| Introduction - The Scope of the Work and its Methodology | p. 1 |
| Defining Security and Privacy | p. 2 |
| The Importance of Standards | p. 4 |
| Technological Issues | p. 7 |
| Organization and the Human Factor | p. 8 |
| Legal Frameworks | p. 9 |
| Before Proceeding Further | p. 10 |
| Organization, Security and Privacy | p. 13 |
| Recent History of the Field | p. 13 |
| Frameworks Level | p. 15 |
| Assets | p. 17 |
| Threats | p. 17 |
| Vulnerabilities | p. 18 |
| Risks and Impacts | p. 18 |
| Safeguards and Residual Risk | p. 18 |
| The Concept of Security Management Processes | p. 19 |
| Techniques for ISs Security Management | p. 19 |
| Security Objectives and Strategies | p. 20 |
| Security Related Organizational Issues | p. 21 |
| Risk Analysis | p. 21 |
| Safeguards Selection, Security Policy Definition and its Realization | p. 26 |
| Supervision and Incident Handling | p. 27 |
| Particular Implementations Level | p. 27 |
| General Hints for Selection of Safeguards | p. 28 |
| Organizational Safeguards | p. 29 |
| Personnel Security | p. 29 |
| Physical and Environmental Security | p. 30 |
| Access Control, Communications and Operations Security | p. 31 |
| ISs Development, Maintenance, and Monitoring | p. 33 |
| Incident Handling | p. 36 |
| Business Continuity Planning | p. 36 |
| Compliance and Auditing | p. 37 |
| Security Awareness | p. 38 |
| Standardized Safeguard Templates | p. 39 |
| Organizational Safeguard Templates | p. 39 |
| Technology Compliance Safeguards | p. 39 |
| Security Technology: Concepts and Models | p. 43 |
| Security Mechanisms | p. 44 |
| Pseudorandom Number Generators | p. 44 |
| One-way Hash Functions | p. 45 |
| Symmetric Algorithms | p. 47 |
| Asymmetric Algorithms | p. 51 |
| Steganography and Watermarking | p. 54 |
| Cryptographic Protocols | p. 56 |
| A Brief Overview of Computer Communications | p. 57 |
| Security Services | p. 59 |
| Models of Security Services | p. 59 |
| The Relationships Between Security Services | p. 64 |
| Key Management | p. 66 |
| Key Generation | p. 66 |
| Key Distribution | p. 66 |
| Complementary Key Management Activities | p. 68 |
| Security Infrastructure | p. 69 |
| Public Key Infrastructure | p. 69 |
| Authentication and Authorization Infrastructure | p. 75 |
| Network Layer Security - IPSec | p. 78 |
| Secure Sockets Layer and Transport Layer Security | p. 91 |
| Secure/Multipurpose Internet Mail Extensions | p. 95 |
| One-time Password Systems | p. 100 |
| Firewalls | p. 101 |
| Intrusion Detection Systems | p. 105 |
| Extensible Markup Language Security | p. 107 |
| Smart cards | p. 115 |
| Biometrics Based Technology | p. 117 |
| Security Services as the Basis for e-Business Processes | p. 120 |
| Electronic Payment Systems | p. 120 |
| Web Services | p. 122 |
| Privacy Enabling Technologies | p. 131 |
| A Different Paradigm - Wireless Networking | p. 133 |
| Legal Aspects of ISs Security and Privacy | p. 137 |
| Cryptography in General | p. 137 |
| Digital Signatures | p. 140 |
| Privacy Issues | p. 141 |
| Privacy and Electronic Communications | p. 143 |
| Workplace Privacy | p. 144 |
| Spamming | p. 145 |
| Electronic Tracking Technologies | p. 146 |
| Identity Theft | p. 146 |
| ISs and Software Liability | p. 146 |
| Intellectual Property Rights | p. 148 |
| Computer Forensics | p. 149 |
| Where Are We Headed? | p. 151 |
| Appendix | p. 155 |
| Brief Mathematical Preliminaries | p. 156 |
| Information Theory | p. 156 |
| Complexity Theory | p. 161 |
| Abstract Algebra | p. 162 |
| Number Theory | p. 163 |
| Computing Inverses and Exponentiation in <$>{\op Z}_n<$> | p. 167 |
| Computational Complexities in <$>{\op Z}_n<$> | p. 168 |
| Cryptographic Primitives | p. 169 |
| One-way Hash Functions | p. 169 |
| Pseudorandom Number Generators | p. 174 |
| Triple DES | p. 175 |
| RSA Algorithm | p. 183 |
| Diffie-Hellman Key Agreement | p. 184 |
| Formal Methods | p. 185 |
| Overview of Formal Methods | p. 185 |
| Introduction to Logic BAN | p. 186 |
| Language Z Overview | p. 193 |
| Emerging Formal Methods | p. 198 |
| Socio-Technical Systems Modeling and Simulation | p. 198 |
| Business Dynamics | p. 199 |
| Agent Technologies | p. 205 |
| Further Reading | p. 209 |
| Listing of the Simulation Model | p. 211 |
| References | p. 213 |
| Table of Contents provided by Publisher. All Rights Reserved. |
