| < Day Day Up > |
|
Packet filtering
firewalls, 92
security table, 161
Panavision International, L.P. v. Toepen, 349
Partition status, 302
Password(s), 65, 66
accounts, 314
aging, 470
assurance, 470
BIOS, 101, 151, 274
brute force, 194, 311
changing, 298
cracking, 299
applications, 303
utilities, 236
Web pages, 303
default, 274
file, shadow, 166
hashes, 314
maintenance, 67
one-time, 66, 469
-protected
files, 303
screensaver, 101
removal, 139
screensaver, 151
weak, 139
Patent
protection, 351, 352
validity, 352
Payment gateway, 215
PBX, see Telephone Branch Exchange
PDA, see Personal digital assistant
PDD 63, see President's Decision Directive
Pen register installation, 393
Performance
checks, 113
metrics, 43
reviews, 107
standards, 43
testing, 69
PERL, 172
Personal digital assistant (PDA), 82
PGP, 504
Physical and environmental safety, 76
access controls, 76
building collapse, 76
fire safety factors, 76
plumbing leaks, 76
utilities failures, 76
workplace safety, 76
Physical facilities
protection strategies concerning, 30
redundant, 30
Physical write blocker utilities, 284
POC, see Points of contact
Points of contact (POC), 481, 482
Policies and procedures, 41-109
auditors, 103-105
data controls, 104
disaster recovery and business continuity, 104-105
systems development and programming policies, 104
workstation audit policies, 105
connecting to Internet, 69-71
e-mail policy, 51
e-mail storage, 54
employee privacy expectations and legal rights, 57-69
attorney-client communications using e-mail, 64-65
copyright violation, 68
ECPA, 58
employee copyright concerns, 61-62
employee labor organization, 63
employee software installation, 68
employees and trade secrets, 62-63
employees working at home, 59-60
harassment, discrimination, and defamation, 60-61
part-time and full-time employees, 60
passwords, 65-66
privacy acknowledgments, 59
privacy arguments, 59
reasons to monitor and audit employee behavior, 59
security through obscurity, 67
shoulder surfing, 67
something person has, 66
something person is, 66
something person knows, 66
spamming, spoofing, and organization, 63-64
use of banners, 68-69
employee use of e-mail, 54-57
attachments, 56
bad news, 55
confidentiality, 55
e-mail for managers, 57
encrypted communications, 57
forwarded e-mail, 56
message priority, 56
negotiations, 55
out-of-band communications, 57
plain, professional language, 55-56
salutations and signatures, 56
spam, 56
spelling and grammar, 56-57
enhancements to written policies, 50-51
audio/video productions, 50-51
classroom training sessions, 51
forensics policy, 78-81
secure sockets layer, 84
service set identifier, 83-84
virtual privacy network, 84
wireless network security, 82-85
wireless policies, 84-85
information systems support policies, 98-100
data entry, 99
technical support, 99-100
information technology human resources management policies, 105-108
employee departures on good terms, 108
employee termination, 107-108
getting best candidates for position, 105-106
job interviews, 106-107
performance reviews, 107
information tsunami, 51-52
Internet firewall policy, 91-95
application firewalls, 93
authentication, 92
firewall administration, 94
firewall types, 92-93
hardware firewall architectures, 93-94
remote firewall administration, 95
intrusion detection policies, 95-96
host-based IDs, 96
network and host IDs, 96
network management policies, 77-78
network vulnerability assessment policies, 85-87
identifying exposures, 86-87
plan to conduct vulnerability assessments, 86
resolving exposures, 87
organization of documents, 53-54
physical and environmental safety, 76-77
policies and procedures involving outsourcing, 89-91
policies, procedures, standards, and politics, 41-42
policy distributions, 50
policy of policy development, 44-48
changes, 46
common policy components, 45-46
doing policy right first time, 48
executive approvals, 46
policy exemptions, 46
policy team members, 45
team leadership, 45
vetting policies, 48
violations, 46-48
policy writing techniques, 48-50
application, 49
eternal view, 49
gender words, 49
plain language, 48-49
responsibility for compliance, 50
spelling and grammar, 49
securing systems, 100-103
systems development life cycle, 71-75
benefits, 72
documentation, 73-74
integrated product team, 72-73
management controls, 73
system accreditation and certification, 74-75
trust models, 44
vendor policies and procedures, 87-89
consultant procedures, 88-89
evaluating proposals, 89
outsource potentials, 88
outsource vendor selection procedures, 89
Web server policies and procedures, 97-98
Web server security policies and procedures, 97
Policy(ies)
employee privacy, 91
exemptions, 46
firewall administration, 94, 95
firewall backup, 95
forensics, 78
information system support, 98
Internet firewall, 91
intrusion detection, 95
IT human resources management, 105
outsourcing, 89
reasons for documenting, 43
systems development, 75, 104
vendor, 87
Web server, 97
wireless, 84
workstation audit, 104
Polygraph testing, 397
Pornography, 6
Port numbers, well-known, 409-449
POST, see Power-On Self Test
Power-On Self Test (POST), 272
President's Decision Directive (PDD 63), 8
Press
relations, 36, 37
releases, 485
Preventive controls, 117
Printer
laser, 476
logging, 476
sharing, 142
Print spooler files, 303
Privacy, 381-407
acknowledgments, 59
arguments, 59
employee, 391-397
employee legal defense, 395-396
employee monitoring best practices, 396-397
employee polygraphs, 397
legalities in employee monitoring, 391-392
monitoring e-mail and employee workstation conduct, 394-395
oral communications, 392
trap and trace and pen register installations, 393
video and still camera monitoring, 393-394
wire communications, 392-393
expectations, 381-383
information ownership, 382
information vulnerability in organization, 382-383
threats to information privacy, 383
industry-specific issues, 397-402
access to financial records, 397-398
Cable TV Privacy Act, 401
Children's Online Privacy Protection Act, 402-404
Fair Credit Reporting Act, 399-400
Family Education Privacy Rights, 400-401
Federal Privacy Act, 405
Gramm-Leach-Bliley Act, 398
Health Insurance Portability and Accountability Act, 398-399
safe harbor issues in United States, 405-407
wrongful disclosure of videotape rental or sale records, 401-402
protection, 383-391
auditing of privacy practices, 385-386
employee privacy training, 388-389
handling privacy in supply chains, 389-391
information assets inventory, 384
nonconsent information use, 388
policies and procedures, 385
privacy training best practices, 389
safeguarding, processing, and storing privacy data, 386-387
technology relevant to, 384-385
Web site privacy, 386
violations, 24
Privilege escalation, 23
Professional conduct, 61
Program flowchart, 129
Project failure, 11
Property ownership, 381
Prosecutors, risk assessment reviews by, 38
Protected works, 346
Proximate causation, 357
Proxy server, 464, 466
Public key encryption, RSA, 282
Public relations, 331, 485
Public service announcements, 231
| < Day Day Up > |
|