“Guidelines on Electronic Mail Security (NIST SP800-45V2),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, February 2007.
“Guideline on Network Security Testing (NIST SP800-42),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, October 2003.
“Guidelines on Security and Privacy in Public Cloud Computing (NIST SP 800-144 Draft),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, January 2011.
“Information Assurance Technical Framework (IATF), Release 3.1,” National Security Agency (NSA), Fort Meade, Maryland, September 2002.
“Internet-Based Threats,” Federal Deposit Insurance Corporation (FDIC), Washington, DC, www.fdic.gov.
“Instant Messaging, Security Technical Implementation Guide (STIG), Version 1, Release 2,” Developed by Defense Information Systems Agency (DISA) for the Department of Defense (DOD), February 2008.
“Network Infrastructure, Security Technical Implementation Guide (STIG), Version 6, Release 2.1,” Developed by Defense Information Systems Agency (DISA) for the Department of Defense (DOD), May 2005.
“P2P File-Sharing Technology,” Federal Trade Commission (FTC), June 2005 (www.ftc.gov/reports/index.shtm).
“Peripheral, Security Technical Implementation Guide (STIG), Version 1, Release 0 (Draft),” Developed by Defense Information Systems Agency (DISA) for the Department of Defense (DOD), October 2004.
“Security Considerations for Voice Over IP systems (NIST SP800-58),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, January 2005.
“Secure Domain Name System Deployment (NIST SP800-81),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, May 2006.
Spyware Workshop, Federal Trade Commission (FTC), March 2005 (www.ftc.gov/reports/index.shtm).
“Technical Guide to Information Security Testing (NIST SP800-115 Draft),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, November 2007.
“Security Architecture for Internet Protocol (IETF RFC 2401),” Kent & Atkinson, Internet Engineering Task Force (IETF), November 1998.
“Securing Microsoft’s Cloud Infrastructure,” a white paper published May 2009 by Microsoft Global Foundation Services.
Tanenbaum, Andrew S. 2003.
Traditional Questions, Answers, and Explanations
1. For information systems security, a penetration is defined as which of the following combinations?
a. Attack plus breach
b. Attack plus threat
c. Threat plus breach
d. Threat plus countermeasure
2. Which of the following is
a. Protection of system assets from loss, damage, and misuse
b. Accuracy of data and reliability of application processes
c. Availability of information and application processes
d. Control of data analysis
3. Which of the following is the primary purpose of plan of action and milestones document?
a. To reduce or eliminate known vulnerabilities
b. To use findings from security control assessments
c. To apply findings from security impact analyses
d. To implement findings from continuous monitoring activities
