E n c yc l o p E d i a o f information assurance Encyclopedias from Taylor & Francis Group Agriculture Titles Engineering Titles Dekker Agropedia Collection (Eleven Volume Set) Encyclopedia of Chemical Processing (Five Volume Set) ISBN: 978-0-8247-2194-7(cid:9) Cat. No.: DK803X Edited by Sunggyu Lee Encyclopedia of Agricultural, Food, and Biological ISBN: 978-0-8247-5563-8(cid:9) Cat. No.: DK2243 Engineering, Second Edition (Two Volume Set) Edited by Dennis R. Heldman and Carmen I. Moraru Encyclopedia of Corrosion Technology, Second Edition ISBN: 978-1-4398-1111-5(cid:9) Cat. No.: K10554 Edited by Philip A. Schweitzer, P.E. Encyclopedia of Animal Science, Second Edition (Two ISBN: 978-0-8247-4878-4(cid:9) Cat. No.: DK1295 Volume Set) Edited by Duane E. Ullrey, Charlotte Kirk Baer, and Wilson Encyclopedia of Energy Engineering and Technology G. Pond (Three Volume Set) ISBN: 978-1-4398-0932-7(cid:9) Cat. No.: K10463 Edited by Barney L. Capehart Encyclopedia of Biotechnology in Agriculture and Food ISBN: 978-0-8493-3653-9(cid:9) Cat. No.: DK653X Edited by Dennis R. Heldman Dekker Encyclopedia of Nanoscience and Nanotechnology, ISBN: 978-0-8493-5027-6(cid:9) Cat. No.: DK271X Second Edition (Six Volume Set) Encyclopedia of Pest Management Edited by Cristian I. Contescu and Karol Putyera Edited by David Pimentel ISBN: 978-0-8493-9639-7(cid:9) Cat. No.: DK9639 ISBN: 978-0-8247-0632-6(cid:9) Cat. No.: DK6323 Encyclopedia of Pest Management, Volume II Encyclopedia of Optical Engineering (Three Volume Set) Edited by David Pimentel Edited by Ronald G. Driggers ISBN: 978-1-4200-5361-6(cid:9) Cat. No.: 53612 ISBN: 978-0-8247-0940-2(cid:9) Cat. No.: DK9403 Encyclopedia of Plant and Crop Science Edited by Robert M. Goodman ISBN: 978-0-8247-0944-0(cid:9) Cat. No.: DK1190 Business Titles Encyclopedia of Soil Science, Second Edition (Two Volume Set) Edited by Rattan Lal Encyclopedia of Information Assurance ISBN: 978-0-8493-3830-4(cid:9) Cat. No.: DK830X Edited by Rebecca Herold and Marcus K. Rogers ISBN: 978-1-4200-6620-3(cid:9) Cat. No.: AU6620 Encyclopedia of Water Science, Second Edition (Two Volume Set) Encyclopedia of Library and Information Science, Third Edited by Stanley W. Trimble Edition (Seven Volume Set) ISBN: 978-0-8493-9627-4(cid:9) Cat. No.: DK9627 Edited by Marcia J. Bates and Mary Niles Maack ISBN: 978-0-8493-9712-7(cid:9) Cat. No.: DK9712 Chemistry Titles Encyclopedia of Public Administration and Public Policy, Encyclopedia of Chromatography, Third Edition (Three Second Edition (Three Volume Set) Volume Set) Edited by Evan M. Berman Edited by Jack Cazes ISBN: 978-0-4200-5275-6(cid:9) Cat. No.: AU5275 ISBN: 978-1-4200-8459-7(cid:9) Cat. No.: 84593 Encyclopedia of Supramolecular Chemistry (Two Volume Encyclopedia of Software Engineering Set) Edited by Phillip A. Laplante Edited by Jerry L. Atwood and Jonathan W. Steed ISBN: 978-1-4200-5977-9(cid:9) Cat. No.: AU5977 ISBN: 978-0-8247-5056-5(cid:9) Cat. No.: DK056X Encyclopedia of Wireless and Mobile Communications Encyclopedia of Surface and Colloid Science, Second (Three Volume Set) Edition (Eight Volume Set) Edited by Borko Furht Edited by P. Somasundaran ISBN: 978-0-4200-4326-6(cid:9) Cat. No.: AU4326 ISBN: 978-0-8493-9615-1(cid:9) Cat. No.: DK9615 These titles are available both in print and online. To order, visit: www.crcpress.com Telephone: 1-800-272-7737 Fax: 1-800-374-3401 E-Mail: [email protected] E n c y c l o p E d i a o f information assurance EditEd by Rebecca Herold marcus K. Rogers Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Group, an informa business AN AUERBACH BOOK Auerbach Publications Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2011 by Taylor and Francis Group, LLC Auerbach Publications is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Printed in the United States of America on acid-free paper 10 9 8 7 6 5 4 3 2 1 International Standard Book Number: 978-1-4200-6738-5 (Hardback) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright.com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the Auerbach Web site at http://www.auerbach-publications.com ThisworkisdedicatedtoJune,JillianandJordan. Withouttheloveandsupportofmyfamily,anysuccesswouldbebutahollowshell. —Marc Manythanksgotomyhusband,Tom,andsons,HeathandNoah,fortheirunderstanding andsupportwhileIspentsignificantamountsoftimeworkingandwritingwhenthey wouldratherIjointhemforsomefamilyfun.Iwanttodedicatemyworkalsotomylateparents, HaroldandMaryAnnFlint,whoalwaysencouragedmetowrite,explore,andnever setlimitsonwhatwaspossible. —Rebecca WewouldbothliketodedicatethisworktothememoryofourlatefriendandAuerbacheditor, RayO’Connell,whobroughtustogethertocreatethisencyclopediaandmadesureitcontinued tomoveforwardthroughoutsomechallengingtimes. Contributors Thomas Akin, CISSP / Founding Director and Chairman, Board of Advisors, Southeast Cybercrime Institute, Marietta, Georgia, U.S.A. Mandy Andress, CISSP, SSCP, CPA, CISA / Founder and President, ArcSec Technologies, Pleasanton, California, U.S.A. Jim Appleyard / Senior Security Consultant, IBM Security and Privacy Services, Charlotte, North Carolina, U.S.A. Sandy Bacik / Information Security Professional, Fuquay Varina, North Carolina, U.S.A. Dencho N. Batanov / School of Advanced Technologies, Asian Institute of Technology, Pathumthani, Thailand Robert B. Batie, Jr., CISSP-ISSAP, ISSEP, ISSMP, CAP / Cyber Defense Solutions, Network Centric Systems, Raytheon Company, Largo, Florida, U.S.A. Ioana V. Bazavan, CISSP / Global Security, Accenture, Livermore, California, U.S.A. Mark Bell / Independent Consultant, U.S.A. Kenneth F. Belva / Manager, Information Security Risk Management Program, Bank of New York, Melville, New York, U.S.A. Al Berg / Global Head of Security and Risk Management, Liquidnet Holdings Inc., New York, New York, U.S.A. Alan Berman / IT Security Professional, Los Angeles, California, U.S.A. Chuck Bianco, FTTR, CISA, CISSP / IT Examination Manager, Office of Thrift Supervision, Department of the Treasury, Dallas, Texas, U.S.A. ChristinaM.Bird,Ph.D.,CISSP / SeniorSecurityAnalyst,CounterpaneInternetSecurity, San Jose, California, U.S.A. Steven F. Blanding, CIA, CISA, CSP, CFE, CQA / Former Regional Director of Technology, Arthur Andersen, Houston, Texas, U.S.A. David Bonewell, CISSP, CISSP/EP, CISA / President, Accomac Consulting LLC, Cincinnati, Ohio, U.S.A. William C. Boni / Chief Information Security Officer, Motorola Information Protection Services, Bartlett, Illinois, U.S.A. Kate