295
References
Chapter 1
e Alliance for Enterprise Security Risk Management. 2005, November 8. Booz Allen Hamilton, Convergence
of enterprise security organizations. http://www.asisonline.org/newsroom/alliance.pdf (accessed January
9, 2010).
Belgard, William P., and Steven R. Rayner. 2004. Shaping the future: A dynamic process for creating and achiev-
ing your company’s vision. New York: AMACOM.
Bryson, John M., and Farnum K. Alston. 1995. Strategic planning for public and nonprofi t organizations: A
guide to strengthening and sustaining organizational achievement. San Francisco: Jossey-Bass.
Bryson, John M., and Farnum K. Alston. 2005. Creating and implementing your strategic plan. San Francisco:
Jossey-Bass.
Hermann, Ned. 1990. e creative brain. Lake Lure, NC: Brain Books.
Kiely, Laree, and Terry Benzel. 2006. Systemic security management: A new conceptual framework for under-
standing the issues, inviting dialogue and debate, and identifying future research needs. Institute for
Critical Information Infrastructure Protection (ICIIP), USC Marshall School of Business. http://www.
marshall.usc.edu/assets/004/5347.pdf (accessed December 16, 2009).
Pironiti, John P. 2010. Information security governance: Motivations, benefi ts and outcomes. ISACA.
http://www.isaca.org/Template.cfm?Section=Home&CONTENTID=35597&TEMPLATE=/
ContentManagement/ContentDisplay.cfm (accessed Feb. 04, 2010).
Schonn, Donald, and C. Argyris. 1996. Organizational learning II: eory, method and practice. Reading, MA:
Addison-Wesley.
Sibbit, David. 2008. Strategizing with visual metaphors. DavidSibbit.com. http://www.davidsibbet.com/
david_sibbet/2008/01/srategizing-wit.html (accessed February 8, 2010).
Silverstone, Ariel. 2009. Clear metrics for cloud security? Yes, seriously. CSO:Data Protection-Industry View.
http://www.csoonline.com/article/507823/Clear_Metrics_for_Cloud_Security_Yes_Seriously (accessed
January 21, 2010).
Taylor, Doug. 2005. Ten dangerous myths about strategic planning. e Business Blog at Intuitive.com.
Intuitive Systems: Leadership for the 21st century: Online strategies and communications. http://www.
intuitive.com/blog/ten_dangerous_myths_about_strategic_planning.html (accessed January 10, 2010).
Whittle, Ralph, and Conrad Myrick. 2004. Enterprise business architecture: e formal link between strat-
egy and results (White paper). http://www.enterprisebusinessarchitecture.com/documents/EBA_ e_
Formal_Link.pdf (accessed February 15, 2010).
Chapter 2
Cooperrider, David L., and Diana Whitney. 2007. Appreciative Inquiry: A positive revolution in change. In P.
Holman, T. Devane, and S. Cady (eds.), e change handbook. San Francisco, CA: Berrett-Koehler.
DeSilver, Drew. 2009, December 23. Reckless strategies doomed WaMu. Seattle Times.
TAF-K11348-10-0301-C015.indd 295TAF-K11348-10-0301-C015.indd 295 8/18/10 3:13:31 PM8/18/10 3:13:31 PM
296 ◾ References
Hurley, Edward. 2002. Does your CSO need to be a techie? Security News: SearchSecurity.com. http://search-
security.techtarget.com/news/article/0,289142,sid14_gci858301,00.html (accessed January 5, 2010).
Johnson, Gerry, Kevin Scholes, and Richard Whittington. 1998. Exploring corporate strategy. Essex, UK:
Pearson Education.
Kim, W. Chan, and Renée Mauborgne. 1997. Value innovation: e strategic logic of high growth. Harvard
Business Review: Best of HBR 1997. http://innovationarsenal.pbworks.com/f/HBR_Value%20Innovation.
pdf (accessed December 28, 2009).
Laban, Jake, and Jack Green. 2003. Communicating your strategy: e forgotten fundamental of strategic
implementation. Graziadio Business Report: A Journal of Relevant Information and Analysis, 6, Issue 1.
Pepperdine University, Graziadio School of Business and Management. http://gbr.pepperdine.edu/031/
communication.html (accessed February 10, 2010).
Pitts, Damian “Skipper.” 2007. Building great teams: Charting the path of organizational politics. Danvers, MA:
BookSurge.
Prahad, C. K., and G. Hamel. 1990. e core competence of the corporation. Harvard Business Review: e
Magazine. http://hbr.org/1990/05/the-core-competence-of-the-corporation/ar/1 (accessed December 28, 2009).
Prahad, C. K., and G. Hamel. 1994. Competing for the future. Boston: Harvard Business School Press.
Rowley, Anna. 2007. Leadership therapy: Inside the mind of Microsoft. New York and Houndmills, Basingstoke,
Hampshire, UK: Palgrave Macmillan.
Scalet, Sarah D. 2005. Five steps to an eff ective strategic plan: Stop lurching from crisis to crisis. Take the long
view to fi nd business value in security by forming a strategic plan. CSO: Security Leadership. http://www.
csoonline.com/article/220459/Five_Steps_to_an_Eff ective_Strategic_Plan (accessed January 7, 2010).
Senge, Peter M. 1990. e fi fth discipline: e art and practice of the learning organization. New York:
Doubleday/Currency.
Senge, Peter, Art Kleiner, Charlotte Roberts, Richard Ross, and Bryan Smith. 1994. e fi fth discipline fi eld-
book: Strategies and tools for building a learning organization. New York: Doubleday/Currency.
Chapter 3
Galbreath, Jeremy. 2002. Building success in the relationship age: Building quality relationships assets for
market creation. e TQM Magazine, 14, Issue 1.
Javelin Strategy and Research. 2009. Consumer willingness to share responsibility for security allows fi nan-
cial institutions to cut losses and increase profi tability. https://www.javelinstrategy.com/news/787/92/
Consumer-Willingness-To-Share-Responsibility-for-Security-Allows-Financial-Institutions-To-Cut-
Losses-and-Increase-Profi tability/d,pressRoomDetail (accessed June 21, 2010).
Javelin Strategy and Research. 2009. Understanding consumer willingness to fi ght fraud: What industry leaders
need to know about security partnerships, zero liability protection, and consumer preferences. http://www.
javelinstrategy.com (accessed January 7, 2010).
LeClaire, Jennifer. 2009, December. Protecting CRM customer data takes vigilance. Enterprise Security Today:
Network Security: 1–3. http://www.enterprise-security-today.com/story.xhtml?story_id=0310012HJOBR
(accessed January 27, 2010).
e metrics quest: Under pressure from the CFO to quantify security benefi ts, a CSO fi nds measures that
matter. 2004. CSO Security Leader November Newsletter, http://www.csoonline.com/article/219799/
e_Metrics_Quest (accessed January 7, 2010).
Senge, Peter, Art Kleiner, Charlotte Roberts, Richard Ross, and Bryan Smith. 1994. e fi fth discipline fi eld-
book: Strategies and tools for building a learning organization. New York: Doubleday/Currency.
Chapter 4
Belgard, William P., and Steven R. Rayner. 2004. Shaping the future: A dynamic process for creating and achiev-
ing your company’s vision. New York: AMACOM.
Blue Ocean Strategy: Management theories. 2008. VectorStudy.com. http://www.vectorstudy.com/manage-
ment_theories/blue_ocean_strategy.htm (accessed February 10, 2010).
TAF-K11348-10-0301-C015.indd 296TAF-K11348-10-0301-C015.indd 296 8/18/10 3:13:31 PM8/18/10 3:13:31 PM
References ◾ 297
Börjesson, Martin. 2007. Scenario planning resources. Creative commons attributes. http://www.well.
com/~mb/scenario_planning/#What_is_Scenario_Planning (accessed February 5, 2010).
Gordon, Lawrence A., and Vadake K. Narayanan. 1984. Management accounting systems, perceived environ-
mental uncertainty and organizational structure: An empirical investigation. Accounting, Organizations
and Society, 9: 144–159.
