| Topic |
Garfinkel,
Spafford,
and Schwartz
|
Required
|
Related
|
| Introduction to Information Assurance |
1
|
Security Controls for
Computer Systems
(through part B)
800-100 Information Security Handbook: A Guide for Managers (updated March, 2007)
Information Systems Security - A Comprehensive Model
National Information Systems Security (INFOSEC) Glossary
|
Beware the backhoe
Security Absurdity: The Complete, Unquestionable,
And Total Failure of Information Security
|
| Cryptography Overview |
7
|
|
An Overview of Cryptography
|
| Policy Issues and Risk Assessment |
3
|
Georgetown
University Computer Systems Acceptable Use Policy
Practical
Threat Analysis and Risk Management
Attack trees
|
The SANS Security Policy Project
Building
an Information Technology Security Awareness and Training
Program
|
| Physical and Personnel Security |
8,9,18
|
Employment
Background Checks |
Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks.
Notes on Picking Pin Tumbler Locks.
|
| Identity and Authentication |
4,5
|
Passwords
Password Security: A Case History
Password Security: A Case History [Alternate link]
Observing
Reusable Password Choices
Passwords:
The Weakest Link?
Biometrics
Impact of Artificial
"Gummy" Fingers on Fingerprint Systems
Body
Check: Biometric Access Protection Devices and their Programs Put to the
Test
RFID
Cloning a Verichip
|
RFID
RFDump
|
| Secure System Design and Implementation |
16
|
Software
Flaws
Smashing
the Stack for Fun and Profit
Format String Attacks
Secure
Programming
Secure programmer: Keep an eye on inputs
Secure
Programming for Linux and Unix Howto
Protecting
sensitive data in memory
|
|
| Trusted Systems |
|
Reflections on
Trusting Trust
DoD 5200.28-STD TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA
|
|
| Malicious Code |
23
|
How
to 0wn the Internet in Your Spare Time
Salami Fraud
|
Offensive Computing
The Underhanded C Contest
|
| Audit and Integrity |
20,21
|
|
|
| TCP/IP Security |
11, 12
|
TCP/IP tutorial (all four parts and appendix)
A
Weakness in the 4.2BSD Unix TCP/IP Software
A
Simple Active Attack against TCP
|
|
| Wireless Security |
|
Wireless Network Security: 802.11, Bluetooth, and Handheld Devices
|
|
| Firewalls |
|
Guidelines on Firewalls and Firewall Policy
|
|
| Intrusion Detection |
|
Intrusion Detection Systems (IDS)
Guide to Intrusion Detection and Prevention Systems (IDPS)(updated March 2007)
Insertion,
Evasion, and Denial of Service
|
Intrusion Detection FAQ
|
| Denial of Service |
24
|
What
do we mean by network denial of service?
|
|
| Response to Attacks |
22,25
|
Computer Security Incident Handling Guide
Guide to Integrating Forensic Techniques into Incident Response
|
|
| Vulnerability Analysis |
|
Guideline on Network Security Testing
|
|
| Trust |
26
|
|
|