Borten, CISSP / President, Marblehead Group, Marblehead, Massachusetts, U.S.A. Dan M. Bowers, CISSP / Consulting Engineer, Author, and Inventor, Red Lion, Pennsylvania, U.S.A. Gerald Bowman / North American Director of ACE and Advanced Technologies, SYSTIMAX(cid:2) Solutions, Columbus, Ohio, U.S.A. D. K. Bradley / Insight Global, Inc., Raleigh, North Carolina, U.S.A. RobertBraun / Partner,CorporateDepartment,Jeffer,Mangles,Butler&Marmaro,LLP, California, U.S.A. Thomas J. Bray, CISSP / Principal Security Consultant, SecureImpact, Atlanta, Georgia, U.S.A. Al Bredenberg / Writer, Web Developer, and Internet Marketing Consultant, Orem, Utah, U.S.A. Anthony Bruno, CCIE #2738, SISSP, CIPTSS, CCDP / Senior Principal Consultant, International Network Services (INS), Pearland, Texas, U.S.A. vii viii Contributors Alan Brusewitz, CISSP, CBCP / Consultant, Huntington Beach, California, U.S.A. Graham Bucholz / Computer Security Researcher, Baltimore, Maryland, U.S.A. Mike Buglewicz, MsIA, CISSP / Microsoft Corporation, Redmond, Washington, U.S.A. Mike Buglewicz, MsIA, CISSP / Norwich University, Northfield, Vermont, U.S.A. Roxanne E. Burkey / Nortel Networks, Dallas, Texas, U.S.A. Carl Burney, CISSP / Senior Internet Security Analyst, IBM, Salt Lake City, Utah, U.S.A. Dean Bushmiller / Expanding Security LLC, Austin, Texas, U.S.A. Ken Buszta, CISSP / Chief Information Security Officer, City of Cincinnati, Cincinnati, Ohio, U.S.A. James Cannady / Research Scientist, Georgia Tech Research Institute, Atlanta, Georgia, U.S.A. Mark Carey / Partner, Deloitte & Touche, Alpine, Utah, U.S.A. Tom Carlson / ISMS Practice Lead, Orange Parachute, Sioux City, Iowa, U.S.A. Kevin Castellow / Senior Technical Architect, AT&T, Marietta, Georgia, U.S.A. Glenn Cater, CISSP / Director, IT Risk Consulting, Aon Consulting, Inc., Freehold, New Jersey, U.S.A. Samuel W. Chun, CISSP / Director of Information and Risk Assurance Services, TechTeam Global Government Solutions Inc., Burke, Virginia, U.S.A. Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA / LogLogic, Inc., San Jose, California, U.S.A. Ian Clark / Security Portfolio Manager, Business Infrastructure, Nokia, Leeds, U.K. Douglas G. Conorich / Global Solutions Manager, Managed Security Services, IBM Global Service, Clearfield, Utah, U.S.A. MichaelJ.Corby,CISSP / Director,METAGroupConsulting,Leichester,Massachusetts, U.S.A. Mignona Cote, CISA, CISM / Senior Vice President, Information Security Executive, Card Services, Bank of America, Dallas, Texas, U.S.A. Steven P. Craig / Venture Resources Management, Lake Forest, California, U.S.A. Kellina M. Craig-Henderson, Ph.D. / Associate Professor, Social Psychology, Howard University, Washington, District of Columbia, U.S.A. Jon David / The Fortress, New City, New York, U.S.A. Kevin J. Davidson, CISSP / Senior Staff Systems Engineer, Lockheed Martin Mission Systems, Front Royal, Virginia, U.S.A. Jeffrey Davis, CISSP / Senior Manager, Lucent Technologies, Morristown, New Jersey, U.S.A. Matthew J. Decker, CISSP, CISA, CISM, CBCP / Principal, Agile Risk Management, Valrico, Florida, U.S.A. David Deckter, CISSP / Manager, Deloitte & Touche Enterprise Risk Services, Chicago, Illinois, U.S.A. Harry B. DeMaio / Cincinnati, Ohio, U.S.A. Gildas