Note: Page numbers followed by f and t indicate figures and tables, respectively.
acceptable use policy (AUP), 67, 221
acceptance of risk, 24
access control (AC) family, 218
access control lists (ACLs), 230
access controls, 170, 225, 264
access controls testing, 203–204, 203f
accountabilities, 384
account management controls, 264
account management policy, 273, 280
account usage, 273
active detective controls, 218
active node, 294
activists, 31
ad hoc, 77
administrative scripts, 275
administrative security controls, 151
administrators, 282
Advanced Encryption Standard (AES), 232
advanced persistent threats (APTs), 31, 190
AG. See Attorney General; State Attorney General
alerts, false, 271
alternate assessment procedures, 338–339
alternate locations/sites, 145, 357–362, 366, 371
annual loss expectancy (ALE), 117, 118, 153, 154
annual or recurring costs, 289
annual rate of occurrence (ARO), 117, 153, 154
annual updates, BCP, 345
anomaly-based intrusion detection systems, 393–394
antivirus protection, 253
antivirus software, 33, 46, 253
application developers, 88
approved countermeasures, 270
ARO. See annual rate of occurrence
assessment, authorization, and monitoring (CA) family, 219
asset management, 168, 175, 183
asset replacement insurance, 183
assumptions and planning principles, BCP, 327–329
asymmetric encryption, 232
Attorney General (AG), 65
audit and accountability (AU) family, 218
audit logs, 218, 219, 228, 272, 273
AUP. See acceptable use policy
AUP procedure, 221
automated asset management, 168, 177
automation, 32
availability, 7, 7f, 15, 128–129, 142, 162–164, 189, 243
avoidance of risk, 23
awareness, 151
awareness and training controls, 225–226
awareness and training (AT) family, 218
back-end database, 302f
background checks, 224
backup plan, 24, 222–223, 355, 368
balancing risk and cost, 18
BCP. See business continuity plan
behavior-based IDS, 394
benefits, 97–98, 118, 125, 144, 289
BIA. See business impact analysis
BIA Professional, 319
BIA report, 316
Big Data, 174
billing and financial data, 171
black-hat hackers, 32
blacklist, 143
blogs, 44
boss, 353
botnets, 17, 380, 387, 387f, 388, 393
bottom-up approach, 306
boundary protection, 33
budget for risk mitigation, 289–290
buffer overflow, 40, 41, 196, 230
building replacement costs, 309
business changes, 130
business continuity (BC), 325–326
business continuity plan (BCP), 181–182, 222, 301, 323–347, 350, 370
business functions, 5–6, 313, 314, 317–318
business impact analysis (BIA), 180–181, 222, 244, 299–319, 324, 346, 351
business intelligence (BI), 173
business liability insurance planning, 183
business operations, 179–183, 244–245, 257–261, 364
business risks, 9–14, 10f, 13f
business system priorities, 318t
cameras, 236
Capability Maturity Model Integration (CMMI), 76–77
cause and effect diagram, 95–97, 96f
CBA. See cost-benefit analysis
CBFs. See critical business functions
central incident response team, 382
CERT Coordination Center (CERT/CC), 378
certificate authority (CA), 233
certificates, 233
certification and accreditation records, 16
Certified Information Systems Security Professional (CISSP), 117
chain of custody, 384
change management, 139, 210, 371
Children’s Internet Protection Act (CIPA), 61, 256, 259–260, 263, 279
Children’s Online Privacy Protection Act (COPPA), 61–62
CIPA. See Children’s Internet Protection Act
circuit breakers, 152, 238–239
CISSP. See Certified Information Systems Security Professional
Class A fires, 236
Class C fires, 236
classification of data, 170–171, 170f, 332
client and stakeholder confidence, 22
closed-circuit television (CCTV), 235, 236
cloud computing, 358, 359, 359f
CM. See configuration management
CMMI. See Capability Maturity Model Integration
COBIT. See Control Objectives for Information and related Technology
Common Vulnerabilities and Exposures (CVE), 17, 45, 50–52
communication escalation procedures, 394–395
communications, 365
Computer Emergency Response Team (CERT), 378
computer forensics, 384
computer incident, 378
computer incident response teams (CIRTs), 377–401
computer security incident, 378, 400
computer systems, 8
