Advances in Biometrics for Secure Human Authentication and Recognition

Content: Introduction: What Is Information Security? Creating a Culture of Security Awareness Protecting Corporate Assets Protective Measures A Culture of Security Awareness Remaining Dynamic Overview of Security Awareness Categories Overview Industry Standards Privacy Concerns Password Management Credit Card Compliance (PCI) General File Management Examples of Security Regulations and Laws Who Is an IS Professional? Introduction Empowering Security Professionals Top-Down Approach Diplomacy The People Portion of Information Security The IS Specialist Diplomacy-The IS Professional's Best Friend End Users Are Great Network Monitors The End User's Diplomatic Responsibility Privacy Concerns What Is Privacy? Why Does Privacy Matter? Types of Private Data Keeping Files Private Privacy-Related Regulations and Laws Privacy Policies Interdepartmental Security Interdepartmental Security Risk Management Risk Management and Asset Protection Risk Management Social Engineering What Is Social Engineering? Psychology of Social Engineering Social Engineering Information Gathering Methods Incident Detection and Response What Is an Incident? Incident Detection Incident Response Computer Security Incident Response Teams Preparedness Is Key Physical Security Human-Caused Incidents Physical Security Measures Weather/Natural Disasters PCI Compliance Category 1. Protect and Maintain a Secure Network Category 2: Protect Cardholder Data Category 3: Maintain a Vulnerability Management Program Category 4: Implement Strong Access Control Measures Category 5: Regularly Monitor and Test Networks Category 6: Maintain an Information Security Policy A Good Place to Start Business Continuity Planning Evaluation of Critical Systems and Resources Prioritization of Critical Systems and Resources Identify Threats Posed to Critical Systems and Resources Assign Business Continuity Responsibilities Develop the Continuity Planning Policy Statement Implement Business Continuity Plan Maintain the Plan Train According to Business Continuity Plan Objectives User Authentication Methods User Authentication Cryptosystems Public Key Infrastructure Web of Trust Computer and Network Forensics Acquire Authenticate Analyze Malware Introduction Viruses Worms Keyloggers Rootkits Spyware Adware Trojan Horses Types of Antivirus Programs Detecting and Removing Viruses Recommended Antivirus Programs Software Updates Crafting a Security Policy Planning Versus Reactionary Response (Or-Why It's Important to Have a Security Plan) Don't Wait to Plan Standards, Policies, Procedures, and Controls Accessibility, Supportability, and Clarity Assessing the Organization's Network Infrastructure Security Policy Structure Outline Distribution of the Policy Performing Security Analyses and Audits The Necessity Audit Committees Preaudit Considerations Defining Security Rules Performing a Risk Assessment Build the Security Architecture How Frequently Should Audits Be Performed? Access Control Accountability Identification and Authentication Different Access Control Methodologies Security Checklists Checklist for Creating a Security Policy Network Inventory Checklist Physical Security Checklist Index
Abstract: