Price sheet ability to act 324
ability to adapt 256
ability to change 261
ability to control 131
ability to define 36
ability to detect 320
ability to identify 71 182
ability to use 29
ability to verify 221
ability to violate 150
abstract control architecture 26
abstraction layer 180
abuse of systems 242
abusing systems 147
abyss processors 177 178
ACAT guard 269
accept a risk 57 305
accept risks 60
acceptable levels 100 246
acceptable loss levels 94
acceptable performance levels 62
acceptable residual risk 11
acceptable use 81
acceptance of risk 217
acceptance tests 65
acceptance thresholds 16
accepted a risk 57
accepted accounting practices 83
accepted for periods 57
accepted standard 82
accepted system security 81 132
access activists 52
access all traffic 237
access and actions 204
access and information 138
access and passwords 216
access and provisioning 266
access and use 187
access architecture 190
access as needed 129
access basis 202
access changes 211
access computer 315
access control 11 22 71 86 89 177 182 189 197 198 201 244 245 269 271 292 299 304 321 322 323 328
access control architecture 182 189 299
access control decisions 189
access control lists 244
access control mechanisms 244 245 269 323
access control model 22 198
access control models 11 304
access control schema 292
access controls 71 88 96 104 124 131 175 177 182 183 187 188 212 224 231 238 239 255 259 266 268 269 292 312 324
access controls clearance 182
access controls validation 183
access devices 213
access for attack 238
access life cycles 206
access logical location 202
access methods 266 292 293
access of subjects 269
access over time 265
access process 190 192 299 328
access process architecture 190 299
access protection objectives 293
access rights 137
access to data 177
access to facilities 72
access to files 228
access to information 11 20 73 108 136 137
access to systems 93 211
accessed content 270
accesses granted 72
accessibility markings 271
accessible to users 222
accessing content 265
accessing library records 205
accessing systems 272
accidental actions 133
accidental events 32
accidental losses 320
accidental modification 224
account balances 314
account creation 120
account detection 246
accountability 13 14 22 29 40 63 70 83 132 151 166 174 180 181 182 207 215 218 219 231 263 292 299 304 328
accountability and responsibility 132
accountability and use 207
accounting practices 83 158
accounting records 182
accounting standards 83
accounts payable 29 179
accounts receivable 12 314
accreditation 61 64 132 255 256
accuracy of controls 312
accurate identification 180
accurate information 120 305 312
accurate sensors 157
acknowledged awareness 132
acquisition costs 161
acquisition teams 77
acquisitions 40 43 114 161 168 208
active attacks 98
active controls 245
active defenses 272
active volcanoes 185
activists 52 308
acts of malice 122
actual costs 162
actual losses 276
actuarial 47 58 112
actuator 95
actuators 20 80 157 167
adapt 11 48 78 101 116 127 148 150 167 246 254 256 292 301 328
adaptation 11 59 82 95 118 144 148 166 185 241 255 256 257 298 308 328
adaptations 78 95 254 255
adapted 99 248 252 257
adapts 36 125
adequately knowledgeable person 213
adequately mitigated 10
adequately protected 133
adequately secured 188
adequately studied 321
adjudication process 152
Adleman 317
administrative access 213
administrative actions 252
administrative changes 254
administrative control 243
administrative mechanism 180
administrative processes 111
administrative punishments 149
administrative requirements 255
administrative responsibility 255
admissible 97
advanced degree programs 91
advanced training 112
advantage of centralization 165
advantages of centralized 247
adversarial relationship 108
adversaries 133
adversary controls 132
adverse consequences 95
advisory body 156
Aelkowitz 321
after action analysis 85
after action reports 85 125 127
afterlife 3
aggregate risk 237 263
aggregate risks 180
aggregated 19 69 218 263 278
aggregates 312
aggregating risk 223
aggregation 10 16 19 35 56 57 62 182 189 198 218 222 259 263 266 293 294 301 314 326
aging 8 128
agraph 322
agreement 38 142 213
agreements 38 40 70 83 96 151 307
air conditioning 215
air ducts 187
air flow 100
aircraft 65 223
airplane 227
airport 185 190
alarm 98 100 248
alarms 94 187 246 248
alerts 94
algorithm 286
algorithms 236 257 314
all.net 8 243 303 305 306 307 310 311 315 316 322 323 324 327
allies and access 50
allowable incidents 68
Allyn 327
alter 24 98 99 159 193 197 224 229 243 271 281
ambiguity 139
amplify the attack 257
amply warned 3
analog controls 99
analysis and decisions 282
analysis and presentation 31 98
analysis and reporting 85
analysis and response 100
analysis of alternatives 35
analysis of availability 176
analysis of data 222 223
analysis of failures 282
analysis of location 185
analysis of risk 49
analyze specific situations 310
analyzing risks 69
ancient texts 322
Anderson 315
Animal mechanisms 185
Animal research 326
Animal rights groups 93
Animal social interactions 14
annual 64 68 128 166 226
anomalies 246 248 249
anomaly 189 248 249 271 272 273 309
antivirus 164 316
anti-war protests 325
anticipated legal matters 39
anticipation of attack 132
anticipatory risk management 57
AP 29 179
apparent attack attempts 247
apparent costs 138
appeals 42 73 81 120 133 139 147 148 150 152 153 154 171 260 261 298 301 328
append only files 131
append only media 65
appliances 269
applicable protection requirements 151
applicable standards 93
applicable threats 132
application architecture 24
application control 86
application designers 195
application environment 89 123
application environments 195
application gateway 279
application infrastructure 54
application level access 177
application level information 177
application programmers 24
application programs 54
application server 181
application software 322
applications and audit 200
applications and files 233
applications databases 24
applications facilities 268
applications intrusion 272
applications shared databases 266
applications syntax checking 271
applications technical security 239
applied information security 82
applying cryptographic seals 326
approval of policies 118
approval process 119 179 192 260
approval processes 85 124 131 156
approval requirements 260 262 301
approvers 262
approving authorities 83 255
AR 29
arbitration 152 153
architectural adaptations 95
architectural change 255
architectural choices 276
architectural concept 173
architectural concepts 292 316
architectural elements 71
architectural issues 256
architectural mechanisms 11
architectural model 10 294 328
architectural planning 251
architectural principle 245
architectural process 241
architectural separation 324
architectural structure 25
architecture access control 182
architecture change control 193 198
architecture components 299
architecture control 21 197 328
archival 128
archived for future 256
archiving 313
arrest of perpetrators 242
ASCII 223
assertion of identity 236
assess a likelihood 47
assess defenses 308
assess impact 160
assess risk 160
assess threat 160
assess vulnerability 160
assessment methodologies 50 51 308
assessment of trust 221
assessment process 19 60 305
assessment report 145
assessment team 51 144 145 146 147
assessment techniques 60
assessments 50 53 61 144 147 159 169 252 305 308
assets 6 13 24 27 36 37 71 106 110 209 307
associated individuals 93
associated surety levels 266
associating events 200
associating identity 204
associating people 180
association of detections 250
association of reliability 174
association of roles 211
assumed values 51
assumptions or conditions 159
assurance 20 22 23 66 78 84 96 112 118 120 125 159 160 170 174 175 188 189 269 271 279 305 318 319 320 325
assurances 36 86
assure availability 225
assure business utility 292
assure continued process 85
assure continuity 290
assure effective operation 129
assure flow control 175
assure independent evaluation 155
assure integrity 97 182
assure ongoing utility 70
assure operation 230
assure quality 84
assure the integrity 176
assure the security 267
assure the utility 16 21 22 23 25 61 174 293 303
assuring coverage 7
assuring employee rights 38
assuring high performance 287
assuring integrity 271
assuring proper infrastructure 288
assuring proper protection 9
astute attacker 177
atmosphere 257
atmospheric conditions 238
attack 29 48 50 51 52 53 55 56 63 65 72 88 90 98 99 113 117 132 168 177 181 186 187 190 200 216 234 236 238 240 241 242 243 245 246 247 250 251 253 254 257 267 268 270 275 287 292 300 308 322 324 325 328
attack graph 190 240 241 322
attack graphs 65 98 99 186 190 243 245 246 322
attack mechanisms 50 52 55 270 324
attack paths 98 186
attack patterns 250
attack process 51 240
attack processes 88
attacker 63 98 99 177 234 240 241 242 243 245 253 257 267 274 325
attacker profile 267
attackers 53 99 147 148 185 186 187 191 217 239 240 241 242 243 246 251 254 257 267 268 275 308 322
attacks 25 28 70 72 88 89 94 97 98 99 108 132 144 173 179 187 203 204 217 220 223 234 240 241 242 243 245 246 247 249 250 251 253 254 267 268 269 272 308 318 325
attempted entries 187
attention 44 50 57 62 72 107 131 196 252 278 310 313 320
attest 97 109 155 207
attestation 95
attitudes and emotions 139
attribution 93 174 180 181 221 250 251 317 324
audio information 206
audio validation processes 206
audit 22 24 44 68 72 76 82 84 87 89 108 109 113 115 119 120 123 126 127 129 130 131 157 166 169 170 180 181 182 183 189 192 193 198 200 216 223 231 245 256 259 262 264 266 297 301 312 328
auditability 263
auditable events 181
auditing 21 65 78 87 115 166 193 271 293 296
auditor 262
auditors 10 15 36 78 82 87 109 122 126
audits 68 82 84 87 127 181 216 255 264 307
authenticate 99 162 204 270
authenticated 188 190 191 192 243 292
authentication 11 23 176 178 179 180 183 186 188 190 191 192 195 201 235 236 243 244 261 262 266 299 301 317 324 328
authentications 163 191 205
authenticity 191
authorities 42 45 83 97 192 195 243 253 255 259
authority 5 39 45 69 107 175 202 244 249 260 305 318 326
authorization 11 23 100 180 186 190 191 192 195 202 205 235 243 244 255 261 299 301 312 322 328
authorize 204 318 326
authorized 45 69 72 93 129 155 176 178 187 191 192 196 200 203 211 213 242 243 260 261 273 292 305 323 326 327
authorizer 262
authorizers 262
automata 312 317
automatable work flows 259
automated actors 71
automated analysis 34 266
automated application searching 32
automated attacks 28
automated control systems 319
automated decision making 277
automated guard station 269
automated manufacturing 259
automated provisioning 259 318
automated response 249 251 273
automated responses 94 251
automated technical responses 148
automated work flow 259 263
automatic games 310
automatic processes 207
automatic response 251
automatically configure 318
automatically propagate 318
automatically set protection 318
autonomic responses 258
autonomic systems 257
availability 5 6 13 14 22 29 63 64 70 72 81 86 166 174 176 178 182 198 207 215 225 231 233 292 299 303 304 314 328
avoid errors 142
avoidance strategies 57
avoiding errors 277
avoiding undue influence 281
award programs 105
awareness 21 78 80 91 92 102 103 104 105 113 115 120 123 126 128 130 132 142 149 154 162 163 165 166 168 169 170 211 212 241 242 252 266 293 297 303 328
awareness program 102 103 104 105 128 165 211
awareness programs 78 92 102 103 104 105 113 115 120 126 162 168 242
back end processes 56
back end processing 54 183
backbones 90
backed up 225 232 233 322
backend process 183
background check firms 169
background checks 92 120 180 191 211 320
background investigations 113 119
backing up 233
backup 56 129 223 225 226 230 231 232 233 234 263 286 287 288 289 290 307
backup facilities 226 231 234 287
backup facility 286 290
backup mechanism 233
backup media 231
backups 163 225 226 227 231 232 233 234 235 262 263 288 289 290
bad content detection 270
bad credit 102
badge 104 105
badges 213 236
badging 100 104
bandwidth 90 131 225 237 247 248 253
bankruptcy 209
bar codes 228
barricades 184
barrier 184 185 186 188 190 268 269
barrier architecture 188
barriers 65 98 99 177 181 183 184 186 187 190 202 216 241 268 269 312
baseline study 323
basis for 12 17 34 47 86 87 91 110 121 133 153 196 199 202 204 245 248 249 264 277 283 286 289 310 315 319 323 324
basis in 226 286
basis of 37 80 159 311 318
basis of comparison 159
basis of legal 37
basis of the 80 318
basis of this 311
bathtub curve 232
BCP 166
before use verifications 175
behavior 11 92 93 105 106 154 156 183 194 200 211 212 249 251 271 273 274 292 301 325
behavioral changes 211 212 214 273
behavioral constraint mechanism 273
behavioral control mechanism 274
behavioral controls 324
behavioral defenses 275
behavioral detection 210 272 274
behavioral limits 271
behavioral mechanisms 271 274
behavioral modeling 203
behavioral patterns 210 272
behavioral sequences 203
behaviors of individuals 203
behaviors of people 72
behaviors of systems 203
belittling other views 139
Bell LaPadula 182 269 304 309 315 324
benign environments 62
benign situations 203
best practice 83 285 306
better decisions 44 59 276 281
better informed decision 17
better measurement 155
better models 321
better protected processes 264
better protection decisions 276 277 279 281 283 285 287 289 291 301
better security decisions 2 327
between zones 292 324
beyond border routers 253
beyond compliance identification 154
beyond process separation 239
beyond thresholds 260
big decisions 276
big mistakes 280
big risks 266
billion dollar deductible 58
binary images 193
binary images match 193
binding obligations 38
biometric 204 261
biometrics 178 191 236
bios settings 206
birth 91 210
bits 131 237 244
blind 30 88 119 306
blind men and the elephant 306
blind people 30
blind review 119
blind testing 88
blocking 94 186
blue print 8
bluetooth 237 238
board 5 8 10 15 16 36 76 77 97 107 108 109 118 122 123 124 127 130 146 157 171 255 297 315 332
boards 36 111 118 120 123 129 130 297
boiling in acid 226
bombings 50 325
bonuses 138
booby traps 322
bookkeeping 112 162
bootable CD ROMS 271
bootstrap process 206
border 152 253
borders 307
botnets 63 311
boundaries 8 75 90 170 179
boundary 190
Boyd Cycle 95 257 324
brainstorm 282
brand 10 12 17 28 49 75 109 165 166
breakdown 324
British Standard Institute 83
brittle 232
brittleness 176 258
broadcast 237 238 269
browser 244
BSI 83
Buddha 306
Buddhist cannon 306
budget 11 48 81 147 156 158 161 163 164 165 166 167 172 247 282 298 299 328
budgeting 130 163
budgets 80 138 160 161 162 163 164 165 166 298 320
build and run 5
build bridges 144
build consensus 131
build management practices 80
build models 320
build or buy 136
build secure systems 312
build up awareness 103
build up trust 141
building architecture 173
building design methods 237
building inspector 260
building secure systems 316
bulk level encryption 90
burial 209
burn it 3
burning at high temperature 226
burning or emulsification 227
burst rate 228
business acquisition 77
business applications 113
business arrangements 208
business changes 206
business collapse 14 165
business conditions 70
business consequence 33
business consequences 10 12 14 16 30 32 33 34 35 49 63 224
business context 33 278
business continuity 39 70 93 94 107 113 124 126 130 165 286 287 288 289 290 295 307 313 328
business critical system 291
business cycle 218
business decision 153
business decisions 13 15 20 33
business efficiency 60
business environment 70
business failure 56 65 291
business function 12 19 56 74 121 124 170 217 223 224 244
business functions 14 24 25 29 30 31 32 33 55 75 78 117 165 170 289 290
business impact 49
business implications 30
business information 12 13
business insurance 62
business issues 6 12
business leaders 74 267
business life cycles 77 206
business linkage 294
business location 162
business losing opportunities 49
business loss 6 32
business management 66
business marketing 28
business model 16 18 26 27 28 30 31 32 34 35 49 55 69 75 281 294 328
business modeling 12 14 27 34 35 294 306
business models 14 27 30 32
business needs 70 293
business operation 75
business operations 28 29 34 38 217 219 290 292
business opportunities 67
business opportunity 67
business owner 74 166
business owners 32
business perspective 29
business perspectives 117
business plans 64
business preservation orders 97
business process 12 29 59
business processes 10 28 29 34 35 49 57 293 305
business purposes 85
business record 38 97 250 295
business records 38 97 182 214 226 230
business requirements 293
business results 153
business risk management 10 16 17 18 294
business scenarios 14
business strategy 57
business structures 75 117 296
business survival 28
business systems 112
business unit 21 83 107 117 129 138 166 297
business units 75 117 118 138 162 164 166 208
business utility 9 10 11 19 29 54 192 224 267 292 305
business value 25 192
business venture 268
business ventures 241
buy-in 141 153 298 328
bypass 184 216 236 237 249
bypassed 186 217 248
bypassing barriers 187
bytes 195
cable runs 90
cable security 90
cables 237
cabling 90 215 228 238
Cadier 327
calibrate anomaly detection 249
calibration information 126
capabilities 5 17 24 50 53 54 55 82 84 89 90 92 100 129 168 179 185 188 190 191 192 204 206 208 211 212 216 217 220 236 240 244 249 253 256 263 267 279 291 313
capability 82 89 123 126 158 165 190 234 288 308 314 323
capability maturity model 82 158
carding systems 104
cartels 52
case investigation 50
cash available 39
cash businesses 29
cash flow 29
catastrophes 217
catastrophically 290
caught and prosecuted 241
caveat emptor 320
ceiling and walls 173
cellular telephones 90
cement separators 184
centralization 165
centralized data storage 313
centralized detection 247
centralized firewall implementation 129
centralized top management 75
centralizing the function 248
centralizing use control 180
CEO 5 15 21 33 36 44 64 76 108 109 110 145 146 155 171 172 207 305
certainty 25 59 61 62 121 173 176 177 180 182 191 205 218 241 243 244 245 304
certificate 195 320 326
certificates 105 175 195 236 318 320
certification 64 132 178 256 318 322
certifications 321
certified environments 63
certified systems 322
certifiers 83 256
CFO 21 44 45 64 76 107 112 172
chain of custody 97
chain of interdependencies 19, 54
chains of trust 318
change complexity 88
change control 11 23 24 61 64 78 87 88 89 112 115 121 122 123 124 126 165 168 174 179 189 193 194 198 216 217 235 258 296 297 300 312 319 320 328
change controlled environments 194
change controls 22 122 292
change detection 271
change management 19 34 42 60 61 68 88 170 258 266 304
change of government 43
change orders 65
change over time 50 51 101 286 307
change plan 141
change process 147 154
change require approvals 255
change requirement 193
change responses to 298
change tracking 93
changed code 193
changed data 226
changed files 232
changed functionality 88
changed programmers 194
changed roles 212
changed system 194
changes before testing 258
changes in access 212
changes in authorized 211
changes in behavior 273
changes in controls 198
changes in costs 29
changes in data 233
changes in employee 212
changes in information 96 212
changes in laws 43
changes in oversight 42 295
changes in protection 311
changes in responsibility 128
changes in situation 218
changes in software 175
changes in system(s) 168 215
changes in wealth 51
changes in workplace 212
changes involving people 168
changes of employment 93
changes of people 180
changes of select 43
changes of status 210
changes over time 23
changes to production 193
changes to states 204
changes to systems 254
changes with time 35
changes within systems 212
changing needs 150
changing permissions 192
changing requirements 71
changing situation 125
changing worker profiles 70
changing your address 224
channel exploitation 177
channel watermarking 175
characteristics of individuals 236 273
characterization of data 227
charge back systems 165
chargeback for services 162
charisma and emotion 135
chat session 39
checklists 260
checklists for 260
checkpoints 231 234
checksum for integrity 309
checksums 65 175 176 224 231 237 238 239 271 309 319
chemical manufacturers 37
chemical plant 65
chemical plants 185
chemical presence 100
chemical pressure 185
chemical processes 28
chief counsel 76 109
child bearing age 210
children 3 92 210
children of employees 210
choice of media 140
choosing separation mechanisms 245
chosen cryptographic protocols 236
Christmas weekend 109
churn 166 245
CIA 26 303 304
Cialdini 327
CIO 21 44 45 77 107 109 110 146 147 165 170 172 305 313
cipher 315
ciphertext 184
circuit testing 312
CISO 4 7 11 20 21 26 43 44 45 76 77 78 79 80 81 82 101 102 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 126 127 128 129 130 131 133 134 138 141 142 147 153 154 155 156 159 160 162 163 164 165 166 169 170 171 172 208 265 293 297 299 303 305 310 313 328 329
civil litigation 96
civil proceedings 97
civil prosecutions 251
civil suit 96
claims of security 28
classes of activities 57
classes of attacks 250 251 272
classes of controls 270
classes of event 18
classes of incidents 95
classes of information 151
classes of threats 51 187
classes of uses 203
classical control theory 95
classification 129 151 158 176 182 189 197 222 233 239 244 266 269 271 326
classified 86 92 123 124 197 209 255 269 326
clearance 120 151 152 176 182 191 197 222 292 326 327
clearances 51 93 151 152 182 197 208 211 222 243 255 266 269
cleared content 197
cleared personnel 227
cleared programmers 320
clearing monies 314
climate changes 47
clocks differential 201
close proximity 65
closed circuit 40
closely surveilled 213
closets conduits 124
closures of facilities 64
club initiates 52
CMM 82 159 160 168 216 256
coalitions 52
coast lines 288
CoBit 82 83 285
code of ethics 307
code review processes 216
coding schemes 272
cognition 131
cognitive errors 276 284
cold standby 231 234
cold weather 46
collaborating individuals 133
collapse of markets 29
collapses network availability 233
collateral damage 308
collection of content 264
collection of data 250
collection processes 29
collections 29
collusion 325
collusions 208
Comair 109
combinations of components 323
command based computer 273
commensurability 244
commensurable or fungible 158
commercial off the shelf 66 198
commercial products 248
commercial software 320
commonly accepted 81
communications plan 141 142 146 298
communications security 255
company policies 148 221
compartments 182
compatibility 256
compelling presentation 281
compensating controls 263
competitive environment 162
competitive intelligence 28
competitive threats 70
completely secure 66
completely technical solution 275
completeness 260
complexity 22 25 54 60 84 88 110 111 117 152 180 192 244 265 276 280 281 304 309 319 323 324
compliance 31 42 75 83 84 95 102 105 118 128 137 154 155 161 165 245 256 283 327
components and composites 173 183 299 328
composites 54 74 173 183 299 321 328
composition 183 196
computable 323
computational complexity 319 324
computationally strong integrity 317
computer centers 267
computer facilities 325
computer museums 219
computer networks 258
computer security 21 53 112 125 143 148 173 309 315 319
computer virus 96 309 317
computer viruses 5 54 63 175 309 316 317 320 323
computing environments 250 314
computing facilities 319
computing facility 235
computing platforms 54 178
computing power 320
computing resources 137
concealing content 237
concealment 43 185 323
concentric ring structure 315
conception 91 209 215
confidence operators 92
confidential 44 96 174 219 236 307
confidentiality 5 13 14 22 29 38 63 70 81 86 166 174 176 177 178 181 182 207 215 218 224 231 236 292 299 303 304 328
configuration management 126
configuration parameters 318
configure access controls 71
confinement problem 309 316
confirm or refute 221
confirmation or refutation 175
confirmations or refutations 175
conflicts of interest 42
connectivity of information 54
consequence 3 18 19 22 33 48 49 50 51 53 58 59 60 61 66 68 90 100 121 125 126 167 168 169 170 175 178 182 194 198 252 305
consequences 10 11 12 13 14 16 17 18 19 20 22 25 30 32 33 34 35 45 46 48 49 50 51 53 54 55 58 59 62 63 64 66 69 88 92 94 95 96 100 109 122 125 148 157 167 175 182 193 208 224 234 235 240 241 242 245 246 247 249 252 258 267 273 274 289 290 295 305 308 309 312 325 328
consistency checks 175
consistency of results 239
consistency syntax checks 220
consistent basis 87
console access 206
console interface 206
construction materials 187
construction of barriers 186
contemporaneous record 131
content access control 292
content access mechanisms 23
content based detection 275
content control 189 269 270 271 312
content controls 40 165 270 295 301 328
content detection mechanisms 270
content flows 266
content protective mechanisms 264
content transforms 270
content trust models 175
contention 235
continue business operations 290
continue critical operations 72
continued availability 86
continued process control 85
continuity management 93
continuity of operations 133 255 290
continuity planning 39 107 113 124 126 130 165 290 295 307 328
continuity plans 94
continuous incident review 130
contraband 253
contract 38 42 43 58 67 70 151 155 315
contractor 149 150 152
contractors 104 114 149 150 152 252 308
contracts 37 40 49 70 95 96 150 151 152 153 163 242 310
contractual 10 15 20 38 40 41 58 70 150 151 152 293 295 307 308 328
control activities 83
control allowed protocols 270
control approach 88
control architecture 2 10 11 21 22 23 25 26 88 173 175 177 179 181 182 183 185 187 189 191 193 194 195 196 197 198 199 292 294 299 300 304 305 315 321 328
control change 217
control changes 254 328
control content 321
control costs 70
control decisions 189
control loop 81
control mechanism 274
control mechanisms 20 24 73 85 167 189 198 244 245 269 312 323
control model 22 198
control models 11 304
control objectives 157 158 266 311 316
control over behaviors 106
control over changes 198
control over configurations 91
control over content 310
control over environment 135
control over expertise 169
control over process 84
control over resources 81
control over systems 217
control over times 272
control plane 183
control points 260 301
control requirements 22 23 83 114 172 216 292
control schema 292
control signals 216
control standard 58 131 171
control standards 21 81 84 118 131
control structure 167
control system 71 77 106 132 156 157 158 167 170 172 182 298 328
control systems 65 90 91 157 158 159 167 224 235 319
controlled conditions 310
controlled environments 63 194
controlled substances 42
controlling behaviors 271
controlling budget 156
controlling the organization 305
controls over changes 174
convenience 61 236
convincing management 254
COO 15
cooling 54
coordinated attacks 253
copying 232
copyright 1 3 150 310
copyrighted material 38 307
copyrighted software 71
copyrights 37 307
corporate banner 81
corporate communications 75 104
corporate crimes 242
corporate directory 185
corporate documentation standard 128
corporate governance 41
corporate legal counsel 252
corporate license 165
corporate policy 150
corporate records 86
corporate risk management 76
corporate structure 75
corporate wide functions 75
correcting input errors 221
corrective measures 256
COSO 31 69 82 83
cost and loss 21 279
cost and shrinkage 12
cost and surety 246
cost cutting 305
cost effective 218
cost efficiency 56
cost metrics 164
cost of accuracy 203
cost of assessment 51
cost of data 31
cost of delays 163
cost of failures 25
cost of quality 176
cost of quantity 176
cost plus loss 17 20 26
cost reductions 165
cost saving 218
cost savings 234 291
cost structure 29
costs and changes 29
costs and losses 25
costs and performance 164
costs and shrinkage 12
costs are critical 158
costs of detection 246
costs of operation 60
costs of prevention 247
costs of security 161 298
COTS 198
counterintelligence 113 254
countries 26 43 70 124 307
country 45 287 307
court orders 214
coverage 7 13 64 65 87 100 115 199 279 307 311 312 314 321 322 326 327
covert awareness 105
covert channel 177 314 316
covert channel exploitation 177
covert channel problem 314 316
covert channels 177 178 269 314 324
covert force 155
covert forces 155
covert investigations 155
CPO 110 111
crackers 52
CRC codes 238
creation of authorities 42
creation of composites 321
creation of zones 123
creation times 39
credibility 135 140
credit card 58 84 202 314
credit checks 207
crime 52 98
crimes 242 254
criminal actions 225
criminal acts 97 149 242 258
criminal behavior 93
criminal case 231
criminal cases 153
criminal legal sanctions 97
criminal liabilities 186
criminal litigation 96 148
criminal prosecution 242
criminal record checks 92
criminal sanctions 109 230
criminals 308
criteria for threats 308
critical applications 198
critical awareness issues 128
critical business functions 165 290
critical competitive information 28
critical components 64 164
critical control architecture 21
critical decision 291
critical enterprise function 111
critical for health 98
critical forensic data 252
critical function 78
critical fungible resources 81
critical governance function 36
critical information 97 126
critical infrastructure 6 19 64
critical infrastructures 17 272
critical interdependencies 113
critical interdependent systems 251
critical metrics 158
critical operations 72
critical projects 163
critical systems 65 268
critical time sensitive 104
critical times 307
cross cut shredders 227
crosscutting business functions 75
cryptographic algorithms 236
cryptographic channels 318
cryptographic checksum 309
cryptographic checksums 65 175 176 224 231 237 238 271 309 319
cryptographic integrity mechanism 317
cryptographic key management 177
cryptographic keys 71 236 325
cryptographic mechanism 184
cryptographic methods 274 317
cryptographic protocols 236
cryptographic seals 196 300 326 328
cryptographic systems 65 177 196 198 238 318 325
cryptographic technologies 174