Heijeden, Kees Van Der. 2005. Scenarios: e art of strategic conversation. West Sussex, UK: John Wiley.
Hiemstra, Glen. 2010. Blog. Futurist.Com. http://www.futurist.com/blog/ (accessed February 10, 2010).
Hunt, Robert, Kathleen Khirallah, and Tom Brogan. 2008. 2009 top 10 business drivers, strategic responses
and IT initiatives in retail banking. Tower Group. http://www.bankinfosecurity.com/external/TOWER
_2009%20Top_10_Retail_Banking.pdf (accessed January 25, 2010).
Kiely, Laree, and Terry Benzel. 2006. Systemic security management: A new conceptual framework for under-
standing the issues, inviting dialogue and debate, and identifying future research needs. Institute for
Critical Information Infrastructure Protection (ICIIP), USC Marshall School of Business. http://www.
marshall.usc.edu/assets/004/5347.pdf (accessed December 16, 2009).
Kim, W. Chan, and Renée Mauborgne. 2005. Blue Ocean Strategy: How to create uncontested market space and
make the competition irrelevant. Boston: Harvard Business School Press.
Longhurst, Tim. 2010. Timformation blog. Tim Longhurst.com. http://www.timlonghurst.com/blog/2008/
05/22/defi ne-futurist-what-is-a-futurist-futurist-defi nitions-quotes-from-futurists/ (accessed February
10, 2010).
McLaughlin, Ted. 2009. Enterprise architecture: Key to avoiding cloud computing. WEB Security Journal:
Security Blog Feed Post. http://security.sys-con.com/node/1225694 (accessed January 25, 2010).
Olenick, Michael. 2008. Blue Ocean Strategy and technology business. Value Innovation.Net. http://www.
valueinnovation.net (accessed February 10, 2010).
Porter, Michael. 1985. Competitive advantage: Creating and sustaining superior performance. New York: e
Free Press.
Putt, Archibald. 2006. Putt's Law and the successful technocrat: How to win in the Information Age. New York:
Wiley-IEEE Press.
Society of Competitive Intelligence Professionals (SCIP). 2010. About SCIP. http://www.scip.org/content.cfm?
itemnumber=2214&navItemNumber=492 (accessed January 23, 2010).
Strategy-Scenario Planning. 2010. ermanger.org. http://www.themanager.org/Knowledgebase/Strategy/
ScenarioPlanning.htm (accessed February 5, 2010).
Tomko, George M. 2009. Does business intelligence require intelligent business? CIORant. http://www.
ciorant.net/2009/06/does-business-intelligence-require-intelligent-business (accessed June 18, 2010).
Chapter 5
Bradford, Robert W., and J. Peter Duncan with Brian Tarcy. 2000. Simplifi ed strategic planning: A no-nonsense
guide for busy people who want results fast. Worchester, MA: Chandler House.
Hutchins, David. 2008. Hoshin Kanri: e strategic approach to continuous improvement. Hampshire, UK: Gower.
Internet Center for Management and Business Administration. 2007. e strategic planning process. NetMBA
Business Knowledge Center. http://www.netmba.com/strategy/process/ (accessed January 24, 2010).
Kaplan, Robert S., and David P. Norton. 1996. e balanced scorecard: Translating strategy into action. Boston:
Harvard Business School Press.
Mintzberg, Henry. 1994. e rise and fall of strategic planning. New York: e Free Press.
Sherwood, John, Andrew Clark, and David Lynas. 2005. Enterprise security architecture: A business-driven
approach. San Francisco: CMP Books.
Strong, Bart. 2005. Strategic planning: What’s so strategic about it? EQ Educause Quarterly, 28, Issue 1.
http://www.educause.edu/EDUCAUSE+Quarterly/EDUCAUSEQuarterlyMagazineVolum/Strategic
PlanningWhatsSoStrate/157324 (accessed January 24, 2010).
Whalen, Judy. 2009. How to make strategic planning work for your organization. Whalen: e Center for
Strategic Change. http://www.whalen.com/index.php?option=com_content&view=article&id=47%3A
making-strategic-planning-work-for-your-organization&Itemid=59 (accessed January 24, 2010).