concurrent processing, 341
confidentiality, 7, 7f, 14, 188, 225, 243
configuration and change management section, 141
configuration data, 177
configuration management (CM), 37, 46, 139, 210, 218
connectivity to service customers, 364
content refreshment, BCP, 345
contingency planning (CP) family, 218
Contingency Planning Guide, 182
Continual Service Improvement, 76
contractors, 335
control categories, 149–150, 217
control costs, 295
Control Objectives for Information and related Technology (COBIT), 70–72
control value, 153
coordinating team, 382
coordinator, BCP, 334, 336, 337, 345
COPPA. See Children’s Online Privacy Protection Act
copyright, 173
corrective controls, 218
corruption of file, 225
cost-benefit analysis (CBA), 20–21, 86, 87, 97–98, 157, 264–266, 287–289
costs, 155–156, 244, 276, 287, 288, 304, 305f
countermeasures, 20, 149–152, 269–273–275, 275t, 284–286, 293–295
crackers, 32
crash carts, 333
credentials protection, 226
credit card transaction, 67
credit loss, 310
criminals, 31
critical business functions (CBFs), 246, 246f–248f, 300, 305–306, 313, 317t, 324, 326, 351, 352, 354, 355, 358, 363, 364, 368, 369
criticality of operations, 332
criticality rating, 396t
critical path chart, 104, 104f, 290, 292f, 293
critical resources identification, 306–308, 314
critical roles to critical resources, 316
critical success factors (CSFs), 246, 300, 317, 317f
critical system components, 333
cross-training, 169
current activity updates, 50
customer access, 361
customer checks out, 306
customer data, 172
customer influence, 8
customer information, 307
customer service, 245–246, 369–370
customers loss, 310
CVE. See Common Vulnerabilities and Exposures
cyberattacks, 380
cybersecurity, 49
cyberspace, 49
cyberterrorism, 380
Damage Assessment Team (DAT), 334, 337, 338, 342
dark web, 45
data, 8
data and information assets, 144–145, 169–174
database recovery, 312
database servers, 115, 140–141, 179, 243, 246–249, 306, 315t, 329f–331f
data classification, 170–171, 170f, 332
data collection, 130, 301–302, 319
data leakage, 391
data loss, 192
data loss prevention program, 225
data range and reasonableness checks, 229–230
data recovery costs, 309
DDoS attacks. See distributed denial of service attacks
defaced Web sites, 192
defaults, 45
defense in depth, 253
delegation of authority, 336
Delphi Method, 125
demilitarized zone (DMZ), 40, 99, 199, 251
denial of service (DoS) attacks, 5, 15, 42, 93, 121, 209, 378, 387–388, 398
Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP), 78–79
Department of Homeland Security (DHS), 46, 63–64
desire to damage, 31
developers, 11
DHS. See Department of Homeland Security
direct costs, 85, 156, 244, 309
direct revenue, 164
disaster/emergency declaration, 365
disaster preparedness plans, 309
disaster recovery (DR), 12, 325–326, 350, 354, 362
disaster recovery plan (DRP), 182–183, 222, 339, 343, 349–374
disgruntled employees, 31, 189, 191–192
disk subsystem, 157
distributed denial of service (DDoS) attacks, 5, 42
distributed incident response team, 382
divide-by-zero error, 41
DMZ. See demilitarized zone
documentation, 37
domain controller (DC), 314
domains of IT infrastructure, 12–14, 16–17, 175–179, 193–195, 195f, 205–206, 249–252, 249f, 261–262
doors, locked, 152
DoS attacks. See denial of service attacks
DRP. See disaster recovery plan
due diligence, 66
dynamic SQL, 42
edge testing, 202
effect, 95
effect rating, 395t
eight Rs of recovery planning, 363
electrical grounding, 152, 238–239
electronic vaulting, 356
e-mail servers, 137–138, 140, 178, 315t
e-mail usage, 226
e-mail whitelist, 143
emergency funds, 362
Emergency Management Team (EMT), 334, 337, 338, 340, 342
employee data, 171
employee training, 24
end users, 11
environment identification, 313
equipment, 146, 192, 277, 277f, 281, 309. See also hardware
E-Rate funding, 259
E-Rate program, 61
escalation, 394
ethical hackers, 32
ETL. See extract, transform, and load process
exploit assessments, 148, 206–211
exploit testing, 205
Exploit Wednesday, 45
external vulnerability assessments, 197
extract process, 174
extract, transform, and load (ETL) process, 174