cryptographic transforms 304
cryptography 174 177 309 314 317 320 325
cryptosystem 315 317
cryptosystems 315 317 318
CSO 110 111 124 166
cultural change 102
cultural control mechanisms 73
cultural environment 279
culture of fear 102
culture of security 102
current events 130
customer content 41 295 307 328
customer contracts 96
customer database 314
customer details 28
customer information 56
customer relations 29
customer relationship 145
customer service 230
customers 5 28 29 32 33 40 41 52 64 149 229
cutting hinges 187
cyber attacks 308
cyber gangs 52
cyclic redundancy check 238
dangerous operation 273
data aggregation 182 222 314
data at rest 223 227 231 233 300 328
data attribution 221
data center 24 189 228 232 289 290 291 299 305 329
data centers 19 24 55 124 189 226 228 231 232 267 286 287 288 289 290 291 302
data classification 222 233
data classification scheme 233
data density 227
data for detection 250
data from surveillance 237
data in motion 223 235 300 329
data in transmission 235
data in use 223 224 239 274 300 329
data life cycle 214
data life cycles 219 231 292
data lifecycles 166
data owner 166
data owners 166 261
data path 206
data redundancy 224
data retention 230 265 311 313
data retention policy 230
data separation 222
data sources 183
data state 227 292
data state controls 292
data storage 313
data verification 175
database 24 32 89 179 181 189 202 243 244 265 266 279 314 324
databases 24 30 56 85 91 197 207 231 265 266 272 314 318
date 21 34 45 93 111 168 179 244 263 304 315 323
day after games 310
dead man switches 64
death and legacy 91
decay with time 23
deception 5 192 241 243 254 268 322 326
deceptions 184 185 241 268 322 323 324
decertification of systems 104
decider 283
decision algorithm 286
decision criteria 68 286 310
decision maker 15 108 258 276 278 280 305
decision makers 15 20 33 44 48 57 67 110 246 310
decision mechanisms 113
decision process 121 191 203 241 277 278 281
decision processes 157 277 278 280 282 284 301 329
decision space 283
decision support 282 283 327
decommissioned 218
decommissioning 124 218
decompression 238
decoys 322
decreased response times 185
decreasing power 73
decrypt 238 326
decrypting 238
decryption 183
default configurations 63
default settings 99
defeat detection 186
defeat incident detection 115
defeat intrusion detection 248 326
defeated over time 317
defeating deceptions 324
defeating illicit users 326
defeats the system 325
defend systems 268
defenders 99 245 248 257
defense 98 113 117 200 240 241 257 267 268 280 292 300 315 324 328
defenses 48 72 88 100 165 240 247 267 272 275 308 309 317 324
defensive force 100
defensive measures 65
defensive network deceptions 322
defensive processes 11
defensive situations 139
defined change 194
defined circumstances 88 94
defined control architecture 23 189
defined risk management 66
defined testing process 193
defines duties 9
defining protection processes 11
definitive due diligence 58
degradation from encryption 162
degraded job performance 110
degree of accuracy 47
degree of certainty 121 177 182 304
degree of expertise 319
degrees and expertise 102
degrees in specialty 101
delay 190 313
delays 62 163 192 246 290
delegate risk management 121
delegation of authority 39
delete information 228
deleted copies 233
deleted media 225
deleting the audit 182
deletion of files 226 234
delivery of data 238
demilitarized zones 270
demonstrate compliance 84
demonstrate properties 173
demonstrated capabilities 168
demotion 91 137 211
denial of services 189 245 269
Denning 304 310 314 316 317 320
deny services 245
denying access 202
denying use 202
dependence on information 289
dependencies 16 19 53 54 55 244 263 266 290
dependency 19 55 56 286 290 317
dependent 14 110 135 245 251 279 289 290
dependents and descendants 214
deposit box 289
depreciated income 219
deranged people 52
derive control standards 131
derive properties 321
derived from laws 37
descendants 214
describing protection 7
description languages 318
design approvals 255
design criteria 309
design faults 216
design flaws 205
design interdependency analysis 176
design methods 237
design of protection 17 321
design of systems 215
design principles 311
design principles and 311
design process 255
designated approving authorities 83 255
designs for components 65
desired control envelope 157 170
desired coverage 279
desired properties 61
desired protections 20
desired risk reduction 46
desired security properties 196
desired system behaviors 157
destination port protocol 89
destroy data 226
destroy logistics 28
destroy or disable 216
destroy the information 259
destruction and disposal 219
destruction of data 226
destruction of media 226
destruction of records 311
destruction of stock 49
destruction of systems 219
destruction processes 128 226
detailed background checks 92
detailed control systems 157
detailed decision criteria 310
detailed financial information 207
detailed intelligence 50 51
detailed investigations 51 92
detect all event 93
detect all known 275
detect and adapt 148
detect and react 113
detect and triage 187
detect behaviors 183
detect changes 273
detect coordinated attacks 253
detect event sequences 94 273
detect events 248
detect faults 272
detect inconsistencies 239
detect intermediate changes 237
detect intrusions 245
detect known intrusion 273
detect known intrusions 248
detect react cycle 258
detect react loop 257 301 329
detect trojan horses 320
detectability 99 316
detected as unacceptable 204
detected attacking 243
detected barriers 186
detected event sequences 251
detected incidents 252 253
detected viruses 280
detecting attacks 247
detecting attempts 271
detecting behaviors 272
detecting deviation 309
detecting malicious content 323
detecting trusted insider 124
detection heuristics 249
detection in memory 272
detection in systems 272
detection mechanisms 125 246 270 272
detection methods 309
detection models 210
detection of attacks 246
detection of behavioral 272
detection of change 271
detection of deviations 249
detection of intrusions 245
detection of invalid 221
detection of known 63 309
detection of normal 273
detection results 210
detection schemes 94
detection system 94 247 249 251 323
detection systems 94 246 248 249 273 323
detection techniques 248
detection technologies 246
detection threshold 148
detection thresholds 248
detection time 246
detector 22
detectors 270
deter 100 241 242 292 301 329
determine accessibility markings 271
determine aircraft stability 223
determine availability 176
determine best rates 121
determine business impacts 55
determine criticality 126
determine options 99
determine outcomes 200
determine qualifications 91
determine the consequences 35
determine the placement 107
determined project approaches 163
determining how much 160
determining how to 305
determining where 51
deterrence 77 166 184 241 242 274 308
deterrent 241
deterrents 242
deters 27 242
develop decision criteria 286
develop intrusion detection 323
develop longterm plans 310
develop policies 104
development and maintenance 118
development and operational 56
development and testing 288
development and use 24
development change control 300
development cycles 319
development environments 90
development process 321
development systems 235
development testing 168
deviation from known 309
device inventory 264
device protocol element 250
device proximity card 179
dew point 100 187
dictatorships 73
different audit records 182
different authentication mechanisms 261
different authentication requirements 262
different background training 149
different budgeting processes 163
different capabilities 55 291
different categories 151
different circumstances 50 225 275 310
different components 25
different consequence levels 182
different contexts 79 204 251 310
different contextual elements 117
different countries 70
different decisionmaking powers 20
differentiable characteristics 236
differential analysis 35
differential time 201
differentiate actions 206
differentiate computers 323
differentiate inputs 220
differentiate intrusion 223
differentiate legitimate 250
differentiated access 319
difficulty of attack 236
difficulty of attacking 241
difficulty of use 236
Diffie 317
diffusion and confusion 315
digital certificates 236
digital circuit 312
digital circuits 309
digital data 226
digital diode 269
digital diodes 178 269 316 324
digital forensic evidence 324
digital forensics 5 6 324
digital rights management 270 326
digital signatures 175 270 317 318
dignity of individuals 132
diligence 18 43 57 58 60 62 66 70 81 96 132 207 308
diligent 58 66 148
diligently 285 293
dire consequences 258
direct access 141 270
direct attack 181
direct budget 164 299
direct causes 16
direct contact 324
direct control 36 111 117
direct costs 49
direct financial value 29
direct reports 111
direct responsibility 15
direct supervisor 148
directed inference systems 327
directed professionals 242
directional information flow 178
directly contact 11
directly control 106
directly controlling budget 156
directly detected 204
directly impacted 15
directly linked to 170
directories 185 265
directors 10 36 76 77 107 108 109 127
directory 185 265 318
disable protection process 216
disabled 216
disabling of features 253
disaggregating risks 259
disaggregation 189 263
disagreements 139 152
disallow all traffic 272
disappeared network location 201
disaster recovery 39 104 113 124 126 130 165 167 231 234 289 295 307 313 329
disaster scenarios 70
disasters recovery processes 217
disbelief 141
discharge 149
discipline 48
disclosure agreements 38
disclosure of information 37
discovery 253 264
discretionary access controls 268 269
discretionary controls 269
discretionary funds 164
disgruntled customers 64
disgruntled employee 211 213
disgruntled employees 207 209 212 214 300 329
disk 89 226 227 229 231 232 233
disks 226 228 229 231 232 271
disobeying judicial orders 98
display being duplicated 326
disposal process 219 229
dispose 39 86 311
disposition 36 38 39 86 265 295 311 313 329 331
dispute resolution 152 153
disputes 128 137 147 148 150 151 152 153 154 298 329
disregard the policy 150
disrupt 28 56 143 259 268
disrupting group processes 242
disrupting the organization 256
disruptive effects 273
disrupts normal operations 253
dissemination of information 128
dissolution 209
distance 177 185 186 188 228 237 286 287
distances 54 235
distant 54 225 275
distributed audit 166
distributed backups 231
distributed computing environments 314
distributed coordinated attacks 253
distributed data centers 290
distributed data collection 100
distributed database 314
distributed distributed audit 166
distributed users 315
distributing session keys 318
distribution issues 177
distribution of content 290
diverse businesses 291
diverse locations 19 200
diversification 19
diversify 19
diversions 98 100
divorce 91 210
DMZS 270
DNS 32 122
document authentication 317
document control 86
document repository 128
document retention 306
document review 102
document tracking systems 86
documentation 21 45 72 78 84 85 86 111 115 118 119 120 123 125 126 127 128 129 131 148 149 150 163 166 170 218 219 262 281 282 285 286 293 296 297 301 329
domain name services 54 122
domain name system 314
double error detection 272
downstream liability 219
downstream providers 97
dramatic change 242
dramatic documentation 86
dramatic effects 207
dramatic failures 157
drive bays 232
DRM 326
drug cartels 52
ducts 187
due diligence 18 43 57 58 60 62 70 81 96 207 308
duplicated or spoofed 236
duplication or destruction 229
during disasters 217
during investigations 114
during recovery 217
during response processes 253
during security 163
dust 98
duties to protect 9 10 15 20 36 37 38 39 40 42 43 45 69 71 72 107 150 293 295 296 305 311
duties to shareholders 15 20 37
duty to protect 11 15 16 19 20 36 37 46 59 71 108 279 293 294 329
DVD 226
dynamic content 303
dynamically unstable system 257
dynamics 116
early trusted systems 320 326
earnings expectations 40
earth movement 70 238
earthquake 55
easily fooled 136 327
easily spoofed 236
eavesdropping 238
EBCDIC 223
ecological groups 93
ecologically sound 326
economic rivals 52
education 6 91 100 101 112 123 170 210 215
educational background 101
effective backups 232 263
effective bandwidth 237
effective change control 217
effective communications 146
effective control 75 167
effective detection 246
effective deterrents 242
effective governance 72 152
effective groups 115
effective information protection 75 79 81 153
effective information security 132
effective integrity control 174
effective metrics 280
effective models 321
effective overall protection 206
effective prevention 247
effective protection program 72
effective social action 307
effectively control 20 150
effectively limit risks 268
effectiveness of protection 121
effectiveness of response 257
effects on accessibility 237
effects on available 98
effects on credit 207
effects on duties 43
effects on protection 326
efficiencies gained 170
efficiency by centralizing 180
efficient modeling 32
efficient protection program 53
electric clocks 201
electrical power supply 54
electrical signal leakage 312
electromagnetic erasure 226
electromagnetic signals 238
electronic document retention 306
electronic documents 86
electronic funds transfers 205
electronic storage devices 228 230
elevators 91
elicitation techniques 138
eliminate covert channels 177
eliminate threats 240
email 152 230 231 235 273
emailed 225
emails 39 63 104 118
emanations 186
emergencies underway 276
emergency changes 258
emergency conditions 193
emergency funding 163
emergency management 130
emergency modes 186 187
emergency notification process 105
emergency notification system 104
emergency recovery environment 193
emergency services 185
emotional persuasion 138
emotional power 138 298
employee agreement issues 213
employee behavior 212
employee behavioral changes 211
employee behaviors 207
employee briefings 102
employee evaluations 40
employee history 150
employee misdeeds 97
employee records 209
employee reviews 106
employee rights 38 97 120
employee sanctions 97 126
employee threat assessment 50
employees and contractors 104
employment 38 50 93 213 214 242
emulsification with acid 227
enclave 184 243
enclaves 89 187 243
enclosures 201
encode 270 275 283
encoded 197 283
encoding 206
encrypt 152 270
encrypted 89 188 239 326
encrypted tunnels 89 188 326
encryption 70 90 96 162 178 183 184 195 225 231 235 236 237 238 270 318 326
end of life 209 213 218 219 232
energy and infrastructure 288
enforce policy 150 195
enforce protection 266
enforce separation 268
enforce the duties 42
enforceable contracts 40
enforced under the 150
enforcement 21 73 104 112 113 147 148 149 150 152 153 154 196 225 248 252 298 329
engage the stakeholders 278
engaging the stakeholders 143
engineering approaches 256
engineering assurance 160
engineering capability 82
engineering controls 319
engineering design 215
engineering methodology 256
engineering processes 159
engineering solutions 215
engineering systems 215
enhance analysis 35
enhance brand 28
enhance surety 65
enhanced perimeters 185
enhanced with time 311
enough diversity 287
enough knowledge 320
enough money 252
enough people 115
enough power 135 142
enough privilege 133
enough protection 252
enough time 226 323
ensure compliance 102
ensure confidentiality 81
ensuring audit trails 256
entity level 83
entrances 186 190
entries 187
entry and exit 98 99 186
entry attempts 100
entry level attribution 221
entry paths 186
entry points 99
entry terminal 221
entscheidungsproblem 323
environmental conditions 54 238
equipment 13 98 99 124 213 215 219 234
equity management 132
erasure 226
ERM 326
erratic behaviors 210
error correction 272
error costs 166
error detection 272
error information 183
error mechanisms 268 277
error patterns 273
errors and delays 192
errors and omissions 23 35 62
errors made early 215
errors of commission 142
errors of omission 142
errors of substitution 142 143
escalate 252
escalation 84 85 261 263
escalations 261 301 329
escort 136 137
escorted 105 213
escorting 153
espionage 52 230 307
establishing justification 140
establishment of clearances 211
ethernet 237
ethernets 232
ethics 41 132 295 307 328
EU 40 95 151 182 230
evaluating compliance 256
evaluating known vulnerabilities 256
evaluating risks 121
evaluation control 177
evaluation criteria 175 269 308 316 320
evaluation of risks 293
evaluation of trust 92
event identification 83
event in context 252
event sequence 251 252 313
event sequences 10 18 33 46 49 50 53 59 80 87 94 125 126 241 246 248 249 250 251 258 259 273
events across infrastructure 200
events and consequences 48
events under scrutiny 324
eventual failure 55
evidence 47 97 98 108 126 252 324
evidential issues 97
evolution 233
ex-employees 214 300
exact copy 235
exact number 290
exceed acceptable thresholds 94
exceed identified parameters 64
exceed losses 72
exceed the cost 17
exceeds the threshold 193
exception conditions 64 262
exception disputes 152
exceptional conditions 260
excessive costs 317
excessive detail 30
excessive details 31
excessive redundancy 116
excessive trust 92
excessive value 57
exchanged information liability 96
exchanges of content 208
exchanges of information 326
executed by mechanisms 195
executed content 317
execution policy languages 330
executive committee 146 147
executive decision making 147
executive decisions 59
executive management 31 43 66 142 148
executive misdeeds 96 108
executive protection 59 120
executive security management 9
executive support 141
exercise of power 155
exercises 165
exercising influence 257
exert influence 27
exerts control 170
exerts influence 156
exfiltration of data 186
existence failures 117
exit 98 99 186
expand access 240
expanding access 240
expansion and exploitation 243
expectation management 145
expected load 90
expected loss 47 48
expected surety 325
expenditures 279
expert facilitated analysis 61
expert system mechanisms 282
experts disagree 115
explicit control 131
exploit a flaw 274
exploit access 240
exploit identified vulnerabilities 308
exploit vulnerabilities 46 53 88
exploit weaknesses 53
exploitation code 177
exploitation of network 243
exploitation of target 243
exploitations of vulnerabilities 88
exploiting privilege 243
exploiting privileges 243
exploiting vulnerabilities 242
explosion 55
explosions 70 287
explosive blast 186
explosive devices 192
explosives 185
exponential space 318
express written permission 3
extended leaves 212
extended problem periods 258
extensive acceptance tests 65
extensive background checks 92
extensive distance barrier 185
extensive testing processes 189
external access 163
external assessment 144
external audit 87 127 231
external bodies 152
external cabling 90
external consultants 113
external contractors 114
external contracts 152
external counsel 155
external criminals 308
external data sources 183
external databases 314
external events 324
external experts 169
external influences 122
external inspection 203
external interdependencies 10
external observation 271 326
external organizations 114
external processes 152
external protective devices 168
external requirements 84
external technical review 130
externally imposed duties 37 295 329
externally observable events 249
extortionists 52
extra software 163
extraordinary access 202
extreme circumstances 104
extreme complexity 319
extreme consequences 94
extreme importance 275
extreme skepticism 285 312
eye print 191
facets of information 260
facets of protection 205
facial patterns 236
facilities appearance 326
facilities at universities 325
facilities backups 290
facilities control 137
facilities have topologies 187
facilities management 21
facilities managers 112
facilities perimeters 24 188
facilities protection 202 313
facilities security 111 120
facility boundaries 90
facility distance 286
facility failures 286 288
facility manager 313
facility owner 111
facility protection 313
facility security 130
facility surveillance 100
factual errors 145
fail safe 64 65 249 258 271 272
fail safes 272
fail under load 223
failed password 268
failsafe 99
failsafes 327
failure conditions 29
failure mechanisms 263
failure mode 55
failure modes 16 65 181 272
failure rates 232
failures in control 117
failures in execution 23
failures in information 35
failures in production 194
failures in protection 29 257
fairness 139
false alarms 94 246
false appearance 326
false entry 263
false impressions 247
false locations 185
false negative 248
false negatives 94 236 245 246
false packets 251
false positive 248
false positives 94 236 245 246 250 270 312
false signals 237 268
false target 243
fault mechanisms 54
fault model 87
fault models 87
fault tolerance 224
fault tolerant computing 271 272 321 327
fault types 194 216
favorability 283
favored viewpoint 139
Federal Trade Commission 40
federation 204 321
feedback 11 35 36 43 78 79 80 81 84 85 87 127 148 156 170 248 257 305
Feiertag 321
Fellows 327
fiche 13 86 226 227 228 229
fiduciary duties 15 20 37 82
field generators 226
fighting botnets 311
file 39 71 231 232 233 234 266 326
files 30 54 131 181 226 228 232 233 234 244 265 269 317 323
filtering 189 275
filters 188 270 326
finance and accounting 75
financial implications 49
financial industries 325
financial information 40 151 207 209 314
financial institution 70 166
financial institutions 50 84 125 161 290
financial losses 39
financial metrics 164
financial records 38 39 40 86 96 202 209 295 314 329
financial reporting requirements 95
financial reports 40
financial risk 76
financial system 314
financial systems 29 205
financial transaction 239
financial transfers 192
finding a target 242
finding targets 243
finer granularity 180 244 304
fines 230
finger prints 191 236
fingerprint 207
finite detection time 246
finite environments 309
finite state automata 312
finite state machine 250
finite state machines 309
FIPS 178 321 322
fired 45 108 170 278 305 313
firepower 100
fireproof 289
fires 185 187 288
firewall 89 129 243 253 268 269 270 280 291
firewalls 89 129 183 189 208 243 269 271 272 304 323 324
firewire 232
firing 313
fitting in 73 296
fitting protection 75 296
flood 48 185 314
flood zones 185
flooding 47
floods 47 98 187 287 288
floors 187
floppy disks 271
flow control 85 175
flow controls 11 177 309
flow limitations 269
flow mechanisms 292 318
flow of data 222
flow of information 78 269
flow of packets 89
flow rate 272
flow requirements 262
focus of attention 72 131 320
following the rules 123
food processing 33
fooling sensors 187
footfall pattern 191
footfalls 236
footprint frequency 237
force for persuasion 138
force independent verification 319
force levels 187
force of logic 135
force that deters 27
forced behavior 154
forced changes 157
forcing changes 96
foreign nations 97
foreign worker 229
forensic 126 148 250 252 313 324
forensics 5 6 98 164 225 313 324
foreseeable future access 244
form a consensus 73
formal change 65
formal decision process 281
formal meeting 213
formal model 319
formal policy 218
formal processes 93
formal report 284
formal rules 131 133
formal standard 82
formalize the documentation 85
formalized approach 316
formally terminate 84
formation of businesses 207
formulaic approach 139
formulas for availability 176
foundation for analysis 10
foundation of models 315
foundations and model 304 310
fragments 225 226
framework for deception 322
frauds 36 207 320
fraudsters 52
freedom from unauthorized 174
French encryption requirements 96
frequency and path 237
frequency and range 216
friendly persuasion 155
friendships and liking 92
fuel consumption 222
fuel usage 277
fulfill business needs 70
fulfill the duty 71
fulfill the mandates 202
fulfilling contract obligations 38
fulfilling the duties 36 71 72 296
fulfilling the duty 108
full backup 233
full backups 226
full business cycle 218
functional requirements 194
functional responsibilities 77 127
functional unit 183 189
functional units 11 22 23 182 183 198 292 299 304 329
functionality control 195
fundamental goals 44
fundamental issues 246
fundamental models 316
fundamental objective 26
fundamental process 225
fundamental purpose 246
fundamental question 19
fundamental separation 155
fundamentals of control 157
funding 50 51 52 73 107 118 160 162 163 164 165 166 167 172 207 247 298 329
funds 42 109 164 205 214
fungible 81 158
fused data 222 250
fusing data 250
future access control 244
future accountability 180
future business scenarios 14
future events 47
future performance 92
future scenarios 14
future sequences 80
future state 282
future time 46
GAAP 83
gain access 129 177 202 206 313
gain approval 123
gain control 9
gain executive support 141
gain knowledge 8
gain physical access 229
gain privileges privileges 240
GAISP 81 82 132 161 168 171
game process 104
game theory 310
games 104 310
gaming the system 308
gangs 52
Garfinkel 311
gaseous mechanisms 99
GASSP 81 132 155 159
gateway 189 279
general administrative punishments 149
general purpose computer 323
general purpose computers 64
general purpose computing 250
general purpose function 175
general purpose use 177
general security awareness 103
general target characteristics 308
generate audit trails 216
generate changes 212
generate disgruntled employees 212
generate documentation 84
generate excess transactions 234
generate induced signals 238
generate social benefits 105
generate undesirable state 204
generators 187 226
generic attack graph 240 322
generic threats 51
geographic data 221
geographic distribution 290
geographic diversity 235 289
geographic location 69
geographically distributed 289 290 315
geographically diverse 289 290
Gilles 327
Gilovich 327
give up privileges 274
glaring vulnerabilities 168
glass house mentality 319
glass walls 267
global catastrophes 217
global coalitions 52
global communications 287
global complexity 111
global enterprise 8
global enterprises 307
global multinationals 287
global network management 56
global positioning system 185 201
global reach 97
global routing infrastructure 56
globalization and interdependencies 43
go bankrupt 29
go beyond compliance 154
gold standard 82
good decisions 15 44 45 284
good judgments 121
good will 12 156
goods or services 12
google 314
GPS 201
Gramm Leech Bliley 39 83
grant access 137 202 259
grant adequate access 20
grant authorization 186 205
grant authorizations 266
grant human access 187
grant maintenance access 202
granting access 211
ground water 186
group process 116 277
group processes 103 242 278
group settings 103
group size 50 51 130
groups of countries 307
groups of individuals 93
groups of people 78 114 115
guard forces 136
guard station 269
hackers 52 308
halting problem 323
harassment 214 252
hard to anticipate 48
hard to assess 92
hard to control 156
hard to convince 23
hard to defeat 236
hard to enforce 307
hard to explain 33
hard to find 153 303
hard to manage 177
hard to recover 232
hard to remove 229
hard to track 158 266 313
hard to train 92
hardened data centers 228
hardened devices 177
harder to accomplish 131
harder to control 230
harder to determine 201
harder to forge 175
harder to identify 50
harder to implement 237
harder to limit 201
harder to properly 230
harder to tunnel 186
hardware designs 65
hardware device protocol 250
hardware mechanisms 239
hardware route controls 205
harmful response 257
Harrison 319
harsh assumptions 173
Hayes-Roth 327
hazard 60 64
hazardous chemical 185
hazardous chemicals 219
hazardous operation 64
hazards 98 187
health and benefits 95
health and property 27
health and safety 37
health care programs 209 210
health hazards 187
health information 70 83 86 151 209 222
health related information 96 151 214
health standards 219
hearsay exception 97
heart attack 56
heat pipes 6
heating 215 247
Hellman 317
help desk 163 259
hidden costs 158 161 162 163 164 166 172 298
hierarchical control systems 167
hierarchical process 261
hierarchical structures 73 141
hierarchy people dependencies 54
high assurance 269 271
high burden 123
high burst rate 228
high complexity 54 309
high connectivity 54
high consequence 58 90 100 168 169 178 194 198 252
high consequence change 194
high consequence content 198
high consequence events 100
high consequence exploitation 90
high consequence situations 168
high consequence uses 178
high consequences 18 49 50 58 125 167
high cost 20 277
high dependence 289
high dependency 290
high explosive blast 186
high friction 23
high grade threats 226 238
high growth 305
high humidity 221
high integrity 5
high level ciso 109
high level concepts 103
high level decision 15 20 310
high level decisions 277
high level executive 114
high level functions 169
high level insiders 108
high load 190
high losses 276 289
high Oersted field 226
high performance 287
high profile 267 325
high quality attackers 254
high quality experts 103 115
high reliability computer 327
high risk 59 61 65 88 122 123 124 191 198 257 288 296 329
high risk applications 122
high risk infrastructure 122
high risk operations 65 198
high risk options 61 296
high risk situation 257
high risk situations 191
high risk systems 88 123 124
high risks 58 62 65 189 259 296
high speed intrusion 245
high surety 62 65 83 122 126 175 177 178 198 200 270 271 272 309 313 316 320 329
high surety access 175
high surety content 271
high surety designers 309
high surety identification 329
high surety implementations 178
high surety mechanisms 62 198
high surety processing 177
high surety protection 83
high surety requirements 316
high surety systems 65 122 126 320
high temperatures 226
high threat profile 289
high threats 18
high utility content 62
high valued applications 239
high valued data 230
high valued decisions 277 278
high valued information 227 258
high valued operations 62
high valued systems 87 125 159 217 250
high valued targets 90 325
high valued transactions 192 319
high volume perimeters 190
high yield weapons 65
higher assurance 188
higher certainty 61
higher classification levels 269
