Computer Security Handbook, Set E-Book
173,99 €
Mehr erfahren.
- Herausgeber: John Wiley & Sons
- Kategorie: Wissenschaft und neue Technologien
- Sprache: Englisch
Computer security touches every part of our daily lives from our computers and connected devices to the wireless signals around us. Breaches have real and immediate financial, privacy, and safety consequences. This handbook has compiled advice from top professionals working in the real world about how to minimize the possibility of computer security breaches in your systems. Written for professionals and college students, it provides comprehensive best guidance about how to minimize hacking, fraud, human error, the effects of natural disasters, and more. This essential and highly-regarded reference maintains timeless lessons and is fully revised and updated with current information on security issues for social networks, cloud computing, virtualization, and more.
Sie lesen das E-Book in den Legimi-Apps auf:
Seitenzahl: 5034
Veröffentlichungsjahr: 2014
Ähnliche
COMPUTER SECURITY HANDBOOK
Sixth Edition Volume 1
Edited by
SEYMOUR BOSWORTH
MICHEL E. KABAY
ERIC WHYNE
Cover image: ©iStockphoto.com/Jimmy Anderson Cover design: Wiley
Copyright © 2014 by John Wiley & Sons, Inc. All rights reserved.
Published by John Wiley & Sons, Inc., Hoboken, New Jersey.
Previous Edition: Computer Security Handbook, Fifth Edition. Copyright © 2009 by John Wiley & Sons, Inc. All Rights Reserved. Published by John Wiley & Sons, Inc., Hoboken, New Jersey.
Published simultaneously in Canada.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600, or on the Web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.
For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
Library of Congress Cataloging-in-Publication Data
Computer security handbook / [edited by] Seymour Bosworth, Michel E. Kabay, Eric Whyne. – Sixth edition. volumes cm Includes index. ISBN 978-1-118-13410-8 (vol. 1 : pbk.) – ISBN 978-1-118-13411-5 (vol. 2 : pbk.) – ISBN 978-1-118-12706-3 (2 volume set : pbk.); ISBN 978-1-118-85174-6 (ebk); ISBN 978-1-118-85179-1 (ebk) 1. Electronic data processing departments–Security measures. I. Bosworth, Seymour. II. Kabay, Michel E. III. Whyne, Eric, 1981– HF5548.37.C64 2014 658.4′78–dc23
2013041083
CONTENTS
PREFACE
ACKNOWLEDGMENTS
ABOUT THE EDITORS
ABOUT THE CONTRIBUTORS
A NOTE TO THE INSTRUCTOR
PART I FOUNDATIONS OF COMPUTER SECURITY
Chapter 1 Brief History and Mission of Information System Security
1.1 Introduction to Information System Security
1.2 Evolution of Information Systems
1.3 Government Recognition of Information Assurance
1.4 Recent Developments
1.5 Ongoing Mission for Information System Security
1.6 Notes
Chapter 2 History of Computer Crime
2.1 Why Study Historical Records?
2.2 Overview
2.3 1960s and 1970s: Sabotage
2.4 Impersonation
2.5 Phone Phreaking
2.6 Data Diddling
2.7 Salami Fraud
2.8 Logic Bombs
2.9 Extortion
2.10 Trojan Horses
2.11 Notorious Worms and Viruses
2.12 Spam
2.13 Denial of Service
2.14 Hacker Underground
2.15 Industrial Espionage
2.16 Concluding Remarks
2.17 Further Reading
2.18 Notes
Chapter 3 Toward a New Framework for Information Security
1.
3.1 Proposal for a New Information Security Framework
3.2 Six Essential Security Elements
3.3 What the Dictionaries Say about the Words We Use
3.4 Comprehensive Lists of Sources and Acts Causing Information Losses
3.5 Functions of Information Security
3.6 Selecting Safeguards Using a Standard of Due Diligence
3.7 Threats, Assets, Vulnerabilities Model
3.8 Conclusion
3.9 Further Reading
Chapter 4 Hardware Elements of Security
4.1 Introduction
4.2 Binary Design
4.3 Parity
4.4 Hardware Operations
4.5 Interrupts
4.6 Memory and Data Storage
4.7 Time
4.8 Natural Dangers
4.9 Data Communications
4.10 Cryptography
4.11 Backup
4.12 Recovery Procedures
4.13 Microcomputer Considerations
4.14 Conclusion
4.15 Hardware Security Checklist
4.16 Further Reading
Chapter 5 Data Communications and Information Security
5.1 Introduction
5.2 Sampling of Networks
5.3 Network Protocols and Vulnerabilities
5.4 Standards
5.5 Internet Protocol (IP)
5.6 Transmission Control Protocol (TCP)
5.7 User Datagram Protocol
5.8 TCP/IP Supervisory Standards
5.9 Application Standards
5.10 Concluding Remarks
5.11 Further Reading
5.12 Notes
Chapter 6 Local Area Network Topologies, Protocols, and Design
6.1 Overview
6.2 LAN Topology
6.3 Media
6.4 Media Access Control
6.5 LAN Protocols and Standards
6.6 Interconnection Devices
6.7 Network Operating Systems
6.8 Summary
6.9 Further Reading
6.10 Notes
Chapter 7 Encryption
7.1 Introduction to Cryptography
7.2 Basic Cryptography
7.3 DES and Modern Encryption
7.4 Public Key Encryption
7.5 Practical Encryption
7.6 Beyond RSA and DES
7.7 Steganography
7.8 Further Reading
7.9 Notes
Chapter 8 Using a Common Language for Computer Security Incident Information
8.1 Introduction
8.2 Why a Common Language Is Needed
8.3 Development of the Common Language
8.4 Computer Security Incident Information Taxonomy
8.5 Additional Incident Information Terms
8.6 How to Use the Common Language
8.7 Notes
Chapter 9 Mathematical Models of Computer Security
9.1 Why Models Are Important
9.2 Models and Security
9.3 Models and Controls
9.4 Classic Models
9.5 Other Models
9.6 Conclusion
9.7 Further Reading
9.8 Notes
Chapter 10 Understanding Studies and Surveys of Computer Crime
10.1 Introduction
10.2 Basic Research Methodology
10.3 Summary
10.4 Further Reading
10.5 Notes
Chapter 11 Fundamentals of Intellectual Property Law
11.1 Introduction
11.2 The Most Fundamental Business Tool for Protection of Technology Is the Contract
11.3 Proprietary Rights and Trade Secrets
11.4 Copyright Law and Software
11.5 Digital Millennium Copyright Act
11.6 Circumventing Technology Measures
11.7 Patent Protection
11.8 Piracy and Other Intrusions
11.9 Other Tools to Prevent Unauthorized Intrusions
11.10 Open Source
11.11 Application Internationally
11.12 Recent Developments in Intellectual Property Law
218
11.13 Concluding Remarks
11.14 Further Reading
11.15 Notes
PART II THREATS AND VULNERABILITIES
Chapter 12 The Psychology of Computer Criminals
12.1 Introduction
12.2 Self-Reported Motivations
12.3 Psychological Perspectives on Computer Crime
12.4 Social Distance, Anonymity, Aggression, and Computer Crime
12.5 Individual Differences and Computer Criminals
12.6 Ethics and Computer Crime
12.7 Classifications of Computer Criminals
12.8 Recommendations
12.9 Further Reading
12.10 Notes
Chapter 13 The Insider Threat
13.1 Introduction
13.2 Threats from Insiders
13.3 Mitigating the Insider Threat
13.4 Concluding Remarks
13.5 Further Reading
13.6 Notes
Chapter 14 Information Warfare
14.1 Introduction
14.2 Vulnerabilities
14.3 Goals and Objectives
14.4 Sources of Threats and Attacks
14.5 Weapons of Cyberwar
14.6 Defenses
14.7 Summary
14.8 Further Reading
14.9 Notes
Chapter 15 Penetrating Computer Systems and Networks
15.1 Multiple Factors Involved in System Penetration
15.2 Nontechnical Penetration Techniques
15.3 Technical Penetration Techniques
15.4 Political and Legal Issues
15.5 Summary
15.6 Further Reading
15.7 Notes
Chapter 16 Malicious Code
16.1 Introduction
16.2 Malicious Code Threat Model
16.3 Survey of Malicious Code
16.4 Detection of Malicious Code
16.5 Prevention of Malicious Code Attacks
16.6 Conclusion
16.7 Further Reading
16.8 Notes
Chapter 17 Mobile Code
17.1 Introduction
17.2 Signed Code
17.3 Restricted Operating Environments
17.4 Discussion
17.5 Summary
17.6 Further Reading
17.7 Notes
Chapter 18 Denial-of-Service Attacks
18.1 Introduction
18.2 History of Denial-of-Service Attacks
18.3 Costs of Denial-of-Service Attacks
18.4 Types of Denial-of-Service Attacks
18.5 Specific Denial-of-Service Attacks
18.6 Preventing and Responding to Denial-of-Service Attacks
18.7 Distributed Denial-of-Service Attacks
18.8 Denial-of-Service Using Exploitable Software
18.9 Defenses against Distributed Denial-of-Service Attacks
18.10 Management Issues
18.11 Further Reading
18.12 Notes
Chapter 19 Social-Engineering and Low-Tech Attacks
19.1 Introduction
19.2 Background and History
19.3 Social-Engineering Methods
19.4 The Psychology of Social Engineering
19.5 Dangers of Social Engineering and its Impact on Businesses
19.6 Detection
19.7 Response
19.8 Defense and Mitigation
19.9 Concluding Remarks
19.10 Notes
Chapter 20 Spam, Phishing, and Trojans: Attacks Meant To Fool
20.1 Unwanted Email and Other Pests: A Security Issue
20.2 Email: An Anatomy Lesson
20.3 3 Spam Defined
20.4 Fighting Spam
20.5 Phishing
20.6 Trojan Code
20.7 Concluding Remarks
20.8 Further Reading
20.9 Notes
Chapter 21 Web-Based Vulnerabilities
21.1 Introduction
21.2 Breaking E-Commerce Systems
21.3 Case Study of Breaking an E-Business
21.4 Web Application System Security
21.5 Protecting Web Applications
21.6 Components and Vulnerabilities in E-Commerce Systems
21.7 Summary
21.8 Further Reading
21.9 Notes
Chapter 22 Physical Threats to the Information Infrastructure
22.1 Introduction
22.2 Background and Perspective
22.3 Threat Assessment Process
22.4 General Threats
22.5 Workplace Violence and Terrorism
22.6 Other Threat Situations
22.7 Confidential Threat Information
22.8 Summary
22.9 Further Reading
22.10 Notes
PART III PREVENTION: TECHNICAL DEFENSES
Chapter 23 Protecting the Physical Information Infrastructure
23.1 Introduction
23.2 Security Planning and Management
23.3 Strategic Planning Process
23.4 Elements of Good Protection
23.5 Other Considerations
23.6 Access Control
23.7 Surveillance Systems
23.8 Facilities Design
23.9 Mitigating Specific Threats
23.10 Completing the Security Planning Process
23.11 Further Reading
23.12 Notes
Chapter 24 Operating System Security
24.1 Information Protection and Security
24.2 Requirements for Operating System Security
24.3 Protection Mechanisms
24.4 File Sharing
24.5 Trusted Systems
24.6 Windows 2000 Security
24.7 Further Reading
24.8 Notes
Chapter 25 Local Area Networks
25.1 Introduction
25.2 Policy and Procedure Issues
25.3 Physical Site Security
25.4 Physical Layer Issues
25.5 Network Operating System Issues
25.6 Conclusion
25.7 Further Reading
25.8 Notes
Chapter 26 Gateway Security Devices
26.1 Introduction
26.2 Basic Concepts and Terminology
26.3 Network-Security Mechanisms
26.4 Deployment
26.5 Management and Monitoring Strategies
26.6 Maintenance
26.7 Disaster Recovery
26.8 Network-Security Device Evaluation
26.9 Concluding Remarks
26.10 Further Reading
Chapter 27 Intrusion Detection and Intrusion Prevention Devices
27.1 Security behind the Firewall
27.2 Main Concepts
27.3 Intrusion Prevention
27.4 Information Sources
27.5 Analysis Schemes
27.6 Response
27.7 Needs Assessment and Product Selection
27.8 Conclusion
27.9 Further Reading
27.10 Notes
Chapter 28 Identification and Authentication
28.1 Introduction
28.2 Four Principles of Authentication
28.3 Password-Based Authentication
28.4 Token-Based Authentication
28.5 Biometric Authentication
28.6 Cross-Domain Authentication
28.7 Relative Costs of Authentication Technologies
28.8 Conclusions
28.9 Summary
28.10 Further Reading
28.11 Notes
Chapter 29 Biometric Authentication
29.1 Introduction
29.2 Importance of Identification and Verification
29.3 Fundamentals and Applications
29.4 Types of Biometric Technologies
29.5 Types of Errors and System Metrics
29.6 Disadvantages and Problems
29.7 Recent Trends in Biometric Authentication
29.8 Summary and Recommendations
29.9 Further Reading
29.10 Notes
Chapter 30 E-Commerce and Web Server Safeguards
30.1 Introduction
