Topic |
Garfinkel,
Spafford,
and Schwartz
|
Required
|
Related
|
Introduction to Information Assurance |
1
|
Security Controls for
Computer Systems (through part B)
|
|
Cryptography Overview |
7
|
|
An Overview of Cryptography
|
Policy Issues and Risk Assessment |
3
|
Georgetown
University Computer Systems Acceptable Use Policy
Practical
Threat Analysis and Risk Management
Attack trees
|
The SANS Security Policy Project
Building
an Information Technology Security Awareness and Training
Program
|
Physical and Personnel Security |
8,9
|
Employment
Background Checks |
Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks.
Notes on Picking Pin Tumbler Locks.
|
Identity and Authentication |
4,5
|
Passwords
Password Security: A Case History
Observing
Reusable Password Choices
Passwords:
The Weakest Link?
Biometrics
Impact of Artificial
"Gummy" Fingers on Fingerprint Systems
Body
Check: Biometric Access Protection Devices and their Programs Put to the
Test
RFID
Cloning a Verichip
|
RFID
RFDump
|
Secure System Design and Implementation |
16
|
Software
Flaws
Smashing
the Stack for Fun and Profit
Format String Attacks
Secure
Programming
Secure
Programming for Linux and Unix Howto
Protecting
sensitive data in memory
Protecting
Passwords part 1, part
2
Preventing
buffer overflows
|
|
Malicious Code |
23
|
How
to 0wn the Internet in Your Spare Time
Reflections on
Trusting Trust
|
The Worm Information Center
Salami Fraud
|
Audit, Integrity, and Forensics |
20,21
|
|
|
TCP/IP Security |
11, 12
|
A
Weakness in the 4.2BSD Unix TCP/IP Software
A
Simple Active Attack against TCP
|
|
Wireless Security |
 
|
Wireless Network Security: 802.11, Bluetooth, and Handheld Devices
|
|
Firewalls |
 
|
Guidelines on Firewalls and Firewall Policy
|
|
Intrusion Detection |
|
Intrusion Detection Systems (IDS)
Insertion,
Evasion, and Denial of Service
|
Intrusion Detection FAQ
|
Denial of Service |
24
|
What
do we mean by network denial of service?
|
|
Response to Attacks |
22,25
|
|
|
Vulnerability Analysis |
|
Guideline on Network Security Testing
|
|
Trust |
26
|
|
|
--->