I&A (identification and authentication), 42, 44
IAB (Internet Architecture Board), “Ethics and the Internet”, 334
ICMP (Internet Control Message Protocol), 94, BC13
ICMP flood attack, 117
icons used in this book, 4
IDEA (International Data Encryption Algorithm) cipher, 203
identification, 42, 44, 347–348, BC13
identification and authentication (I&A), 42, 44
identity management, 132–133, BC13
identity theft, 159
IDS (intrusion detection system), 108–109, 269–270, BC14
IEEE 802 standards, 82
IETF (Internet Engineering Task Force)
IPSec standard, 106, 215, BC14
L2TP standard, 106, BC15
PEM standard, 99, 213, BC19
S/MIME standard, 99, 212, BC24
IKE (Internet Key Exchange), 107, 216
implementation attack, 217
incident management, 271–272
indexed addressing, 228
indirect addressing, 228
industrial espionage, 254
inference, 159, BC13
inference channel, BC14
inference engine, 161, BC14
information custodian, 137, BC8, BC14
information flow model, 67, 235, BC14
information owner, 136–137, BC14, BC19
Information Security and Risk Management domain C-I-A (confidentiality, integrity, availability), 124–125
data classification, 127–129
defense-in-depth, 125
definition, 21, 123–124
goals, 129
guidelines, 130, 131
mission statement, 129
objectives, 129
personnel security, 133–138
policy, 130, 131
prep test questions about, 149–151
procedures, 130, 132
resources for, 148
risk analysis, 141–144
risk control, 144–145
risk, definition of, 139
risk identification, 139–141
security awareness, 146–147
security management practices, 132–133
single point of failure, avoiding, 126
standards, 130, 131
information security laws, 316–323
Information Systems Audit and Control Association (ISACA), 379–380
Information Technology Security Evaluation Criteria, European (ITSEC), BC15
informative policies, 131
INFOSYSSEC Web site, BC32
infrastructure support, loss of, 254
inheritance, 158
initialization vector (IV), 200
inrush, BC14
instance, 157, 158
instantiation, 157
Institute of Electrical and Electronic Engineers (IEEE), 802 standards, 82
Integrated Services Digital Network (ISDN), 88, BC15
integrity
cryptography for, 190
data integrity, in distributed applications, 155
definition, 125, BC14
software integrity, 154
integrity verification procedures (IVP), 66, 235
intellectual property, 312–314, BC14
interface types, for network, 80
International Council of E-Commerce Consultants, 379
International Data Encryption Algorithm (IDEA) cipher, 203
International Information Systems Security Certifications Consortium. See (ISC2)
international law, 307
Internet, BC14
Internet Architecture Board (IAB), “Ethics and the Internet”, 334
Internet Control Message Protocol (ICMP), 94, BC13
Internet Engineering Task Force. See IETF
Internet Key Exchange (IKE), 107, 216
Internet Layer, TCP/IP model, 100
Internet Protocol (IP), 92–93, 96, BC14
Internet Protocol Security (IPSec), 106–107, 215–216, BC14
Internet Security Association and Key Management Protocol (ISAKMP), 107
Internet Security Systems, BC33
Internetwork Packet Exchange (IPX), 93, 96, BC15
internetworks, 92
intranet, 74, BC14
intrusion detection system (IDS), 108–109, 269–270, 350, BC14
Intrusion Prevention System (IPS), 108–109, BC14
investigations, 323–332
IP (Internet Protocol), 92–93, 96, BC14
IPSec (Internet Protocol Security), 106–107, 215–216, BC14
IPX (Internetwork Packet Exchange), 93, 96, BC15
iris pattern, 52
ISACA (Information Systems Audit and Control Association), 379–380
ISAKMP (Internet Security Association and Key Management Protocol), 107
(ISC)2 (International Information Systems Security Certifications Consortium). See also security organizations
active membership in, 27–32
definition, 9–10
events of, 27–28, 29
focus groups, 30
online store for, 32
other certifications of (besides CISSP), 34, 380–381
publications of, 29–30
study groups, 30
Web site for, 11
(ISC)2 Code of Ethics, 11, 26, 333
ISDN (Integrated Services Digital Network), 88, BC15
ISO 27001 code, 259
ISO15408 standard, 240
ISO/IEC 17024:2003 compliance, 32
ITSEC (European Information Technology Security Evaluation Criteria), 239–240, BC15
ITU-T standard, 80
IV (initialization vector), 200
IVP (integrity verification procedures), 66, 235