Information Management - IT6701

DATABASE MODELLING and MANAGEMENT AND DEVELOPMENT

DATA SECURITY AND PRIVACY

INFORMATION GOVERNANCE

INFORMATION ARCHITECTURE

INFORMATION LIFECYCLE MANAGEMENT

Security in Computing By Charles P Pfleeger

Chapter 1 : Is There a Security Problem in Computing

=> What Does "Secure" Mean?
=> Protecting Software in Automobile Control Systems
=> Attacks
=> Why Universities Are Prime Targets
=> The Meaning of Computer Security
=> Record Record Loss
=> Top Methods of Attack
=> Computer Criminals
=> The Terrorists, Inc., IT Department
=> Methods of Defense

Chapter 2 : Elementary Cryptography

=> Elementary Cryptography
=> Elementary Cryptography - Terminology and Background
=> Substitution Ciphers
=> Transpositions (Permutations)
=> Making "Good" Encryption Algorithms
=> The Data Encryption Standard(DES)
=> The AES Encryption Algorithm
=> Public Key Encryption
=> The Uses of Encryption

Chapter 3 : Program Security

=> Program Security
=> Secure Programs
=> Nonmalicious Program Errors
=> Viruses and Other Malicious Code
=> Nonmalicious Flaws Cause Failures
=> Why Worry About Malicious Code?
=> Kinds of Malicious Code
=> Rapidly Approaching Zero
=> How Viruses Attach
=> How Viruses Gain Control
=> Homes for Viruses
=> Virus Signatures
=> The Source of Viruses
=> Prevention of Virus Infection
=> Truths and Misconceptions About Viruses
=> First Example of Malicious Code: The Brain Virus
=> Example: The Internet Worm
=> More Malicious Code: Code Red
=> Malicious Code on the Web: Web Bugs
=> Is the Cure Worse Than the Disease?
=> Trapdoors - Targeted Malicious Code: Examples, Causes
=> Salami Attack
=> Rootkits and the Sony XCP
=> Privilege Escalation
=> Interface Illusions
=> Keystroke Logging
=> Man-in-the-Middle Attacks
=> Timing Attacks
=> Covert Channels: Programs That Leak Information
=> Controls Against Program Threats
=> The Nature of Software Development
=> Modularity, Encapsulation, and Information Hiding
=> Peer Reviews
=> Hazard Analysis
=> Testing
=> Good Design and Prediction
=> Static Analysis
=> Configuration Management
=> Lessons from Mistakes
=> There's More Than One Way to Crack a System
=> Formal Methods Can Catch Difficult-to-See Problems
=> Programming Practice Conclusions
=> Standards of Program Development
=> Process Standards
=> Program Controls in General

Chapter 4 : Protection in General Purpose Operating Systems

=> Protection in General-Purpose Operating Systems
=> Protected Objects and Methods of Protection
=> Memory and Address Protection
=> Control of Access to General Objects
=> File Protection Mechanisms
=> User Authentication
=> Biometrics: Ready for Prime Time?
=> Passwords as Authenticators
=> Additional Authentication Information
=> Attacks on Passwords
=> Password Selection Criteria
=> The Authentication Process
=> Biometrics: Authentication Not Using Passwords

Chapter 5 : Designing Trusted Operating Systems

=> Designing Trusted Operating Systems
=> What Is a Trusted System?
=> Security Policies
=> Models of Security
=> Trusted Operating System Design
=> The Importance of Good Design Principles
=> Trusted System Design Elements
=> Security Features of Ordinary Operating Systems
=> Security Features of Trusted Operating Systems
=> Kernelized Design
=> Separation/Isolation
=> Virtualization
=> Layered Design
=> Assurance in Trusted Operating Systems
=> Typical Operating System Flaws
=> Assurance Methods
=> Open Source
=> Evaluation
=> Security as an Add-On

Chapter 6 : Database and Data Mining Security

=> Database and Data Mining Security
=> Introduction to Databases
=> Security Requirements
=> Reliability and Integrity
=> Sensitive Data
=> Inference
=> Multilevel Databases
=> Proposals for Multilevel Security
=> Data Mining

Chapter 7 : Security in Networks

=> Security in Networks
=> Network Concepts
=> Network Media
=> Network Protocols
=> Types of Networks
=> Threats in Networks
=> Who Attacks Networks?
=> Threats in Transit: Eavesdropping and Wiretapping
=> Protocol Flaws
=> Impersonation
=> Message Confidentiality Threats
=> Message Integrity Threats
=> Format Failures
=> Web Site Vulnerabilities
=> Denial of Service
=> Distributed Denial of Service
=> Threats in Active or Mobile Code
=> Threats in Active or Mobile Code
=> Networks Complex Attacks
=> Network Security Controls - Security Threat Analysis
=> Architecture - Security in Networks
=> Encryption - Security in Networks
=> Content Integrity - Security in Networks
=> Strong Authentication and Kerberos - Security in Networks
=> Access Controls - Security in Networks
=> Wireless Networks Security
=> Honeypots, Alarms and Alerts - Security in Networks
=> Traffic Flow Security
=> Firewalls
=> Types of Firewalls
=> Example Firewall Configurations
=> Intrusion Detection Systems
=> Types of IDSs(Intrusion Detection Systems)
=> Goals for Intrusion Detection Systems
=> Intrusion Detection Systems(IDS) Strengths and Limitations
=> Secure E-Mail