facilities, 145, 179–183, 277–279, 289–290, 308
failover clusters, 24, 162–164, 278, 278f, 279, 281, 282, 293, 294
failures, 30
false alerts, 271
Family Educational Rights and Privacy Act (FERPA), 60–61, 256, 258, 263
fault tolerance, 24, 332, 350–351
FCC. See Federal Communications Commission
FDIC. See Federal Deposit Insurance Corporation
Federal Communications Commission (FCC), 61
Federal Deposit Insurance Corporation (FDIC), 63
Federal Information Security Management Act (FISMA), 56, 57, 219, 255–256, 258, 263
Federally Funded Research and Development Centers (FFRDCs), 50
Federal Trade Commission (FTC), 64–65
FERPA. See Family Educational Rights and Privacy Act
FFRDCs. See Federally Funded Research and Development Centers
fiduciary responsibility, 66
financial checks, 224
financial data, 171
Financial Privacy Rule, 60
fire detection and suppression, 152, 236–237
fire insurance, 265
firewall appliance, 93
firewall policy, 93
firewalls, 46, 85, 92, 93, 152, 177, 198, 199, 201, 230–231, 231f, 251, 390
firewalls control network traffic, 201, 201f
fishbone diagram, 96
FISMA. See Federal Information Security Management Act
formjacking, 31
forums, 44
FTC. See Federal Trade Commission
full-blown DRP test, 370
full-scale exercises, 344
functional description of systems, 331–332
functionality testing, 202
funds, emergency, 362
fuses, 238
future costs, 22
GAISP. See Generally Accepted Information Security Principles
Gantt chart, 103–104, 103f, 290, 292f
gas systems, 237
GDPR. See General Data Protection Regulation
General Data Protection Regulation (GDPR), 77–78, 256–257, 260, 263
general liability insurance, 183
Generally Accepted Information Security Principles (GAISP), 70
GLBA. See Gramm-Leach-Bliley Act
goodwill, 8
Gramm-Leach-Bliley Act (GLBA), 60
greed, 30
Group Policy settings, 274
Group Policy tool, 140
guidelines, 12
hardening a server, 45, 46, 177
hardware, 117, 121, 144, 166–167, 177, 179, 364
headquarters server, 332
Health Insurance Portability and Accountability Act (HIPAA), 57–59, 85–87, 89–94, 172, 253, 255, 257, 263, 300
heating, ventilation, and air conditioning (HVAC) systems, 152, 237
hidden costs, 276
HIDS. See host-based intrusion detection systems
HIPAA. See Health Insurance Portability and Accountability Act
hire additional personnel, 169
historical data review, 146, 191
historical documentation review, 265–266
host-based intrusion detection systems (HIDS), 38, 156
hubs, 177
humidity detection, 152, 237–238
Hurricane checklist, 337t
HVAC systems. See heating, ventilation, and air conditioning systems
identification and authentication (IA) family, 218–219
IDS. See intrusion detection system
IEC. See International Electrotechnical Commission
IIS. See Internet Information Services
image servers, 364
impact, 9, 17–19, 18t, 19t, 90, 119, 130–131, 154
implicit deny philosophy, 283
inactive node, 294
inappropriate usage, 379, 399–400
incident response (IR), 16, 38, 219, 223
incidents, 197, 327–328, 380, 387–388, 393–394
indirect costs, 86, 156, 244, 310
indirect revenue, 164
industrial property, 173
information assets, 144–145, 169–174
information security vulnerability names, 51–52
information systems security gap, 252–253
Information Technology Infrastructure Library (ITIL), 48, 74–76, 131
Information Technology Laboratory (ITL), 47–48, 69
information technology (IT) laws, 56–62
initial purchase cost, 276–277, 289
in-place countermeasures, 149, 270
input validation, 33, 151, 230
insurance, 23, 32, 59, 151, 223–224, 237
intangible value, 8
integrity, 7, 7f, 14, 188, 234, 243
intellectual property (IP), 66, 172–173
intentional threats, 15, 30–32
internal system clocks, 229
internal threats, 15, 189, 190
internal vulnerability assessments, 197
International Electrotechnical Commission (IEC), 73–74
International Organization for Standardization (ISO), 72–73
Internet, 13
Internet access, 246
Internet Assigned Numbers Authority (IANA), 231
Internet Information Services (IIS), 41
Internet service providers (ISPs), 333
intrusion detection and prevention system (IDPS), 198–199
intrusion detection system (IDS), 38, 46, 198, 199f, 218, 271, 390