30.2 Business Policies and Strategies
30.3 Rules of Engagement
30.4 Risk Analysis
30.5 Operational Requirements
30.6 Technical Issues
30.7 Ethical and Legal Issues
30.8 Summary
30.9 Further Reading
30.10 Notes
Chapter 31 Web Monitoring and Content Filtering
31.1 Introduction
31.2 Some Terminology
31.3 Motivation
31.4 General Techniques
31.5 Implementation
31.6 Enforcement
31.7 Vulnerabilities
31.8 The Future
31.9 Summary
31.10 Further Reading
31.11 Notes
Chapter 32 Virtual Private Networks and Secure Remote Access
32.1 Introduction
32.2 Remote Access VPNs
32.3 Site-to-Site VPN*
32.4 Extranets
32.5 Concluding Remarks
32.6 Further Reading
32.7 Notes
Chapter 33 802.11 Wireless LAN Security
33.1 Introduction
33.2 802.11 Security Fundamentals
33.3 IEEE 802.11 Robust Security Network
33.4 Fundamental Wireless Threats
33.5 Specific Wireless Security Attacks
33.6 Mitigating Controls
33.7 Secure Enterprise Design
33.8 Security Auditing Tools.
41
33.9 Concluding Remarks
33.10 Abbreviations and Definitions
33.11 Further Reading
33.12 Notes
Chapter 34 Securing VoIP
34.1 Introduction
34.2 Regulatory Compliance
34.3 Technical Aspects of VoIP Security
34.4 Protecting the Infrastructure
34.5 Encryption
34.6 Concluding Remarks
34.7 Further Reading
34.8 Notes
Chapter 35 Securing P2P, IM, SMS, and Collaboration Tools
35.1 Introduction
35.2 General Concepts and Definitions
35.3 Peer-to-Peer Networks
35.4 Securing Instant Messaging
35.5 Securing SMS
35.6 Securing Collaboration Tools
35.7 Conclusions
35.8 Further Reading
35.9 Notes
Chapter 36 Securing Stored Data
36.1 Introduction to Securing Stored Data
36.2 Fibre Channel Weakness and Exploits
36.3 NFS Weaknesses and Exploits
36.4 CIFS Exploits
36.5 Encryption
36.6 Data Disposal
36.7 Concluding Remarks
36.8 Further Reading
36.9 Notes
Chapter 37 PKI and Certificate Authorities
37.1 Introduction
37.2 Need for Public Key Infrastructure
37.3 Public Key Certificate
37.4 Enterprise Public Key Infrastructure
37.5 Certificate Policy
37.6 Global Public Key Infrastructure
37.7 Forms of Revocation
37.8 Rekey
37.9 Key Recovery
37.10 Privilege Management
37.11 Trusted Archival Services and Trusted Time Stamps
37.12 Cost of Public Key Infrastructure
37.13 Further Reading
37.14 Notes
Chapter 38 Writing Secure Code
38.1 Introduction
38.2 Policy and Management Issues
38.3 Technical and Procedural Issues
38.4 Types of Software Errors
38.5 Assurance Tools and Techniques
38.6 Concluding Remarks
38.7 Further Reading
38.8 Notes
Chapter 39 Software Development and Quality Assurance
39.1 Introduction
39.2 Goals of Software Quality Assurance
39.3 Software Development Life Cycle
39.4 Types of Software Errors
39.5 Designing Software Test Cases
39.6 Before Going into Production
39.7 Managing Change
39.8 Sources of Bugs and Problems
39.9 Conclusion
39.10 Further Reading
Chapter 40 Managing Software Patches and Vulnerabilities
40.1 Introduction
40.2 The Importance of Patch Management
40.3 The Challenges of Patch Management
40.4 Enterprise Patch Management Technologies
40.5 Metrics and Measures
40.6 Further Reading
40.7 Notes
Chapter 41 Antivirus Technology
41.1 Introduction
41.2 Antivirus Basics
41.3 Scanning Methodologies
41.4 Content Filtering
41.5 Antivirus Deployment
41.6 Policies and Strategies
41.7 Concluding Remarks
41.8 Further Reading
Chapter 42 Protecting Digital Rights: Technical Approaches
42.1 Introduction
42.2 Software-Based Antipiracy Techniques
42.3 Hardware-Based Antipiracy Techniques
42.4 Digital Rights Management
42.5 Privacy-Enhancing Technologies
42.6 Political and Technical Opposition to DRM
42.7 Fundamental Problems
42.8 Summary
42.9 Glossary
42.10 Further Reading
42.11 Notes
PREFACE
ACKNOWLEDGMENTS
A NOTE TO THE INSTRUCTOR
PART IV PREVENTION: HUMAN FACTORS
Chapter 43 Ethical Decision Making and High Technology
43.1 Introduction: The ABCs of Computer Ethics
43.2 Awareness
43.3 Basics
43.4 Considerations
43.5 Concluding Remarks
43.6 Further Reading
Chapter 44 Security Policy Guidelines
44.1 Introduction
44.2 Terminology
44.3 Resources for Policy Writers
44.4 Writing the Policies
44.5 Organizing the Policies
44.6 Presenting the Policies
44.7 Maintaining Policies
44.8 Summary
44.9 Further Reading
44.10 Notes
Chapter 45 Employment Practices and Policies
45.1 Introduction
45.2 Hiring
45.3 Management
45.4 Termination of Employment
45.5 Summary
45.6 Further Reading
45.7 Notes
Chapter 46 Vulnerability Assessment
46.1 The Scorekeeper of Security Management
46.2 A Taxonomy of Vulnerability Assessment Technologies
46.3 Penetration Testing
46.4 Future Reading
46.5 Notes
Chapter 47 Operations Security and Production Controls
47.1 Introduction
47.2 Operations Management
47.3 Providing a Trusted Operating System
47.4 Protection of Data
47.5 Data Validation
47.6 Cloud Computing and Production Systems
47.7 Concluding Remarks
47.8 Further Reading
47.9 Notes
Chapter 48 Email and Internet Use Policies
48.1 Introduction.
1
48.2 Damaging the Reputation of the Enterprise
48.3 Threats to People and Systems
48.4 Threats to Productivity
48.5 Legal Liability
48.6 Recommendations
48.7 Concluding Remarks
48.8 Further Reading
48.9 Notes
Chapter 49 Implementing a Security-Awareness Program
49.1 Introduction
49.2 Key Concepts
49.3 Critical Success Factors
49.4 Topics
49.5 Techniques for Getting and Holding Attention
49.6 Tools
49.7 Evaluation and Metrics
49.8 Concluding Remarks
49.9 Glossary
49.10 Notes
Chapter 50 Using Social Psychology to Implement Security Policies
50.1 Introduction.1
50.2 Rationality Is Not Enough
50.3 Beliefs and Attitudes
50.4 Encouraging Initiative
50.5 Group Behavior
50.6 Technological Generation Gaps
50.7 Summary of Recommendations
50.8 Further Reading
50.9 Notes
Chapter 51 Security Standards for Products
51.1 Introduction
51.2 Importance of Standards
51.3 Types, Sources, and Examples of Standards
51.4 Product Development and Assessment Approaches
51.5 Standard Product and Services Assessment Approaches
51.6 Notes
PART V DETECTING SECURITY BREACHES
Chapter 52 Application Controls
52.1 Introduction
52.2 Systems Architecture and Design
52.3 Input and Entitlements
52.4 Databases and Underlying Data Controls
52.5 Batch Files
52.6 Data Integrity and Validation
52.7 Concluding Remarks
52.8 Further Reading
Chapter 53 Monitoring and Control Systems
53.1 Introduction
53.2 System Models
53.3 Log Management
53.4 General Logging Classes
53.5 Data Aggregation and Reduction
53.6 Notifications and Reporting
53.7 Change and Security Implications
53.8 Monitoring and Control Challenges
53.9 Summary
53.10 Further Reading
53.11 Notes
Chapter 54 Security Audits
54.1 Introduction
54.2 Addressing Multiple Regulations for Information Security
54.3 Auditing Standards
54.4 Sarbanes-Oxley Act
54.5 Technical Frameworks for IT Audits
54.6 Further Reading
54.7 Notes
Chapter 55 Cyber Investigation
1
55.1 Introduction
55.2 End-to-End Digital Investigation
55.3 Applying the Framework and EEDI
55.4 Using EEDI and the Framework
55.5 Motive, Means, and Opportunity: Profiling Attackers
55.6 Some Useful Tools
55.7 Concluding Remarks
55.8 Further Reading
55.9 Notes
PART VI RESPONSE AND REMEDIATION
Chapter 56 Computer Security Incident Response Teams1
56.1 Overview
56.2 Planning the Team
56.3 Selecting and Building the Team
56.4 Principles Underlying Effective Response to Computer Security Incidents
56.5 Responding to Computer Emergencies
56.6 Managing the CSIRT
56.7 PostIncident Activities
56.8 Concluding Remarks
56.9 Further Reading
56.10 Notes
Chapter 57 Data Backups and Archives
57.1 Introduction
57.2 Making Backups
57.3 Backup Strategies
57.4 Data Life Cycle Management
57.5 Safeguarding Backups
57.6 Disposal
57.7 Costs
57.8 Optimizing Frequency of Backups
57.9 Concluding Remarks
57.10 Further Reading
57.11 Notes
Chapter 58 Business Continuity Planning
58.1 Introduction
58.2 Defining the Goals
58.3 Performing a Business Impact Analysis
58.4 Business Impact Analysis Matrix Analysis
58.5 Justifying the Costs
58.6 Plan Presentation
58.7 Concluding Remarks
58.8 Further Reading
Chapter 59 Disaster Recovery
59.1 Introduction
59.2 Identifying Threats and Disaster Scenarios
59.3 Developing Recovery Strategies
59.4 Designing Recovery Tasks
59.5 Implementation and Readiness
59.6 Concluding Remarks
59.7 Further Reading
Chapter 60 Insurance Relief
60.1 Introduction