Chapter 8 : Administering Security

=> Administering Security
=> Security Planning
=> Contents of a Security Plan
=> Security Planning Team Members
=> Assuring Commitment to a Security Plan
=> Business Continuity Plans
=> Incident Response Plans
=> Risk Analysis
=> The Nature of Risk
=> Steps of a Risk Analysis
=> Arguments For and Against Risk Analysis
=> Organizational Security Policies
=> Characteristics of a Good Security Policy
=> Policy Issue Example: Government E-mail
=> Physical Security
=> Interception of Sensitive Information
=> Contingency Planning
=> Physical Security Recap

Chapter 9 : The Economics of Cybersecurity

=> The Economics of Cybersecurity
=> Making a Business Case
=> Quantifying Security
=> The Economic Impact of Cybersecurity
=> Data to Justify Security Action
=> A Summary of Recent Security Surveys
=> Are the Data Representative?
=> Sources of Attack and Financial Impact
=> Modeling Cybersecurity
=> Current Research and Future Directions

Chapter 10 : Privacy in Computing

=> Privacy in Computing
=> Privacy Concepts
=> Computer-Related Privacy Problems
=> Privacy Principles and Policies
=> Authentication and Privacy
=> What Authentication Means
=> Data Mining
=> Privacy on the Web
=> Spyware
=> Shopping on the Internet
=> E-Mail Security
=> Impacts on Emerging Technologies

Chapter 11 : Legal and Ethical Issues in Computer Security

=> Legal and Ethical Issues in Computer Security
=> Protecting Programs and Data
=> Copyrights - Protecting Programs and Data
=> Patents - Protecting Programs and Data
=> Trade Secrets
=> Protection for Computer Objects
=> Information and the Law
=> Rights of Employees and Employers
=> Redress for Software Failures
=> Computer Crime
=> Why Computer Crime Is Hard to Define and Prosecute
=> Examples of Statutes
=> International Dimensions
=> Why Computer Criminals Are Hard to Catch
=> What Computer Crime Does Not Address
=> Cryptography and the Law
=> Ethical Issues in Computer Security
=> Case Studies of Ethics: Use of Computer Services
=> Case Studies of Ethics: Privacy Rights
=> Case Studies of Ethics: Denial of Service
=> Case Studies of Ethics: Ownership of Programs
=> Case Studies of Ethics: Proprietary Resources
=> Case Studies of Ethics: Fraud
=> Case Studies of Ethics: Accuracy of Information
=> Case Studies of Ethics: Ethics of Hacking or Cracking
=> Codes of Computer Ethics

Chapter 12 : Cryptography Explained

=> Cryptography Explained
=> Mathematics for Cryptography
=> Symmetric Encryption
=> Data Encryption Standard
=> Advanced Encryption Standard
=> Public Key Encryption Systems
=> MerkleHellman Knapsacks
=> RivestShamirAdelman (RSA) Encryption
=> The El Gamal and Digital Signature Algorithms
=> Quantum Cryptography

Information Architecture on the World Wide Web by Peter Morville

Chapter 1 : What Makes a Web Site Work

=> What Makes a Web Site Work
=> Consumer Sensitivity Boot Camp
=> Web Site Work - If You Don't Like to Exercise
=> The Role of the Information Architect

Chapter 2 : Introduction to Information Architecture

=> Who Should Be the Information Architect?
=> Collaboration and Communication
=> Organizing Information

Chapter 3 : Organizing Information

=> Organizing Information
=> Organizational Challenges
=> Organizing Web Sites and Intranets
=> Creating Cohesive Organization Systems
=> Designing Navigation Systems

Chapter 4 : Designing Navigation Systems

=> Designing Navigation Systems
=> Browser Navigation Features
=> Building Context
=> Improving Flexibility
=> Types of Navigation Systems
=> Integrated Navigation Elements
=> Remote Navigation Elements
=> Designing Elegant Navigation Systems
=> Labeling Systems

Chapter 5 : Labeling Systems

=> Labeling Systems
=> Why You Should Care About Labeling
=> Labeling Systems, Not Labels
=> Types of Labeling Systems
=> Creating Effective Labeling Systems
=> Fine-Tuning the Labeling System
=> Non-Representational Labeling Systems
=> A Double Challenge - Labeling Systems
=> Searching and Your Web Site

Chapter 6 : Searching Systems

=> Searching and Your Web Site
=> Understanding How Users Search
=> Designing the Search Interface
=> In an Ideal World: The Reference Interview
=> Indexing the Right Stuff
=> To Search or Not To Search?
=> Research

Chapter 7 : Research

=> Research
=> Research: Defining Goals
=> Learning About the Intended Audiences
=> Identifying Content and Function Requirements
=> Grouping Content
=> Conceptual Design

Chapter 8 : Conceptual Design

=> Conceptual Design
=> Brainstorming with White Boards and Flip Charts
=> Metaphor Exploration
=> High-Level Architecture Blueprints
=> Architectural Page Mockups
=> Design Sketches
=> Web-Based Prototypes
=> Production and Operations

Chapter 9 : Production and Operations

=> Production and Operations
=> Detailed Architecture Blueprints
=> Content Mapping
=> Web Page Inventory
=> Point-of-Production Architecture
=> Architecture Style Guides
=> Learning from Users
=> Information Architecture in Action

Chapter 10 : Information Architecture in Action

=> Information Architecture in Action
=> Archipelagoes of Information
=> A Case Study: Henry Ford Health System