TAF-K11348-10-0301-C015.indd 297TAF-K11348-10-0301-C015.indd 297 8/18/10 3:13:31 PM8/18/10 3:13:31 PM
298 ◾ References
Chapter 6
e Alliance for Enterprise Security Risk Management. 2005. Security convergence: Current corporate prac-
tices and future trends. http://www.aesrm.org (accessed January 20, 2010).
e Alliance for Enterprise Security Risk Management. 2006. Convergent security risks in physical security
systems and IT infrastructures. http://www.aesrm.org (accessed January 20, 2010).
e Alliance for Enterprise Security Risk Management. 2007. e convergence of physical and information secu-
rity in the context of enterprise risk management. http://www.aesrm.org (accessed January 20, 2010).
e Alliance for Enterprise Security Risk Management. 2009. Security convergence and ERM: A case for
the convergence of corporate physical and IT security management. http://www.aesrm.org (accessed
January 20, 2010).
Bernard, Ray. 2008. e convergence of physical security and IT. Security, Technology & Design Magazine.
http://www.go-rbcs.com.
Cisco Systems. 2008. e convergence of physical safety and information technology on higher-
education campuses (White paper). http://www.cisco.com/web/strategy/docs/gov/federalbiz_011409_
ConvergencePhysSec.pdf.
CSO Magazine. 2009, February. Physical and IT security convergence: e basics. http://www.csoonline.
com/article/221736/Physical_and_IT_Security_Convergence_ e_Basics.
Davis, Michael. 2009, February 20. IT and physical security systems evolve together. http://internet-security.
suite101.com/article.cfm/convergence_in_information_technology_security.
Fennelly, Lawrence. 1997. Eff ective physical security (2nd ed.). Boston: Butterworth-Heinemann.
Forristal, Jeff . 2006, November 17. Analysis: Physical/logical security convergence. Information week ana-
lytics. http://analytics.informationweek.com/abstract/1/287/Application-Performance-Optimization/
analysis-physical-logical-security-convergence.html (accessed June 6, 2010).
Howarth, Fran. 2006, September 11. e convergence of physical and IT security. Hurwitz & Associates.
http://www.it-director.com/business/regulation/content.php?cid=8743.
Hurd, Scott, and Tim Williams. February 2006. e convergence of IT and physical security systems. Nortel
Technical Journal, Issue 3.
Mehdizadeh, Yahya. 2004. Convergence of logical and physical security. SANS Institute InfoSec Reading
Room. http://www.sans.org/reading_room/whitepapers/authentication/convergence_of_logical_and_
physical_security_1308?show=1308.php.
Northcutt, Stephen. 2007, September 7. Security convergence and the uniform method of protection to
achieve defense in depth. e SANS Technology Institute. http://www.sans.edu/resources/securitylab/
convergence_did.php.
Open Security Exchange. 2007. Physical/IT security convergence: What it means, why it’s needed, and how
to get there. http://whitepapers.techrepublic.com.com/abstract.aspx?docid=966797.
RiskUK. 2006, May. e convergence of physical security and IT. Risk UK magazine. http://www.nice.com/
bin/nice_in_the_media/docs/78_RiskUKOnline.pdf (accessed June 6, 2010).
Tyson, Dave. 2007. Security convergence: Managing enterprise security risk. Amsterdam: Elsevier/Butterworth-
Heinemann.
Chapter 8
Gelles, Mike. 2010. Exploring the mind of the spy. http://www.hq.nasa.gov/offi ce/ospp/securityguide/
Treason/Mind.htm (accessed January 22, 2010).
Idaho National Laboratory. 2005, May. Control systems cyber security: Defense in depth strategies. http://csrp.inl.
gov/Documents/Defense in Depth Strategies.pdf (accessed December 12, 2009).
Joint Staff . 2000, February. Information assurance through defense in depth. U.S. Department of Defense.
Command, Control, Communications and Computer Systems Division of e Joint Staff .