60.2 Intellectual Property Coverage
60.3 Property Coverage
60.4 Crime/Fidelity Coverage
60.5 E-Commerce Policies
60.6 Privacy and Identity Theft Exposures
60.7 Damages to Brand Image, Consumer Confidence
60.8 Concluding Remarks
60.9 Further Reading
60.10 Notes
Chapter 61 Working with Law Enforcement
61.1 Introduction
61.2 Guidelines
61.3 Law Enforcement Resources
61.4 Memorandum of Agreement
61.5 Handling Evidence and the Chain of Custody
61.6 Information Sharing
61.7 Conclusion
61.8 Further Reading
61.9 Notes
PART VII MANAGEMENT’S ROLE IN SECURITY
Chapter 62 Quantitative Risk Assessment and Risk Management
62.1 An Introduction to Risk Management
62.2 Objective of a Risk Assessment
62.3 Limitations of Questionnaires in Assessing Risks
62.4 A Model of Risk
62.5 Risk Mitigation
62.6 Risk-Assessment Techniques
62.7 Summary
62.8 Further Reading
62.9 Notes
Chapter 63 Management Responsibilities and Liabilities
63.1 Introduction
63.2 Responsibilities
63.3 Liabilities
63.4 Computer Management Functions
63.5 Security Administration
63.6 Concluding Remarks
63.7 Further Reading
63.8 Notes
Chapter 64 U.S. Legal and Regulatory Security Issues
64.1 Introduction
64.2 Sarbanes-Oxley Act of 2002
64.3 Gramm-Leach-Bliley Act
64.4 Examination Procedures to Evaluate Compliance with Guidelines for Safeguarding Customer Information
64.5 Concluding Remarks
64.6 Further Reading
64.7 Notes
Chapter 65 The Role of the CISO
65.1 CISO as Change Agent
65.2 CISO as Strategist
65.3 Strategy, Governance, and the Standard of Care
65.4 Summary of Actions
65.5 Recommendations for Success for CISOs
65.6 Concluding Remarks
65.7 Further Reading
65.8 Notes
Chapter 66 Developing Security Policies
66.1 Introduction
66.2 Collaborating in Building Security Policies
66.3 Phase 1: Preliminary Evaluation
66.4 Phase 2: Management Sensitization
66.5 Phase 3: Needs Analysis
66.6 Phase 4: Policies and Procedures
66.7 Phase 5: Implementation
66.8 Phase 6: Maintenance
66.9 Concluding Remarks
66.10 Further Reading
66.11 Notes
Chapter 67 Developing Classification Policies for Data
67.1 Introduction
67.2 Why Perform Data Classification?
67.3 Data Classification's Role in Information Security
67.4 Legal Requirements, Compliance Standards, and Data Classification
67.5 Designing and Implementing DC
67.6 Data Classification Solutions
67.7 Examples of Data Classification Schemas
67.8 Concluding Remarks
67.9 Further Reading
67.10 Notes
Chapter 68 Outsourcing and Security
68.1 Introduction
68.2 Why Outsource?
68.3 Can Outsourcing Fail?
68.4 Controlling the Risks
68.5 Outsourcing Security Functions
68.6 Concluding Remarks
68.7 Further Reading
68.8 Notes
PART VIII PUBLIC POLICY AND OTHER CONSIDERATIONS
Chapter 69 Privacy in Cyberspace: U.S. and European Perspectives
69.1 Introduction: Worldwide Trends
69.2 European Approaches to Privacy
69.3 United States
69.4 Compliance Models
69.5 Further Reading
69.6 Notes
Chapter 70 Anonymity and Identity in Cyberspace
70.1 Introduction
70.2 Definitions
70.3 Social Psychology of Anonymity
70.4 Balancing Rights and Duties
70.5 Systems Analysis of Anonymity
70.6 Implications and Discussion
70.7 Concluding Remarks
70.8 Summary
70.9 Further Reading
70.10 Notes
Chapter 71 Healthcare Security and Privacy
71.1 Overview/Synopsis
71.2 Motivation for Healthcare Information Privacy and Security
71.3 Healthcare Sector Threats and Vulnerabilities Landscape
71.4 Healthcare Information Protection Requirements in U.S. Laws
71.5 The HIPAA and HITECH Healthcare Information Protection Regulations
71.6 Other Public Sector Healthcare Privacy and Security Initiatives
71.7 Private Sector Healthcare Privacy and Security Initiatives
71.8 Security and Privacy Impacts of Technology Trends
71.9 Summary
71.10 Further Reading
71.11 Notes
Chapter 72 Legal and Policy Issues of Censorship and Content Filtering
72.1 Introduction
72.2 U.S. Context: First Amendment Rights
72.3 Parental Involvement/Responsibility
72.4 Summary
72.5 Further Reading
72.6 Notes
Chapter 73 Expert Witnesses and the DAUBERT Challenge
73.1 Introduction
73.2 Daubert
73.3 Whether the Daubert Challenge Is Applicable: Refining Daubert
73.4 Divided We Fall?
73.5 Being the Best You Can Be
73.6 Summary
73.7 Further Reading
73.8 Notes
Chapter 74 Professional Certification and Training in Information Assurance
74.1 Increasing Competence and Confidence in Cybersecurity Professionals
74.2 Accreditation
74.3 IA Certifications
74.4 Preparing for Security-Certification Exams
74.5 Concluding Remarks
74.6 Further Reading
74.7 Notes
Chapter 75 The Future of Information Assurance
75.1 Introduction
75.2 Complexity
75.3 Changing Posture
75.4 Some Specific Slices of the Future
75.5 New Directions
75.6 Notes
INDEX
END USER LICENSE AGREEMENT
List of Tables
Chapter 2
Exhibit 2.1 Rise and Fall in Macro Viruses in the WildList, 1996–2008
Chapter 3
Exhibit 3.1 Threats, Assets, and Vulnerabilities Model
Chapter 4
Exhibit 4.1 Common Codes for Numeral 5
Chapter 5
Exhibit 5.8 Three Standards Core Layers
Exhibit 5.9 Layered Standards Architectures
Chapter 6
Table 6.1 LAN Characteristics
Chapter 7
Exhibit 7.6 Frequency Lists for English
Exhibit 7.19 X.509 Certificate Format
Exhibit 7.22 NIST Recommended Key Sizes
Exhibit 7.23 Relative Computation Costs of Diffie-Hellman and Elliptic Curves
Chapter 20
Exhibit 20.5 Table of Prices Paid for Data Traded in the Underground Economy
47
Chapter 24
Exhibit 24.3 Typical Kernel Mode Operating System Functions
Chapter 29
Exhibit 29.1 Comparative Market Share of Biometric Technologies by 2015
Exhibit 29.2 Accuracy/Error Rates of Leading Biometric Technologies
Exhibit 29.3 Comparison of Leading Biometric Technologies
Chapter 33
Exhibit 33.1 802.11 Standards
Exhibit 33.6 TKIP Temporal Keys
Exhibit 33.7 CCMP Temporal Keys
Exhibit 33.11 802.11 Security-Auditing Software
Chapter 37
Exhibit 37.3 Symmetric versus Asymmetric Encryption
Exhibit 37.6 Trust Level Determination
Exhibit 37.7 Trust Levels and Proofing
Exhibit 37.14 Privilege Management
Chapter 54
Exhibit 54.1 Organization's Goals and Responsibilities
Exhibit 54.2 Types of SSAE 16 Audits
Exhibit 54.3 Pros and Cons for Service and User Organizations
Exhibit 54.4 Typical Annual SOX Schedule
Chapter 55
Exhibit 55.2 DFRWS Digital Investigation Framework
Exhibit 55.6 Adversarial Matrix Behavioral Characteristics
Exhibit 55.7 FBI Adversarial Matrix of Operational Characteristics
Exhibit 55.8 FBI Adversarial Matrix Resource Characteristics
Chapter 59
Exhibit 59.1 List of Threats
Exhibit 59.3 Sample Classifications of Damage
Exhibit 59.7 Strategy Overview
Chapter 61
Exhibit 61.3 Information-Sharing Example
Chapter 64
Exhibit 64.1 Eleven Titles of SOX with Descriptions
Exhibit 64.2 Recommended Evaluation Procedures
Chapter 65
Exhibit 65.1 International Standards for Information-Security Governance
Chapter 71
Exhibit 71.1 Healthcare-Related Breaches
Exhibit 71.2 Comparison of Requirements in Various Breach Notification Laws
Exhibit 71.3 Comparison of Requirements in Various Privacy Laws
Chapter 74
Exhibit 74.1 Comparison of Certification and Certificates
Chapter 75
Exhibit 75.1 Potential Adverse Events in Various Implantable Medical Devices
a
List of Illustrations
Chapter 4
Exhibit 4.2 Vertical and Longitudinal Parity, Seven-Track Magnetic Tape
Chapter 5
Exhibit 5.1 Simple Home Network
Exhibit 5.2 Unshielded Twisted Pair (UTP) Wiring Cord
Exhibit 5.3 Building LAN
Exhibit 5.4 Wide Area Networks (WANs)
Exhibit 5.5 Internet
Exhibit 5.6 Frames and Packets
Exhibit 5.7 Internet Service Providers (ISPs)
Exhibit 5.10 Physical and Data Link Layers
Exhibit 5.11 Internet- and Transport-Layer Standards
Exhibit 5.12 Internet Protocol (IP) Packet
Exhibit 5.13 IP Version 6 Packet
Exhibit 5.14 Transmission Control Protocol (TCP) Segment
Exhibit 5.15 Messages in a TCP Session
Exhibit 5.16 Multitasking Server Host and Port Numbers
Exhibit 5.17 Sockets
Exhibit 5.18 User Datagram Protocol (UDP)
Exhibit 5.19 Internet Control Message Protocol (ICMP)
Exhibit 5.20 Domain Name System (DNS) Server
Exhibit 5.21 Simple Network Management Protocol (SNMP)
Chapter 6
Exhibit 6.1 Star Topology
Exhibit 6.2 Ring Topology
Exhibit 6.3 Bus Topology
Exhibit 6.4 Star-Wired Bus
Exhibit 6.5 Star-Wired Ring
Exhibit 6.6 Bus-Wired Ring (The station identifier is shown above the station ID of the predecessor and successor stations in the logical ring.)