intrusion prevention system (IPS), 46, 198
inventory management, 175
IP. See intellectual property
IPS. See intrusion prevention system
IR. See incident response
Ishikawa diagram, 96
ISO. See International Organization for Standardization
IT appliances, 143
ITIL. See Information Technology Infrastructure Library
IT infrastructure changes, 345
IT infrastructure domains, 175–179, 193–195, 195f, 205–206, 249–252, 249f, 261–262
ITL. See Information Technology Laboratory
just-in-time philosophy, 329
knowledge of process, 165
LAN. See local area network
LAN Domain, 13, 17, 177, 207, 250, 261–262
LAN-to-WAN Domain, 13, 17, 177, 207, 250–251, 262
laptop control, 190
late delivery penalty costs, 309
laws and regulations, 56–62, 253
leaders, 10
leadership from management, 353
legal and compliance requirements, 263
liability insurance, 183
load process, 174
local area network (LAN), 177, 250
log reviews, 229
lost opportunity costs, 22
lost revenue, 8
maintenance (MA) family, 219
malicious code, 379
malicious hackers, 32
malware, 16, 189, 379, 388–389, 398–399
management, 99, 140–141, 158, 361
management control class, 150
management support, 132, 329, 353
managers, 10
mandatory vacations, 67
man-made threats, 15
mantraps, 208
map business functions, 181
Marine One helicopter plans, 392
market share, 310
maximum acceptable outage (MAO), 244, 300, 308–310, 308t, 311t, 315, 315t, 325, 351
maximum age of passwords, 274
maximum tolerable period of disruption (MTPD), 308
Media Access Control (MAC), 208
media protection (MP) family, 219
memory, 157
metrics for vulnerabilities, 200
Microsoft Office Project, 101
milestone plan chart, 102–103, 290, 291f
milestones, 101
minimum age of passwords, 274
mission-critical business functions and processes, 181, 317–318
mission-critical operations, 368–369
mission-critical systems, 179, 246, 324
mitigation, 23–24, 34–38, 45–46, 123, 155–157
MITRE Corporation, 17, 47, 50–52
mobile code, 388
modems, 178
Morris worm, 380
multipartite virus, 399
names of computers, 148
National Cybersecurity and Communications Integration Center (NCCIC), 49
National Institute of Science and Technology Risk Management Framework (RMF), 104–105
National Institute of Standards and Technology (NIST), 47–49, 69–70, 150, 166, 182, 217–220, 243, 256, 301, 304
natural events, 146
NCCIC. See National Cybersecurity and Communications Integration Center
Nessus tool suite, 148
network components, 8
network firewall, 85
network infrastructure section, 140
networking service servers, 179
network interface card (NIC), 157
network load balancing, 280
Nimda virus, 41
NIST. See National Institute of Standards and Technology
NIST SP 800-53, 217
Nmap network mapping tool, 148
nonrepudiation techniques, 219, 234, 272, 273
normalization, 364
objectives of BIA, 304–312, 304f
offensive content, 259
Office of Government Commerce (OGC), 74
Office of Management and Budget (OMB), 226
off-site data storage, 355–357
OGC. See Office of Government Commerce
OLTP databases. See online transactional processing databases
online transactional processing (OLTP) databases, 173, 312
online website purchase, 305–306
OpenPGP, 234
open ports, 148
operating system (OS), 144, 148, 166
operational characteristics, 137–138
operational control class, 150
order of succession, 336
order processing application, 306
organizational policies, 66–67
organization functions knowledge, 354–355
organization historical data, 191–192
organizations risk, 372
OS. See operating system
outage, 86
outage reports, 197
out-of-pocket costs, 22
output analysis, 201
outsourcing, 23
pan, tilt, and zoom (PTZ) cameras, 236
passive detective controls, 218
password policy, 273
passwords, 148, 196, 201, 273–274
Patch Tuesday, 38
Payment Card Industry Data Security Standard (PCI DSS), 67–69, 247, 255, 256, 260–261, 263
PBX equipment, 178
PCI DSS. See Payment Card Industry Data Security Standard
penetration testing, 204. See also exploit assessments
permissions, 33, 203, 204, 211
personally identifiable information (PII), 59, 166
personally identifiable information processing and transparency (PT) family, 220