higher consequence systems 61
higher consequences 50
higher grade threats 226
higher integrity 178 272
higher level clearance 152
higher level control 158
higher margins 138 307
higher performance 290
higher quality components 176
higher risk 59 68 180 191
higher surety 62 126 191 245
higher trust 50
higher valued content 188 189
higher valued decisions 278
higher valued systems 268
highest risk 61
highly automated attacks 28
highly complex situations 123
highly cooperative process 153
highly destructive 28
highly differentiated access 319
highly experienced professionals 101
highly geographically diverse 289
highly localized enterprises 286
highly sensitive data 222
highly sensitive matters 42
highly toxic materials 65
hindsight 277
hinges from doors 187
HIPAA agreements 151
hiring an outsider 136
hiring and termination 265
hiring processes 211
historic association 210
historic records 212
historical data 129 229 249
historical deceptions 323
historical documents 322
historical information 92 268 314
historical losses 72
historical technical security 247
historical weaknesses 88
histories 265 322
history motives 50
history of secrecy 198
history or relationship 150
hold and consolidate 265
holds and disposition 39
home access 213
home address changes 212
home sales 5
honeypots 254 322
hoodlums 52
host based detection 247
host state information 247
hostile systems 214
hot standby systems 225 234
how business works 2 27 29 31 33 35 294
how companies work 131
how content arrives 206
how much funding 160 162
how much protection 19
how much redundancy 289
how much risk 263
how people interact 53
how people think 138
how things change 307
HR 21 40 75 77 78 102 115 120 123 126 130 148 152 166 170 171 252 279 312 313 318
hub and spoke 74
hubbed ethernet systems 237
human access 187
human activities 287
human attackers 275 308
human behavior 271 273
human body 8
human consequences 17
human consumption 224
human decision support 282
human forces 143
human hazards 98
human intervention 94
human judgment 277 312
human life 287
human life cycle 120 274
human memory limitations 236
human performance 257
human processes 312
human reaction time 257
human resources 75 209 312
human views 325
human vulnerabilities 53 113
human wisdom 220
humidity 100 187 221
hurricanes 55 98 287 288
hvac to manufacturing 91
hyper text 195
hypersonic 257
IACUA 35 304
IBM 318
iceberg 320
identical contents 233
identical disks 232
identical state 234
identifiable costs 164 299
identifiable covert channels 178
identification 11 23 49 50 52 54 56 64 83 98 100 102 105 137 154 155 156 179 180 181 186 188 190 191 235 236 243 266 267 268 278 295 299 324 329 331
identification and authentication 186 188 235 266 324
identification and authorization 100
identification and evaluation 49 50 52 54 56 295
identification and explanation 181
identification and internalization 137 155
identification card 179
identification of factors 278
identification of individuals 236
identification of options 278
identification of targets 243
identification processes 190
identification system 190 191
identified dependencies 16
identified funding 164 165
identified individuals 178
identified items 147 204
identified needs 261
identified parameters 64
identified parties 178
identified protective measures 253
identified risk 57 69
identified security requirements 315
identified subjects 190 261 292
identified tasks 260
identified threats 25 289 308
identified tolerances 68
identified vulnerabilities 308
identifies risks 121
identify event sequences 49 246
identifying error mechanisms 277
identifying event sequences 125
identifying factors 278 301
identifying options 278 301
identifying protection processes 166
identifying viable options 276
identifying vulnerabilities 243
identity and data 214
identity and method 292
identity and password 261
identity and surety 191
identity based access 183
identity information 180 181 204 211 214
identity management 54 71 72 89 93 120 123 126 127 180 189 195 210 216 259 265 266 312 318 319
IdM 93 166 180 312 318
IEEE 307 321 322
if attacked 62 236
if disaster strikes 165
IFIP 304 308 309 310 316 317 322
ignore enterprise policies 152
ignore information protection 207
ignore policy 152
ignore underlying infrastructures 19
illegal copies 71 307
illegal purposes 229
illegal to possess 253
illegitimate access 23
illegitimate event sequences 250
illegitimate passage 184
illegitimate uses 249
illicit behaviors 273
illicit use 193
illicit users 326
illness 212
illnesses 91
images match 193
imagine what happens 311
immediate actions 241
immediate notice 104
immediate reporting 253
immediate response 251
immediate responses 100
immediately repair 196
immigration 229
impacts of failures 290
impacts of faults 55
impacts on benefits 210
impacts on morale 41
imperfect cryptosystems 315
imperfections of perimeters 198
implementation goals 194
implementation of controls 115
implementation of protection 25
implementation of safeguards 67
implementation procedures 84
implementing protection 132
implementing security 83
implications to shareholder 63
implicit assumptions 19
importance and favorability 283
important content 264
important contracts 49
important documents 129
important factors 185 279
important incidents 172
important information 128
important internal issues 44
important messages 103
imposed by government 37
imposed duties 10 37 41 295 329
imposed policies 15 20
imposed privacy policy 37
impossible 53 203 240 323 324
improperly handled misdeeds 149
improve protection 99
improvement over time 25
improving protection effectiveness 165
inaccessible 185
inaccurate detection 251
inadequate assurance 96 305
inadequate attention 310
inadequate automation 232
inadequate CISO power 117
inadequate clarity 143
inadequate contractual provisions 152
inadequate control 169
inadequate controls 72
inadequate evidence 252
inadequate expertise 54 169
inadequate internal expertise 136
inadequate redundancy 291
inadequate separation 257
inadequate skills 145
inadequate technical tools 244
inadequate tolerance 313
inadequate trust models 320
inappropriate action 273
inappropriate behavior 251
inappropriate code 193
inception 220
incident detection 93 115 124 127
incident handling 21 78 93 94 95 113 115 123 124 125 126 127 129 130 166 293 297 313 329
incident rates 68
incident reporting 253
incident response 119 123 126 160 170 251 253
incident review 130
income 28 164 219
incommensurate with policies 244
incompatibilities between systems 215
inconsistencies 239
inconsistency 221
inconvenience 55 109 162 254
incorrect system behaviors 204
increase assurance 175
increase availability 176
increase costs 25 225
increase credibility 140
increase effective bandwidth 237
increase efficiency 263
increase human surety 65
increase surety 239
increased adoption 154
increased assurance 189 319
increased cost 237
increased difficulty 236
increased globalization 43
increased power 237
increased rigor 133
increased risk aggregation 326
increased risks 217
increased security 185
increases availability 176
increases information protection 73
increases power 186
increases separation 133
increases signal effectiveness 237
increasing accuracy 221
increasing attention 50 313
increasing availability 176
increasing change control 193
increasing consequences 66 193
increasing failures 66
increasing quality 198
increasing rigor 312
increasing specialization 73
increasing technical responsibility 112
incremental technical security 225
independent channels 319
independent CISO 45
independent confirmation 175
independent contractor 150
independent disks 231
independent evaluation 44 155 295 329
independent groups 123
independent incident detection 127
independent internal management 75
independent investigations 44
independent operators 273
independent resources 176
independent reviewer 108
independent reviews 203
independent verification 319
independent verifications 87
independently controlled roles 180
independently investigate 44
independently report 108
independently validated 159
independently verified 239 273
independently verify 175
indications 51
indicator 92 93 194
indirect consequence 3
indirect control 106
indirect costs 158 246
indirect dependencies 16
indirect effects 14 91 174
indirect influence 111
indirect power 80
indirectly influence 135
individual actors 46
individual business units 118 138
individual dependency 19
individual experience 277
individual financial information 209
individual identities 192
individual incidents 127
individual managers 61 118
individual salary 222
individuals have responsibilities 189
individuals responsible 98 194 258
indoctrinated 255
induce business consequences 12
induce consequences 46 240
induce event sequences 53
induce false signals 268
induce faults 268
induce undesired responses 251
induced signals 238
inducing consequences 53
industrial espionage 52 307
industries as targets 325
industry analyst 6
industry insider 52
industry sources 163
infection 96
infects 56
inference systems 327
infested with viruses 63
inflection points 155
inflexible regulatory compliance 155
influence and access 108
influence and information 108
influence and power 144
influence applying power 298
influence attackers 241
influence changes 120
influence control architecture 294
influence cooperation 167
influence decisions 140
influence different people 136
influence different structures 135
influence effectively 11
influence events 80
influence factors 281
influence funding 73
influence information protection 131
influence is applied 153
influence others 111
influence outcomes 136
influence over organizations 9
influence physical power 298
influence science 327
influence tactics 105
influence the attacker 267
influence the enterprise 135 156
influence the organization 136
influencing others 135
influencing the business 117
influential people 142
information about incidents 127
information about individuals 40 151
information about locations 204
information about personnel 92
information age ignorance 66
information architecture 255
information assets 24 71
information classifications 208
information content 326
information control architecture 179
information environment 6 97 173
information flow 125 175 177 178 243 269 304 310 316 319
information infrastructure 54 56 251 258 267
information networks 54 304 310 316 319
information protection governance 2 3 9 21 26 70 71 73 75 77 79 81 83 85 87 89 91 93 95 97 99 101 103 105 107 108 109 111 113 115 117 119 121 123 125 127 129 131 133 135 137 139 141 143 145 147 149 150 151 153 155 156 157 159 161 163 165 167 169 171 296
information related attack 48
information related risks 48
information sciences 309
information security 7 11 20 76 81 82 83 106 110 111 112 113 132 133 156 162 163 165 285 303
information security awareness 162 303
information security budgets 163
information security experts 165
information security governance 132 156
information security officer 7 11 20 76 110 111
information security officers 156
information security principles 81 132
information security professionals 83 132 133
information security program 112
information security standards 82
information security training 113
information separation 222
information services 75
information superhighway 305 311
information system access 212
information system attacks 108
information system collapse 109
information system security 255
information systems 14 16 55 71 81 82 83 93 98 110 111 132 136 200 208 210 230 240 308
information technologies 13 14 19 25 287
information technology architecture 256
information technology audit 127
information technology components 208
information technology department 109
information technology experts 19
information technology facilities 21
information technology failures 10 14 33 96
information technology infrastructure 83
information technology inventory 264
information technology operations 288
information technology risk 88
information technology risks 16
information technology security 82
information theory 315
information utility 290
information value 27 28 49
information warfare 5 6
information warriors 52
informational access controls 124
informational controls 184
informational functional units 182
informational technical safeguards 78 331
informational tools 283
informed decision 17
informing decisions 17
infrared 185 238
infrastructure architecture 53
infrastructure changes 208
infrastructure elements 19 180
infrastructure equipment 215
infrastructure failures 287 288
infrastructure mechanisms 323
infrastructure operations 63
infrastructure ownership 73
infrastructure protection 6
infrastructure redundancy 288
infrastructure systems 64
infrastructure warriors 52
infrastructure wide collapse 55
inhibitions 311
initial access 51
initial assessment 252
initial awareness 211
initial briefings 102
initial cost 66
initial development 169
initial employee briefings 102
initial policy 118
initial public offerings 207
initial registration 180
initial registration process 180
initial state 183 234
initial tests 164
initial threat assessment 51
initial values 159
initialization of identification 190
initiation of behavior 211
input capacity 220
input channel 221
input conditions 309
input errors 221
input processing 204
input sequence 220 239
input validation 183
inputs contain redundancy 221
insanity 52
insecure infrastructure 235 236
inside office spaces 98
inside staff member 169
inside systems 229
inside the enclave 184
insider 52 56 124 145 169 267 273 275
insider abuse 124
insider threat 56
insider threats 267
insiders 52 72 92 108 147 252 267 268
inspection of content 323
instant messages 14 39
instantiating changes 258
insurable things 49
insurance 47 48 57 58 62 67 121 130 166 214 225
insurrections 287
integrate information protection 120
integrate system audit 216
integrate with business 117
integrated circuits 321
integrated view 34
integration cycle 168
integrity 5 13 14 22 29 63 70 81 97 166 174 175 176 177 178 182 198 207 215 217 220 223 224 231 250 271 272 292 299 303 304 309 313 317 318 319 329
integrity and availability 81 198 303
integrity and secrecy 318
integrity area 178
integrity areas 178
integrity control 174 177
integrity in analysis 5
integrity information 178
integrity maintenance 309 317
integrity mechanism 317
integrity of data 250
integrity of information 174
integrity of process 176
integrity of records 97 313
integrity of software 271
integrity problems 317
integrity protection 174 309 319
integrity shells 175 176 317
integrity technologies 175
intellectual property 37 38 39 41 70 86 96 119 150 209 295 307 329
intelligence analysis 51
intelligence operation 221
intelligence operations 314
intelligence services 308
intentional actors 48
intentional attacks 240
intentional human attackers 275
intentional imperfections 198
intentional subversion 100
intentionally deceptive 224
interconnectivity 117
interconnectivity and interdependencies 117
interdependencies 10 16 17 19 32 34 35 43 54 55 113 117 174 208 281 294 295 317 329
interdependencies and change 34
interdependencies and risk 10 19 54 294 295
interdependencies change 208
interdependency 19 54 55 176 266
interdependency pyramid 19
interdependency structure 54
interdependency viewpoint 19
interdependent areas 288
interdependent information 19
interdependent systems 122 251
interested parties 132
interface points 238
interference 155 238
intermediaries 324
intermediate changes 237
internal adjudication 152
internal appeals 152
internal assessment 145
internal audit 87 127 169
internal barriers 187
internal behaviors 204
internal business conditions 70
internal cabling 228
internal committees 148
internal communications 152
internal consistency 220
internal control 132
internal controls 279
internal email system 152
internal employees 149 308
internal environment 83
internal expertise 136
internal groups 311
internal incident response 251
internal investigative reports 40
internal investigators 252
internal legal council 119
internal logistics 28
internal malicious attack 181
internal management 40 75 130
internal networks 188
internal operations 118
internal political issues 147
internal politics 145
internal process 152
internal requirements 87 152
internal review 284
internal reviews 38
internal security practices 255
internal signals 220
internal sources 146
internal sponsor 144 145
internal technical review 130
internal testing 169
internal users 24
internal Web sites 63
internalization 137 154 155
international attacks 97
international businesses 119
international communications 287
international organization 81
international shipments 42
international standards 82
international treaties 307
internationalization 19 43
Internet access 181
Internet protocol 90 201
interoperability 215
interoperate 208
interoperation 321
intervening infrastructure 253 314
intervention 94
interview 136 138
introduction of evidence 97
intruder 105
intrusion 22 125 189 216 223 245 248 271 272 273 274 311 323 326
intrusion detection 125 189 216 248 273 274 323 326
intrusion detector 22
intrusion prevention 245
intrusion sequences 273
intrusion types 248
inundated with water 47
invalid input 221
invalid inputs 183
invalid results 47
invasive surveillance 123
inventoried 27 229
inventories 264 265 266
inventory 11 12 27 28 29 33 34 71 110 199 212 230 264 265 266 275 281 301 314 329
inventory control 71 110 314
inventory elements 264
inventory failures 266
inventory issues 266
inventory item 34
inventory items 230
inventory process 266
inventory processes 212
inventory software 264
inventory system 33
inventory under control 11
inventory value 27
investigate 44 135
investigation 17 42 50 51 85 112 155 169 200 246 248 249 251
investigations 42 44 51 92 98 113 114 119 155 248 251 252 295 329
investigative backgrounds 112
investigative capacity 248
investigative coordination 252
investigative intelligence 51
investigative leaks 252
investigative process 31 42 94
investigative processes 97 251 253
investigative professionals 251
investigative reports 40
investigative response 248
investigative teams 252
investigators 52 148 252
investigatory processes 119
invoicing and payment 33
invoke emergency modes 187
invoke processes 214
IP 195 221 310 323
IPO 207
IPPA 18 144 145 147 159 168 169
IPS depends 245
IRA bombings 50
iris patterns 236
Irish Republican Army 50 325
irrational adversaries 133
irregularities 148
IRS code 150
Isaac Newton is 303
ISACA 82
ISO 58 63 82 83 84 159 161 168 171 283 285 307
isolated environments 64
ISPs 311
ISSA 81
issuer 314
J LaPadula 304 310 315
J Ullman 319
J Von Neumann 317
jail 16 49
James P Anderson 315
jammers 237
jamming 237
JDLR 248
jealousy 44
Jim Schweitzer 13
job assignments 209
job changes 91 212
job function 71
job functions 92 180 211
job history 91
job performance 110
join functions 218
joint positions 110
joint venture 208
joint ventures 208
judgment and decision making 277 281
judgment and reasoning 277
judgment calls 15 48
judicial determinations 37
judicial orders 98
juntas 73
jurisdiction 97
jurisdictional 37 70 124
jurisdictions 31 36 37 38 97 151
justice 52 98
justifying costs 247
justifying decisions 278
Karrass 138 327
Kerberos 318
Kernel 326
Kernels 320
key areas 169
key component 264
key concepts 315
key decisions 67
key decisions in 67
key distribution 177
key factor 106
key factors 5 71
key governance decision 109
key governance issue 154
key group 143
key individual 55 56 72
key individuals 56 295 329
key management 177 318 326
key participants 73
key people 107
key personnel 39
key positions 169
keyboard 324
keys 71 175 236 238 245 273 318 325 326
keystroke 236 273
knowledge and awareness 21 78 115
knowledge and skills 20
knowledge and wisdom 219
knowledge base 100 101
knowledge failures 66
knowledge of attackers 185
knowledge of computers 320
knowledge of others 155
knowledgeable person 213
known attack patterns 250
known bad content 270
known ciphers 315
known content 270 326
known content filters 270 326
known control architectures 195
known duties 38 40 295
known expert 221
known failure modes 65
known fault 185 216
known good suffers 309
known intrusion detection 248
known intrusion sequences 273
known intrusions 245 248
known persuasion model 138
known physical locations 202
known protective conditions 202
known situations 222
known standards 84
known techniques 248
known valid classes 183
known viruses 275
known vulnerabilities 256
known vulnerability 51
Koike 322
L Adleman a 317
L J Lapadula 304 310 315
lack of access 244
lack of caring 44
lack of citations 4
lack of clarity 196
lack of diligence 66
lack of documentation 72
lack of improvement 25
lack of knowledge 66
lack of time 277
laid off employees 208
lakes 186
Lambert 322
Lampson 309 316
language skills 112
language specifications 311
LaPadula 182 269 304 309 310 315 324
laptop 227
laptops 228
large application environment 89
large business units 208
large complex enterprise 8
large computer networks 258
large data center 232
large databases 207
large distributed database 314
large divisions 75
large dollar value 205
large enterprise 33 48 56 165 266 287 289 290
large financial institution 166
large financial transfers 192
large infrastructure 55
large investment 47
large libraries 279
large multinationals 97
large negative consequences 258
large organization 259
large organizations 74 103
large storage areas 228
large storage media 232
large technical groups 103
largest enterprises 6 314
laser 238
launch a missile 273
law 3 21 38 43 96 112 113 119 148 209 225 248 252 265 307
law and accounting 38
law enforcement 21 112 113 148 225 248 252
laws 10 16 26 36 37 38 40 41 43 64 70 71 81 97 119 149 219 230 265 307 311
laws and regulations 36 71 219 265
laws and treaties 307
layoffs 64 207
LDAP 318
leak secrets 316
leakage 312
leaking classified information 269
leaks 214 252 304
learning and acceptance 138
least privilege 133 182 192 244 271 274
least trusted 316
least trustworthy 92
legacy information 214
legacy issues 91
legacy systems 256
legal action 250
legal actions 37 150
legal agreement 38
legal approval 123
legal areas 96
legal aspects 311
legal authorities 253
legal cases 38 43 311
legal checklist 279
legal coordination 252
legal council 119
legal department 78 109 111 124 126 148 149 150 152
legal group 119 130
legal groups 119 297
legal holds 39
legal investigation 112
legal issues 21 95 97 119 120 297 330
legal liabilities 252 255
legal mandates 15 118 265
legal matter 265
legal matters 38 39 126 182
legal notice 187
legal obligation 37
legal obligations 86
legal proceedings 97
legal process 152 225 313
legal processes and 258
legal protections 96
legal requirement 43
legal responsibility 107
legal review 119 128 130
legal sanctions 97
legal staff 119
legal standard 324
legal system 149 252
legal team 155
legalese 112
legally binding obligations 38
legally enforceable contracts 40
legally mandated duration 226
legally mandated duties 36
legally restricted 86 149
legitimate access 23 185
legitimate alteration 224
legitimate applications 270
legitimate consideration 259
legitimate purposes 184
legitimate target 243
legitimate use 186 325
legitimate users 326
legitimate uses 245
legitimately access information 190
less classified areas 269
less expensive 89 205 219 245
less flexible 205
less important 278 320
less popular 89
less reliable 287 317
less secret 178
less secure or 178
less sensitive 177 222
level of abstraction 250
level of applicability 202
level of assurance 20
level of authentication 178
level of awareness 92
level of care 70
level of certainty 25 59 173 180 205 243
level of communication 153
level of completeness 260
level of concern 51
level of effort 236
level of expertise 169
level of granularity 173
level of indirection 145
level of performance 167 169
level of protection 185
level of redundancy 233
level of rigor 255
level of risk 45 202
level of risks 305
level of severity 47
level of specificity 52
level of surety 180 188 204 270 312
level of training 149
level of trust 51 202
level of turnover 116
level of uncertainty 181
level of verification 221
levels of attribution 221
levels of authentication 261
levels of availability 64
levels of consequence 182
levels of depth 8
levels of detail 7 282
levels of maturity 82
levels of redundancy 290
levels of responsibility 92
levels of risk 37 121
levels of surety 65 261 321
levels of trust 93
levels of uncertainty 308
leverage 73 137 138 248
leveraging directory infrastructure 265
Levitt 315
liabilities 96 108 186 252 255
liability 5 15 37 39 96 108 176 186 209 210 219 230 232 278
liable 3
liaison 112
librarians 129
libraries 54 279
library 83 112 128 205
license 165
licensing 38 310
lies and statistics 224
life critical systems 65
life cycle 60 64 86 120 128 179 209 211 214 215 218 219 231 255 274
life cycles 11 21 77 91 97 117 124 167 168 199 206 209 214 215 219 231 232 292 293 300 330
life happens 218
life processes 209 213 219
lifecycle 317
lifecycles 166 206
lifestyle 51
lightning 98
likelihood 47 48 59 240 242
liking 92 138 154 278
limit access 201 241 269
limit changes 64
limit corruption 175
limit damage 129 251
limit harm 251
limit liability 230 278
limit network 269
limit paths 206 237
limit randomness 52
limit records 39
limit risk aggregation 182
limit risks 268
limit searches 265
limit zones 321
limited access documents 86
limited applications 177
limited areas 201
limited components 259
limited coverage 307
limited experience 48 92
limited nuclear attack 287
limited parallelism 85
limited process 277
limited redundancy 291
limited scalability 318
limited sensors 157
limited use control 182
limited user interfaces 89
limited utility 277
limiters 319
limiting access 73
limiting by traffic 272
limiting redundancy 115
limiting the flow 269
limiting use 192
limits of cognition 131
limits of detection 249
limits of observation 220
limits of sensors 249
limits of translation 249
limits on accountability 181
limits on length 220
limits on observation 249
line frequency 201
line management 252
line of business 74
line switched 238
lineage 176 274
linear space 318
lines of authority 107
lines of code 320
lines of communication 106
lingering ambiguity 139
link content 265
linkage 14 34 76 77 88 204 294
linkages 324
Linux 89
lip service 66
list of duties 45
litigation 96 148 152 313
live systems restoration 232
load balancing 89
load conditions 223
load levels 90
loaded terms 284
loads in lanes 277
loans to recover 39
loathing 44
local access 202
local area network 269
local area networks 188
local communications 287
local control objectives 158
local disasters 235
local facilities 111
local facility manager 313
local facility owner 111
local government failures 288
local highways 287
local intelligence 51
local operations control 89
local presence 202
local restaurants 105
local versions 290
localities 57
localized businesses 288
localized enterprises 286
locate and attack 267
located near 185
located within 201
location based authentication 201
location changes 202
location delta 202
location inside office 98
location may change 210
location perimeters 186
locational deviation 201
location independent approaches 201
locations during disasters 217
locations for data 19
locations in directories 185
locations of events 53
lock offices 136
lock outs 64
lock people out 136
locking systems 99
locks 187
logged escalation conditions 84
logging 85 163 273
logic controllers 64 272
logic expressions 318
logical access 201
logical argument 203
logical barrier 188
logical location 202
logical mechanisms 155 184
logical network separation 188
logical perimeter architecture 187 299
logical perimeters 184 187
logical perspective 189
logical progression 316
logical spaces 268
logical zones 24
login deceptions 268
logistics 28 29
logs 39
long delays 290
long distances 235
long enough time 226
long life cycles 168
long term access 105
long term backups 234
long term documentation 128
long term employees 113
long term goals 80
long term issues 310
long term performance 116
long term response 95
long term solution 169
long term storage 231
long term vision 80
long time frame 108 214
long time frames 230 247 248
longevity 149
longstanding laws 71
longstanding practice 317
look like 31 32 294
lookup 261
loose approximation 34
lose data 228
lose money 32 47
lose value 29 229
losing data 230
losing opportunities 49
loss of accountability 180
loss of availability 178
loss of backup 290
loss of business 149
loss of capacity 220
loss of cash 49
loss of data 224
loss of home 5
loss of information 49
loss of integrity 14 178
loss of key 39
loss of life 27 49 65
loss of measurement 5
loss of utility 23 224
loss statements 320
losses 25 29 32 35 39 48 57 72 108 161 166 276 289 320
lost access 23
lost and stolen 27
lost civil suit 96
lost data 225
lost functions 168
lost items 212
lost passwords 163
low consequence 18 49 125 126 167
low consequences 18 58
low cost 178 256 288
low level communications 188
low level signals 203
low probability 240 243
low profile 267 325
low risk 18 58 60 62 63 68 122 124 296 330
low risk levels 62
low risk operations 63
low risk options 60 296
low risk situations 68
low risk system 62
low risk systems 58 62 122 124
low risks 62 296 330
low surety 63 64 66 89 122 125 126 188 191 198 271 330
low surety approaches 66
low surety environment 126
low surety environments 122 125
low surety levels 188
low surety mechanisms 271
low surety situations 191
low surety systems 63 64 122 198
low threat levels 61
low valued systems 53
low volume software 205
lower cost 245
lower integrity areas 178
lower integrity information 178
lower level control 158 159
lower level employees 149
lower level metrics 159 160 298
lower organizational level 107
lower pay rates 73
lower profile 98
lower redundancy 176
lower surety 62 178 269
lower surety diodes 269
lower surety implementations 178
lower surety methods 62
lower valued content 189
lower valued decisions 278
lower valued systems 87