Exhibit 6.7 Coaxial Cable
Exhibit 6.8 Unshielded Twisted Pair
Exhibit 6.9 Optical Fiber Cable
Exhibit 6.10 IEEE versus LAN Protocol Models
Exhibit 6.11 IEEE 802.3 Frame Format
Exhibit 6.12 Ethernet II Frame Format
Exhibit 6.13 IEEE 802.5 Token and Frame Formats
Exhibit 6.14 IEEE 802.2 LLC Frame Transporting SNAP Header (which in turn indicates IEEE organization and EtherType protocol identifiers)
Exhibit 6.15 Two LANs Interconnected via a Bridge
Exhibit 6.16 Two LANs Interconnected via a Router
Exhibit 6.17 LAN Scenario
Chapter 7
Exhibit 7.1 Diagram of Cryptographic Terms
Exhibit 7.2 Message Authentication Code Using Public Key Cryptosystem
Source
: Copyright © 2008 M. E. Kabay. Used with permission.
Exhibit 7.3 Scytale in Use
Source
: Copyright © 2008 M. E. Kabay. Used with permission.
Exhibit 7.4 Code Wheels and the NSA Seal
Exhibit 7.5 Brute Force Attack on the Caesar Cipher
Exhibit 7.7 Vigenère Table
Exhibit 7.8 Diagram of XOR
Exhibit 7.9 One-Time Pad
Exhibit 7.10 Diagram of DES
Exhibit 7.11 Comparison of Private and Public Key Encryption
Exhibit 7.12 Public Key Diagram
Exhibit 7.13 Authentication with RSA
Exhibit 7.14 Combining Public and Private Key Encryption
Exhibit 7.15 SSL 3.0 in Action
Exhibit 7.16 Creating a TLS Session
Exhibit 7.17 Using a Hardware Token for Digital Signatures
Exhibit 7.18 Digital Certificate
Exhibit 7.20 X.509v3 Certificate
Exhibit 7.21 Certificate Authorities and the Root Key
Exhibit 7.24 Relationship among Time, Technology, and Protection
Exhibit 7.25 Three-Qubit System
Source:
Simon Bone and Matias Castro, “A Brief History of Quantum Computing,” Imperial College, London, www.doc.ic.ac.uk/∼nd/surprise 97/journal/vol4/spb3/.
Chapter 8
Exhibit 8.1 Computer and Network Events
Exhibit 8.2 Probe Compared to Scan
Exhibit 8.3 Computer and Network Attacks
Exhibit 8.4 Simplified Computer and Network Incident
Exhibit 8.5 Computer and Network Incident Information Taxonomy
Chapter 9
Exhibit 9.1 Example Access-Control Matrix with Two Processes and Two Files
Chapter 15
Exhibit 15.1 Poorly Configured Hotel Room Internet Connectivity
Chapter 18
Exhibit 18.1 smurf DoS Attack
Exhibit 18.2 Normal TCP 3-Way Handshake
Exhibit 18.3 TCP SYN DoS Attack
Exhibit 18.4 DDoS Phase 1
Exhibit 18.5 DDoS Phase 2
Exhibit 18.6 DDoS Phase 3
Exhibit 18.7 NIMDA Propagation Vectors
Chapter 20
Exhibit 20.1 Basic Email Protocol
Exhibit 20.2 Viewing Message Header Details in Outlook Express
Exhibit 20.3 Junk Mail Filter Controls
Exhibit 20.4 Screensaver Trojan
Chapter 21
Exhibit 21.1 Online Investing Application
Exhibit 21.2 Breaking an E-Business
Exhibit 21.3 Layered View of an E-Business Application
Exhibit 21.4 Multitier Architecture of an E-Business
Chapter 24
Exhibit 24.1 Protection Relationships between Segments
Exhibit 24.2 Example of Access-Control Structures
Exhibit 24.4 Reference Monitor Concept
Exhibit 24.5 Trojan Horse and Secure Operating Systems
Exhibit 24.6 Windows 2000 Security Structures
Exhibit 24.7 Windows 2000 Access Mask
Chapter 30
Exhibit 30.1 Trust Levels for B2C Security Services
Exhibit 30.2 Continuum of Options
Exhibit 30.3 Sibling and Nested Security Domains
Exhibit 30.4 Omega and Gamma Servers in Separate DMZs from Hypothetical's Server
Chapter 33
Exhibit 33.2 802.1X Architecture
Exhibit 33.3 RSN Security Association Management
Exhibit 33.4 802.1X Authentication to Authentication Server
Exhibit 33.5 The 4-Way Handshake To Authenticate and Establish PTK
Exhibit 33.8 TKIP Key Hierarchy
Exhibit 33.9 TKIP Algorithm in the Transmitting Client
Exhibit 33.10 TKIP Algorithm in the Receiving Client
Chapter 34
Exhibit 34.1 Packet Capture Showing RTP Packets
Chapter 37
Exhibit 37.1 Symmetric (Secret) Key Encryption
Exhibit 37.2 Asymmetric or Public Key Encryption
Exhibit 37.4 Certificate Issuance Cycle
Exhibit 37.5 Elements of a Comprehensive Certification Practice Statement
Exhibit 37.8 Trust Path through Multiple Trusting Certificate Authorities
Exhibit 37.9 Strict Hierarchical Trust Chain
Exhibit 37.10 Bridge CA
Exhibit 37.11 Trust Chain Mapping with Dissimilar Policies
Exhibit 37.12 Policy Mapping with a Bridge
Exhibit 37.13 Elements of a Key Recovery Policy
Chapter 38
Exhibit 38.1 Common Lifecycle Process
Chapter 45
Exhibit 45.1 Capabilities Matrix For Untelecom Corporation
Chapter 49
Exhibit 49.1 Awareness Metrics, continued as Exhibit 49.2
Exhibit 49.2 Awareness Metrics, continued from Exhibit 49.1
Exhibit 49.3
Exhibit 49.4 “How Valuable Is Your Data?”
Chapter 55
Exhibit 55.1 Rogers Cyber Forensics Taxonomy
Exhibit 55.3 Jones's Threat Delivery Model
Exhibit 55.4 Jones's Model Showing Motive, Means, and Opportunity
Exhibit 55.5 Types of Threat Agents and Their Motivations
Exhibit 55.9 Link Analyzer Relationship Map of Source and Destination IP Addresses
Exhibit 55.10 Map in Exhibit 55.9 Reduced through Cluster Analysis
Chapter 57
Exhibit 57.1 RAID Levels
Source
: Used with kind permission of Alan Freedman, Computer Desktop Encyclopedia (Computer Language Company, 2013), www.computerlanguage.com
Exhibit 57.2 Calculating Costs of Backup
Chapter 58
Exhibit 58.1 Corporate Preparedness
Source
: BC Management, “2003 Benchmark Study Results.”