personnel assets, 169
personnel location control form, 339, 339t
personnel policies, 264
personnel security (PS) family, 219
phishing attempts, 190
phone branch exchange (PBX), 178
phone tree, 372
physical access, 264
physical and environment protection (PE) family, 219
physical controls, 38, 152, 235–239
physical environment, 24
piggybacking, 208
PII. See personally identifiable information
pirated files, 17
plan maintenance, BCP, 344–345
planned controls, 149, 216–220
planned countermeasures, 149, 270
planning (PL) family, 219
plan of action and milestones (POAM), 86, 87, 94, 100–102, 158, 280, 293
POAM. See plan of action and milestones
policies, 12, 37, 150, 220–222
positive brand image, 310
preliminary system information, 316
Pretty Good Privacy (PGP), 234
principle of least privilege, 32, 33, 192
principle of need to know, 32, 33, 192
principle of proportionality, 20
prior events, 16
priorities in BCP, 328
priority of an incident, 395–397
privacy, 226
privacy standards (HIPAA), 58
private CA, 233
procedural controls, 150, 220–227
procedures, 37, 93, 150, 220–222
process analysis, 201
processor, 156
productivity, 164
product liability insurance, 183
product shipment phase, 303f
professional liability insurance, 183, 224
program management (PM) family, 219
program manager (PM), BCP, 334
programmers, 43
project management software, 101, 290, 293
project scope, 244
protection barriers, 236
proximity card, 235
proxy servers, 62, 178, 259, 259f
public data, 171
public goodwill, 310
public key infrastructure (PKI), 233–234
publicly traded company, 63
public relations (PR), 261, 383, 394
public server discovery, 43
purchase costs, 289
purpose of BCP, 326
qualitative analysis survey results, 121, 122t
qualitative methodology, 154
RA. See risk assessment
RAID. See redundant array of independent disks; redundant array of inexpensive disks
ransomware, 31
reasonableness checks, 230
recommendations to mitigate risks, 86, 94–99
recommended countermeasures, 284, 288
reconstitution phase, BCP, 182, 340–342
recovering databases, 312
recovery activities, 364
recovery goal, 340
recovery models, 312
recovery objectives, 311t
recovery of lost opportunities, 310
recovery phase of BCP, 182
recovery planning, 339, 363, 367
recovery point objective (RPO), 310
recovery priorities identification, 315, 316t
recovery requirements identification, 304, 310–312
recovery steps and procedures in a DRP, 367–369
recovery time objective (RTO), 310, 351, 355
recovery without BIA, 307
redundant array of inexpensive disks (RAID), 123, 332, 350–351
relationship of costs, 305f
remediation plan, 210
Remote Access Domain, 14, 17, 178, 208, 251–252, 262
remote journaling, 357
removable media, 221
repair costs, 8
replacement value, 141
report, BIA, 316
reporting, 90, 94–100, 133, 158
reputation, 9
reputation of an organization, 394
resource allocation, 131
responsibilities, 85, 89–92, 333–336, 383–384
restoration horror stories, 356
restricted activities, 226
return on investment (ROI), 265
reverse engineering, 45
review process for BCP, 345
rights, 33
risk analysis, 59
risk assessment (RA), 20, 46, 90, 111–133, 136–140, 157–158, 219, 253, 262, 269, 272–273, 301
risk-handling strategies, 23–25
risk identification, 14–19, 90
risk level calculation, 119
risk management, 19–22, 46–52, 90, 243–253
risk mitigation, 90, 242–243, 262–264, 346, 400
risk mitigation plan, 269, 276–283, 289–295
risk mitigation security controls, 239
risk prioritization, 120–123, 283–286
risk response identification, 20
risks posed by lack of process, 11–12
risks posed by technology, 12–14, 13f
rogueware, 31
saboteurs, 31
safeguard value, 117, 118, 153
SAINT. See System Administrator’s Integrated Network Tool
sales and cash flow loss, 309
Sarbanes-Oxley Act (SOX), 60, 172, 255, 258, 263
scaling out/up, 281
scope, 87–89, 114–115, 180, 243, 244
scope creep, 87, 88, 202, 244, 364
script checking account usage, 273
SEC. See Securities and Exchange Commission
Securities and Exchange Commission (SEC), 63
security, 10, 10f, 44, 58, 151, 204, 222–223, 262, 264, 293–294
Security and Privacy Controls for Federal Information Systems and Organizations, 217
