Database Design and Development: A Visual Approach
Author: Raymond Frost
For students in the introductory course in database who want to learn how to design rather than just manipulate relational databases.The book that balances database theory, business problem solving, and hands-on-practice. This book prepares student for the workplace without sacrificing rigorous academic theory.
Book review: Kostenmanagement: Eine Strategische Betonung
Cyber-threats, Information Warfare, and Critical Infrastructure Protection: Defending the U.S. Homeland
Author: Anthony H H Cordesman
Information warfare is upon us. In the last two decades, the U.S. economy's infrastructure has undergone a fundamental set of changes, relying increasingly on its service sector and high technology economy. The U.S. depends on computers, electronic data storage and transfers, and highly integrated communications networks. Its rapidly developing new form of critical infrastructure is exceedingly vulnerable to an emerging host of threats. This detailed volume examines the dangers of, and the evolving U.S. policy response to, cyberterrorism.
Table of Contents:
| Acknowledgments | ix | |
| Chapter 1 | The Changing Nature of Critical Infrastructure Protection | 1 |
| The Problem of Evolving Technology | 2 | |
| The Uncertain Balance of Risks and Non-risks in Cyber-attacks | 2 | |
| The Disconnect between Cyber-defense and Cyber-offense | 3 | |
| The Lack of Credible Risk and Vulnerability Assessments | 4 | |
| Governmental and Private Sector Efforts to Respond | 5 | |
| Chapter 2 | Threat Assessment | 11 |
| The President's Commission on Critical Infrastructure Protection Characterization of the Threat | 13 | |
| The National Infrastructure Protection Center's (NIPC) View of the Threat | 14 | |
| Intelligence Community Assessments of the Threat | 23 | |
| CIA Testimony on the Threat | 23 | |
| National Intelligence Council's Estimate of the Threat | 30 | |
| Incidents of "Cyber-warfare": The Kosovo Crisis | 34 | |
| Serbia's Role in Information Warfare | 36 | |
| NATO's Role in Information Warfare | 37 | |
| Is Information Warfare and Retaliation Legal and Worth Its Costs? | 38 | |
| Lower-Level Incidents of "Cyber-warfare" | 39 | |
| Moonlight Maze | 39 | |
| Solar Sunrise | 40 | |
| Rome Labs Incident | 41 | |
| The Computer Security Institute's Survey of the Threat | 43 | |
| Computer Emergency Response Team's (CERT) Assessment of Threat | 47 | |
| Challenges in Improving the Assessment of the Threat | 49 | |
| Chapter 3 | Evolving U.S. Policy and Response | 53 |
| The Beginnings: The Computer Security Act and Clinger-Cohen Act | 54 | |
| The Federal Government Redefines Critical Infrastructure and Agency Responsibilities | 55 | |
| Executive Order 13010 | 56 | |
| The President's Commission on Critical Infrastructure Protection | 57 | |
| Presidential Decision Directive-63 (PDD-63) | 59 | |
| Lead Agencies for Sector Liaison | 61 | |
| Lead Agencies for Special Functions | 62 | |
| A New Structure for Interagency Coordination | 63 | |
| National Infrastructure Protection Center (NIPC) | 64 | |
| Information Sharing and Analysis Center (ISAC) | 65 | |
| National Infrastructure Assurance Council | 66 | |
| National Infrastructure Assurance Plan | 67 | |
| Studies and Research | 68 | |
| Cooperation with the Private and Civil Sectors | 69 | |
| Annual Report on Implementation | 70 | |
| National Plan for Information Systems Protection | 71 | |
| National Plan for Information Systems Protection, Version One | 71 | |
| GAO Comments on the National Plan for Information Systems Protection | 73 | |
| Oplan 3600 | 82 | |
| The Success of the Federal Government Effort to Date | 82 | |
| Chapter 4 | Analyzing Federal Critical Infrastructure Programs by Department and Agency | 85 |
| The National Plan for Information Systems Estimate | 85 | |
| The OMB Analysis | 88 | |
| Annual Report to Congress on Combating Terrorism | 89 | |
| Government-wide Spending on CIP | 91 | |
| Efforts by Federal Agencies | 92 | |
| Department of Agriculture | 94 | |
| Department of Commerce | 96 | |
| Critical Infrastructure Assurance Office | 106 | |
| Department of Energy | 106 | |
| Environmental Protection Agency and GAO Audits | 107 | |
| Health and Human Services | 107 | |
| Department of Interior | 108 | |
| Department of Justice | 108 | |
| NASA | 108 | |
| GAO Assessments of NASA Information Security | 108 | |
| National Science Foundation | 110 | |
| National Security Community | 111 | |
| The Role of the Department of Defense | 112 | |
| Patterns of Attack and Response | 114 | |
| Major DoD Cyber-defense Programs | 116 | |
| GAO Critiques of DoD Efforts: The 1996 Study | 120 | |
| The GAO's 1999 Recommendations | 122 | |
| DoD Progress in Addressing Security Weakness | 127 | |
| Cyber and Information Warfare and the Role of the Intelligence Community | 128 | |
| Total Spending on National Security Activity | 131 | |
| Department of State | 131 | |
| Department of Transportation | 131 | |
| Department of Treasury | 132 | |
| Department of Veterans Affairs | 132 | |
| Chapter 5 | Assessments of Effectiveness | 133 |
| Independent U.S. Government Efforts to Assess Risk, Cost, and Benefits: GAO Testimony of October 6, 1999 | 133 | |
| Management Recommendations Within Brock's Testimony | 136 | |
| Independent U.S. Government Efforts to Assess Risk, Cost, and Benefits: GAO Testimony of March 29, 2000 | 141 | |
| Weaknesses in Controls | 141 | |
| Raise Awareness | 143 | |
| Implement Software Patches | 144 | |
| Routinely Use Automated Tools to Monitor Security | 144 | |
| Identify and Propagate Pockets of Excellence | 145 | |
| Focus on the Most Common Vulnerabilities First | 145 | |
| Enforce a Strong Management Approach | 145 | |
| Preliminary Analysis of GAO Findings | 146 | |
| Other Efforts to Assess Risk, Cost, and Benefits | 147 | |
| Technical Risks, Test, and Evaluations of IW Programs | 149 | |
| Chapter 6 | Role of State and Local Governments | 151 |
| Chapter 7 | Role of Private Industry | 153 |
| Chapter 8 | Lessons from Other Nations: International Vulnerability | 157 |
| Chapter 9 | Conclusions and Recommendations | 167 |
| Notes | 181 |
No comments:
Post a Comment