Symantec Corporation. 2004. Worm propagation in protected networks. http://www.securityfocus.com/
infocus/1752 (accessed January 22, 2010).
TAF-K11348-10-0301-C015.indd 298TAF-K11348-10-0301-C015.indd 298 8/18/10 3:13:31 PM8/18/10 3:13:31 PM
References ◾ 299
Chapter 9
Beebe, David. 2000. Cheating Las Vegas. Documentary video. Brentwood Communications International.
Johansson, Jesper, and Roger Grimes. 2008, June. e great debate: Security by obscurity. http://technet.
microsoft.com/en-us/magazinebeta/2008.06.obscurity.aspx (accessed January 14, 2010).
Klein, Bruce David. 2004. Breaking Vegas. Documentary video. History Channel.
U.S. Department of Homeland Security. List of vulnerability notifi cation services. e Common Vulnerabilities
and Exposures (CVE). Mitre Corporation. cve.mitre.org.
Chapter 10
Golubev, Vladimir. 2002. Using of computer systems accountability technologies in the fi ght against cyber-
crimes. Computer Crime Research Center. http://www.crime-research.org/library/Using.htm (accessed
June 6, 2010).
Neumann, Peter G. 2007. Computer security and human values. University of Southern Connecticut. http://
www.southernct.edu/organizations/rccs/resources/research/security/neumann/system_considerations.
html (accessed February 5, 2010).
U.S. Government. 2001. Code of Federal Regulations Title 5 - C.F.R. Subpart B—Control and Accountability
of Classifi ed Information. http://law.justia.com/us/cfr/title05/5-3.0.2.3.7.2.html (accessed January 6,
2010).
Weitzner, Daniel J., Harold Abelson, Tim Berners-Lee, Joan Feigenbaum, James Hendler, and Gerald Jay
Sussman. 2007, June. Information accountability. Massachussetts Institute of Technology, Computer
Science and Artifi cial Intelligence Laboratory. http://dspace.mit.edu/bitstream/handle/1721.1/37600/
MIT-CSAIL-TR-2007-034.pdf (accessed June 6, 2010).
Chapter 11
Bradner, Steven. 1997. Request for comments (RFC) 2119. Key words for use in RFCs to indicate require-
ment levels. Internet Engineering Task Force.
Gallagher, Tom, Bryan Jeff ries, and Lawrence Landauer. 2006. Hunting security bugs. Redmond, WA:
Microsoft Press.
Howard, Michael, and David LeBlanc. 2003. Writing secure code (2nd ed.). Redmond, WA: Microsoft Press.
Howard, Michael, and Steve Lipner. 2006. e security development lifecycle: SDL, a process for developing
demonstrably more secure software. Redmond, WA: Microsoft Press.
Mead, Nancy R., Julia H. Allen, W. Arthur Conklin, Antonio Drommi, John Harrison, Jeff Ingalsbe, James
Rainey, and Dan Shoemaker. 2009, April. Making the business case for software assurance (Special
Report CMU/SEI-2009-SR-001). Carnegie Mellon Software Engineering Institute.
Microsoft Corporation, ISEC Partners, Inc. 2010, January 20. Microsoft SDL: Return on investment. http://
www.microsoft.com/downloads/details.aspx?FamilyID=b2b59d79-3efb-4065-9c91-5910671dd30b&
displaylang=en (accessed June 6, 2010).
Swiderski, Frank, and Window Snyder. 2004. reat modeling. Redmond, WA: Microsoft Press.
Zajicek, Mark. 2003, April. Handbook for computer security incident response teams (CSIRTs) (2nd ed.).
Carnegie Mellon Software Engineering Institute.
Chapter 12
Cappelli, Dawn, Andrew Moore, Randall Trzeciak, and Timothy J. Shimeall. 2009. Common sense guide
to prevention and detection of insider threats (3rd ed.—Version 3.1). Software Engineering Institute,
Carnegie Mellon University.
TAF-K11348-10-0301-C015.indd 299TAF-K11348-10-0301-C015.indd 299 8/18/10 3:13:31 PM8/18/10 3:13:31 PM
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.