lowest available cost 198
loyalties 131 258
lying 202
machine 183 203 204 222 250 271
machine modeling 183
machines 14 205 222 249 250 309
magical number seven 327
magnetism 135 138
magnitudes 200
mail 212 224
mails 104
mainframe 32 131 181 279
mainframes 88 89 223
maintain assurance 23
maintain control 257
maintain this separation 125
maintaining assurance 320
maintaining individual access 180
maintaining lines 106
maintaining roles 180
maintaining secrecy 304
maintenance access 201 202 216
maintenance and decommissioning 124
maintenance and update 163
maintenance costs 218
maintenance mechanism 309
maintenance mechanisms 317
maintenance modes 216
maintenance of control 118
maintenance operations 161
maintenance people 52
maintenance periods 216
maintenance processes 216
maintenance requirements 279
maintenance work 122
major changes 168
major financial losses 39
major impacts 43
major industries 307
major infrastructure 208
major losses 276
major regions 290
major vulnerabilities 236
make a sound 44
make assumptions 23 239
make automated backup 233
make better decisions 59
make business decisions 15 20
make certain 47 122
make changes 141
make choices 215
make complex decisions 310
make decisions 34 78 199 253 263
make determinations 22 203 319
make good decisions 15 44 45
make good judgments 121
make it available 44
make it infeasible 279
make it problematic 246
make it suitable 4
make judgment calls 48
make judgments 101
make logical sense 203
make optimizing decisions 17
make protection decisions 203
make prudent determinations 36
make rational decisions 121
make selections 61
make sense 12 280
make sound decisions 66
make sound judgments 136
make strategic adaptations 255
make sure 8 275 285 319
making a profit 47
making bank transactions 272
making better decisions 276
making big mistakes 280
making certain 10 304
making changes 216
making compliance simple 327
making decisions 10 16 93 115 244
making determinations 51 121 200 320
making effective presentations 281
making illegal copies 71
making predictions 48
making preliminary evaluations 121
making processes 291
malicious abuse 263
malicious accidental modification 224
malicious attack 29 63 181 238
malicious attacks 70 217
malicious code 63
malicious compliance 154
malicious content 323
malicious environment 221
malicious human attackers 308
malicious information technology 115
malicious intent 48
malicious modification 224
malicious sequences 262
malicious upgrades 217
malware 272 308
malware authors 308
malware detection 272
manage change 147 154
manage external consultants 113
manage facility protection 313
manage protection 136
manage the duties 43
manage the enterprise 106
manage the risks 20
manageable size 292
managed budgets 80
managed via influence 305
management activities 78
management activity 130
management adapts 36
management analytics 310
management and assurance 66
management and control 177
management and documentation 111
management and maintenance 279
management and oversight 305
management and surety 76
management and users 76
management and workers 44 104
management approach 71 282
management architecture 77
management arrangement 111
management audit 123
management awareness 266
management buy in 153 298
management chain 44 108 109
management committee 109
management communications 74
management continuity 255
management decision 45 135
management decisions 15 20 36 40 66 68 69 276 282
management defines risk 42
management difficulty 304
management effort 68
management efforts 264
management feedback 148
management framework 117
management function 10 59 111
management hierarchy 30
management infrastructure 89 127 266 318 326
management intent 244
management interactions 138
management issues 69 115 121
management mechanisms 60
management models 34
management of identity 204
management of information 80
management planning 133
management practices 80 81
management process 11 16 17 18 19 21 30 42 59 60 66 68 129 147 148 197 265 266 293 305
management processes 26 34 48 72 313
management rates 60 61
management requirements 19 189 217
management responsibilities 77
management responsibility 6
management reviews 106
management skills 113
management strategies 6 325
management structures 74 77
management system 72 88 93 106 264 282 319 326
management team 78 107 108 110 112 153 170 264 305
management teams 170
management tools 82
management work flow 332
management zoning policies 216
managers 61 109 112 118 129 138 141 142 144 194 253 257 282 313
managing change 140 153 298
managing changes 42 295
managing information protection 197
managing information records 306
managing network security 308
managing risks 18 69 308
managing security consulting 144 298
managing the inventory 11
mandated contracts 70
mandated duties 36
mandated periodic reviews 68
mandated protective measures 242
mandates 15 20 37 40 41 43 58 70 75 118 131 135 202 211 265 279 281 318
mandatory access controls 188
mandatory controls 269
mandatory or discretionary 268
mandatory standards 119
mangling of disks 226
manpower 100
mantraps 99 186
manufacturing 41 63 64 91 124 172 232 259 272
mapping 185 324
marginal termination 214
marginalizing their views 143
margins 138 307
market 28 47 75 177 307 319
marketing 10 12 28 56
marketing and brand 10
marketing and sales 12
marketing executive 56
markets 28 29 208 308
marking 41 86 267 326
marking and tracking 86
marking based approaches 326
marking mechanisms 326
marking storage 41
marking the building 267
markings 86 228 239 270 271 326
marriage 91 210
mass voice mails 104
massive deletion 234
massive global infections 275
massive recalls 64
massive reconstitution 311
match risk 61
match surety 46
match the risk 263
matching behavior 325
matching known bad 63
matching low risks 62
matching mechanism 249
matching of surety 16 293
matching risk 331
matching risk mitigation 331
matching surety 61 296 330
material affect 194
material is removed 213
material records 230
materials barriers 98
materials within systems 219
mathematical analysis 173 316
mathematical basis 323
mathematical formulas 176
mathematical foundations 304 310
mathematical framework 316
mathematical game 310
mathematical model 281
mathematical models 280
mathematical solution 48
mathematical structure 322
mathematical theory 317
mathematical work 323
mathematically modeled occurrences 47
mathematics of composition 196
mathematics of protection 173
matrix managed 129
matrix management 74 106 111 137
matrix organizations 74 261
matrixed personnel 113
mature process 49
maturity level 82
maturity model 82 158
maximum expected surety 325
maximum flow rate 272
maximum payout 58
maximum value 57
mean time to failure and repair 176
meaning 53 66 306 326
meaningful basis 110
meaningful content 223
meaningful data 194
meaningful financial metrics 164
meaningful metrics 158
meaningful observables 157
meaningful review 119
meaningful risk 48
meaningfully applied consistently 121
meaningfully decrypt content 238
means and methods 205
means for audit 129
means for management 87
means of control 205
means of controlling 81
means of influence 135
means to consolidate 265
means to detect 125
means to evaluate 87
means to mitigate 125
means to present 280
means to transfer 58
measurable basis 245
measurable qualities 92
measure information protection 141
measure meaningful observables 157
measure of significance 248
measure progress 159
measure results 74
measurement accuracy 5
measurement capabilities 5
measurement process 106 159
measurement techniques 155
measures against protection 256
measures in place 48
measures in storage 96
measuring risks 48
mechanical fluid 99
mechanically fooling sensors 187
mechanisms fail 25
mechanisms for security 196
media and bandwidth 225
media and contents 226
media and processes 225
media and records 62
media and systems 223
media backups 232
media businesses 12
media failures 290
media for data 225
media for retention 181
media in storage 124
media restoration 226
media specific processes 230
medical bills 222
medical care 209
medical conditions 222
medical fees 222
medical leaves 120
medical pay 229
medical procedures 222
medical records 40 229
medical systems 259
medicines 28
medium consequence 68
medium consequences 53
medium cost 59
medium grade threats 226
medium level surety 65
medium risk 61 62 64 66 88 121 296 330
medium risks 49 63 296 330
medium scale businesses 289
medium scale enterprise 290
medium sized business 5 260 289
medium sized businesses 289
medium sized organizations 74
medium surety 64 65 123 263 270 271 330
medium surety controls 65
medium surety firewalls 271
medium surety level 65 270
medium surety method 330
medium surety systems 64 65 123
medium surety techniques 263
meet a standard 149
meet contractual obligations 70
meet enterprise needs 129
meet internal requirements 87
meet legal mandates 265
meet legal obligations 86
meet legal requirements 39
meet payroll 29
meet regulatory compliance 31
meet regulatory requirements 70
meet search requirements 313
meet social norms 128
meet standards 118
meeting compliance requirements 161
meeting control requirements 23
meeting control standards 118
meeting cost constraints 256
meeting financial regulations 38
meeting objectives 22
meeting protection objectives 59
meeting regulatory compliance 245
meeting rooms 283
meeting schedule 130
meeting syntactic requirements 206
meeting systems access 213
memory and performance 248
memory limitations 236
memory separation 239
mental framework 293
merger 43
mergers 40 114 168 208
mergers and acquisitions 40 114 168 208
message content 139
meta data 39
meta directories 265
meta directory 265
metals 219
methodologies 18 48 50 51 308
methodology 48 51 88 135 160 256
metric 87 160 200
metrics 67 106 138 141 142 143 158 159 160 162 164 167 168 172 175 216 260 277 280 298 303 312 330
microprocessor 8
microseconds 167
Microsoft 318
microwave 238
mid level managers 109
mid level reviewer 109
Middle East 51
midrange computers 89
miles away 286
military campaigns 29
military enterprises 27
military groups 73
military histories 322
military operation 222
military organizations 52
Miller 327
millimeters 227
million dollar 96
millions of dollars 165 215
millions of protection bits 244
milliseconds 257
minds of people 13
mindset and experience 100
mine fields 184
minimal controls 89
minimal effort 63
minimal friction 190 267
minimal surety 313
minimization 17
minimize friction 75 144
minimizing cost plus loss 17
minimum fuel usage 277
minimum performance standards 255 256
minimum security awareness 92
minimum standards 156 255
minor change 148
minor system changes 168
minute 228
minutes 56 118 230
mirrored in business 117
mis-associate identity 214
misdeeds 96 97 108 149
misdirected and wasteful 13
misimpressions of enterprises 268
mislead the assessment 145
misleading in presentation 312
mismatch 30 244
mismatches 23
missed alarms 94 246
missed errors 142
missed scheduled meetings 145
missed tapes 228
missile 273
missing audit trails 181
missing big risks 266
missing history information 92
mission needs 256
mission oriented systems 200
mistakes 44 258 280 319
misuse 63
misused 220
mitigable 16
mitigate any disputes 128
mitigate consequences 273
mitigate harm 94 125 241
mitigate oversight 45
mitigate problem technologies 125
mitigate risk 49
mitigate risks 16 69
mitigate the attack 253
mitigate the consequences 94
mitigate the failures 30
mitigate the harm 109
mitigate the problem 245
mitigate those consequences 246
mitigating risk 15 20
mitigation approaches 61 123
mitigation attempts 46
mitigation effort 254
mitigation from risks 62
mitigation leaves residual risk 59
mitigation of consequences 100
mitigation of faults 254
mitigation or transfer 49 57
mitigation process 25
mitigation strategy 59
mix of expertise 127
mix of risk 67
mixed loyalties 258
mixed strategy 16
mixed structures 74
mixed teams 170
mixes of participants 310
mixing of staff 208
moats 184 186
moats and walls 186
mobile computing 14 227
mobile telephone 238
mobility 201
model a business 32
model architecture 328
model enterprise information 9
model failure 55
model future business 14
model information protection 87
model interdependencies 35
model of protection 319
model of trust 321
model physical perimeter 330
model secure information 316
modeled occurrences 47
modeled oversight 2
modeling and analysis 203
modeling business functions 32
modeling by management 34
modeling costs 34
modeling errors 35
modeling information protection 322
modeling the inventory 34
modeling trust 197
models change 47
models of change 320
models of information 173
models of security 316 318
models of trust 197 300 321
modes for operation 272
modification 181 224 239
modified content 270
modified digital rights 270
modify 181 205
modulations 237
modus operandi 93
monetary units 158
monetized 280
money 32 47 49 51 52 58 70 118 137 158 162 165 181 235 252 320
monies 28 314
monitor 160
monitoring 83 152 322
monthly full backups 226
Moore 317
moral guidance 156
morale 41 166
morally responsible 36
more attacks succeeded 173
more certainty 62 205 245
more classified 269
more competitive sales 247
more complex analysis 67
more complex trust 320
more complex voting 261
more complicated problem 266
more comprehensive inventory 265
more computational capability 314
more computer time 247
more confidentiality 176
more cost effective 218
more data centers 290
more defenses 247
more detailed analysis 46
more detailed consideration 19
more detailed decision 310
more detailed information 266
more detailed investigations 51
more detailed slides 306
more easily attacked 177
more easily exploited 245
more easily modified 270
more effective control 75
more expensive approach 162
more extensive checks 92
more extensive testing 189
more failures 176
more faults 312
more flow controls 309
more historical data 229
more interesting things 246
more options 278
more reliable 231
more resistance 141
more restrictions 189
more securable 215
more secure 195 227
more sensitive 177
more severe threats 61
more storage 234
more thoroughly tested 205
more trusted users 315
more use restrictions 210
more varied algorithms 314
mortar 306
mother board 8
motive 52 308
motor generators 187
mounds 184
move funds 109
move inventory 212
move supplies 28
movement of content 212
movement of facilities 185
movement of forces 185
movement of information 177
movement of money 181
movement of people 312 313
moves resignation termination 91
moving a manager 106
moving content 223
moving data 230
MTTF 176
MTTR 176
multi-access 315
multi-billion dollar 58
multi-factor 175 236
multi-level 315
multi-person control 263
multi-person controls 65
multi-source verification 175
Multics 315 316
multidisciplinary security 132
multilevel-secure 317
multiple approvals 261 273
multiple authentications 163 205
multiple channels 237
multiple data centers 289
multiple disks 231
multiple diversions 100
multiple facilities 290
multiple key personnel 39
multiple paths 237
multiple security levels 317
multiple shipments 277
multiple work flow 263
museums are starting 219
mutual understanding 142
name and password 191
name changes 210
name conflicts 204
name services 54 122
name space 233
name spaces 204
named identities 204
names 204 254 268
nation state 308
national boundaries 75
national institute 83
national laboratories 6 323
national level governmental 287
national security 83
national standards 83
national technical baseline 323
nations and continents 98
natural barriers 186
natural disasters 287
natural effects 55
natural hazards 98
natural phenomena 322
natural resistance 143
natural threats 61
naturally occurring phenomena 46
nature 10 17 23 41 46 47 48 52 54 55 58 74 88 108 110 140 144 167 172 173 222 261 281 287 295 306 313 316 324
near emergency services 185
near hazardous chemical 185
near its target 253
near real time 225 234 314
near realtime 307
nearly arbitrary constraints 151
necessary access 146
necessary changes 45
necessary configurations 61
necessary controls 35
necessary functions 106 209
necessary influence 11
necessary information 102
necessary knowledge 81
necessary mandate 81
necessary process controls 179
necessary understanding 136
need for certainty 205
need for compatibility 256
need for crosscutting 115
need for documentation 85
need for groups 115
need for HR 313
need for information 125 287
need for insurance 121
need for integrity 215
need for mitigation 64
need for people 48
need for protection 28 227 292
need redundancy 289
need to capture 85
need to clean 213
need to communicate 245
need to coordinate 117
need to diversify 19
need to encrypt 152
need to find 141
need to generate 160
need to influence 135
need to integrate 75
need to inventory 71
need to invoke 214
need to know 45 93 132 141 142 151 189 208 255
need to report 127
need to simulate 35
need to survive 287
need to terminate 212
need to understand 113 142
need to use 151
needed physical security 130
needed response time 100
needed system certifiers 256
needless remediation 5
needs for continuity 133
needs for documentation 84
needs for integrity 70
needs of users 29
negative audit reports 157
negative business consequences 30
negative consequences 10 16 18 20 22 30 45 46 49 59 94 96 100 109 125 148 157 208 241 245 246 247 249 258 273 290 305
negative event sequences 94
negative management reviews 106
negative performance indicator 194
negative performance reviews 194
negligent 133
negligible effect 62
negotiating 327
negotiation 135 152 256
negotiations 138 139 153 281
neighborhoods 98
network access 233 243
network address translation 270
network addresses 269
network administrator 56
network administrators 122 125
network and infrastructure 53
network anomaly 189
network architectures 95
network audit 264
network availability 233
network based detection 247
network based security 279
network connections 212
network control 177
network deceptions 322
network discovery 264
network guards 323
network intelligence 268
network interface 89
network intrusion 189
network location 201
network locations 243
network management 56
network monitoring 322
network operations 245
network organizations 142
network owners 123
network path 205
network perimeters 190
network ports 269
network resources 137
network security 264 308
network segmentation 324
network segments 270
network separation 89 177 188 269
network traffic 247
network VLAN 269
network worms 95
network zones 89 95
network zoning 95 122 123 157
network based backup 232
networked devices 264
networked environments 324
networked forensic 313
networked infrastructure 74
networked organization 171
networked organizations 73 131 261
networking environments 323
networking group 129
networking support 264
Neumann 315 317 321
new acquisition 129
New York 327
newly created business 166
newly terminated employees 153
news media 62
news story 102
newspaper article 153
Newton 303
next state 183 259
next states 239
NIST 83 311 322
noise 99 237 246 272
noisy channels 237
nominal business model 18
nominal fees 103
nondisclosure agreements 40
nonstandard approach 278
normal accidents 62
normal activities 274
normal approval 261
normal behaviors 272
normal business insurance 62
normal business record 250
normal business records 38 97 230
normal changes 273
normal computing platforms 178
normal emergency 99
normal events 248
normal functional unit 183
normal life cycles 97
normal operating periods 216
normal operating procedures 37
normal operation 161 190 216 232 262
normal operational modes 187
normal operations 125 253 254
normal part 106
normal patterns 273
normal physical protections 217
normal process 128
normal processes 218
normal program interfaces 179
normal protective measures 217
normal unsecured office 161
normal user process 274
normal users 179
normalcy 249
normalization 159 161 222
normalization and correlation 222
normalized 165 176
normalizing and weighting 160
norming 116
norms 128 268 281
notice 43 96 104 105 125 187 213 241
notices 229
notification process 105
notification system 104
notify 152 207 260 262
notifying 122
novel situations 85
novel use 322
novelty 103
novices 8
noxious gases 187
n-p complete 63
NSTISSI 255
NSTSSI 83 216 255 324
nuclear attack 287
number of attacks 108
number of copies 225
number of employees 103
number of incidents 125
number of individuals 162
number of insiders 268
number of layers 268
number of paths 237
number of people 111 185
number of situations 135
number of standards 171
number of vulnerabilities 88
number seven 327
numbers of alerts 94
numbers of backups 233
numbers of documents 86
numbers of faults 312
numbers of incidents 161
numbers of people 73 187
numbers of samples 47 48
numbers of simulations 258
numbers of systems 56 201 232 252 318
numbers of tapes 228
obeying laws 81
obfuscate attribution 324
obfuscate messages 237
object controls 269
object matrices 244
object model 88 244 319
objections 74 143 145
objective evaluation 108
objective feedback 36
obscure 267 268 325
obscured 325
obscurity 267 325
observable events 249
observables 157
observation 95 156 167 220 249 257 271 326
observe 11 95 106 162 249 324
observed 306
observer 87
observers 58
observing 248
obsolescence 218
obtain security objectives 11
obtaining digital signatures 317
obvious duties 38
obvious flaws 173
obviously foolish 116
OECD 83 133 155
Oersted field generators 226
offend customers 29
offensive manpower 100
offerings 207
office building 8
office settings 102
office space 161
office spaces 98
officer 7 10 11 15 20 76 98 110 111
officers 36 37 156 209 255
official release 40
official rules 131
offline 307
offsite backup storage 129
old computer equipment 219
old disks 229
old personal computers 219
old physical security 322
old statistics 47
omission type errors 142
omissions 23 35 62 122
once per quarter 107 108
once per year 51 290
one physical location 227
one region 287
one time use 65
one way communications 316 317
one way information 324
one week 226
one directional information flow 178
ongoing business utility 11
ongoing development 173
ongoing disaster recovery 130
ongoing incidents 25
ongoing integration cycle 168
ongoing investigations 42
ongoing operations 168
ongoing strategic incident 130
ongoing support 143
ongoing utility 70
ongoing value 106
OODA 95 100 167 200 245 257 258 324
OODA loop 95 200 245 324
OODA loops 95 100 257 258
open access 314
opening mechanisms 187
opening offices 57
opening the enterprise 108
operating costs 161
operating efficiency 63
operating entities 75
operating environment 118 202 224 271
operating environments 60 63 83 112 263 317 324
operating periods 216
operating procedures 37
operating properly 64 86 128 263
operating system 22 56 63 89 177 181 196 231 238 239 245 315 316
operating systems 19 54 89 91 96 233 316 319
operation periods 216
operational capabilities 256
operational changes 258
operational complexity 25
operational continuity 93 314
operational costs 56
operational decisions 258
operational errors 258
operational expertise 288
operational mandates 318
operational matters 276
operational mistakes 258
operational modes 187
operational network 258
operational responses 258
operational risk management 69
operational roles 208
operational security process 102
operational status 41 295 308 330
operations area 126
operations research 277
operations security 41 113
operators 92 273
opponent 324
opponents 314
optical character recognition 326
optical fibers 238
optical media 237
optical signals 237
optimal approach 252
optimal protection 17
optimization 277
optimize business results 153
optimize enterprise performance 95
optimize group performance 116
optimizing decisions 17
optional duties 43
optional outside facilitator 104
optional paths 261
optional processes 260
options as risks 61
options for protection 223
ordering 281 284
orders 28 32 37 65 97 98 131 179 214 254 284 314
orders and payments 179
orders for customers 32
orders of magnitude 254
ordinances 37
organisms 317
organizational adaptation 257
organizational alignment 143
organizational boundaries 170
organizational changes 207
organizational elements 305
organizational functions 330
organizational goals 164
organizational infrastructure 127
organizational issues 10 21 105 159 257
organizational level 106 107 258
organizational location 77
organizational mandate 78
organizational perspective 79
organizational perspectives 76 78 79 80 82 84 86 88 90 92 94 96 98 100 102 104 171 296 330
organizational process 258
organizational processes 11
organizational risks 143
organizational structures 131 162
organizational vulnerabilities 53
organizations in transition 154
organizations replace executives 142
organized crime 52
original data 118 225
original design purpose 91
original information 193
original inputs 204
original source 221
original state 271
original systems 317
original thought 303
original values 225
original work 319
origination and process 276
outage 176 288
outages 64 72 90 163 288
outcome 58 251 310
outcomes 11 38 48 84 129 136 172 200
outer perimeters 187
outer space 200
output 27 54 124 154 183 206 220 222 224 228 239 250 259 307 325
outputs 80 118 204 239 259 284 325
outrageous fortunes 185
outside advice 276
outside assistance 113
outside consultants 112
outside counsel 119 155
outside entities 42
outside experts 44 112
outside facilitator 104
outside insurance 58
outside private investigative 252
outside service 120
outside specialized expertise 225
outside the enclave 184
outside the scope 313
outside world perimeter 188
outsider 116 136 275
outsiders 267
outsource 169
outsourced 169
outsourcing 169
outward facing 15 107
outward flow 269
outward known content 270
overall approach 117
overall behaviors 74
overall budget 164
overall business function 217
overall business operation 75
overall control 77 107 292
overall control architecture 292
overall corporate structure 75
overall effort 58 119 136
overall enterprise protection 78 124 164
overall feedback 85
overall governance architecture 293
overall information architecture 255
overall information capability 190
overall information protection 20 74 85 106 115 135 168
overall landscape 17
overall management feedback 148
overall objective 174
overall process 39 117 133
overall program 70 102 107 159 160
overall protection 105 159 162 206 217 275
overall risk management 76
overall security efforts 117
overall security inventory 264
overall separation 115
overall utility 116
overall weighted average 160
overall work flow 260
overarching needs 192
overarching objectives 173
overarching picture 8
overarching procedures 85
overcome mental objections 143
overhead 164 165 185 318
overlapping authorities 259
overload 142
overloading the CISO 110
overlooked security issues 229
overnight decisions 43
override 15 152 153
overrides 260
overrunning available capacity 233
overruns 248
oversee architecture 255
oversee the decisions 15
oversee the efforts 107
overseeing secure systems 83
oversees 122
oversight 2 9 10 11 15 21 26 36 37 39 41 42 43 44 45 61 123 293 294 295 305 306 330
oversimplify 280
overt and covert 155
overt and direct 136
overt power 155
overt resource power 137
overt use 135
overwrites 226
owned 112 117 164
owner 47 74 111 166 203 288 310
owners 10 15 21 32 36 57 107 122 123 148 166 207 261
ownership 73 143 154 164 231
owns 232
Pacific rim 51
packet 206 248 270
packets 89 251
panic 144
paper media 226
paper or fiche 13
paper processes 263
paper records 39 229
paper shredders 227
paper storage 229
paper system 262
parallelism 85
paramilitary groups 52
parents 3 205
parted as friends 6
partial audit records 181
partial orderings 304 310 319
partial subsets 225
partial work flow 260
partially broken 225
partially isolated environments 64
partially ordered set 317
partialy ordered sets 309
particularly informative 203
particularly problematic 149 153 180
particularly sensitive 63
particularly unclear 312
particularly useful 137 203 232
partitioning 304
partner 52 204
partners 96 151 308
parts pieced together 34
parttime 169
pass a barrier 186
pass lower surety 269
pass mantraps 186
pass modern firewall 269
pass phrases 179
pass through 131 177 181 270
passage 184 187
passage under floors 187
passengers 109
passing back 178
passing outward 270
passing the content 271
passive techniques 65
passport numbers 230
password 56 149 191 239 261 268 323 325
passwords 56 150 163 179 216 318 322
past appearances 268
past experience 47
past history 47
past life 179
past the barriers 268
patent 6 41 150
patented 38
patents 37 41 205 307
path diversity 237
path for exploitation 90
path from threats 240
path hopping 237
path of least resistence 242
path taken 254
path to advancement 106
paths 24 53 90 98 135 185 186 205 206 215 237 261
patients 222
patriotism 52
pattern 63 191 240 249 325 327
pattern matching approach 63
pattern matching behavior 325
pattern matching mechanism 249
patterns and roles 116
patterns are matched 249
patterns detection 273
patterns of individuals 210
pay and responsibility 73
pay for protection 164
pay levels 137
pay off 165
pay rate 229
pay rates 73
pay the person 179
pay the state 207
payable 12 29 179 314
payables 8 179
paycheck 213
paying 47 179
payment process 12
payment processes 33
payments 179 314
payout 58
payroll 29 75
PCBs 219
PCI 58 84
PCMCIA 228
PCs 264
pedigree 191
peer group 135
peering agreements 96 307
peering partners 96
peering requirements 42 43
peers 141
pending actions 258
pending changes 122
pending completion 57
pending contracts 40
pending legal matter 265
pending protection 40
penetrate barriers 98
penetrate noise 99
penetrate perimeters 198
penetrate the media 226
penetration 86 105 186 238
people and businesses 293
people and certainly 220
people and data 206
people and diversity 217
people and functions 200
people and groups 17 80 136
people and positions 42
people and processes 167
people and skill 27
people and systems 80 91
people and things 12 22 27 32 34 190 293 312 313