security identifier (SID), 228
senior management support, 132
sensitivity of data, 332
server fingerprinting, 43
servers, 40, 250, 251, 277, 281, 281f, 282, 330f, 332
Service Design, 74
service level agreement (SLA), 245
Service Operation, 76
service pack (SP), 168
share value loss, 309
simulation, 370
single loss expectancy (SLE), 117, 153
single point of failure (SPOF), 115, 163, 169
site restoration, 341
SLE. See single loss expectancy
sniffer, 232
sniffing attacks, 208
social engineering, 5–6, 196, 208
social engineering attacks, 208
software applications, 8
software testing, 227
SOX. See Sarbanes-Oxley Act
spear phishing, 190
SPOF. See single point of failure
SQL. See Structured Query Language
SQL injection attack, 17, 42, 205, 287
SSCP. See Systems Security Certified Practitioner
stakeholders, 87, 300, 313–314
standards, 12
standards for compliance, 67–79
State Attorney General (AG), 65
stored procedures, 287
strategy of BCP, 328
Structured Query Language (SQL), 42
supply chain risk management (SR) family, 220
symmetric encryption, 232
SYN flood attack, 42
system, 147
System Administrator’s Integrated Network Tool (SAINT), 148
system and communications protection (SC) family, 219
system and information integrity (SI) family, 219–220
system and services acquisition (SA) family, 220
System/Application Domain, 14, 17, 178–179, 208, 252, 262
system availability, 142
System Center Configuration Manager (SCCM), 202
system configuration data, 171
system description, BCP, 329–333
system functions, 142–144, 164–166
system logs, 16, 151, 198, 229
system points of contact (POCs), 316
system process data, 172
system resources, 316
tabletop exercises, 343
tailgating, 208
tangible value, 8
TCP SYN flood attack, 209–210, 209f
technical controls, 38, 150–152, 227–234
technical environment, 24
Technical Recovery Team (TRT), 335, 339, 340, 342
technology protection measure (TPM), 259, 259f
telecommunications, 333
temperature detection, 152, 237–238
test restores, 223, 285, 286, 356
theft of assets, 176
threats, 4–7, 7f, 14–15, 28–34, 84, 85, 90, 145–147, 272–273, 284, 285t
threat/vulnerability pairs, 34–35, 34f, 35t, 39, 155, 272, 275, 275t
three-barrier protection, 236
time clock services via cloud computing, 359
toolkits, 384
Top Secret data, 170
total cost of security, 22
total risk, 25
total tangible value, 8
transferring risk, 23
transform process, 174
Transmission Control Protocol (TCP), 209
trouble reports, 16
unapproved recommendations, 140
unauthorized access, 121, 379, 389–391, 399
uncertainty level, 129
unintentional access, 190
uninterruptible power supply (UPS), 19, 279
United States Computer Emergency Readiness Team (US-CERT), 47, 49–50, 128
universal serial bus (USB) drive, 360
UPS. See uninterruptible power supply
U.S. Attorney General (U.S. AG), 65–66
US-CERT. See United States Computer Emergency Readiness Team
use access controls, 32
user access, 361
user and computer management section, 140
User Domain, 12, 16, 176, 207, 249–250, 261
U.S. Federal Sentencing Guidelines for Organizational Ethics, 254
vandals, 31
VAs. See vulnerability assessments
vendor data, 172
vendors, 335
version control, 37
video cameras, 152
virtual private networks (VPNs), 14, 178, 245, 251, 333
VPNs. See virtual private networks
vulnerabilities, 4, 5, 7–8, 16–17, 34–39, 43, 84, 85, 91, 147–148, 221, 272–273
WAN. See wide area network
WAN Domain, 13–14, 17, 178, 207, 251, 262
war dialing, 252
warehouse, 248
weak passwords, 148
Web defacing, 121
Web farm, 280, 282f, 293, 368, 369f
web of trust, 234
Web servers, 115, 140, 179, 246, 247, 315t, 368
Web site purchase, online, 305–306
Web sites, 192
well-known ports, 231, 251, 391
WEP. See Wired equivalent privacy
white-hat hackers, 32
whitelist, 143
whois tool, 148
wide area network (WAN), 13, 251, 329
Wi-Fi Protected Access (WPA), 194
WIPO. See World Intellectual Property Organization
Wired equivalent privacy (WEP), 194
workers, 248
Workstation Domain, 12, 17, 176–177, 207, 250, 261
WorldCom, 254
World Intellectual Property Organization (WIPO), 173
worms, 388
written records, 165