A. Deograt-Lumy, CISSP / Information System Security Officer, Total E&P Headquarters, Idron, France John Dorf, ARM / Actuarial Services Group, Ernst & Young LLP, U.S.A. KenDoughty / ManagerofDisasterRecovery,Colonial,CherryBrook,NewSouthWales, Australia Mark Edmead, CISSP, SSCP, TICSA / President, MTE Software, Inc., Escondido, California, U.S.A. Contributors ix Adel Elmaghraby / Department of Computer Engineering and Computer Science, University of Louisville, Louisville, Kentucky, U.S.A. Carl F. Endorf, CISSP / Senior Security Analyst, Normal, Illinois, U.S.A. Scott Erkonen / Hot skills Inc., Minneapolis, Minnesota, U.S.A. Vatcharaporn Esichaikul / School of Advanced Technologies, Asian Institute of Technology, Pathumthani, Thailand Don Evans / Government Systems Group, UNISYS, Houston, Texas, U.S.A. Eran Feigenbaum / Technology Risk Services, PricewaterhouseCoopers, Los Angeles, California, U.S.A. Jeffrey H. Fenton, CBCP, CISSP / Corporate IT Crisis Assurance/Mitigation Manager and Technical Lead for IT Risk Management, Corporate Information Security Office, Lockheed Martin Corporation, Sunnyvale, California, U.S.A. Bryan D. Fish, CISSP / Security Consultant, Lucent Technologies, Dallas, Texas, U.S.A. Patricia A.P. Fisher / President, Janus Associates Inc., Stamford, Connecticut, U.S.A. ToddFitzgerald,CISSP,CISA,CISM / DirectorofSystemsSecurityandSystemsSecurity Officer, United Government Services, LLC, Milwaukee, Wisconsin, U.S.A. Jeff Flynn / Jeff Flynn & Associates, Irvine, California, U.S.A. Edward H. Freeman, JD, MCT / Attorney and Educational Consultant, West Hartford, Connecticut, U.S.A. Louis B. Fried / Vice-President, Information Technology, SRI International, Menlo Park, California, U.S.A. StephenD.Fried,CISSP / VicePresidentforInformationSecurityandPrivacy,Metavante Corporation, Pewaukee, Wisconsin, U.S.A. Robby Fussell, CISSP, NSA IAM, GSEC / Information Security/Assurance Manager, AT&T, Riverview, Florida, U.S.A. Ed Gabrys, CISSP / Senior Systems Engineer, Symantec Corporation, New Haven, Connecticut, U.S.A. Brian T. Geffert, CISSP, CISA / Senior Manager, Deloitte & Touche Security Services Practice, San Francisco, California, U.S.A. Karen Gibbs / Senior Data Warehouse Architect, Teradata, Dayton, Ohio, U.S.A. Alex Golod, CISSP / Infrastructure Specialist, EDS, Troy, Michigan, U.S.A. Ronald A. Gove / Vice President, Science Applications International Corp., McLean, Virginia, U.S.A. Geoffrey C. Grabow, CISSP / beTRUSTed, Columbia, Maryland, U.S.A. Robert L. Gray, Ph.D. / Chair, Quantitative Methods and Computer Information Systems Department, Western New England College, Devens, Massachusetts, U.S.A. Ray Haldo / Total E&P Headquarters, Idron, France Frandinata Halim, CISSP, MCSE / Senior Security Consultant, ITPro Citra Indonesia, Jakarta, Indonesia Nick Halvorson / ISMS Program Manager, Merrill Corporation, Beresford, South Dakota, U.S.A. Sasan Hamidi, Ph.D. / Chief Security Officer, Interval International, Inc., Orlando, Florida, U.S.A. SusanD.Hansche,CISSP-ISSEP / InformationSystemSecurityAwarenessandTraining, PEC Solutions, Fairfax, Virginia, U.S.A. William T. Harding, Ph.D. / Dean, College of Business Administration, Texas A & M University, Corpus Christi, Texas, U.S.A.