people are matrixed 111
people are moved 93
people by keystroke 273
people dependencies 54
people disgruntled employees 300
people experience change 141
people fail 276
people get together 282
people have misimpressions 268
people have responsibilities 131
people interact 53
people lifecycles 166
people like balance 139
people make assumptions 23
people making decisions 244
people may push 144
people misstate 108
people move around 274
people often complain 44
people power 135
people processes 20
people responsible 32
people take 168
people think 138 200 324
people who know 185
people who think 215
people who understand 32
people who work 66 179
perceived or actual 276
perceiving the message 139
percentage 87 176 228
perception 11 42 139 241 242 267 275 292 301 313 324 325 326 330
perception and role 139
perception controls 275
perception management 326
perception of conflicts 42
perception related defenses 267
perception security 325
perception structure 11 301 324
perfect cipher 315
perfect functional units 198
perfect separation 316
perfectly secure systems 317
performance indicator 194
performance issues 177
performance levels 62 73
performance limitations 257
performance measures 164
performance metrics 106 143 158 172
performance problems 319
performance requirements 88
performance reviews 106 194
performance standards 255 256
performing certification analysis 256
performing tasks 128
peril 108 316
perimeter 89 184 186 187 188 189 190 198 243 299 330
perimeter architecture 89 184 187 190 198 299
perimeter architectures 184 186 188 299 330
perimeter facility 299
perimeter mechanisms 188 189 190
perimeter summary 190 299
perimeter technologies 190
perimeters 11 22 23 24 96 124 184 185 186 187 188 190 198 243 292 293 304
perimeters access controls 187
perimeters access mechanisms 22
perimeters access methods 292
perimeters and access 293
perimeters mechanisms 11
perimeters of enclaves 243
perimeters surrounding properties 186
periodic information protection 159
periodic misses 275
periodic oversight 61
periodic plans 118
periodic process 18
periodic reassessment 51
periodic reexamination 266
periodic reviews 68
periodic testing 88
periodic worker checks 50
periodically revisited 34
periodicity appropriate 50
periodicity for audits 87
permanent documentation 282
permanent systems storage 233
permeable barriers 269
permeate the perimeters 23
permission 3 152 318
permissions 192
permit queries 265
permits 180 279
perpetrate 207
perpetrated 179
perpetrators 242
personal and emotional 138 298
personal charisma 135
personal computer 319
personal computers 63 219 223 264 279
personal consequences 16
personal data assistant 227
personal friendships 92
personal information 96 207
personal interest 278
personal lives 277
personal magnetism 135
personal persuasion 138
personal power 330
personal relationship 135
personal relationships 138
personal risk 308
personalities 267
personalization 154
personalize 154
personally responsible 15
personnel actions 120
personnel changes 319
personnel characteristics 202
personnel group 130
personnel having access 256
personnel incident handling 21 293 297
personnel information 120
personnel issues 136 312
personnel procedures 119
personnel protection 110 120
personnel records 92
personnel redundancy 290
personnel related records 93
personnel reliability program 211
personnel review 130
personnel reviews 194
personnel security 91 120 297 330
personnel systems 93
personnel training 166
persuade 135
persuaded 139 142
persuasion 135 137 138 139 142 155 298 330
persuasion and exchange 138
persuasion magnetism 138
persuasion message 139
persuasion model 138 142 298 330
pervasive principles 132
Pestle 306
phases of transmission 238
phenomena 46 47 48 100 322
phenomenological models 87
philosophical perspective 311
phone numbers 201
photography 185
phrases 141 179
physical access 104 136 225 229
physical access controls 104
physical assets 13
physical attack 90 98
physical attacks 99
physical barrier 184
physical capacity 135
physical characteristics 178 325
physical controls 184
physical device 227 317
physical devices 155 228
physical enclosures 201
physical escort 137
physical force 136 153
physical information infrastructure 54
physical infrastructure 268
physical infrastructures 54
physical input channel 221
physical interfaces 269
physical keys 236
physical limitation 272
physical location 90 227 237
physical locations 202
physical mangling 226
physical mechanisms 309
physical media 86
physical movement 186
physical path 205
physical penetration 238
physical perimeter 184 299 330
physical perimeter architecture 184 299
physical perimeters 184 187
physical personnel 315
physical phenomena 100
physical plant 90
physical power 136 137 298 330
physical presence 261
physical properties 191 236
physical protection 98 99 100 184 212 308 313
physical sciences 113
physical security 21 98 100 110 111 112 113 120 124 130 136 155 161 177 227 235 252 293 297 308 313 322 326 330
physical separation 65 325
physical space 223
physical structures 99
physical system 64
physical technologies 177
physical things 312
physical threat 136
physicality 206
physically controlled 227
physically diverse locations 19
physically hardened devices 177
physically securable 90 223
physically secured 90 161 188 235
physically separate 288
physically separated 180
physically transported 234
physics 272
picking or tricking 187
piece of paper 262
pieced together 34
pipes 6
placement 21 51 77 95 107 157 179
placements 157
places 13 18 25 43 71 72 123 162 185 225 247
placing an order 179
placing excessive value 57
placing loads 277
placing the CISO 107
plaintext 184
planned attack 99
planned departure 213
planned for simplicity 133
planned tests 88
planning and disaster 113 307
planning and response 251
planning budgets 165
planning change 141
planning control 133
planning defenses 308
planning disaster recovery 39 124
planning efforts 290
planning emergency involvements 130
planning for change 144
planning privacy requirements 295
planning study 315
planted a trojan 320
planting individuals 105
plants 13 64 185
plaques 105
platform controls 279
platform specific security 255
platforms 54 88 89 91 177 178 318
please 5
plough 306
ploughshare 306
plugging 313
plus expenses 47 103
plus loss 17 20 26
point of failure 55 109 291
point of view 79 139 142
point risk 217
point sensor arrays 187
point to point 238
points of failure 55 189 290 295 331
points of view 139
poison 45
poke fun 323
police 52
policies 15 20 37 40 42 78 81 84 104 112 118 119 122 123 126 128 131 132 133 148 149 150 151 152 163 201 216 220 221 222 230 233 242 244 255 256 258 293
policies allow discretion 150
policies and consequences 242
policies and contracts 40
policies and decisions 81
policies and needs 148
policies and practices 255
policies and procedures 84
policies and processes 42
policies and protection 230
policies and safeguards 256
policies and situations 104
policies regarding appeals 152
policies that interfere 152
policy 15 21 37 77 78 80 81 84 96 112 115 118 123 130 131 132 133 149 150 152 153 166 169 170 171 172 195 218 230 242 256 296 297 300 318 330
policy and control 172
policy centered security 133
policy description languages 318
policy development 118
policy execution 330
policy issues 77
policy language 195
policy languages 195 300 330
policy limits 166
policy override 152
policy reporting 256
policy review 130
policy reviews 118
policy rewrites 118
policy structures protection 77
policy team 78 170
political issues 147
political process 117
political stability 54
politics 80 110 145 313
pollution 3
pool risks 46
poor choice 291 308
poor decision 280
poor decisions 36
poor design 251
poor oversight 45
poor positioning 21
poor protection 215
poor quality 62
poor security performance 106
poor solutions 254
poorly compensated 244
poorly defined 312
poorly done 313
poorly fulfilled 209
poorly made 109
poorly managed 89
poorly thought out 311
poorly understood 311
popular but 323
popular today 89
populated with content 314
populations 318
port 89 253 323
portability 40 83 151
ports 237 269 270
POSET 304 317
positional power 11 136 137 138 202 298 330
positioning 21 77 185 201
positions and benefits 210
positions roles 126
positive attributes 137
positive experiences 105
positive feedback 257
positive outcome 251
positives and negatives 250 270
possession of material 253
possible access 265
possible decisions 44
possible liability 209
possible protection process 212
possible set 145
possible verification 221
postal code 221
postal codes 221
posted privacy policies 40
posters 104
posters and banners 104
posture assessment 18 51 59 229 305
potential abuses 92 179
potential business 217
potential criminal liabilities 186
potential for damage 133
potential for disasters 217
potential for force 27
potential for risk 35
potential harm 213
potential law suits 119
potential liability 176
potential vulnerabilities 147
potentially harmful systems 123
potentially hazardous operation 64
potentially high consequence 90
potentially infinite number 246
potentially interferes 230
potentially invasive surveillance 123
potentially overlapping authorities 259
potentially serious negative consequences 10 16 18 20 22 30 45 46 49 94 96 100 125 246 247 273
potentially unlimited numbers 94
potentially very harmful 35
power and influence 9 11 20 73 80 81 105 107 117 133 134 135 136 138 140 142 144 145 146 150 153 154 170 171 294 298
power exercised directly 154
power failures 238
power footprint 237
power grid 307
power industry 307
power issues 81 140 150 155 298
power levels 186
power or influence 145
power outages 72
power produces influence 136
power relationship 155
power supply 54
power to influence 135
powerful individual 74
powers 20 156
practical defenses 309 317
practice guidelines 306
practice sessions 126
practiced approaches 81
practiced personnel 94
practiced plan 94 217
practices and processes 305
practitioners 81 82 304
preacher 306
preachers 306
precipitation levels 46
precise weather 46
precision in authorization 244
preconsolidation systems 218
predefined control scheme 85
predict risks 48
predictability 249
predictable consequence 175
predicting trust 92
predispositions 143
preferred data states 227
preferred framework 82
preferred general target 308
preferred over prevention 246
preferred specific target 308
preferred targets 308
pregnancy 91 210
preliminary evaluations 121
premise 150
premises 213
premium 47
preparation and analysis 130
prepare for performance 144
prepare people 144
prepare the targets 142
preparing people 144
preparing studies 63
prescriptive background expertise 114
presence and access 216
presence and enforcement 104
presence everywhere 97
presence of detections 94
presence of metrics 280
presence of seals 196
present computer viruses 320
present or absent 191
present protection decisions 291
present results 280
presentation accurately represent 224
presentation and justification 280 281 282 301
presentation format 224
presentation mandates 279
presentation of data 224
presentation of decisions 278
presentation of evidence 98
presentations of decisions 279 281
preservation 97 98 182 250
preserve data 213
pressure 100 105 185
pressure is applied 105
pressures 106
Preston 322
prevent an attacker 243
prevent attackers 243
prevent attacks 243
prevent change 144
prevent collusions 208
prevent further attack 243
prevent further exploitation 253
prevent hardening views 139
prevent ignorance 81
prevent individuals 133
prevent loss 97
prevent normal users 179
prevent or respond 132
prevent others 238
prevent overrunning 233
prevent penetration 186
prevent prevention 242
prevent proper accountability 180
prevent resistance 144
prevent serious negative consequences 290
prevent the identification 243
prevent unauthorized syntax 270
prevent wrongful discharge 149
preventing and detecting 247
preventing attacker awareness 241
preventing high consequences 125
preventing information flow 243
preventing target detection 243
prevention is difficult 247
prevention mechanism 247
prevention mechanisms 243 244
prevention model 308
prevention of attacks 242
prevention perimeters 184
prevention systems 245
prevention technologies 246
preventive measure 245
preventive techniques 246
prevents illicit behaviors 273
prevents physical attack 90
previous state 204 234
previous URL 322
previously emailed 225
previously identified 19
previously separate mechanisms 263
prices and insurance 47
prices for goods 202
prices the consequences 32
pricing information 208 247
pricing model 314
pride 52
primary function 288
primary goal 81
primary intent 308
primary lead 123
primary operational center 288
primary site 235
primary use 312
prime target 237
prime targets 99
prime use 236
principle of least privilege 182 244 274
principle of persuasion 138
principles 9 81 132 133 134 135 257 284 291 298 311 323 330
print of information 8
printing methods 317
printout 229
printouts 227
prior executive misdeeds 96
prior shift 263
prior to actions 259
prior to approval 119
prior to conception 209
prior to transmission 238
prioritize work 262
prioritized objectives 159
priority work flow 262
privacy 37 39 40 70 72 95 96 110 111 119 151 182 210 230 295 303 330
privacy act 40
privacy controls 40
privacy laws 119
privacy mandates 70
privacy of records 210
privacy officer 110
privacy or confidentiality 303
privacy policies 40 151
privacy policy 37
privacy procedures 330
privacy regulation 151
privacy regulations 70 111
privacy related data 230
privacy related issues 111
privacy requirements 39 95 182 295
private information flow 269
private information funding 207
private information protected 209
private information safety 37
private investigation 155 169
private investigators 52 148
private keys 175
private meeting 146 172
private networks 188 270 326
privately held firms 36
privilege 133 182 192 243 244 271 274
privileged matters 40
privileges 73 119 133 211 212 240 243 274
probabilistic risk analysis 26 48 61 69 308
probabilistic risk assessment 308
probability of success 240 243
problematic companies 162
problematic peering agreements 96
problems not addressed 291
procedural changes 241
procedural environments 64
procedural safeguards 315
procedure 131 171
procedures 21 37 65 78 80 84 85 112 115 118 119 123 126 128 131 132 133 135 148 150 152 166 169 218 222 255 293 296 297 330
process acceptance 152
process accountability 328
process advice 253
process and feedback 305
process and memory 239
process and oversight 21
process architecture 190 299
process background checks 180
process behavior 274
process checks 217
process communication 106
process components 85
process control 85 179 224
process controls 179
process diagrams 10 29
process document 102
process failures 66
process feedback 85
process improvement 86 259
process improvements 127
process issues 300
process limits surety 181
process lineage 176 274
process protection 199 222 282
process separation 239
process work flow 28
processes get invoked 125
processes grant 28
processes happen 257
processes in order 165
processes in place 156
processes to assert 180
processes to assure 230
processes to prevent 253
processes which deter 292
processing credit cards 314
processing facilities 54 259
processing mechanisms 222
processing systems 239
processor identification and 188
procurement 216
product or service 69
production 23 41 70 84 89 90 110 115 122 139 193 194 282 284 300 306 307 330
production changes 193
production component 110
production control architecture 193
production environment 23 122 193
production facilities 90
production problems 307
production system 84
production systems 193 282
professional confidence operators 92
professional hackers 308
professional internal investigators 252
professional project managers 129
professional societies 41 307 322
professional thieves 52
professionals attack 242
profit and loss 70 320
profit centers 138
profitability 29
program analysis 312
program audit 127
program changes 89
program costs 165
program elements 160
program execution 128
program management 77
program metrics 158 172
programmable logic controllers 64 272
programmed controls 179
programmed mechanisms 244
programmed searches 265
programmers 24 194 195 320
programming 194
progress measurements 159
progress reports 118
prohibitions against encryption 70
project approaches 163
project budgets 165
project governance 168
project leaders 74
project management 78 111 112 113 118 129 170 282
project managers 129 282
project progress 118
project team 78
project teams 78 137 170
promote security 102
promotion 91 106 211
proof 131 315 323
proofs 173 309
propaganda 73
propagate this setting 318
propagation of databases 314
proper accountability 180
proper approvals 119
proper architectural planning 251
proper attention 196
proper backgrounds 101
proper badge 105
proper basis 205
proper behavior 106
proper business operations 292
proper channels 279
proper classification 129
proper context 183
proper control 155 216
proper controls 208 272
proper design 254
proper destruction 229
proper disposal 219
proper duties 36
proper educational background 101
proper enterprise context 53
proper execution 263
proper feedback 248
proper governance 152 167
proper identification 186
proper influence 154
proper infrastructure 288
proper justification 281
proper language 95 128
proper locations 205
proper markings 239
proper motivations 154
proper network operations 245
proper physical characteristics 325
proper priority 262
proper protection 9 36 235
proper risk management 67
proper safeguards 218
proper separation 179
proper syntax checks 220
proper syntax limits 220
proper temperature 6
proper use 239
properly authenticated identified 190
properly controlled identity 180
properly coordinated strategy 80
properly designed detection 94
properly implemented separation 245
properly managed review 68
properly protected 129 156 210 239
properly qualified 92
properly tracked 311
properly treated enforcement 148
properties an identification 190
properties not identified 194
properties of communications 206
properties of components 173 321
properties of composites 321
properties of systems 61
properties of viruses 323
property controls 41 150 295
property interdependencies 329
property perimeter 299
property protection 330
property rights 38 209
property sensors 187
property value 86
proportionality 132
proportionate to risks 132
proposed alternatives 281
proprietary information 213
proprietary materials 209
prosecute 77 252
prosecuted 241 242
prosecution 106 242 254
prosecutions 97 251
prosperity games 310
protect business continuity 289
protect business record 295
protect data 237 274
protect governance power 294
protect individuals 37
protect information 2 235
protect integrity 63
protect owners 36
protect physical systems 17
protect private information 37
protect risk management 9 46
protect shareholder value 70
protected against modification 239
protected area 186
protected assets 71
protected classified 209
protected data center 289
protected health information 86 209 222
protected processes audits 264
protected transmission 223
protecting business information 13
protecting peering partners 96
protecting secrets 317
protecting shareholder value 36
protecting software 322
protection activities 105
protection adaptation 95
protection alignment 81
protection analysis 31
protection analysts 280
protection approach 72 117 275
protection architecture 5 10 35 71 129 204 264
protection auditing 87
protection auditors 109
protection awareness program 128
protection background 4 5
protection behaviors 93
protection budget 167
protection bypassing barriers 187
protection capabilities 24
protection components 183 217
protection concept 215
protection considerations 279
protection decisions 45 101 171 203 276 277 279 280 281 283 285 287 289 291 301
protection education 100
protection effect 105
protection effectiveness 165
protection facilities 72 120
protection failures 12 14 16 28 32 35 64 108 109
protection function 39 79 91 107 111 115 116 124 155 159 264
protection functions 93 106 116 117 133 209
protection games 104
protection governance 2 3 9 21 26 69 70 71 73 75 77 79 81 83 85 87 89 91 93 95 97 99 101 103 105 107 108 109 111 113 115 117 119 121 123 125 127 129 131 133 135 137 139 141 143 145 147 149 150 151 152 153 155 156 157 159 161 163 165 167 169 171 296
protection information 5 6 40 70 96 143 161 248
protection infrastructures 208
protection interdependencies 54
protection inventory 264 266 275
protection irregularities 148
protection issues 7 21 41 43 75 91 96 97 98 120 128 164 200 201 207 215 217 314
protection laws 43
protection lead 113
protection management 59 80 255 266
protection markings 271
protection matrix 74
protection mechanisms 23 24 25 196 227
protection model 304
protection models 197 223 300
protection objectives 22 59 106 174 176 178 180 197 293 299
protection of confidentiality 181
protection of content 9
protection of credit 84
protection of data 224 231 239
protection of encryption 225
protection of financial data 40
protection of information 98 326
protection of minors 210
protection of paper 124 229
protection of patents 41
protection oversight 15 36
protection owner 203
protection perimeter 184 190
protection policies 148 149
protection policy 96 112 150
protection posture 18 51 59 61 74 133 144 148 159 168 169 229 305
protection posture assessment 18 51 59 229 305
protection posture assessments 61 144 159 169
protection principles 132
protection process improvement 86
protection processes 10 11 99 166 216 292
protection profiles 307
protection program management 77
protection program metrics 158
protection program success 23
protection program vulnerability 53
protection protocols 206
protection purpose 177
protection reality check 66
protection related challenge 278
protection related decision 215
protection related decisions 48 203 277 278 282 291
protection related issues 6 69 102 238
protection related metrics 277
protection requirements 40 90 151 157 182 207 210 218 256 266
protection research 194
protection schemes 196 267
protection sensor technologies 185
protection services 162
protection settings 239
protection statistics 47
protection supportive behaviors 156
protection system 78 210
protection teams 138
protection technologies 25 283
protection testing 87 112 121 122 165 166 216 217 297 312 331
protection within enterprises 75
protections 20 42 65 96 189 210 217 224 240 244 249 269 305
protective barriers 65 181 183 202 216
protective behaviors 105
protective conditions 202
protective devices 168
protective duties 71
protective elements 199
protective environment 198
protective forces 145
protective function 185 274
protective functions 81 120 218
protective measure 48 245
protective measures 17 19 48 67 96 99 185 189 208 217 238 242 245 253 263 325
protective mechanisms 10 11 61 62 63 91 187 188 199 240 264 267 270 275 292 301 324 331
protective needs 25
protective orders 37
protective process 99
protective requirements 189 274
protective system 177 191
protective work environment 102
protocol 89 90 195 201 206 220 250 269
protocols 54 206 236 270 326
provable analysis methods 309
provably correct information 316
provably secure 315 316
proven technical security 241
proven unsolvable 323
providing adequate surety 259
providing adequate understanding 153
providing appropriate protection 235
providing assurance 22
providing authorizations 322
providing backup 307
providing better information 162
providing content 282
providing information 159
providing secrecy 178
proving who did what 324
provisioned 71
provisioning 71 72 195 259 266 312 318
proximate locations 186
proximate to parking 186
proximity card 179
proximity with people 65
proxy devices 89
proxy mechanisms 196
proxy servers 189 202 270
prudent and effective 161
prudent approaches 81
prudent business decisions 13
prudent controls 58
prudent decision 261
prudent decisions 32 43 92 136 305
prudent determinations 36
prudent practice 202
prudent practices 62
PSOS 321
psychological characteristics 221
psychological factors 281
psychological literature 53
psychological principles 284 291
psychological processes 241
psychological research 326
psychological review 327
public benefit corporation 6
public comment 306
public companies 36 40 82
public domain mergers 208
public forums 318
public health 37
public key cryptography 317 320
public key cryptosystems 317 318
public key infrastructure 71
public key systems 318
public keys 318
public notice 105
public offerings 207
public owners 36
public personalities 267
public relations 33 49 166 241
public safety 65
public scorn 5
public view 207
publication of arrests 242
publication of keys 318
publicly 160
published information 307
published literature 207
published web site 96
punishment 242
punishments 106 131 142 149
purchase orders 179
purchasing 45 69 179
pure assurance functions 170
pure business consulting 6
pure business functions 170
pure operations functions 170
purely cash businesses 29
purely informational item 190
purely mental framework 293
push back 144 253
pyramid 19
QA 112
QC 112
qualifications 91 111 120 210 211 275
qualified individuals 121
qualitative factors 280
qualitative scores 159
quality assurance 112
quality attackers 254
quality components 176
quality control 112
quality experts 103 115
quality information protection 45
quality level 313
quality of implementation 184
quality of oversight 44
quality of service 177 303
quantified 67
quantitative 280
quantities of data 226
quantities of radiation 5
quantity of authentication 261
quantity of detections 248
quantity of toluene 6
quarreling 306
quarrelsome 306
quarterly meetings 127
quarterly reviews 127
quarterly updates 68
query limits 89 189
questionable data 320
questioning suspects 138
quiet environment 246
radar 94
radiation 5
radical change 43
radical changes 43
radii 55 217
radio frequency identification 179
radio techniques 238
radius 55 237 286 295 302 331
radius driven common mode fialures 55 286 295 302 331
radius driven failures 331
radius of effect 55
radon 5 6 15
RAID 231 232
rains 47
raises and promotions 106
random 47 87 119 243 263 267 308
random attack 243
random attacks 243 267
random audits 87
random sample 263
random stochastic processes 47 308
randomly accessible 228
randomly chosen times 233
randomness 52
range of activities 79
range of areas 114
range of attacks 25
range of barricades 184
range of causes 216
range of classes 250
range of duties 114
range of facilities 307
range of issues 42 107
range of possibilities 148
range of problems 96
range of reasons 38
range of requirements 42
range of responsibilities 127
range of systems 112
range of technologies 91
ranges of usage 192
ranking locations 51
rapid access 228
rapid adaptations 254
rapid changes 43 51
rapid decisions 270
rapid fire overview 7
rapid mitigation 57
rapid pace 7
rapid protection process 258
rapid response forces 100
rapidly detect 187
rare risk 67
rarely accessed fiche 229
rarely accounted for 162
rarely available 204
rarely codifiable 131
rarely inventoried 229
rarely practiced 67
rarely protected against 239
rarely pursued 254
rarely used 236
rate controls 272 327
rate limiting 272
rate limits 269
rate of change 88
rate of responses 272
rate of transfer 272
rate risk 19
rate shaping 269
rated safe 289
rates of events 271
ratings 160 168 177
rational decisions 59 121
rational principles 132
rationale 202 203
rationalization 311
rationally 143
raw data 28 222
react 70 113 167 194 239 245 251 257 258 292 301 329 331
reaction 94 148 153 166 185 241 251 257 308
read access 323
read and understand 286
read and write 228
read inputs 220
read many 231
read only 131 181 271
read only media 271
read or written 228
read write 228
readable 238 239 270
readily accessible 229
readily available 280
readily defeated 326
readily disguised 230
readily identified 165
readily insurable 49
readily readable 270
readily resolved 139
readily reviewed 128
readily targetable 237
readily understood 32
readily used 207
readily verified 221
reading contracts 163
reading email periodically 273
reading this book 8
reads 228
ready access 148
reaffirm employee agreement 213
real experience 5
real harm 108
real problems 304
real reasons 143
real requirements 218
real ROI 279
real rules 131
real source 277
real targets 243
real time analysis 282
real time control 61
real time decision 113
real time identification 236
real time response 291
real time restoration 226 234
real utility 25
real world events 220
real world measurement 46
realistic solution 234
realities of threats 259
realities to auditors 87
reality of protection 171
really effective 177
really even exists 23
really feasible 258
really need options 289
really not used 250
really only three 214
really serious consequence 60
really used 138
really useful 265
really work 32
reason for coverage 115
reason for denying 202
reason for limiting 115
reason for things 307
reason given 192
reason to be 185
reason to believe 251
reason to grant 202
reason to prefer 325
reason to protect 289
reasonable alternatives 276
reasonable amount 320
reasonable amounts 320
reasonable and appropriate 69
reasonable and prudent 13 32 43 58 70 81 82 92 136 207 261 289 305
reasonable business continuity 286
reasonable business decisions 33
reasonable decision quickly 286
reasonable expectation 47
reasonable for people 244
reasonable standards 311
reasonably astute attacker 177
reasonably comprehensive 311
reasonably predictable 47
reasonably protect 36
reasonably safe shreds 227
reasonably secure design 216
reasonably usable 319
reasoned and coordinated 21
reasoned security decisions 286
reasoning 277
reassessment 51 68
reassigned 214
reassignment 137
reboot 271
recalibrated 211
recalls 64
receipt of data 220
receivable 12 29 314
receive education 123
receive signals 237
received data 238
received roles 93
receivers 237