Exhibit 58.2 Fiscal Losses Caused by Disasters
Exhibit 58.3 Disaster Threats
Exhibit 58.4 Levels of Impact and Durations
Exhibit 58.5 Phases of Recovery
Exhibit 58.6 Building and Filtering the List of Functions
Exhibit 58.7 Service Levels Mapped to Recovery Activities
Exhibit 58.8 Three Steps of Interviewing
Exhibit 58.9 Examples of High-Level Functions
Exhibit 58.10 Blank, Sample BIA Matrix
Exhibit 58.11 Departments and Functions
Exhibit 58.12 Criticality Ratings and Descriptions
Exhibit 58.13 Transformation of Criticality to Operational Impact
Exhibit 58.14 Category Assignment Curve
Exhibit 58.15 Sample BIA Matrix
Exhibit 58.16 Emphasizing Cross Departmental Functions
Exhibit 58.17 Ranking Factor View
Exhibit 58.18 Graphing the Three Measures
Exhibit 58.19 Summary of Loss Contribution
Exhibit 58.20 Cumulative Loss Summary
Exhibit 58.21 Cumulative Loss Summary With and Without Planning
Exhibit 58.22 Recovery Flow
Exhibit 58.23 Cases and Categories
Chapter 59
Exhibit 59.2 Escalation Timeline
Exhibit 59.4 Recovery Phases
Exhibit 59.5 Spread of Functions across Categories
Exhibit 59.6 Number versus Impact of Functions
Exhibit 59.8 Recovery Task Flow
Exhibit 59.9 Beginning Sequence
Exhibit 59.10 Middle Sequence, “Building Scenario”
Exhibit 59.11 End Sequence
Chapter 61
Exhibit 61.1 Activities That Should Be Reported
Exhibit 61.2 Activities That Should Not Be Reported
Chapter 62
Exhibit 62.1 The Four IT Risk-Management Activities
Exhibit 62.2 Evaluating an IT System Security Strategy
Exhibit 62.3 Jacobson's Window, A Simple Risk Model
Exhibit 62.4 The Two Inconsequential Risk Classes
Exhibit 62.5 The Spectrum of Real-World Risks
Exhibit 62.6 A Plot of Actual Threat Frequencies and Consequences © Copyright 2005 International Security Technology, Inc.
Exhibit 62.7 A Typical Risk Matrix
Exhibit 62.8 The Three Risk Zones © Copyright 2002 International Security Technology, Inc.
Exhibit 62.9 Threat Effect Factors Connect Threats and Processes, Functions, and Assets
Guide
Cover
Table of Contents
Preface
Part
Chapter
Pages
xi
xii
xiii
xiv
xv
xvi
xvii
xviii
xix
xx
xxi
xxii
xxiii
xxiv
xxv
xxvi
xxvii
xxviii
xxix
xxx
xxxi
xxxii
xxxiii
xxxiv
xxxv
xxxvi
xxxvii
xxxviii
xxxix
xxxx
I.1
I.2
1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
1.9
1.10
1.11
1.12
1.13
1.14
1.15
1.16
1.17
1.18
1.19
1.20
1.21
1.22
2.1
2.2
2.3
2.4
2.5
2.6
2.7
2.8
2.9
2.10
2.11
2.12
2.13
2.14
2.15
2.16
2.17
2.18
2.19
2.20
2.21
2.22
2.23
2.24
2.25
2.26
2.27
2.28
2.29
2.30
2.31
2.32
2.33
2.42
2.34
2.35
2.36
2.37
2.38
2.39
2.40
2.41
3.1
3.2
3.3
3.4
3.5
3.6
3.7
3.8
3.9
3.10
3.11
3.12
3.13
3.14
3.15
3.16
3.17
3.18
3.19
3.20
3.21
3.22
3.23
3.24
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
4.9
4.10
4.11
4.12
4.13
4.14
4.15
4.16
4.17
4.18
4.19
4.20
4.21
4.22
4.23
4.24
4.25
4.26
4.27
4.28
5.1
5.2
5.3
5.4
5.5
5.6
5.7
5.8
5.9
5.10
5.11
5.12
5.13
5.14
5.15
5.16
5.17
5.18
5.19
5.20
5.21
5.22
5.23
5.24
5.25
5.26
5.27
5.28
5.29
5.30
6.1
6.2
6.3
6.4
6.5
6.6
6.7
6.8
6.9
6.10
6.11
6.12
6.13
6.14
6.15
6.16
6.17
6.18
6.19
6.20
6.21
6.22
6.23
6.24
6.25
6.26
6.27
6.28
6.29
6.30
6.31
6.32
7.1
7.2
7.3
7.4
7.5
7.6
7.7
7.8
7.9
7.10
7.11
7.12
7.13
7.14
7.15
7.16
7.17
7.18
7.19
7.20
7.21
7.22
7.23
7.24
7.25
7.26
7.27
7.28
7.29
7.30
7.31
7.32
7.33
7.34
7.35
7.36
7.37
7.38
7.39
7.40
7.41
7.42
7.43
7.44
7.45
7.46
7.47
7.48
7.49
7.50
8.1
8.2
8.3
8.4
8.5
8.6
8.7
8.8
8.9
8.10
8.11
8.12
8.13
8.14
8.15
8.16
8.17
8.18
8.19
8.20
8.21
8.22
9.1
9.2
9.3
9.4
9.5
9.6
9.7
9.8
9.9
9.10
9.11
9.12
9.13
9.14
9.15
9.16
9.17
9.18
9.19
9.20
9.21
9.22
10.1
10.2
10.3
10.4
10.5
10.6
10.7
10.8
10.9
10.10
10.11
10.12
11.1
11.2
11.3
11.4
11.5
11.6
11.7
11.8
11.9
11.10
11.11
11.12
11.13
11.14
11.15
11.16
11.17
11.18
11.19
11.20
11.21
11.22
11.23
11.24
11.25
11.26
11.27
11.28
11.29
11.30
11.31
11.32
11.33
11.34
11.35
11.36
11.37
11.38
11.39
11.40
11.41
11.42
11.43
11.44
11.45
11.46
11.47
11.48
11.49
11.50
11.51
11.52
11.53
11.54
11.55
11.56
II.1
II.2
12.1
12.2
12.3
12.4
12.5
12.6
12.7
12.8
12.9
12.10
12.11
12.12
12.13
12.14
12.15
12.16
12.17
12.18
12.19
12.20
12.21
12.22
12.23
12.24
12.25
12.26
12.27
12.28
12.29
12.30
12.31
12.32
12.33
12.34
13.1
13.2
13.3
13.4
13.5
13.6
13.7
13.8
13.9
13.10
13.11
13.12
14.1
14.2
14.3
14.4
14.5
14.6
14.7
14.8
14.9
14.10
14.11
14.12
14.13
14.14
14.15
14.16
14.17
14.18
14.19
14.20
14.21
14.22
14.23
14.24
14.25
14.26
14.27
14.28
14.29
14.30
14.34
14.31
14.32
14.33
15.1
15.2
15.3
15.4
15.5
15.6
15.7
15.8
15.9
15.10
15.11
15.12
15.13
15.14
15.15
15.16
15.17
15.18
15.19
15.20
15.21
15.22
15.23
15.24
15.25
15.26
15.27
15.28
15.29
15.30
15.31
15.32
15.33
15.34
15.35
15.36
15.37
15.38
15.39
15.40
15.41
15.42
15.43
15.44
16.1
16.2
16.3
16.4
16.5
16.6
16.7
16.8
16.9
16.10
16.11
16.12
16.13
16.14
