXIX: Security Policy
Firewall using Autonomous Agents
Sushil K. Sharma, Ball State University, USA
Dalila Boughaci, Brahim Oubeka, Abdelkader Aissioui, Habiba Drias
Jatinder N.D. Gupta, University of Alabama at Huntsville, USA
LRIA – USTHB, Algeria
Chapter XXX: Guide to Non-Disclosure Agreements for
Belaïd Benhamou, Technopôle de Château-Gombert
Researchers
Chapter XIV: Formal Verification Centered Development
Paul D. Witman, and Kapp L. Johnson, California Lutheran Uniprocess for Security Protocols
versity, USA
Tom Coffey, University of Limerick, Ireland
Chapter XXI: Assurance for Temporal Compatibility Using
Reiner Dojen, University of Limerick, Ireland
Contracts
Chapter XV: Edge-to-Edge Network Monitoring to Detect
Omkar J. Tilak,Rajeev R. Raje, Andrew M. Olson , Indiana UniverService Violations and DoS Attacks
sity Purdue University
Ahsan Habib, Siemens TTB Center, Berkeley, USA
Indianapolis,USA
Chapter XVI: A”One-Pass” Methodology for Hard Disk
Chapter XXXII: Spatial Authentication Using Cell Phones
Wipes of Sensitive Data
Arjan Durresi Indiana University Purdue University Indianapolis,
Doug White, Roger Williams University
USA
Alan Rea, Western Michigan University
MITIGATING SECURITY RISKS
Chapter XVII: Securing Email Communication with XML
Chapter XXXIII: Plugging Security Holes in Online EnviTechnology
ronment
Lijun Liao, Mark Manulis, Jörg Schwenk, Horst-Görtz Institute for
Sushil K. Sharma, Ball State University, USA
IT Security, Germany
Jatinder N.D. Gupta,University of Alabama in Huntsville, USA
Ajay Gupta, Gsecurity, Inc, USA
Chapter XXXIV: Six Keys to Improving Wireless Security
Erik Graham, General Dynamics C4 Systems, USA
Paul John Steinbart, Arizona State University, USA
Chapter XXXV: Human Factors in Information Security
and Privacy
Robert W. Proctor, Purdue University, USA
E. Eugene Schultz, High Tower Technologies, USA
Kim-Phuong L. Vu, California State University, USA
Chapter XXXVI: Threat Modeling and Secure Software
Engineering Process
Wm. Arthur Conklin, University of Houston ,USA
Chapter XXXVII: Guarding Corporate data from Social
Emgineering
Christopher M. Botelho, Appalachian State University
Joseph A. Cazier, Appalachian State University
Chapter XXXVIII: Data Security for Storage Area Networks
Tom Clark, Brocade Communications, USA
Chapter XXXIX: Security Awareness: Virtual Environments and E-learning
Edgar Weippi , Vienna University of Technology and Science ,
Austria
Chapter XL: Security-Efficient Identity Management Using
Service Provisioning (Markup Language)
Manish Gupta, State University of New York, Buffalo
Raj Sharman, State University of New York, Buffalo
Chapter XLI: A Strategy for Enterprise VoIP Security
Dwayne Stevens, SouthEast Telephone
David T. Green, Morehead State University
Chapter XLII: Critical Success Factors and Indicators
to Improve Information Systems security Management
Actions
Jose M. Torres, TECNUN University of Navarra.
Jose M. Sarriegi, TECNUN, University of Navarra.
Javier Santos, TECNUN University of Navarra.
Chapter XLIII: Privacy, Societal and Ethical Concerns in
Security
Rebecca H. Rutherfoord, Southern Polytechnic State University,
USA
Chapter XLIV: An MDA Compliant Approach for Designing Secure data Warehouse
Rodolfo Villarroel, Universidad Católica del Maule, Chile
Eduardo Fernández-Medina and Mario Piattini, Universidad de
Castilla-La Mancha, Spain
Juan Trujillo Universidad de Alicante, Spain
Chapter XLV: Survivability Evaluation Modeling Techniqes and Measures
Hai Wang and Peng Liu, Pennsylvania State University
Chapter XLVI: The last Line of defense: A comparison of
Windows and Linux Authentication and Authorization
Features
Art Taylor , Rider University
Chapter XLVII: Bioterrism and Biosecurity
M. Pradhan and Y. Xia, Indiana University- Purdue University,
Indianapolis
About the Main Editor:
Jatinder (Jeet) N. D. Gupta is currently Eminent Scholar of Management of Technology, Professor of Management Information Systems, Industrial and
Systems Engineering and Engineering Management at the University of Alabama in Huntsville. Most recently, he was professor of management, information and
communication sciences, and industry and technology at Ball State University (Muncie, Indiana). He holds a PhD in industrial engineering (with specialization
in Production Management and Information Systems) from Texas Tech University. His current research interests include information security, e-Commerce,
supply chain management, information and decision technologies, scheduling, planning and control, organizational learning and effectiveness, systems education,
knowledge management, and enterprise integration.
Sushil K. Sharma is a Professor of information systems in the Department of Information Systems and Operations Management at Ball State University, Muncie, Indiana. Sharma has the distinction of having earned two doctoral degrees one in MIS and the other in management. Prior to joining the faculty at Ball State,
Sharma has held the Associate Professor position at the Indian Institute of Management (India) and as a Visiting Research Associate Professor at the Department
of Management Science at the University of Waterloo, Canada. Sharma has authored over 100 refereed research papers in many peer-reviewed national and international MIS journals, conferences, proceedings and books. His research, primarily involving e-commerce, computer-mediated communications, information
systems security, e-government, ERP systems, community and social informatics, human computer interaction (HCI) and knowledge management has appeared
in several reputed MIS and management journals.
Excellent addition to your library! Recommend to your acquisitions librarian.
www.info-sci-ref.com