receiving records 230
receiving system 238
recent assessment 145 229
recent cases 39
recent criminal case 231
recent decision 165
recent efforts 309
recent legal cases 311
reception of signals 238
reception problems 238
recertification on systems 212
recipient 205
recognition 326
recognizable and differentiable 236
recognize 102 312
recognized 4 98 230 266 307
recognizing 235
recollect the content 265
recommendation 40
recommendations 147
recommending certification 256
reconcilable feedback 87
reconcile 127
reconciled 208
reconciled information classifications 208
reconciled interdependencies change 208
reconciliation 118 239
reconstituted after reconstitution 218
reconstitution 218 311
reconstruct 225
reconstructed 225
reconstruction of data 225
reconstruction of events 181
record analysis issues 181
record checks 92
record disposition 331
record encryption 231
record exception 97
record is created 157
record is made 85
record keeping 250
record retention 38 295 331
record specific information 181
record stored 231
record the process 278
recorded and replayed 249
recording decision processes 282 301
recording devices 40
recording media 181
recording processes 250
records about individuals 40
records all 209
records and accounting 231
records and backups 231
records and business 209
records and care 313
records and decision 157
records and notes 41
records and protection 181
records and references 92
records and reports 314
records are archived 256
records are generated 181
records are kept 65 229
records associated 38 182 230
records assuring 86
records be retained 97
records checked 147
records contained 39
records for legal 38
records functional units 329
records get generated 126
records held elsewhere 39
records level information 266
records of banks 38
records retention 97 182
records retention periods 182
records retention processes 97
records systems 231
recourse 150
recover 39 93 193 232 272
recoverable 225
recovered 225 288
recovery 39 104 113 124 126 130 165 167 177 178 193 217 225 231 234 235 288 289 290 295 307 313 329
recreate the system 218
recurrent 85
recursive 174
recursively 31 54
recycling 219 227
red teaming experiments 322
redesigns 185
redirect the request 192
redirected 212 238
redone 218
reduce action 67
reduce analytical costs 17
reduce business value 25
reduce complexity 117
reduce consequences 88
reduce costs 61 263
reduce disagreements 139
reduce errors 35
reduce false positives 250
reduce individual risk 278
reduce other risks 95
reduce residual risk 59
reduce risk 67
reduce the aggregation 19
reduce the complexity 22
reduce the criticality 19
reduce the interest 241
reduce the likelihood 59 240
reduce the linkage 88
reduce the number 88 152 268
reduce the utility 218
reduce the vulnerabilities 122
reduce the work 259
reduce threats 88 326
reduce time 263
reduce waste 320
reduced convenience 236
reduced cost 165
reduced performance 326
reduced risk 326
reduces administrative effort 180
reduces common mode failures 19
reduces management complexity 180
reduces reliability 176
reduces the certainty 180
reduces the justification 248
reduces the utility 23
reduces wasted bandwidth 253
reducibility 67
reducible 67
reducing churn 245
reducing electromagnetic sonic 186
reducing insider threats 267
reducing interest 241
reducing output 154
reducing secrecy requirements 318
reducing systems administration 318
reducing the desire 242
reducing the effectiveness 105
reducing the problem 270
reducing the profit 58
reducing unnecessary redundancy 118
reduction in effort 84
reduction in emanations 186
reduction in errors 192
reduction in rigor 255
reduction of consequences 59
reduction of threats 59
reduction of vulnerabilities 59
reduction with insurance 67
redundancy 19 55 62 65 89 90 115 116 118 175 176 189 217 221 224 225 233 237 238 246 269 272 287 288 289 290 291 305
redundancy allows 175
redundancy allows faults 175
redundancy and 19 62 118 224 233
redundancy and diversification 19
redundancy audit controls 89
redundancy check 238
redundancy how many 289
redundancy in capabilities 217
redundancy in protective 65
redundancy increases availability 176
redundancy infrastructure 290
redundancy is critical 290
redundancy is important 116
redundancy is squeezed 305
redundancy is used 176 272
redundancy protects 224
redundancy requirement 225
redundancy to confirm 221
redundancy to handle 90
redundancy to protect 289
redundancy to validate 175
redundancy with spectrum 237
redundancy-based controls 174
redundant arrays of independent disks (RAID) 231
redundant calculation redundant 239
redundant capability 165
redundant computers 257
redundant confirmations 175
redundant copies 224
redundant data 19 55 239 286 287 288 289 290 302
redundant data centers 19 55 286 287 288 289 290 302
redundant data sourcing 239
redundant disk 231
redundant disk storage 231
redundant hardware 288
redundant operational expertise 288
redundant processing 239
redundant reporting 331
redundant sourcing 183
redundant system capabilities 89
redundant the redundancy 225
redundantly 225
reexamination of risks 266
reflected in behavior 212
reflected in contract 58
reflected in detection 211
reflected in identity 210
reflected in role 211
reflected in roles 210
reflected in state 204
reflection of reality 174
reflexive control 94 187 245 251 273
reflexive control attacks 94 187 251
refocus of attention 252
reformat data 223
refreshed storage 86
refuse that use 192
refuse the use 192
refuse to cooperate 144
refused to attend 145
refusing to indicate 323
refutation 175
refutations 175
refute assumptions 221
regaining original state 271
regarding accessibility 326
regarding appeals 152
regarding giants 303
regarding risks 68
regarding this assessment 147
regardless of information 217
regardless of who 108
regeneratable 225
regimen 87 125
regimens 98 225 312
region 50 287
regional 50 72 287 288 290
regional companies 288
regional disasters 290
regional enterprises 287
regional event 287
regional events 287
regional intelligence 50
regional power outages 72
regional threat 50
regions of operation 290
registration process 180
regression testing 88
regression tests 194
regular audits 87
regular backups 262
regular basis 116 128 226
regular failures 25
regular practice 165
regularized process 266
regularly verified 194
regulated industries 42
regulation 151
regulations 16 36 37 38 40 70 71 109 111 151 161 182 219 230 265
regulators 82
regulatory and contractual 308
regulatory assurances 36
regulatory compliance 31 75 95 118 155 161 165 245
regulatory drivers 95 96
regulatory duties 10
regulatory forced changes 157
regulatory involvement 124
regulatory mandated contracts 70
regulatory mandated protective 242
regulatory mandates 15 20 37 75
regulatory preferred framework 82
regulatory purposes 250
regulatory reporting requirements 149
regulatory requirements 64 70 207 293
reinforce their opinions 139
reintegration after maintenance 216
rejection 119 261
rejection of changes 119
rejections 236
relations 29 33 49 166 241
relationship 38 73 108 135 138 145 150 155 163 278
relationships 8 41 133 138 319
relative importance 138
relative safety 188
relative to expectations 250
relative to life 210
relatively easy 71 221 267
relatively few 101
relatively low 178 288 289
relatively minimal surety 313
relatively minor differences 115
relatively new concepts 304
relatively quickly 48
relatively quiet environment 246
relatively simple problems 63
relatively simple process 67
relatively small certainly 230
relatively stable 43
relatively static approaches 71
relatively transparent 192
relatively unimportant 94
relays 317
release of information 37 307
release valve 272
released corporate books 229
relevant work experience 101
reliability 174 176 211 229 321 327
reliable circuits 317
reliable information 44
reliable organisms 317
reliable predictor 47
reliable relays 317
reliable system design 327
reliable transmission 269
reliably 48 154
reliance on security 26
relied on results 316
religion 52
religious 40 322
rely on individuals 157
remain associated 214
remain aware 125
remain effective 246
remain hidden 166
remain present 304
remain well understood 68
remain within control 216
remaining components 219
remaining faults 312
remaining fragments 226
remaining friendly 135
remaining recommendations 147
remediation 5
remember 3 233 276
remembered best 139
remind people 104
reminder 23
remote areas 185
remote attack 234
remote backup facilities 231 234
remote backup sites 234
remote backups 233
remote data entry 221
remote internet access 181
remote IP address 221
remote locations 188
remote maintenance 216
remote site 231
remote sites 90
remote system 231 234
remote systems 318
remote telephone numbers 201
remote work force 201
removable backup media 231
removable drive bays 232
removable media 232
remove stabilizing factors 210
removed from records 231
removed tracking 233
renumbering 311
reorganization 209 280
repair 104 176 196 215 253
repairs 253 254 312
repeat what happened 48
repeatable 82 159 168
repeated failures 194
repeated periodically 103
repeated recursively 31
repeated twice 128
repeated when significant 65
repeated with periodicity 50
repetition helps 139
repetitive entry attempts 100
replace a decision 280
replace executives 142
replace paper processes 263
replace separation mechanisms 274
replace this person 169
replacement cycles 214
replacement is mandatory 229
replacements as appropriate 211 212
replay processes 226
replayed 234 249
replayed for calibration 249
replaying all transactions 234
replied the servant 306
reply process 183
report a failure 109
report and presentation 147
report directly 109
report important incidents 172
report security incidents 172
report the problem 124
report this tool 284
report to shareholders 96
report was provided 145
report was sent 146
reported incidents 253
reported international shipments 42
reporters 52
reporting and compliance 83
reporting and presentation 253
reporting data 253
reporting or compliance 42
reporting or responding 163
reporting process 284
reporting requirements 42 95 149 295
reporting security incidents 256
reporting structures 129
reporting to legal 253
reports under laws 64
repository 128 264 265 318
represent risks 18
represent transforms 239
representation 77 219 220 223 270
representing human wisdom 220
represents cryptographic systems 177
reproduce 205
reproduced 93
republican 50 325
reputation 12 49 64 320
reputational 28
reputations 16
request and authorization 235
request responses 262
requested by authorities 97
requesting access 327
requests for transmission 235
require actions 261
require additional authentication 192
require additional authorization 192
require additional protective 185
require approvals 255
require different protections 210
require documentation 131
require historic association 210
require immediate response 251
require inventories 266
require physical protection 212
require privacy controls 40
require reassessment 68
require retention 230
require special expertise 193
require special maintenance 216
require special training 98
require testing 88
require unfettered meetings 108
require unique documentation 85
required construction 186
required exponential space 318
required feedback 43
required for access 202
required for attribution 324
required for detection 250
required for exfiltration 186
required for personnel 120
required for response 187
required for success 135
required on exit 99
required planned tests 88
required preservation issues 182
required responses 252
required security clearances 255
required special education 112
required technical computer 112
required time frames 125
required to complete 168
required to coordinate 113
required to last 225
required to mitigate 94
required to perform 192 261
required to prevent 233
required to run 164
required to separate 31
required to service 19
required to sign 102
required trustworthiness 92
requirement for access 198
requirement for certainty 218
requirement for concealment 43
requirement for promotion 106
requirement for regression 88
requirement to categorize 129
requirement to separate 179
requirements documents 85
requirements for attestation 95
requirements for backup 287
requirements for certification 64
requirements for cleared 320
requirements for control 266
requirements for integrity 198 292 313
requirements for privacy 72
requirements for protection 65
requirements for records 39
requirements for research 315
requirements mandate certification 64
requirements of litigation 313
requirements of others 58
requirements of subjects 292
requirements on availability 72
requirements on earnings 40
requirements reporting 42
requirements to address 38
requirements to collect 38
requiring audit 193
requiring contracts 151
requiring investigations 252
requiring less separation 238
reroutes 56
resale of systems 218
resale value 219
research and development 23 24 122 194 235 288 300 315 331
research capabilities 129
research community 323
research development 168 288
research development testing 168
researchers 315 321
resentment 154 267
reset 56
reside 181
resides at endpoints 247
residual data 218
residual protection process 218
residual risk 11 59 67
residual value 13 219
resignation 91 213
resignations 213
resigning 213
resiliency 24
resilient 232
resistance deters 242
resistance to change 144
resolution 152 153 192
resolve ambiguity 139
resolve problems 139
resolved by agreeing 139
resolving enterprise issues 252
resolving matters 152
resorting to scare 247
resource consumption 100
resource power 137 298 331
resource to start 314
resources and expertise 136
resources and time 87
resources and transform 12
resources available 176
resources necessary 262
resources required 155
resources transforms value 28
respect intellectual property 307
respect the rights 132
respectfully 304
respond 100 102 132 172 245 273
responded 206 313
responders 196
responding 163 272
response analysis 251
response capabilities 100
response capability 123
response capacity 248
response forces 100 185 187
response implies investigation 246
response is problematic 273
response loop 243
response paths 98
response process 160 252 253 257
response processes 95 125 252 253 254 257
response regimen 125
response regimens 98
response resources 94
response strategy 254
response systems 94 95 189 216 251 272 273
response team 78 126 170 251
response technologies 274
response time 100
response times 100 185
response to abuses 311
response to attacks 241
response to disaster 93
response to event 258
response to incidents 50 95 163 196
response to queries 285
responses 65 94 95 100 125 148 150 154 172 185 210 241 251 252 254 258 262 272 298
responsibilities and performance 255
responsibilities and privileges 133
responsibilities for business 77
responsibilities for reviewing 127
responsibilities for risk 76
responsibilities taken on 307
responsibilities to fulfill 131
responsibility for decisions 121
responsibility for protecting 36
responsibility to act 36
responsibility to assure 120
responsibility to define 42
responsibility to review 127
responsibility to verify 127
responsible for assuring 21 106 118
responsible for business 32
responsible for collecting 118
responsible for coordinating 135
responsible for doing 4
responsible for evaluating 121
responsible for identifying 125
responsible for information 124
responsible for managing 117
responsible for measuring 121
responsible for operating 111
responsible for review 118
responsible for testing 194
responsible for verifying 118
responsible parties 68
responsible party 11
responsible to assure 36
rest state 223 235
restabilize 168
restart for security 163
restarts 62
restaurants 33 105
restoration 226 232 234 235
restore business operations 217
restore this data 226
restored 225 234 235
restraint 186 208
restraint of trade 208
restricted 86 149 173 201 210
restrictions 149 189 210
restructuring 117 137
resulting change 218
resulting changes 65
resulting consequences 94
resulting elimination 218
resulting formal outputs 118
resulting from destruction 219
resulting in denial 245
resulting loss 220
resulting risk aggregation 218
resulting state changes 204
results in behavioral 212
results in behaviors 154
results in controls 59
results in detection 148
results in repair 215
results of analysis 280
results of investigations 248
results of protection 122
retail or wholesale 63
retail value 310
retailers 28
retain credibility 140
retain records 38
retain specific records 182
retained for years 38
retained locally 231
retained off site 289
retaining appropriate expertise 290
retaining records 39
retaining stored data 230
retention and disposition 38 86 265 295 311 313
retention and protection 182
retention of accountability 182
retention of records 167
retention on backups 231
retention periods 182
retention policies 128
retention policy 230
retention processes 97
retention requirements 38 39 86 230
retention risk 331
retention systems 231
retention times 230
retests 5
retired 112
retirement 91 214
retrieval 24 129
retrieve and search 91
retrieve data 129
retrieving stored documents 86
reuse 322
reveal structural limitations 223
revealing content 90
reveals pricing information 247
revelation of pricing 208
revenge 52
reversion 194
review afteraction reports 127
review and acceptance 118
review and approval 118 124
review as needed 130
review board 107 118 122 124 127 130 297
review cycle 68
review documentation 297
review of operations 119
review overall program 107
review physical security 124
review process 125
review processes 127 216
review rates 68 296 331
review risks 68
review schedules 266
review the awareness 128
review the citations 326
review top management 68
review zoning policies 123
reviewed periodically 256
reviewing the documentation 119
reviews of incident 127
reviews of individual 127
reviews of low 68
reviews of requirements 38
revocation 319
revoke 243
revolution 43
reward programs 103
reward structure 106
rewarded with raises 106
rewards 50 106 139 142
rewards and punishments 142
rewards setting 139
rewrites 118
RFID 179 228
rights 3 38 71 93 97 120 132 137 188 209 244 270 310 319 326
rights and dignity 132
rights create performance 319
rights groups 93
rights management 188 270 326
rights to inspect 310
rigor 133 255 312
ring structure 315
riots 286 288
ripple through 314
risk acceptance 9 10 16 46 57 67 69 296 331
risk aggregation 10 16 19 35 56 62 182 189 198 218 259 263 266 293 294 301 326
risk aggregations 16 54 55 208 281 295
risk analysis 26 48 49 61 69 308
risk and calamity 15 20
risk and surety 17
risk assessment 19 59 60 83 308 309
risk avoidance 57 67 296 331
risk category 180
risk disaggregation 263
risk elements 288
risk environment 66
risk environments 64
risk evaluation 331
risk identification 49 50 52 54 56 295 331
risk is acceptable 67
risk is accepted 57 67
risk is quantified 67
risk is reduced 218
risk levels 60 61 62 263
risk management 2 6 9 10 11 15 16 17 18 20 21 26 30 45 46 47 48 49 51 53 55 57 59 60 61 62 63 64 65 66 67 68 69 76 78 82 83 107 112 115 117 121 122 123 126 143 147 159 160 166 170 189 197 217 255 258 263 264 266 277 278 293 294 295 296 297 305 308 325 331 332
risk matching 62 66 296 331
risk mitigation 25 46 49 59 61 67 88 122 296 331
risk options 60 61 296
risk processes 143
risk profiles 217
risk rating 19
risk reduction 46
risk response 83
risk review 68 296 331
risk spectrum 60
risk taking 43
risk tolerance 16 36 42 43 295 308 331
risk tolerances 42
risk transfer 58 67 69 130 225 296 331
risk treatment 57 58 141 143 144 296 298 331
risks 10 15 16 18 20 29 34 46 47 48 49 53 57 58 59 60 61 62 63 65 68 69 87 95 109 121 132 143 170 180 189 203 217 218 221 259 260 266 268 276 292 293 296 305 308 309 312 330
risks are accepted 57
risks are mitigated 143
risks are substantial 63
risks identified 57
risks increase 61
risky business opportunities 67
rivals 52
Rivest 317
road to change 143
Robinson 315
ROI 279
role and access 211
role assignment 180
role changes 211
role placement 21
role rules 180
roles 71 72 73 93 116 126 137 170 180 192 195 204 208 210 211 212 243 259 265 318
roles and rules 180 192 204 318
roles fulfilled 93
roles played 116
roll up 51 160
rolled up 79 158
ROM 226
ROMs 227 228 232 271
rooms 283
Roth 327
route controls 205
routed networks 237
router based controls 269
routers 32 89 177 253 269 323
routes 51 269
routing 54 56 90 198 201 269
rows and columns 283
RSA 317 325
rules 71 73 107 123 131 132 133 135 148 149 150 151 154 180 192 195 204 242 244 298 305 308 318 319 331
rumors 268
run a business 5 13
run a fleet 33
run a program 274
run amok 25
run companies 207
run security operations 164
running programs 163
running the enterprise 15
running wires 186
runways 185
Ruzzo 319
sacrificing enterprise needs 139
safe conditions 258
safe deposit box 289
safe harbor 38 43 96 151 307
safe mechanism 272
safe mechanisms 64 271 272
safe mode 216 257
safe modes 64 272
safe responses 65
safe shreds 227
safe systems 272
safe water 272
safeguard 123
safeguards 59 64 67 78 83 88 91 98 115 122 123 124 129 130 133 218 241 256 297 315 331
safes 272
safety 37 41 54 65 98 187 188 232
salaries 164
salary 120 222
sale 209 219
sales 5 10 12 28 32 97 172 247
sample appeals process 171
sample budget 172
sample decisions 291
sample hidden costs 163
sample roll up 160
sample sound practices 286 302
samples 47 48
sanction policies 242
sanctions 40 97 106 109 126 149 230 242
SAS audits 84 307
satellite 58 185 237
satellite communication 237
satellite photography 185
Savatthi 306
save many lives 244
save on costs 60
save state information 270
save time 118
saving time 8
savior 276
Saxena 315
say hello 105
say nothing 83
saying something 285
scalability 318
scalable 236
scams 97
scanner 162
scanners 14
scans 122 163
scare tactics 247
scenario based analysis 61
scenario development exercises 165
scenario simulations 282
scenarios 14 70 104 287
schedule 130 222 282 297
scheduled 107 130 145 233
scheduled group meeting 130
scheduled meetings 145
schedules access controls 266
schedules for processes 118
scheduling 118 231 233
schema associate clearance 292
schizophrenic 74
scholars 306
school 210
schools 219
Schwartau 327
Schweitzer 13 305
science 203 311 315 327
sciences 6 15 113 309 327
scientific 5 48 277 316
scientific community 5
scientific discipline 48
scientific literature 277
scientific measurements 5
scientific research 5
scientific results 316
scientists 315
scores 159 277
scorn 5
screen 283 326
screen capture 326
screened 93
screeners 93
scrutiny and management 61
scrutiny to attribution 324
sea level 288
seal content 196
seal information 205
seal or unseal 205
seals 196 300 326 328
search capabilities 313
search content 91
search engines 314
search requirements 313
searched for activities 265
searches 265
searching 32 86
seasoned enterprise employee 111
secondary data center 290
secondary sites 226
secondary tertiary 222
seconds 95
secrecy 178 198 304 315 318
secret agreements 38
secret arena 307
secret keys 326
secret patent 150
secrets 37 41 72 86 209 307 316 317
securable 90 215 223
secure and usable 311
secure application environments 195
secure behaviors 105
secure computer system 315
secure computing 315
secure deletion 226
secure design 216
secure development process 321
secure identification card 179
secure information flow 304 310 316
secure operating environments 317
secure operating system 315 316
secure operating systems 316
secure socket layer 195 235
secure systems 83 312 316 317 324
secure token 261
secured devices 188
secured facilities 161
secured logical network 188
secured method 188
secured networks 90
secured wiring 235
securing intellectual property 38
security activities 133
security and control 82 316
security and risk 6 325
security architects 255
security architecture 2 8 10 11 21 24 26 91 95 173 197 199 201 203 205 207 209 211 213 215 217 219 221 223 225 227 229 231 233 235 237 239 241 243 245 247 249 251 253 255 257 259 261 263 265 267 269 271 273 274 275 292 294 300 301 322 331
security audit 169
security auditing 166
security awareness 92 103 162 163 165 212 303
security barriers 177
security budgets 161 163
security cabling 90
security changes 141
security clearances 255
security community 21
security concepts 173 322
security conference 316
security consulting jobs 144 298
security context 154
security controls 315
security coordination 120 297
security costs 158 161 162
security database 243
security decisions 2 108 286 303 310 327
security design processes 255
security device 45 279
security devices 279 326
security efforts 117
security engineering 82
security engineers 256
security enhancements 109
security experience 112
security expertise 256
security experts 165
security failures 102
security features 255
security field 173
security function 110 117 157
security functions 21 108 117
security governance 132 150 156 160
security group 111 124 130 297
security implementation 125
security improvements 255
security incident 113
security incidents 172 256
security information 326
security initiative 83
security interpretation 82
security inventory 264
security issue 106
security issues 91 98 103 104 112 163 215 216 229
security kernel 326
security kernels 320
security knowledge 293 297
security lead 111 112 113 319
security levels 317
security management 9 11 77 166
security marking 326
security measure 325
security measures 227
security mechanisms 26 136
security metrics 158 260 303
security model 321
security monitor 160
security objectives 11
security of information 83 132
security officer 7 11 20 76 98 110 111
security officers 156 255
security operation 260
security operations 164 208
security performance 106 211
security personnel 148
security policies 133 255 256
security policy 195 300 318 330
security practices 255
security practitioners 82
security principles 81 132
security problem 103
security problems 314
security process 102
security processes 153
security professionals 83 132 133
security program 112
security programs 82
security properties 196
security related actions 157
security related areas 113
security related design 216
security related documentation 163
security related duties 211
security related enforcement 150
security related faults 196
security related inconvenience 162
security related issues 108 163
security related outages 163
security related policies 163
security related risks 143
security related surprises 157
security related systems 117
security requirements 163 194 256 315
security response 196
security responsibility 293
security review 109 124 130
security scans 163
security service 322
security services 195
security software 163
security space 197 282
security standards 82
security status 256
security strategies 132
security system 100 321
security systems 100 313
security team 112 113 264
security technologies 26 164
security technology 315
security through obscurity 325
security training 113 128
security work flow 259
Sedona Conference 306
seeking new solutions 304
seeks a target 240
seeks vulnerabilities 240
seem benign 203
seeming inefficiency 125
seemingly extreme importance 275
seemingly simple transaction 181
seemingly trivial detections 251
segment 75
segmentation 324
segments 270
selecting threat assessment 51
selection methodology 51
selection process 199
selective access 323
selective diversity 56
selective inventories 264
selective testing 119
selectively feeding information 73
selectively restoring 226
self imposed duties 10 37
self imposed policies 15 20
self imposed privacy 37
self imposed requirements 293
self protection 196 300
self protection models 300
self seal 196
self validation 175
self worth 139
sell shoes 32
sell things 207
selling price 13
selling secrets 72
semantics of database 189
semi-permeable 22
send changes through 123
send queries 183
sending multiple shipments 277
sense of being 282
sense of business 12
sense of freedom 174
sense of security 226
sense the model 35
sense to business 35
sensed 220 293
sensed by computers 220
senses 184 319
sensibility of actions 203
sensing 220
sensitive 40 41 42 56 63 104 148 149 177 187 210 211 213 222 227 255 313 315
sensitive access 213
sensitive area 149
sensitive areas 177
sensitive customer information 56
sensitive data 222 227
sensitive devices 187
sensitive information 148 255 315
sensitive internal web 63
sensitive issue 104
sensitive laws 40
sensitive matters 42
sensitive pieces 222
sensitive positions 210 211
sensitive protected health information 222
sensor 80 95 157 185 187 220 221 249 326
sensor and state 157
sensor arrays 187
sensor capabilities 220
sensor data 249
sensor mechanisms 326
sensor outputs 80
sensor placement 95
sensor technologies 185 187
sensors 20 80 157 158 167 187 249 252 312
sensors and actuators 80 157
sensors and control 20 167
sensors zones 187
sensory data 220
sent back copies 225
sent cryptographic checksums 175
separate 31 89 120 124 125 127 151 165 172 179 189 193 221 263 269 271 286 288
separate and different 221
separate areas 269
separate backup facility 286
separate components 89
separate data 271
separate individual 172
separate information 151
separate mechanisms 263
separate portions 189
separate purchasing from payments 179
separate site 193
separate teams 125
separate the functions 288
separate training budgets 165
separate training group 120
separated 76 95 115 180 270 313 316
separated network 95 270
separated network segments 270
separated network zones 95
separated systems 316
separately 269
separating 122 182 245
separating networks 245
separating research and development 122
separation 56 62 65 76 78 89 114 115 123 125 133 155 159 177 178 179 182 184 187 188 189 192 216 222 238 239 245 257 268 269 270 271 273 274 288 292 297 309 316 317 319 320 324 325 331
separation controls 268
separation devices 89
separation mechanism 177
separation mechanisms 65 178 187 239 245 268 270 271 274 292
separation of audit 189 245
