[bib-1] 2009). http://technet.microsoft.com/en-us/library/cc700808.aspx (accessed May 16, 2010).
and "Core PKI Services: Authentication, Integrity, and Confidentiality" (Microsoft TechNet,[bib-2] Understanding PKI: Concepts, Standards, and Deployment Considerations, 2nd ed. New York: Addison-Wesley Professional, 2002.
, and[bib-3] Unauthorised Access: Physical Penetration Testing for IT Security Teams. Hoboken, NJ: John Wiley & Sons, 2009.
[bib-7] Bosworth,Seymour, M. E.Kabay, and EricWhyne, eds. Computer Security Handbook, 5th ed. Hoboken, NJ: John Wiley & Sons, 2009.
[bib-8] PKI: Implementing & Managing E-Security. Berkeley, CA: McGraw-Hill/Osborne Media, 2001.
, , and[bib-9] IT Architectures and Middleware: Strategies for Building Large, Integrated Systems. 2nd ed. Indianapolis: Addison-Wesley Professional, 2004.
, and[bib-14] "FFIEC Releases Guidance on Authentication in Internet Banking Environment" (FFIEC.gov, Press Releases section, October 12, 2005). http://www.ffiec.gov/press/pr101205.htm (accessed April 14, 2010).
[bib-15] "From Paper to an eSystem" (Anglican Care, 2002). http://www.health.gov.au/internet/main/publishing.nsf/Content/5FBB0710ED516DFBCA25714C001FC70E/$File/cs10.pdf (accessed April 30, 2010).
[bib-17] Inside Network Security Assessment: Guarding Your IT Infrastructure. Indianapolis: Sams, 2005.
, and[bib-19] In CISSP All-in-One Exam Guide, Third Edition. New York: McGraw-Hill/Osborne Media, 2005, 587-683.
"Cryptography."[bib-20] "Information Security Frame Set" (Federal Financial Institutions Examination Council [FFIEC] IT Handbook InfoBase, n.d.). http://www.ffiec.gov/ffiecinfobase/html_pages/infosec_book_frame.htm (accessed April 20, 2010).
[bib-21] Institute of Electrical and Electronics Engineers (IEEE). http://www.ieee.org/index.html (accessed April 11 and 14, 2010).
[bib-22] International Organization for Standardization (ISO). http://www.iso.org/iso/home.htm (accessed April 14, 2010).
[bib-23] Internet Engineering Task Force (IETF) Web site. http://www.ietf.org/ (accessed April 14, 2010).
[bib-24] "Introduction to RBAC" (HISSA, January 9, 1995). http://hissa.ncsl.nist.gov/rbac/paper/node1.html (accessed April 11, 2010).
[bib-25] 2000). http://www.mekabay.com/overviews/hexad_ppt.zip (accessed May 15, 2010).
"The Parkerian Hexad" (Norwich University, School of Business & Management,[bib-27] "Kerberos: The Network Authentication Protocol" (MIT, April 8, 2010). http://web.mit.edu/Kerberos/ (accessed April 11, 2010).
[bib-28] Introduction to Network Security (Networking Series), 1st ed. Rockland, MA: Charles River Media, 2006.
[bib-30] The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments. Boca Raton, FL: Auerbach Publications, 2005.
[bib-31] 2001). http://news.cnet.com/2100-1001-254586.html&tag=tp_pr (accessed May 16, 2010).
"Microsoft Warns of Hijacked Certificates" (CNET News Technology News, March 22,[bib-32] Network Security Assessment: From Vulnerability to Patch. Burlington, MA: Syngress, 2006.
, , and[bib-33] Network Analysis, Architecture, and Design, Third Edition (The Morgan Kaufmann Series in Networking). San Francisco: Morgan Kaufmann, 2007.
[bib-35] The Art of Deception: Controlling the Human Element of Security. Somerset, NJ: John Wiley & Sons, 2003.
, and and[bib-36] "National Information Assurance (IA) Glossary," CNSS Instruction No. 4009 (Committee on National Security Systems, April 26, 2010). http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf (accessed May 15, 2010).
[bib-37] National Institute of Standards and Technology (NIST). http://www.nist.gov/index.html (accessed April 11, 2010).
[bib-39] Privacy Rights Clearinghouse: California Identity Theft Laws. http://www.privacyrights.org/ar/ITLawsCA.htm
[bib-40] Requirement, Legal. "NIST.gov-Computer Security Division-Computer Security Resource Center." NIST.gov-Computer Security Division-Computer Security Resource Center. http://csrc.nist.gov/ (accessed April 14, 2010).
[bib-41] "RFC 1492—An Access Control Protocol, Sometimes Called TACACS" (Internet FAQ Archives, July 1993). http://www.faqs.org/rfcs/rfc1492.html (accessed April 27, 2010).
[bib-42] "RFC 1994—PPP Challenge Handshake Authentication Protocol (CHAP)" (Internet FAQ Archives, August 1996). http://www.faqs.org/rfcs/rfc1994.html (accessed April 27, 2010).
[bib-43] "RFC 2138—Remote Authentication Dial In User Service (RADIUS)" (Internet FAQ Archives, April 1997). http://www.faqs.org/rfcs/rfc2138.html (accessed April 27, 2010).
[bib-44] "RFC 2284—PPP Extensible Authentication Protocol (EAP)" Internet FAQ Archives, March 1998). http://www.faqs.org/rfcs/rfc2284.html (accessed April 27, 2010).
[bib-45] "RFC 2637 (rfc2637)—Point-to-Point Tunneling Protocol (PPTP)" Internet FAQ Archives, July 1999). http://www.faqs.org/rfcs/rfc2637.html (accessed April 27, 2010).
[bib-46] "RFC 4120—The Kerberos Network Authentication Service (V5)" (IETF Tools, July 2005). http://tools.ietf.org/html/rfc4120 (accessed April 11, 2010).
[bib-48] Incident Response: A Strategic Guide to Handling System and Network Security Breaches. Indianapolis, IN: New Riders Publishing, 2001.
, and[bib-49] "TACACS+ and RADIUS Comparison" (Cisco Systems, January 14, 2008). http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml (accessed April 27, 2010).
[bib-50] Sun Tzu: The Art of War for Managers; 50 Strategic Rules. Cincinnati, OH: Adams Media, 2010.
and[bib-51] "U.S. Coast Guard, Hawaii Improve Port Safety, Security and Commerce Through CIBER's Web-Based System" (CIBER, n.d.). http://www.ciber.com/ciber_overview/stories/search_results_single.cfm?id=coastguard (accessed May 15, 2010).
[bib-55] Techno Security's Guide to Securing SCADA: A Comprehensive Handbook on Protecting the Critical Infrastructure. Burlington, MA: Syngress, 2008.
, et al.[bib-56] Professional Penetration Testing: Creating and Operating a Formal Hacking Lab. Burlington, MA: Syngress, 2009.