16.15
16.16
16.17
16.18
17.1
17.2
17.3
17.4
17.5
17.6
17.7
17.8
17.9
17.10
17.11
17.12
17.13
17.14
17.15
17.16
17.17
17.18
17.19
17.20
18.1
18.2
18.3
18.4
18.5
18.6
18.7
18.8
18.9
18.10
18.11
18.12
18.13
18.14
18.15
18.16
18.17
18.18
18.19
18.20
18.21
18.22
18.23
18.24
18.25
18.26
18.27
18.28
18.29
18.30
18.31
18.32
19.1
19.2
19.3
19.4
19.5
19.6
19.7
19.8
19.9
19.10
19.11
19.12
19.13
19.14
19.15
19.16
19.17
19.18
19.19
19.20
19.21
19.22
19.23
19.24
19.25
19.26
20.1
20.2
20.3
20.4
20.5
20.6
20.7
20.8
20.9
20.10
20.11
20.12
20.13
20.14
20.15
20.16
20.17
20.18
20.19
20.20
20.21
20.22
20.23
20.24
20.25
20.26
20.27
20.28
20.29
20.30
20.31
20.32
20.33
20.34
20.35
20.36
20.37
20.38
20.39
20.40
21.1
21.2
21.3
21.4
21.5
21.6
21.7
21.8
21.9
21.10
21.11
21.12
21.13
21.14
21.15
21.16
21.17
21.18
21.19
21.20
21.21
21.22
21.23
21.24
22.1
22.2
22.3
22.4
22.5
22.6
22.7
22.8
22.9
22.10
22.11
22.12
22.13
22.14
22.15
22.16
22.17
22.18
22.19
22.20
22.21
22.22
22.23
22.24
22.25
22.26
22.27
22.28
III.1
III.2
23.1
23.2
23.3
23.4
23.5
23.6
23.7
23.8
23.9
23.10
23.11
23.12
23.13
23.14
23.15
23.16
23.17
23.18
23.19
23.20
23.21
23.22
23.23
23.24
23.25
23.26
23.27
23.28
23.29
23.30
23.31
23.32
23.33
23.34
23.35
23.36
23.37
23.38
23.39
23.40
23.41
23.42
23.43
23.44
23.45
23.46
23.47
23.48
24.1
24.2
24.3
24.4
24.5
24.6
24.7
24.8
24.9
24.10
24.11
24.12
24.13
24.14
24.15
24.16
24.17
24.18
24.19
24.20
24.21
24.22
25.1
25.2
25.3
25.4
25.5
25.6
25.7
25.8
25.9
25.10
25.11
25.12
25.13
25.14
25.15
25.16
25.17
25.18
26.1
26.2
26.3
26.4
26.5
26.6
26.7
26.8
26.9
26.10
26.11
26.12
26.13
26.14
26.15
26.16
26.17
26.18
26.19
26.20
26.21
26.22
26.23
26.24
26.25
26.26
26.27
26.28
26.29
26.30
26.30
26.32
26.33
26.34
26.35
26.36
27.1
27.2
27.3
27.4
27.5
27.6
27.7
27.8
27.9
27.10
27.11
27.12
27.13
27.14
27.15
27.16
27.17
27.18
28.1
28.2
28.3
28.4
28.5
28.6
28.7
28.8
28.9
28.10
28.11
28.12
28.13
28.14
28.15
28.16
28.17
28.18
28.19
28.20
28.21
28.22
29.1
29.2
29.3
29.4
29.5
29.6
29.7
29.8
29.9
29.10
29.11
29.12
29.13
29.14
29.15
29.16
29.17
29.18
29.19
29.20
29.21
29.22
29.23
29.24
29.25
29.26
29.27
29.28
30.1
30.2
30.3
30.4
30.5
30.6
30.7
30.8
30.9
30.10
30.11
30.12
30.13
30.14
30.15
30.16
30.17
30.18
30.19
30.20
30.21
30.22
30.23
30.24
30.25
30.26
30.27
30.28
30.29
30.30
30.31
30.32
30.33
30.34
30.35
30.36
30.37
30.38
30.39
30.40
30.41
30.42
30.43
30.44
30.45
30.46
30.47
30.48
30.49
30.50
31.1
31.2
31.3
31.4
31.5
31.6
31.7
31.8
31.9
31.10
31.11
31.12
31.13
31.14
31.15
31.16
32.1
32.2
32.3
32.4
32.5
32.6
32.7
32.8
32.9
32.10
32.11
32.12
32.13
32.14
32.15
32.16
32.17
32.18
32.19
32.20
32.21
32.22
33.1
33.2
33.3
33.4
33.5
33.6
33.7
33.8
33.9
33.10
33.11
33.12
33.13
33.14
33.15
33.16
33.17
33.18
33.19
33.20
33.21
33.22
33.23
33.24
33.25
33.26
33.27
33.28
33.29
33.30
33.31
33.32
33.33
33.34
33.35
33.36
33.37
33.38
33.39
33.40
33.41
33.42
33.43
33.44
33.45
33.46
33.47
33.48
33.49
33.50
33.54
33.51
33.52
33.53
34.1
34.2
34.3
34.4
34.5
34.6
34.7
34.8
34.9
34.10
34.11
34.12
35.1
35.2
35.3
35.4
35.5
35.6
35.7
35.8
35.9
35.10
35.11
35.12
35.13
35.14
35.15
35.16
35.17
35.18
35.19
35.20
35.21
35.22
35.23
35.24
36.1
36.2
36.3
36.4
36.5
36.6
36.7
36.8
36.9
36.10
36.11
36.12
36.13
36.14
36.15
36.16
36.17
36.18
37.1
37.2
37.3
37.4
37.5
37.6
37.7
37.8
37.9
37.10
37.11
37.12
37.13
37.14
37.15
37.16
37.17
37.18
37.19
37.20
37.21
37.22
37.23
37.24
37.25
37.26
37.27
37.28
37.29
37.30
38.1
38.2
38.3
38.4
38.5
38.6
38.7
38.8
38.9
38.10
38.11
38.12
38.13
38.14
38.15
38.16
38.17
38.18
38.19
38.20
38.21
38.22
39.1
39.2
39.3
39.4
39.5
39.6
39.7
39.8
39.9
39.10
39.11
39.12
39.13
39.14
39.15
39.16
39.17
39.18
39.19
39.20
39.21
39.22
40.1
40.2
40.3
40.4
40.5
40.6
40.7
40.8
40.9
40.10
40.11
40.12
41.1
41.2
41.3
41.4
41.5
41.6
41.7
41.8
41.9
41.10
41.11
41.12
41.13
41.14
42.1
42.2
42.3
42.4
42.5
42.6
42.7
42.8
42.9
42.10
42.11
42.12
42.13
42.14
42.15
42.16
42.17
42.18
42.19
42.20
42.21
42.22
42.23
42.24
xi
xii
xiii
xiv
xv
xvi
IV.1
IV.2
43.1
43.2
43.3
43.4
43.5
43.6
43.7
43.8
43.9
43.10
44.1
44.2
44.3
44.4
44.5
44.6
44.7
44.8
44.9
44.10
44.11
44.12
44.13
44.14
44.15
44.16
44.17
44.18
45.1
45.2
45.3
45.4
45.5
45.6
45.7
45.8
45.9
45.10
45.11
45.12
45.13
45.14
45.15
45.16
45.17
45.18
46.1
46.2
46.3
46.4
46.5
46.6
46.7
46.8
46.9
46.10
46.11
46.12
46.13
46.14
47.1
47.2
47.3
47.4
47.5
47.6
47.7
47.8
47.9
47.10
47.11
47.12
47.13
47.14
47.15
47.16
47.17
47.18
47.19
47.20
47.21
47.22
48.1
48.2
48.3
48.4
48.5
48.6
48.7
48.8
48.9
48.10
48.11
48.12
48.13
48.14
48.15
48.16
48.17
48.18
48.19
48.20
48.21
48.22
48.23
48.24
48.25
48.26
48.27
48.28
48.29
48.30
48.31
48.32
48.33
48.34
48.35
48.36
48.37
48.38
48.39
48.40
48.41
48.42
48.43
48.44
48.45
48.46
48.47
48.48
49.1
49.2
49.3
49.4
49.5
49.6
49.7
49.8
49.9
49.10
49.11
49.12