separation of cabling 238
separation of control 189
separation of detection 125
separation of duties 56 78 89 114 115 123 125 133 155 159 179 182 189 192 257 271 273 288 297 319 320 331
separation of submission 273
separation of systems 177
separation perimeters 188
separation redundancy 65
separation requirements 222
separation technologies 177 222
separations 115
separators 184 268
sequences of actions 203
sequences of bytes 195
sequences of events 46 88 248
sequences of steps 99
sequences that exploit 53
sequential authentications 191
sequential machines 249
sequential media 226
series of barriers 187
series of standards 83 255
serious adverse consequences 95
serious attacks 94
serious business consequences 63
serious business impact 49
serious criminal acts 149
serious damage 289
serious hazard 64
serious limitations 174
serious negative consequences 10 16 18 20 22 30 45 46 49 59 94 96 100 109 125 148 241 245 246 247 249 273 290 305
serious threats 196
servant 306
serve multiple masters 74
server 122 181 231 232 233 244 274
server backup 231
server backups 232
server copy 231
server intermediates 244
server programs 274
servers 89 189 202 232 233 235 264 270
serves as notice 125
service level agreements 70 83
service management 83
service organizations 75
service provider 37
service requirements 230
session 39 250 318
session keys 318
session level fusion 250
sessions 126
set of attacks 223
set of backups 288
set of barriers 184
set of capabilities 192
set of checklists 260
set of circumstances 325
set of controls 71 158
set of definitions 305
set of duties 10
set of functions 192
set of issues 285
set of items 17
set of mechanisms 312
set of objectives 26
set of platforms 89
set of practices 285
set of programs 39
set of properties 191 227
set of protections 240
set of qualifications 275
set of requirements 45 84
set of rights 244
set of sequences 99
set of standards 83
set of technologies 25
set of things 87
set of threats 268
sets of access 99 292
sets of activities 192
sets of destinations 277
sets of environments 88
sets of failures 22
sets of leaders 74
sets of levels 61
sets of preconditions 84
sets of rewards 142
sets of situations 249
sets of technologies 25
sets of tools 282
setting minimum standards 156
setting objectives 198
setting off explosive 192
setting policy 132
settings 99 102 103 189 206 239
settle disputes internally 153
settled by negotiation 152
settlement negotiations 153
seven plus or minus three 327
sever attack graphs 190 243
sever the attack 240 245
several years ago 248
severe threats 61
severed international communications 287
severing of access 273
severing of communications 251
severity of incidents 126
shade the truth 44
shake up 116
Shamir 317
Shannon 315 317
shared 41 74 235 266
shared across groups 74
shared as needed 74
shared databases 266
shared recovery site 235
shareholder 36 37 63 65 70
shareholder investments 37
shareholder value 36 63 65 70
shareholders 15 20 36 37 67 69 96 207
shares 316
sharing 70 74 175 315 316 323
sharing integrity technologies 175
sharing of information 70
sharing of power 74
sheets of paper 263
shells 175 176 317
shielding 177
shift workers 262
shipments 42 277
shipped 234
shipper 314
shipping 33 230 314
shirt pocket 230
short automated response 249
short notice 43
short password 149
short passwords 150
short retention times 230
short term changes 212
short term effects 253
short term event 80
short term inconvenience 55
short term performance 116
short time frames 54 168
shorter approval processes 131
shot the insurer 58
show excellence 106
shredders 226 227
shreds 227
shrinkage 12 29
shut down 57 163 218 233
shut downs 104
shuttle 257
side effect 10 269
side effects 3 42 204 223 254
Siewiorek 327
sign nondisclosure agreements 40
sign on 163
signal channels 237
signal focusing devices 237
signal leakage 312
signal strength 238
signal to noise 237
signaling 237 312
signatures 175 270 317 318 326
signed certificates 195
significant change 61
significant changes 65
significant concern 217
significant cost 208
significant documentation 148
significant effort 88
significant friction 116
significant harm 65
significant health problems 65
significant holes 116
significant impacts 206
significant implications 63
significant import 126
significant information protection 207
significant period 61
significant protection failures 64
significant protection irregularities 148
significant radii 217
significant risk 259
significant testing 165
significantly different 75
signs 184 185 187
simplicity 133
simplification 12
simplified 12 17 18
simplistic 8 30 184 308
simulate 35 48
simulate the business 35
simulated data in 23
simulated environment a 23
simulating cyber attacks 308
simulation 52 223 258
simulations 34 258 282 310
simultaneous 39 287 320
simultaneous appearance of 39
simultaneous development 320
simultaneous loss 287
simultaneously secure 311
single administrator 318
single authenticated identity 192
single building 55
single computer failure 257
single data center 289
single earthquake 55
single error correction 272
single event 287
single explosion 55
single facility 288 289
single failure 272
single full backup 233
single individual 56 136 179
single individuals 263
single location 263
single missing concept 316
single model 27
single operating system 56
single point 55 109 291
single point of failure 55 109 291
single points of failure 55 189 290 295 331
single user systems 89
Sir Isaac Newton 303
sire 306
site backup 234
site backups 234 235
site for disaster 231
site for use 234
site policy 96
site security 255
site to site 227
sitting idle 235
situation analysis 104 247
situation awareness 80
situation checking 271
situation dependent code 245
situation dependent decisions 245
situation provides context 249
situation setting 139
situation specific actions 84
situational characteristics 98
situational circumstances 262
situational reactions 11
situational specifics 254
size and complexity 265
size and shape 236
skepticism 285 312
skew 200
skill 27 50 51 52 78 98 108 112 156 257
skilled attackers 191
skilled CISOs 136
skilled directed professionals 242
skilled handler 135
skilled technical person 135
skills 9 20 100 111 112 113 115 135 144 145 157 179
skills and bookkeeping 112
skills and capabilities 179
skills and degrees 112
skills and influence 9
skills and knowledge 115 144
skills and mandates 135
skills necessary 20
skills to compensate 157
slew rates 319
slip and fall 49
slow processes 258
slower Boyd cycles 258
small business 56 74
small businesses 289 307
small central management 75
small covert channels 269
small devices 177 230
small groups 133
small insanity 52
small localized businesses 288
small size 5
small system 89
smaller organizations 74
smaller scale servers 89
smaller space 229
smart card 179
smart cards 177
smoke 100
smoke and chemical 100
smooth transition 144
smooth transitions 143
snow melts 47
social action 307
social awareness 105
social benefits 105
social changes 105
social consequences 14
social environment 105
social forces 139
social interactions 14
social norm 156
social norms 128 281
social pressure 105
social pressures 106
social processes 133
social rules 133
social security numbers 229
societies 41 307 322
socket 195 235
Soelberg 327
software 22 71 89 112 161 163 175 189 191 196 198 205 215 236 243 250 264 270 271 304 310 312 315 320 321 322 327
software component 22
software components 89
software elements 304
software encryption 270
software engineering 321
software environments 320
software for security 163
software maintenance 161
software program 196 250 310
software protection 321
Software Publishers Association 310
software tool 327
soil makeup 185
sole protective mechanism 325
sole responsibility 121
solid basis 286
solid testbeds 258
solve risk management 258
sonic 185 186
sorts of access 201
sorts of anomalies 248
sorts of assessments 308
sorts of attacks 89 254
sorts of backup 225
sorts of business 14
sorts of businesses 33
sorts of challenges 309
sorts of control 122
sorts of data 220
sorts of design 205
sorts of detection 309
sorts of failures 33 34
sorts of faults 87
sorts of force 135
sorts of forces 190
sorts of groups 73
sorts of individuals 144 255
sorts of influence 131
sorts of information 151 176 207
sorts of intrusions 248
sorts of management 282
sorts of measurements 175
sorts of mechanisms 186
sorts of metrics 158
sorts of objectives 117
sorts of outages 90
sorts of proofs 173
sorts of records 38
sorts of results 308
sorts of risks 109
sorts of systems 288
sorts of things 64 146
sorts of vulnerability 122
sorts of workers 305
soul dies 306
sound advice 199
sound alarms 187
sound approach 71
sound business decision 153
sound change control 61 88 89 193 216
sound decision 44
sound decisions 324
sound judgments 136
sound light motion 187
sound practices 286 302 331
sound security decisions 286
soundness 286
source attribution 221
source code 194
source codes 196
source integrity 174
source level 221
source magnetism 138
source of information 174
source verification 175
sources of cancer 5
sources of data 230
sources of incompatibilities 215
sources of input 325
sourcing of data 183
SOX 70 82 151 311
space costs 161
space flight 58
space people 137
space systems 65
spacecraft 72
spaces 98 204 267 268
spam 165 246 270
speak candidly 110
speaking systems 122
special access 216
special duties 37
special education 112
special expertise 98 121 193
special groups 124
special hardware designs 65
special information protection 100
special maintenance modes 216
special materials 65
special occasions 231
special phone numbers 201
special precautions 213
special privileges 119
special projects 129 297
special protection requirements 210
special protective measures 208
special purpose environments 123
special purpose functions 177
special requirements 124
special skills 157
special talents 92
special training 98
special wall paint 237
specialist 113
specialization 73
specialize 252 307
specialized expertise 73 100 225
specialized hardware 236
specialized information security 165
specialized security architects 255
specialized systems 89
specialized training 113
specialty area 101 307
specialty areas 215
specialty fields 101
specialty financial records 40
specialty patents 307
specific individuals 92 114 262
specific instructions 128
specific issues 103 107
specific jurisdictions 38
specific operating environments 83
specific presentation mandates 279
specific protection requirements 40
specific records 182
specific restricted environments 173
specific retention requirements 38
specific situational reactions 11
specific target characteristics 308
specific usage patterns 202
specification 115
specifications 178 311
specificity of access 189
specified tolerances 125
spectacular failures 170
spectrum 39 60 61 78 112 197 237 261
spectrum jamming 237
spectrum spreading 237
spectrum techniques 237
speech patterns 236
speeding up 258
spelling errors 324
spending money 158
spies 52 308 314
splitting of information 208
SPOFs 34
spoke structures 74
sponsor 141 144 145
sponsored 82
sponsoring 31 82
sponsorship 308
spontaneous combustion 6
spoofed 236
spot market 307
spread infections 316
spread rates 95
spread sheets 30
spread spectrum techniques 237
spread the risk 278
spreading across cities 288
spreadsheet 283 291
spreadsheets 320
spring rains 47
spyware 246 270
spyware detectors 270
stability 54 159 210 223
stability errors 223
stability for people 210
stabilizing factors 210
stable countries 43
stable legal situations 43
stable over time 116
stable protection program 168
staff 87 107 111 113 119 169 208 248 252
staff levels 248
staff members 111 119
staff training 113
staffing level 146
stakeholders 107 143 171 278
standard 21 26 58 63 82 83 84 87 128 131 132 149 152 159 171 198 199 213 233 235 260 278 285 324
standard access control 198
standard applications 233
standard approach 132
standard concepts 21
standard features 63
standard for audits 82
standard for encryption 235
standard for protection 84
standard for service 83
standard of consistency 149
standard practices 285
standard probabilistic risk analysis 26
standard resignation process 213
standard systems 84
standard terms 152
standard texts 199
standardized audit 89
standardized event sequences 259
standardized format 286
standardized requirements documents 85
standardized specifications 178
standards and documentation 218
standards and policies 119
standards and procedures 78 112 118 119 126 128 133 148 150 152 169 297
standards and processes 133 152
standards and qualifications 91
standards and technology 83
standards based solutions 84
standards create procedures 123
standards effort 311
standards exist 84
standards for administrators 255
standards for protection 87
standards for quality 63 83
standards for training 83
standards from policies 118
standards of behavior 156
standards of practice 41 295 331
standards on security 255
standby 225 231 234 235
standby equipment 234
standby modes 231
standby site 235
standby systems 225 234
starting and ending 217
startup 169 233 274
state controls 292
state dependencies 244
state information 157 204 247 270
state limits 220
state machine 183 222 250
state machines 205 222 249 309
state of data 227
state space 222
stateless model 244
station 269
statistic 108
statistical 47 48 224 277 304
statistical analysis 277
statistical basis 47
statistical information 224
statistical models 47 48
statistically significant number 162
statistically verifiable controls 224
statistics 46 47 162 224 232
status 41 93 120 149 150 159 194 209 210 256 295 307 308 330
statutory violations 119
staying in business 58
steady state rates 232
steganographic 206 269
steganography 275 317
Stewart 322
stochastic processes 47 308
stock 49 172
stock to loss 49
stock trades 172
stocking information 314
stop attackers 187
stopping the attacker 242
stops working 32
storage 24 40 41 65 86 96 124 129 181 216 221 223 225 227 228 229 230 231 232 233 234 238 265 271 304 313
storage and computation 265
storage and recording 181
storage and retrieval 24
storage area network 181
storage area networks 24 233
storage areas 228
storage becomes complex 86
storage before input 124
storage data 223
storage device 227
storage devices 228 230
storage facilities 313
storage media 216 225 232
storage of data 228
storage of records 40
storage perimeters 304
store and dispose 39
store backup data 232
store large quantities 226
store retrieve 91
store too little 232
stored as data 222
stored data 213 230
stored documents 86
stored in systems 229
stored on disk 226
stored or disposed 209
stored state information 247
stored within hardened 228
storefronts 28
stores 181
storied history 314
storing large numbers 232
storm 222
storming 116
storms 287
stranding passengers 109
stranger 72
strategic adaptations 255
strategic assessments 252
strategic changes 95
strategic decision 281 282
strategic decisions 276
strategic games 310
strategic incident team 130
strategic management 167
strategic operations 83
strategic options 310
strategic planning 130
strategic response 95 241 254
strategic reviews 85
strategic scenario simulations 282
strategic time frame 168
strategic understanding 113
strategic vision 282
strategies 6 57 132 156 325
strategy 16 57 58 59 73 74 80 198 253 254 280 289
stream 237
strength 238
stress 139 166 280
strictest confidence 40
strictly limited 23
strictly regional companies 288
strictly top down 305
strikes 98 165 287 289
strip shredders 226
strong change control 258
strong controls 89
strong correlation 102
strong indicator 92
strong integrity maintenance 317
strong library skills 112
strong management communications 74
strong oversight 123
strong project management 111 112
strong support 283
strong vendor management 113
stronger change control 64
structural approaches 173
structural assumptions 173
structural decisions 196
structural defenses 275
structural limitations 223
structural mechanisms 11 268
structural redesigns 185
structural vulnerabilities 53
structure of information 4 7
structure of networks 268
structure to model 316
structure transformation 325
structure vulnerabilities 53
structure within Multics 315
structure-based content 292
structured process 282
structures and fitting in 73 296
structures and responsibilities 162
structures used 77 166
structuring changes 129
struggles between managers 257
students 27
study performed 282
stunning oversight 43
subcontractors 40 152
subfields 5
subject object 88 195 244 268 269 319
subject object controls 269
subject object matrices 244
subject object model 88 244 319
subject object models 268
subject object system 195
subject to approval 15
subject to attack 63 181 325
subject to audit 123
subject to banking regulations 38
subject to board approval 5
subject to change control 281
subject to errors 318
subject to override 15
subject to protections 42
subject to threats 168
subject to virus 177
subjects and objects 319
subjects are authenticated 292
subjects with classifications 292
submit a request 188
submit commit 175 178 179 188 239 273 319
submit commit cycle 239 273
submit commit cycles 175 178 239 319
submit commit mechanisms 188
submit commit systems 179
submitted data 239
submitted information 179
subordinate 111
subprotocol elements 270
subsequent deleted copies 233
subsequent legal action 250
subsequent states 144
subsidiaries 117
subsidiary 83
substantial businesses 217
substantial change 43 195
substantial complications 155
substantial effects 98 326
substantial enterprise risk 55
substantial expertise 254
substantial financial cost 177
substantial harm 127
substantial infrastructure project 168
substantial negative consequences 157
substantial period 214
substantial regional threat 50
substantial resistance 147
substantial resources 277
substantial risk 62
substantial size 190 320
substantial specialty area 307
substantial standards 311
substantially wrong 308
substitute for education 101
substituting cryptographic methods 317
substitution type errors 142
subtle and indirect 152
subtle and unanticipated 54
subtle effects 28
subversion 100
subverted 72 316
succeeded against systems 173
success and failures 28
success and survival 13
success in business 28
success in protection 198
successful CISO 154 156
successful enterprises 20
successfully adopt 142
successive barriers 99
succumb to attack 63
suffer the consequences 11 92
sufficient basis 321
sufficiently diverse 291
suggested process improvements 127
suggested retail value 310
suggesting substantial complications 155
suicide 66
suitability for tasks 91
suitability for trust 191
suitable for use 4
suitable management 193
suitable tasks 92
suitable time frame 224
summed or averaged 283
superhighway 305 311
suppliers 28 149 229
supplies 12 28 33 54
supply 28 29 54 206 305
supply and logistics 29
supply inventory transport 28
support a decision 291
support a goal 153
support critical business 290
support decision making 282 301
support for modeling 34
support for process 259
support group 264
support managers 142
support personnel 54 255
support process development 307
supported radii 55
supported with documentation 286
supporting infrastructure 121 215
supporting infrastructures 19
supporting system development 256
supportive behaviors 156
supports business linkage 294
supports information protection 258
suppress the information 268
sure authentication techniques 243
surely 321
surety 10 16 17 46 61 62 63 64 65 66 76 83 89 122 123 125 126 175 177 178 180 181 183 184 188 189 191 192 193 198 200 204 205 236 239 245 246 259 261 263 266 269 270 271 272 274 292 293 296 309 312 313 316 320 321 325 329 330
surety abyss 321
surety access controls 175
surety and interoperation 321
surety and quality 313
surety approaches 66
surety appropriate 312
surety controls 65
surety diodes 269
surety environment 126
surety environments 122 125 126
surety firewalls 271
surety identification 329
surety implementations 178
surety incident handling 126
surety increases 183
surety level 17 65 239 270
surety levels 10 61 62 76 188 191 205 245 266 274 293 325
surety management matching 330
surety mechanisms 62 65 198 271
surety methods 62
surety needs 316
surety of accountability 181
surety of authentication 191
surety of mitigation 46
surety of results 239
surety of software 189
surety protection programs 83
surety required 192 261
surety requirements 292 313 316
surety systems 63 64 65 122 123 126 198 320
surety techniques 263
surprise audits 87
surprises 43 157 213
surreptitiously planting individuals 105
surround content 22
surrounding properties 186
surrounding topology 185
surveillance 100 123 221 237
surveillance redundancy 237
surveillance systems 100
surveillance technologies 123
surveilled 213
survivability 231
survival 13 28
survive 90 217 287
survive disasters 217
survive limited nuclear attack 287
surviving attacks 318
susceptibility to attack 98
susceptible 223
suspects 138
suspended 213
suspended or terminated 213
suspension 91 211 212
suspension mandates 211
suspicious 105
sustainable 58
Swartz 327
switch consolidation 237
switch signaling 237
switch to switch 237 238
switch vendors 165
switched communications systems 201
switched infrastructure 237
switched point to point 238
switches 64 269
switches rate limits 269
switching or routing 90
sworn 3
symbol sequences 220
symbolic representations 220
symbols 220
sympathetic 139
synchronization 201
synchronized 234
synergistic skill sets 112
syntactic requirements 206
syntax 189 220 238 239 270 271
syntax checking 271
syntax checks 220
syntax form 238
syntax limits 220
syntax or markings 271
synthesis of reliable systems from unreliable components 317
system access 182 212 231
system access controls 182 231
system adversary controls 132
system behaviors 157 204
system BIOS 206
system capabilities 89 249
system certifiers 83 256
system change 39
system changes 168
system clocks 200
system collapse 109
system content 17
system control 216 262
system controls 245
system costs 328
system design 327
system development 256
system evaluation 175 177 269 316
system evaluation criteria 175 269 316
system facilitates 192
system facility 55
system fails 62
system in use 191
system in violation 149
system infrastructures 54
system life cycles 168
system lifecycles 166
system logs 39
system mechanisms 282
system metrics 298
system must compensate 210
system of controls 167 243
system of identification 191
system of tracking 128
system operations 238
system outage 176
system owners 123 166
system platforms 89
system protection 231 236
system security 81 83 132 168 173 255
system security concepts 173
system security initiative 83
system security officers 255
system security principles 81 132
system source codes 196
system state 233 234
system support 239 255
system supports 263
system that adapts 125
system that identifies 84
system that shares 316
system to allow 106 158 326
system to asses 251
system to differentiate 220
system to verify 263
system trustworthiness 321
system under examination 273
system under test 88
system wide testing 61
systematic analysis 85
systematic approach 25 71 92 215 280
systematic change control 88
systematic comprehensive approach 9 10 285 294 331
systematic comprehensive information 9
systematic effort 103
systematic exploitation 93
systematic tracking 264
systematically analyzed 32
systematically examined 279
systematically produced 129
systematize and enhance 35
systemic change management 61
systemic failure 54
systems access 93 213
systems access passes 93
systems accounting 83
systems administration 124 161 318
systems administrator 179
systems administrators 78 83 125 255
systems analysis 61
systems and algorithms 257
systems and applications 72
systems and assets 110
systems and cabling 215
systems and capabilities 84
systems and certificates 318
systems and change 124 126
systems and content 72 123
systems and contexts 84
systems and data 11 21 167 292
systems and disaggregating 259
systems and implementations 236
systems and information 132
systems and infrastructure 136
systems and infrastructures 180
systems and interfaces 189
systems and mechanisms 198
systems and network 122 125
systems and networks 177
systems and organizations 87
systems and people 249 268
systems and platforms 91
systems and protection 24
systems and requirements 313
systems and response 98
systems and technology 240
systems and tracking 212
systems anomaly detection 248
systems applications 268
systems architectural separation 324
systems are aggregated 218
systems are consolidated 218
systems are designed 94 100 254
systems are grouped 62
systems are operated 255
systems are problematic 326
systems are revisited 87
systems are tested 65
systems are transitioned 122
systems are used 64 90 91 288
systems are useful 236
systems as intermediaries 324
systems at perimeters 96
systems audit 82
systems audits 68
systems authorization 243
systems become decommissioned 218
systems change control 217
systems change tracking 93
systems changes 217
systems clearances 93
systems controls 65
systems critical infrastructures 17
systems data 209 217 300
systems databases 91 231
systems deployed 318
systems destroyed 219
systems detect changes 273
systems detection 272
systems exist 257
systems facilities 211
systems fail 53
systems failure modes 272
systems for production 90
systems for security 259
systems gateway 189
systems go awry 64
systems handling content 313
systems hardware 112
systems have limitations 206
systems identity management 216
systems in aerospace 259
systems in general 314
systems infrastructures 54 200
systems integration 215
systems intent 250
systems intrusion detection 125
systems libraries 54
systems management efforts 264
systems mathematical foundations 304 310
systems measurements 158
systems obscure 268
systems observation 95
systems of businesses 29
systems of governance 133
systems or components 56
systems or networks 163
systems over time 324
systems phases 218
systems protection 124
systems reduce costs 263
systems response time 100
systems restoration 232
systems roles 318
systems sciences 327
systems security 81
systems separation 159
systems software 264
systems storage 233
systems structure 268
systems terminal connectors 201
systems testing 112
systems that detect 245
systems that fail 272
systems that interact 96
systems that originate 265
systems time 200
systems to account 165
systems to assure 61 93
systems to bridge 90
systems to deter 100
systems to differentiate 206
systems to track 271
systems under change 122
systems under test 88
systems varies substantially 238
systems verification 238
systems within products 282
table 2 7 8 51 52 67 68 130 160 163 166 192 294 295 296 297 298 299 300 301 302
tactic 307
tactical 73 95 168 241 247 253 254 276 324
tactical decisions 276
tactical incident response 253
tactical response 241
tactical responses 95
tactical time frame 168 247
tactical warfare 324
tactics 73 74 80 105 247
tag 179 190
tags 228
tailgating 187
taint 42
take assets 307
take content 326
take control 216
take identity 204
take measurements 5
take no responsibility 3
take on leadership 73
take orders 314
take steps 256
take supplies 28
take time 32 57 98 167
take votes 283
take weeks 228
take years 42
taken home 288
taken in 70 110 219 229 264
taken into account 55
taken into consideration 50
taken on contractually 307
taken to assure 180 218 288
taken to compensate 218
taken to mitigate 254
taken to protect 70 213
taken to task 150
taken urgently 261
taken with respect 69
takes time 95 155 246 284 287
takes years 254
taking actions 72
taking care 319
taking into account 10
talents or training 92
tamper evident 99
tangible form 181 213
tape 223 226 228 263 288
tape deletion 226
tape head 228
tape number 263
tape readers 228
tape taken home 288
tapes 40 226 227 228 231 232 234
tapes and 40 226 228 231
tapes and copies 231
target 53 98 99 137 142 185 222 237 240 241 242 243 253 267 308
target audience 142
target audiences 142
target characteristics 308
target detection 243
target for exploitation 237
target identification 267
target identifying 242
target is found 240
target is identified 253
target location 222
target protection 240
target response forces 185
target vulnerabilities 243
targetable 237
targeted 63 325
targeting 50
targets 50 90 99 142 240 241 242 243 267 308 325
targets and exploitation 243
targets for bombings 325
targets leadership 50
targets of opportunity 267
task access 52
task force 315
tasked with governance 156
tasked with governing 74
tasked with responsibility 10
tasked with separating 122
tasking groups 114
tasks 4 64 73 74 91 92 123 128 133 142 157 210 211 216 244 249 260 263
tax 126 162
taxed 303
taxing 258
TCBs 188
TCG 176 178 196 317
TCP 195 322
tcp wrapper 322
TCSEC 175 177 316
tcsec systems 175 177
teacher 101
teaching 8 199
team lead 112 147
team leader 113 145 165
team leadership 112 113
team leads 146
team manager 145
team member 145 153
team members 108 126 145 146 153 154 251 258
team of people 32
team protection process 264
team response 78
teaming experiments 322
teams 52 77 78 113 118 125 137 138 170 252
technical actions 193
technical alternatives 199
technical approvals 193
technical architecture 183
technical attack 72 113
technical attacks 72
technical baseline study 323
technical computer attacks 220
technical computer security 112
technical control scheme 275
technical controls 11 72 195 312
technical decisions 101
technical detail 111
technical expert 144
technical expertise 112 145
technical experts 157
technical flaw 252
technical groups 103
technical incidents 313
technical issues 112 136
technical journal 315 317
technical limitations 319
technical mechanism 127
technical mechanisms 199 243 244 267 319
technical methods 277
technical people 44 72 109
technical performance metrics 172
technical prevention mechanisms 244
technical problems 318
technical protection elements 195