49.13
49.14
49.15
49.16
49.17
49.18
49.19
49.20
49.21
49.22
49.23
49.24
49.25
49.26
49.27
49.28
49.29
49.30
49.31
49.32
49.33
49.34
49.35
49.36
49.37
49.38
49.39
49.40
49.41
49.42
49.43
49.44
49.45
49.46
49.47
49.48
50.1
50.2
50.3
50.4
50.5
50.6
50.7
50.8
50.9
50.10
50.11
50.12
50.13
50.14
50.15
50.16
50.17
50.18
50.19
50.20
50.21
50.22
50.23
50.24
50.25
50.26
51.1
51.2
51.3
51.4
51.5
51.6
51.7
51.8
51.9
51.10
51.11
51.12
51.13
51.14
51.15
51.16
51.17
51.18
51.19
51.20
51.21
51.22
51.23
51.24
51.25
51.26
51.27
51.28
51.29
51.30
51.31
51.32
51.33
51.34
51.35
51.36
51.37
51.38
V.1
V.2
52.1
52.2
52.3
52.4
52.5
52.6
52.7
52.8
52.9
52.10
52.11
52.12
52.13
52.14
52.15
52.16
52.17
52.18
53.1
53.2
53.3
53.4
53.5
53.6
53.7
53.8
53.9
53.10
53.11
53.12
53.13
53.14
53.15
53.16
53.17
53.18
53.19
53.20
53.21
53.22
53.23
53.24
53.25
53.26
53.27
53.28
53.29
53.30
53.31
53.32
54.1
54.2
54.3
54.4
54.6
54.7
54.8
54.9
54.10
54.5
54.11
54.12
54.13
54.14
54.15
54.16
54.17
54.18
54.19
54.20
54.21
54.22
54.23
54.24
54.25
54.26
54.27
54.28
54.29
54.30
54.31
54.32
55.1
55.2
55.3
55.4
55.5
55.6
55.7
55.8
55.9
55.10
55.11
55.12
55.13
55.14
55.15
55.16
55.17
55.18
55.19
55.20
55.21
55.22
55.23
55.24
55.25
55.26
55.27
55.28
VI.1
VI.2
56.1
56.2
56.3
56.4
56.5
56.6
56.7
56.8
56.9
56.10
56.11
56.12
56.13
56.14
56.15
56.16
56.17
56.18
56.19
56.20
56.21
56.22
56.23
56.24
56.25
56.26
56.27
56.28
56.29
56.30
56.31
56.32
56.33
56.34
56.35
56.36
56.37
56.38
56.39
56.40
57.1
57.2
57.3
57.4
57.5
57.6
57.7
57.8
57.9
57.10
57.11
57.12
57.13
57.14
57.15
57.16
57.17
57.18
57.19
57.20
57.21
57.22
57.23
57.24
57.25
57.26
57.27
57.28
57.29
57.30
57.31
57.32
57.33
57.34
57.35
57.36
57.37
57.38
58.1
58.2
58.3
58.4
58.5
58.6
58.7
58.8
58.9
58.10
58.11
58.12
58.13
58.14
58.15
58.16
58.17
58.18
58.19
58.20
58.21
58.22
58.23
58.24
58.25
58.26
58.27
58.28
58.29
58.30
58.31
58.32
58.33
58.34
58.35
58.36
59.1
59.2
59.3
59.4
59.5
59.6
59.7
59.8
59.9
59.10
59.11
59.12
59.13
59.14
59.15
59.16
59.17
59.18
59.19
59.20
59.21
59.22
60.1
60.2
60.3
60.4
60.5
60.6
60.7
60.8
60.9
60.10
60.11
60.12
60.13
60.14
60.15
60.16
60.17
60.18
60.19
60.20
60.21
60.22
60.23
60.24
60.25
60.26
60.27
60.28
60.29
61.1
61.2
61.3
61.4
61.6
61.5
61.7
61.8
61.9
61.10
61.11
61.12
61.13
61.14
61.15
61.16
61.17
61.18
VII.1
VII.2
62.1
62.2
62.3
62.4
62.5
62.6
62.7
62.8
62.9
62.10
62.11
62.12
62.13
62.14
62.15
62.16
62.17
62.18
62.19
62.20
62.21
62.22
62.23
62.24
62.25
62.26
63.1
63.2
63.3
63.4
63.5
63.6
63.7
63.8
63.9
63.10
63.11
63.12
63.13
63.14
63.15
63.16
63.17
63.18
63.19
63.20
63.21
63.22
63.23
63.24
63.25
63.26
63.27
63.28
63.29
63.30
63.31
63.32
63.33
63.34
64.1
64.2
64.3
64.4
64.5
64.6
64.7
64.8
64.9
64.10
64.11
64.12
64.13
64.14
64.15
64.16
65.1
65.2
65.3
65.4
65.5
65.6
65.7
65.8
65.9
65.10
65.11
65.12
65.13
65.14
65.15
65.16
65.17
65.18
65.19
65.20
66.1
66.2
66.3
66.4
66.5
66.6
66.7
66.8
66.9
66.10
66.11
66.12
66.13
66.14
66.15
66.16
67.1
67.2
67.3
67.4
67.5
67.6
67.7
67.8
67.9
67.10
67.11
67.12
67.13
67.14
67.15
67.16
67.17
67.20
67.18
67.19
68.1
68.2
68.3
68.4
68.5
68.6
68.7
68.8
68.9
68.10
68.11
68.12
68.13
68.14
68.15
68.16
68.17
68.18
68.19
68.20
68.21
68.22
68.23
68.24
68.25
68.26
68.27
68.28
68.29
68.30
68.31
68.32
68.33
68.34
VIII.1
VIII.2
69.1
69.2
69.3
69.4
69.5
69.6
69.7
69.8
69.9
69.10
69.11
69.12
69.13
69.14
69.15
69.16
69.17
69.18
69.19
69.20
69.21
69.22
69.23
69.24
69.25
69.26
69.27
69.28
69.29
69.30
69.31
69.32
69.33
69.34
69.35
69.36
69.37
69.38
70.1
70.2
70.3
70.4
70.5
70.6
70.7
70.8
70.9
70.10
70.11
70.12
70.13
70.14
70.15
70.16
70.17
70.18
70.19
70.20
70.21
70.22
70.23
70.24
70.25
70.26
70.27
70.28
70.29
70.30
70.38
70.31
70.32
70.33
70.34
70.35
70.36
70.37
71.1
71.2
71.3
71.4
71.5
71.6
71.7
71.8
71.9
71.10
71.11
71.12
71.13
71.14
71.15
71.16
71.17
71.18
71.19
71.20
71.21
71.22
71.23
71.24
71.25
71.26
71.27
71.28
71.29
71.30
71.31
71.32
71.33
71.34
71.35
71.36
71.37
71.38
71.39
71.40
71.41
71.42
71.43
71.44
71.45
71.46
71.47
71.48
71.49
71.50
71.51
71.52
71.53
71.54
71.55
71.56
71.57
71.58
71.59
71.60
71.61
71.62
71.63
71.64
71.65
71.66
72.1
72.2
72.3
72.4
72.5
72.6
72.7
72.8
72.9
72.10
72.11
72.12
72.13
72.14
72.15
72.16
72.17
72.18
72.19
72.20
72.21
72.22
72.23
72.32
72.24
72.25
72.26
72.27
72.28
72.29
72.30
72.31
73.1
73.2
73.3
73.4
73.5
73.6
73.7
73.8
74.1
74.2
74.3
74.4
74.5
74.6
74.7
74.8
74.9
74.10
74.11
74.12
74.13
74.14
74.15
74.16
74.17
74.18
74.19
74.20
74.21
74.22
74.23
74.24
74.25
74.26
74.27
74.28
74.29
74.30
75.1
75.2
75.3
75.4
75.5
75.6
75.7
75.8
75.9
75.10
I.1
I.2
I.3
I.4
I.5
I.6
I.7
I.8
I.9
I.10
I.11
I.12
I.13
I.14
I.15
I.16
I.17
I.18
I.19
I.20
I.21
I.22
I.23
I.24
I.25
I.26
I.27
I.28
I.29
I.30
I.31
I.32
I.33
I.34
I.35
I.36
I.37
I.38
I.39
I.40
I.41
I.42
I.43
I.44
I.45