technical protections 244
technical protective elements 199
technical protective mechanisms 275
technical response 94
technical responsibility 112
technical review 130
technical safeguard 123
technical safeguards 78 83 88 91 98 115 122 123 124 129 130 241 297 331
technical security 2 10 11 21 24 91 95 173 197 199 201 203 205 207 209 211 213 215 217 219 221 223 225 227 229 231 233 235 237 239 241 243 245 247 249 251 253 255 257 259 261 263 265 267 269 271 273 274 275 292 294 300 301 318 322 331
technical security architecture 2 10 11 21 24 91 95 173 197 199 201 203 205 207 209 211 213 215 217 219 221 223 225 227 229 231 233 235 237 239 241 243 245 247 249 251 253 255 257 259 261 263 265 267 269 271 273 274 275 292 294 300 301 322 331
technical security policy 318
technical setting 112
technical skills 112
technical solution 275
technical specialists 195
technical standards 84 311
technical steps 252
technical systems 71
technical team 112 123 255
technical team leadership 112
technical tools 244
technical violation 149
technical vulnerabilities 53
technically competent 132
technically relevant 101
technologies 6 9 13 14 19 21 24 25 26 80 88 89 90 91 101 122 123 125 164 174 175 177 185 186 187 188 189 190 196 199 222 235 246 269 274 283 287 293 322
technologies change 101
technologies run amok 25
technologists 30 33
technology 5 6 10 12 13 14 16 19 21 25 26 29 32 33 35 39 54 62 66 69 71 76 82 83 88 96 98 109 110 111 115 121 124 125 127 161 166 170 193 199 208 211 212 213 217 238 240 256 264 273 288 289 290 294 297 305 307 310 312 313 315 325 326
technology architecture 256
technology audit 127
technology changes 125
technology components 35 208
technology department 109
technology experts 19
technology facilities 21 82
technology failures 10 14 33 96
technology implementation 25
technology infrastructure 71 83
technology inventory 264
technology models 26
technology operations 288
technology oversight 294
technology picture 19
technology planning study 315
technology related risks 29
technology risk mitigation 88
technology security programs 82
technology selection 199
telecommunications 83 129 288
telecommunications group 129
telecommunications outages 288
telecommunications system security 83
teleconference 130
telephone 14 39 127 201 221 230 238
telephone calls 14
telephone number 221
telephone numbers 201 230
telephone records 39
telephone systems 127 201
telephone technology 238
telephone transmission systems 238
telephones 90
telephony 90 215
teller 201
tellers 272
temperature 6 100 187 223
temperatures 226
tempest protection 255
tempo 167
temporary suspension 212
ten good reasons 291
tension 156 259
tensions and disputes 153
tenure 6 159
terabyte 232 233
terminal connector 221
terminal connectors 201
terminal employee 213
terminate 84 89 212 214 218
terminate actions 84
terminate encrypted tunnels 89
terminate previous accounts 212
terminate the functions 218
terminate their employment 214
terminated 38 125 137 153 213 276
terminated employees 153
termination 84 91 106 120 125 136 188 194 209 213 214 265 318
termination conditions 84
termination meeting 213
termination meetings 136
termination of duties 213
termination or death 214
termination process 213
termination processes 125 265 318
termination requirements 213
terminations 213 276
terms and conditions 38 152
terrain 184
terrorists 52
tertiary 222
test 88 103 126 193 195 263 281 284 310 312
test data 193
test development 88
test out possibilities 310
test repairs 312
test results 126
test runs 284
test system 263
test the function 312
testbeds 258
tested 64 65 193 194 205 217 226 235 245 262 289 290
tested and practiced 217
tested and restored 235
tested and verified 290
tested before 217
tested by restoration 226
tested formal change 65
tested periodically 289
tested production 194
tested verified 193
testing 5 6 21 23 53 60 61 65 78 87 88 112 115 119 121 122 130 165 166 168 169 170 189 191 193 194 216 217 235 258 263 288 293 296 297 312 331
testing and change 23 78 87 112 115 121 122 165 168 170 296 297
testing and evaluation 112
testing approaches 312
testing business 5
testing environment 193
testing group 122 130
testing into production 115
testing leads 169
testing of alternatives 165
testing of consistency 119
testing operational changes 258
testing procedures 65
testing process 53 193
testing processes 189 193 216
testing protective mechanisms 331
testing provides verification 87
testing regimen 87
testing regimens 312
testing review 130
testing surety 193
testing technologies 293
testing technology 166
tests 65 86 88 164 194 222 312
text files 30
thanking 4
theft 29 102 207 213 224
theft of inventory 29
theft of proprietary 213
theoretical models 173
theoretical structure 173
theoretical view 17
theoretically available 145
theoretically unbreakable cryptosystem 315
theory and experiments 309 316
theory and practice 327
theory applies 310
theory of communications 317
theory of groups 115 297
theory of secrecy 315
theory with reality 101
thieves 52
thin client platforms 89
thin spectrum jamming 237
think management 30
think of themselves 138
think targets 241
think technical security 257
thinking about things 8
thinking and modeling 173
third dimension 83
third important group 116
third parties 37 96 151 209 318
third party 175 261
thorough and thoughtful 276
thorough decision process 277
thorough job 281
thoroughly tested 193 205 217
thoroughly tested verified 193
thoughtful 276 293
thoughtful people 293
thoughts and ideas 303
thousands of employees 104 229
thousands of results 5
thousands to millions 215
threat 17 19 50 51 52 53 55 56 59 61 68 88 135 136 137 138 160 187 242 268 287 289 295 324 331
threat analysis 52
threat and consequence 59 68
threat assess 160
threat assessment 50 51 53 55 295 331
threat assessments 50
threat attack processes 88
threat capable 187
threat driven 287
threat induced 268
threat level 51
threat levels 61
threat of force 135 137 138
threat or consequences 19
threat profile 55 289
threat set 17
threat type 51 52
threat types 324
threat update 68
threat x consequence 68
threaten leaks 214
threatened 108
threatening letter 50
threats after consequences 308
threats and attacks 132
threats and consequences 240
threats capabilities 17
threats change 51
threats faced 51
threats identified 55
threats increase 61
threats represent risks 18
threats to attack 52
threats to business 70
threats to public 65
threats with demonstrated capabilities and intents 168
three years 6
threshold 148 193
thresholding 94
thresholds 16 94 248 252 260
thumb changes 215
ticketing system 193
ticketing systems 85 259
tiger teams 52
tighter settings 189
tightly integrate 121
time after time 313
time analysis 282
time and again 66
time and controls 245
time and cost 87
time and date 263
time and effort 8 32 115 158 162 168 281 285 286
time and equipment 99
time and expenses 161
time and inconvenience 254
time and measurement 5
time and money 118
time and risks 57
time and space 244 323
time based security 327
time bases 200
time causes delays 246
time changes 168
time consuming process 254
time costs 17
time data 227
time delays 163
time dependency 286
time force 116
time frame 51 108 159 168 214 224 225 247 320
time frames 5 32 54 68 95 101 125 147 167 168 230 247 248 249 290 322
time identification 236
time in conflict 95
time in meetings 114
time in position 92
time index 331
time is important 200
time is measured 98
time is relative 200
time keeping 164
time location 99 292
time metric 200
time moving forward 320
time of change 211
time of day 192 233
time per unit 176
time periods 214
time permits 279
time planning 217
time processes 99
time rate controls 272
time response 291
time restoration 226 234
time scales 167
time sharing 315
time stress 166
time systems 257
time target location 222
time that change 43
time threat 51
time to authenticate 162
time to change 131
time to develop 167
time to failure 176
time to market 319
time to mitigate 94 246
time to penetrate 98 99
time to repair 176
time to respond 273
time to sever 245
time to traverse 190
time transformations 217
time transitivity 179 180 265 319
time zone 200
timeliness 10 55 94 132 225 226 231 234 261 312
timely and accurate 120
timely and coordinated 132
timely enough fashion 125 261
timely fashion 119 176 182 211 217 290 324
time-related 87
times change 286
times of events 271
timesharing 304
timing 95 181 200 252
timing sensor placement 95
today 13 17 21 27 30 38 53 54 67 69 70 82 89 97 101 109 162 173 179 195 197 198 207 215 221 227 230 232 233 235 243 245 253 264 265 266 276 283 286 303 304 312 314 315 320 321 322 324 326
token 261 322
tokens 236
tolerable limits 273
tolerance 16 28 36 42 43 224 295 308 313 331
tolerances 42 68 125
tolerant 271 272 321 327
tolerate 230 272
tolerated 272
toluene 6
tools 82 122 135 164 216 244 265 279 280 282 283 284 293 301 332
top decision maker 258
top decisions makers 78
top down 43 305
top executives 32 77 107 109 127
top leadership 131
top level business 121
top level CISO 163
top level communication 108
top level costs 158
top level decision 15 108
top level device 264
top level duties 43
top level executive 141 145
top level governance 80 106 107 108 110 112 114 116 118 120 122 124 126 128 130 159 160 297
top level issues 81
top level meetings 130
top level position 109
top level structure 7
top level team 164
top level teleconference 130
top management 16 20 30 33 36 41 42 43 44 45 68 69 70 75 76 77 78 104 107 108 109 110 117 118 121 127 141 150 153 159 163 165 264 298 305 332
top managers 313
top priorities 147
top quality skills 115
top technical person 113
topological limits 98
topologies 187
topology 185 201
tornadoes 288
total aggregated value 278
total business loss 6
total effort 260
total elimination 53
total environment 250
total fuel consumption 222
total IT budget 161
total salary 222
total value 278
totality of states 309
touch content 199
touch points 21 75
touch sensitive devices 187
touch the content 275
toxic materials 65
TPM 196 317 326
traceable 66
tracing events 324
track 4 6 16 26 34 35 48 103 128 129 158 162 164 165 190 199 207 221 228 256 266 271 280 282 313 326
track and measure 256
track and separate 271
track and transform 16
track awareness 103
track changes 35
track data 221
track identifiable costs 164
track movement 228
track training time 165
track uses 326
track without dependencies 266
tracked 27 80 86 91 93 118 158 166 203 205 221 228 262 266 282 311
tracked and enhanced 311
tracked and maintained 93
tracked and managed 80
tracked by personnel 93
tracked copies 86
tracked inventories 266
tracked to parents 205
tracked ultimate dispositions 118
tracked who pays 166
tracking 38 70 86 93 118 120 122 128 158 179 193 200 210 211 212 214 226 231 233 253 256 264 265 266
tracking access 266
tracking all users 128
tracking and attribution 93
tracking and reporting 118
tracking backups 226
tracking behavior 200
tracking controls 70
tracking costs 158
tracking individuals 265
tracking of individuals 179
tracking of personnel 120
tracking of program 128
tracking of requirements 38
tracking of training 120 211
tracking process 128 193
tracking processes 86 210 211
tracking purposes 256
tracking roles 265
tracking systems 86 212
tracking updates 212
tracking where 231
tracks the transactions 314
trade center bombings 325
trade commission 40
trade in illegal 307
trade offs 56 234 246
trade requirements 208
trade secret 38 96 150 307
trade secret agreements 38
trade secrets 37 41 86 209 307
traded off 275
tradeoff 196
tradeoffs 56
trades 172
trading partner 204
trading partners 96 151
trading value 137
traffic 56 237 247 269 272
trails 22 72 181 182 216 256 266
train individuals 126
trained 80 100 104 260
trainee 165
trainers 78
training 50 83 91 92 98 101 103 112 113 120 123 128 149 150 151 162 163 165 166 211 212
training and awareness 113 120 123 128 165 211 212
training and expertise 98
training awareness 149
training budgets 165
training game 103
training group 120
training incident handling 166
training levels 50
training material 128
training personnel 83
training requirement 165
training requirements 211 212
training time 162 165
transaction 58 63 179 180 181 192 221 226 231 233 234 239 273
transaction amounts 221
transaction based updates 234
transaction identification 181
transaction processing 63 239
transaction records 231
transaction replay 226
transaction system 233
transaction systems 231 239
transactions 42 58 192 234 272 291 314 319 321
transactions and processes 314
transactions are recorded 234
transactions are sent 234
transcontinental diversity 287
transfer and acceptance 43
transfer and avoidance 67
transfer and mitigation 11
transfer of content 213
transfer of data 272
transfer of information 54
transfer risk 58 296 331
transfer risks 57 58
transfer techniques 225
transferability 67
transferability and reducibility 67
transferable 16 67
transferrable 67
transferred 57 59 67 121 322
transferred between systems 322
transferred to insurance 67
transferred to shareholders 67
transfers 42 192 205
transform 10 12 16 189 205 220 223 326
transformation 62 224 325
transformations 217 218 239
transformed 10 28 223
transformed into gold 28
transformed into medicines 28
transformed into value 28
transforms 11 28 46 65 187 205 222 223 239 270 304
transforms and filters 270
transforms and separation 187
transforms duty 46
transforms enclaves 187
transforms on data 239
transforms the duty 11
transforms value 28
transit 231 235 304
transition 129 144 154 197 208 209 256
transitioned 122
transitions 143 309
transitive 43 175 266 304 317 320
transitive closure 317
transitive contract requirements 43
transitive effects 266
transitive information flow 175 304
transitive spread 175
transitive trust 320
transitivity 179 180 265 319 323
transitivity controls 179
transitivity of access 265
transitivity of information 319
transitivity of role 180
transitivity of use 179
transmission 223 235 236 237 238 269 271 272
transmitted content 238
transmitted data 237
transmitted information 238
transmitting electromagnetic signals 238
transparent and automatic 192
transparent to authorized 155
transport 12 28 90 195 237 238 270
transport arbitrary data 90
transport data 90
transport goods 12
transport level attack 270
transport media 237 238
transport of data 90
transport protocol 195
transportation 202 225 234
transportation system 234
transportation systems 202
trap individuals 99 186
traps 322
traverse links 190
traversing the attack 240
Treadway commission 31 82
treaties 307
treating executives differently 149
treatment 57 58 141 143 144 270 296 298 331
treatment plans 141 143 144 298
treatments 191
treble damages 310
trespass 187
triage 187 251 252
trial 327
tricking locks 187
trigger 64 68 210 249
trigger a detection 249
trigger an evaluation 210
trigger reviews 68
triggered by attackers 251
triggering conditions 249
triggers 84
trip wires 187
triple modular redundancy 272
tripping opening mechanisms 187
trivial detections 251
trivial to restore 226
Trojan horse 162 270 320
Trojan horse detectors 270
Trojan horse scanner 162
Trojan horses 89 320
truck 57
true and reliable 44
true costs 163
true state 109
truly general purpose 319
truly separated systems 316
trunk 306
trust 49 50 51 92 93 138 141 175 191 195 197 202 221 300 318 320 321 332
trust across domains 321
trust and reputation 320
trust control architecture 300
trust do not 321
trust has emerged 320
trust in insiders 92
trust jobs 51
trust levels 195
trust mechanisms 318
trust models 175 197 320
trust related behavior 92
trust relationship 138
trusted 63 72 92 124 152 175 176 177 188 195 196 249 269 271 309 315 316 317 318 320 323 324 326
trusted certificate providers 320
trusted computer system 175 177 316
trusted computer systems 315
trusted computing 176 188 196 309 317
trusted computing bases 188
trusted computing group 176 196 309 317
trusted infrastructure 152
trusted insider abuse 124
trusted network guards 323
trusted parties 318
trusted platform module 196 317
trusted system 269
trusted systems 271 316 320 323 324 326
trusted third parties 318
trusted user 316
trusted users 315
trusting trust 320
trusts 321
trustworthiness 92 321
trustworthy 92 195 320
trustworthy certificate authorities 195
trustworthy people 92
truth 44 45
tsunami 185
tsunamis 70 98
Tuft 306
tune the attack 257
tuned during operation 62
tuned to mitigation 100
tunnel 186
tunneled 206
tunnels 89 188 326
Turing 320 323
Turing award 320
Turing capability 323
turn keys simultaneously 273
turnover 116
tusk 306
tutelage 135
twice a year 128
two data center 290
two data centers 289
two different inputs 325
two dimensional space 18 283
two factors 280
two independent operators 273
two of eight 262
two step process 180
type classes 51
type errors 142
type of content 45
type of industry 47
types of businesses 37
types of content 206
types of destruction 226
types of devices 89
types of enterprise 9
types of interfaces 206
types of life 117
types of risks 46
typical access control 245 269
typical annual costs 166
typical approaches 310
typical attack 257
typical backup regimens 225
typical budget numbers 163 298
typical centralized cost 165
typical CIO 107
typical CISO 114 130 171
typical data center 228
typical enterprise governance 76
typical enterprise hierarchy 76
typical experience levels 101
typical funding 51
typical groups 129
typical IPPA 168
typical logical barrier 188
typical overall separation 115
typical personal computers 63
typical printouts 227
typical protection mechanisms 24
typical protective mechanisms 63
typical security awareness 165
typical system 244
typical targets 50
typical technical expert 144
typical threat 51
typified by moats 186
typified by proximity 222
typified by work 137
typing 227
Ullman 319
ultimate authority 305
ultimate dispositions 118
ultimate objective 305
unacceptable harm 133
unaltered original information 193
unanticipated consequences 54
unauthorized 28 100 174 194 236 259 270 275 304
unauthorized change 174
unauthorized changes 28 174 194
unauthorized individuals 28 259
unauthorized people 304
unauthorized personnel 100
unauthorized steganography program 275
unauthorized syntax 270
unauthorized use 236
unavailable 46 145 196 214 224 232 243
unaware 88
unbreakable cryptosystem 315
unbroken 318
unbudgeted 166
uncertain and complex 247
uncertainty 181 308
uncircumventable 180
uncontrolled change 23
uncouth 153
uncovered contextual information 199
uncovered failures 176
uncovered over time 68
undecidability 309 323
undecidable 63 250 272 319
under access control 271
under benign circumstances 217
under better control 237
under change control 64 88 122
under closer scrutiny 61
under contract 315
under control 11 110 129 252
under emergency conditions 193
under examination 273
under floors 187
under flux 43
under force 207
under harsh assumptions 173
under high load 190
under identified environmental conditions 309
under laws 64
under life cycle 231
under life cycles 91
under load conditions 223
under malicious attack 63 238
under management 310
under partial orderings 319
under perception management 326
under proper control 155
under proper controls 272
under proper identification 186
under Sarbanes Oxley 242
under scrutiny 324
under sea systems 200
undergraduate programs 4
underground 186
underlie all protection 325
underlying background checks 320
underlying business functions 55
underlying database files 181
underlying infrastructures 19
underlying issues 196
underlying mechanisms 196
underlying model 199
underlying phenomena 47
underlying techniques 327
underlying use control 178
underneath 111
underpinnings 173
understand 12 14 20 21 26 29 30 32 33 55 62 70 92 101 102 104 113 121 131 133 138 141 142 144 158 199 204 247 267 268 286 289 303 313
understandable 17 44 257
understanding 8 10 12 13 30 32 33 69 93 94 100 101 110 112 113 116 117 126 127 128 132 134 136 139 142 153 154 161 163 186 187 197 203 256 276 277 285 290 293 304 313 314 321 324 325 326 327
understood and agreed 242
understood physical mechanisms 309
undertaken strategic decisions 276
undertaking 37 57
undesirable 30 136 137 204 214 224
undesirable information 137
undesirable state changes 204
undesired consequence 22
undesired legal status 150
undesired responses 251
undesired side effects 204
undetected incidents 94 127
undo 238
undone 258 263
undue 281
undue influence 281
unduly disrupt 143
unduly influence 122
unduly offending 145
unethical 241
unfairly 146
unfavorable presentation 284
unfettered access 108
unfettered meetings 108
unforgeable 180
unfortunately 47 101 121 183 196 242 246 251 257 303 308 320
unhappy 146
unified 187 307 313 315 316
unified archiving 313
unified exposition 315
unified mathematical framework 316
uniform 149 152 242 266 322
uniform process 149
uniform security service 322
unintended consequences 175
unions 152
unique content 9
unique documentation 85
unique protection requirements 90
unique tag 190
United States 74 82 97 150 202 230
Universal Coordinated Time 200
Universal Serial Bus 179
unix 89 269 322
unknown actuarial nature 58
unless 13 33 43 45 47 54 64 66 103 110 111 131 155 156 180 196 202 214 221 224 238 252 254 273 280 288 311 320
unlicensed software 310
unlimited flexibility 254
unlimited numbers 94
unlimited purposes 250
unlock content 326
UNMET 163
unmitigated 94
unmounting 232
unnatural barriers 186
unnatural disasters 185
unnecessarily complicated 75
unnecessarily vulnerable systems 96
unnecessary friction 80 143
unnecessary production 139
unnecessary redundancy 118
unpatched 96
unpleasant security 157
unprogrammed decision making 327
unrelated changes 193
unrelated data transforms 223
unreliable components 317
unsecured office space 161
unsolvable 323
untenable 173
untrusted source 318
untrustworthy 324
unusable 228
unused computer time 247
unusual breakdown 324
unusual circumstances 187
unusual hours 272
unusual situations 250
unverified data 221
unwritten rules 131 133
unwritten social rules 133
update 68 112 163
updated 34 47 82 96 126 128 212 246
updates 68 212 234
updating 30
upgrades 217
uphill battle 131
upon a time (once) 306
upper management 44
UPS 159 252
urgent decisions 276
urgent time frame 168
URL 322
usage 10 192 202 273 277 313
usage patterns 202
USB 179 227 228
USB authentication 179
USB drives 228
USB storage 227
use a name 233
use and accountability 13
use and acts 179
use and detection 273
use and verification 119
use appropriate functions 245
use backbones 90
use control 14 22 29 63 70 166 174 178 179 180 182 207 210 215 231 292 299 304 332
use data 223 239 329
use hierarchy 73
use is critical 179 239
use is limited 182
use is problematic 239
use mechanism 326
use mechanisms 65
use power wisely 136
use programs 194 239
use refuse 192
use restrictions 210
use use control 332
use without disclosure 137
use-based compartments 182
used computers 219
user 22 71 88 89 90 102 165 166 176 179 180 188 191 192 196 206 221 222 223 227 232 233 235 243 244 248 253 259 261 265 268 269 274 316 318 323
user access 265
user clearance 222
user community 196
user context 221
user identification 268
user identities 244 259 318
user identity 88 180 261 323
user interfaces 89
user knowledge 179
user name 191
user process behavior 274
user reporting 253
user reports 253
user request 235
user requests 235
users 12 24 29 54 60 76 78 82 128 179 195 196 202 205 222 233 243 244 249 255 269 274 315 318 321 326 327
uses 9 18 30 32 56 68 80 91 105 112 135 149 157 178 179 181 201 203 205 224 237 239 241 245 249 275 283 308 320 325 326
UTC 200
utilities 59 189
utility access 292
utility of content 16 21 22 23 25 61 170 174 293 303
utility of information 70
utility testing 87
vacation 91 212
vacations 212
valid approaches 52
valid classes 183
valid password 323
validate 160 168 175 203 205 262 263
validate identity 205
validate risk 160
validated for syntax 239
validated risks 309
validated threats 308
validation 175 183 206 220 239 262 301 332
validation of data 239
validation of queries 183
validation of use 175
validation processes 206 220
validation processes or 206
validation state machine 183
validation vulnerabilities 332
valuable content 314
valuation 30
valued applications 239
valued consequence 50
valued content 188 189
valued data 230
valued decisions 277 278
valued information 227 258
valued systems 53 87 125 159 217 250 268
valued targets 90 325
valued transaction 192
valued transactions 192 319
valve 272
vandals 52
variant password 261
variant tokens 236
varied algorithms 314
variety of control 86
variety of information 209
variety of methods 265
variety of sources 131
variety of techniques 128
varying punishments 131
varying requirements 97
varying surety 274
vast distances 54
vault 57
vehicles 314
vendor 113 278 285
vendor management 113
vendors 52 165 198 207
Venema 322
verifiable controls 224
verification 51 84 87 91 103 115 119 175 183 193 211 216 218 221 238 239 258 259 260 263 319
verification of awareness 103
verification of lifestyle 51
verification of resume 211
verification of syntax 238
verifications of content 175
verify content 175
verify work 260
verifying risk management 68
vested interests 143
viable alternatives 304
viable options 276
viable removable media 232
viable response strategy 254
victim 251
video display 326
video paths 206
video tapes 40
view content 326
view protection 173
vilified and terminated 276
violate a promise 5
violate policies 150 152
violate protection policies 149
violate restraint 208
violate the process 179
violation of licensing 310
violation of policies 131
violations of law 96
violations of laws 97 149
violations of policy 149
violations of terms 149
violations privacy laws 119
viral sets 323
viral spread 323
virtual communications layer 195
virtual local area network 188 269
virtual private networks 188 270 326
virus 56 95 96 164 165 175 177 189 270 272 280 309 316 317 326
virus attack 177
virus defense 280
virus detectability 316
virus detection 189 309 326
virus detectors 270
viruses 5 54 63 89 95 175 177 246 275 280 309 316 317 320 323
viruses and worms 89
Visa credit card 58
visibility 21
visitors 149
visual indicators 140
vital component 174
vital fiche 229
VLAN 269
VLANs 177 188
voice 90 104 206
voice data 206
voice mails 104
voice over internet protocol (VOIP) 90
volcanoes 98 185
Von Neumann 317
votes 283
voting systems 261
VPN 188
VPNs 188 270 326
vulnerabilities 10 17 46 53 59 68 69 88 113 122 147 168 236 238 240 242 243 253 256 267 295 308 314 332
vulnerabilities and consequences 10 46 88
vulnerabilities and control 88
vulnerabilities continue today 314
vulnerability 51 53 60 122 160 240 316
vulnerability analysis 53
vulnerability assessment 53 122
vulnerability assessments 53
vulnerability assurance 160
vulnerability scans 122
vulnerability testing 60
vulnerable systems 96
walk-ins 186
walk-out 313
wall paint 237
walls 173 184 186 187 267 283
walls and doors 187
wandering hermits 306
war 57 277 325
war protests 325
war zones 57
war zones or 57
Ware 315
warehouse fire 39
warehouses and storefronts 28
warehousing inventory 314
warfare 5 6 324
warm standby 234
warning 3 285
warnings 51 125
warriors 52
wars 287 325
waste of time 158
waste the time 115
wasted bandwidth 253
wasteful 13
wastes time 115
water 6 47 185 186 272
Waterman 327
watermarking 175 317
watermarks 317
wave forms 312
weakness 53
weaknesses 53 88 198 254
wealth table 51
weapons systems 65
weather 46 48 70 185 221 222
Web 37 63 96 97 151 181 195 196 235 244 300 314 332
Web server 181 244
Web services 195 235 300 332
Web site 37 96 97
weekend 109
weekly 226 256
weight of influence 138
weighted average 160
weighting program elements 160
well practiced plan 94
well protected 236 289
whistle blowers 52
White 321
wholesale 33 63 208
wholesalers 28
wholly owned subsidiaries 117
widespread adoption 311
widespread damage 56
widespread publication 242
widespread standard 58
WiFi 237 238
wind 146
Windows operating systems 89
Wing 223
winter related infrastructure 287
wire access 238
wire closets 124
wired infrastructure 237
wired media 237
wireless 237 311 313
wireless access device 313
wireless networking 311
wires 8 54 186 187 238
wiring 8 124 235 260
withholding information 144
withstand different threats 191
women 210
work areas 93
work around 263
work environment 102
work flow 11 28 259 260 261 262 263 266 281 292 301 318 332
work flow controls 11
work flow documentation 262 301
work flow mechanisms 292 318
work flow process 281
work flow requirements 262
work flow results 28
work flow system 261 262 263
work flow systems 259 260 263 266
work flows 12 28 199 259 260 261 262 263 275 301
work force 201
work load 259 315
work roles 137
work rules 149 150
worker checks 50
worker monitoring 152
worker profiles 70
worker tasking 72
workflows 318
workload 214 241
workplace accidents 41
workspace 105
workstations 90
World banking regulations 40
World Trade Center 325
World war 277
World Wide Web 195
worm 231 232
worms 89 95
worst case loss 58
wrapper 196 322
wrapper network monitoring 322
wrapper technologies 196
wrappers 196 300 332
write 6 12 29 171 228 231
written contracts 40
written permission 3
written record 13
written rules 133
wrong assumptions 23
wrong doing 311
wrong output 325
wrong prices 32
wrongful discharge 149
XACML 321
York 327
your address 224
your answer 172
your approach 197
your background 8
your children 3
your communication 172
your credibility 135
your effort 142
your efforts 142
your enterprise 95 162
your goal 142
your head 280
your intrusion detection 323
your life 33
your list 172
your mail 224
your new approach 197
your response 197
your responses 172
your site 97
your time 285
your understanding 8
zip codes 221
zone 55 123 200
zones 24 57 89 95 123 185 187 189 259 268 270 292 299 321 324 332
zones control content 321
zoning 95 122 123 130 157 158 198 201 216 222 255 297 332
zoning board 123 157 255 332
zoning boards 123 130 297
zoning policies 122 123 201 216 222
zoning process 158
zoning strategy 198