Bibliographie Sur La Sécurité dans l`Entreprise Business Security
Transcription
Bibliographie Sur La Sécurité dans l`Entreprise Business Security
Documentary references by M. Nesterenko Bibliographie Sur La Sécurité dans l’Entreprise Business Security Page 1 de 8 Protection Totale Engineering Group – 1 carrefour de rive – 1201 Geneva - Switzerland Email : [email protected] Documentary references by M. Nesterenko Bibliographie ......................................................................................................... 1 La Sécurité dans l’Entreprise ............................................................................... 1 1. Strategies de Sécurité & General Security........................................................... 3 2. Analyse des Risques & Risk Analysis.................................................................. 3 3. Sécurité Informatique & IT Security ..................................................................... 4 4. Sécurité des Réseaux & Network Security .......................................................... 4 5. Fraude Internet & Internet Crime ......................................................................... 6 6. Protection du Site & Physical Security ................................................................. 6 7. Investigations & Forensics ................................................................................... 7 8. Gestion des Crises & Disaster Recovery ............................................................. 7 9. Technologie - Biométrie & Biometrics .................................................................. 7 Page 2 de 8 Protection Totale Engineering Group – 1 carrefour de rive – 1201 Geneva - Switzerland Email : [email protected] Documentary references by M. Nesterenko 1. Strategies de Sécurité & General Security Booz Allen Hamilton, Convergence of Enterprise Security Organizations, ASIS International and Information Systems Security Association, November 8, 2005. Cole, Richard, Measuring Security Performance & Productivity, ASIS International, 2003. Denece, Eric, Claude Revel, L’Autre Guerre des États Unis – Éconnomie: les secrets d’une machine de conquête, Robert Laffont, 2005. Economist Intelligence Unit, Testing the defences – Facing up to the challenge of corporate securitry, The Economist Intelligence Unit, 2003. Fay, John, Model Security – Policies, Plans, and Procedures, Butterworth Heinemann, 1999. GAO Report to Congressional Committees, Offshoring of Services – An Overview of the Issues, US Government Accountability Office, November 2005. IHESI, Entreprise et Sécurité – La Sécurité une Valeur pour l’Entreprise de Demain, Les Cahiers de la Sécurité Interieure n°24, IHESI, 1996. Koletar, Joseph, Fraud Exposed – What You Don’t Know Could Cost Your Company Millions, Wiley, 2003. Mitnick, Kevin, and William Simon, The Art of Deception, Wiley Publishing, 2002. Mitnick, Kevin, and William Simon, The Art of Intrusion, Wiley Publisjing, 2005 ; Mouton, Jean-Pierre, Jack Chaboud, La Sécurité en Entreprise, Dunod, 2003. NCIX, Annual Report to Congress on Foreign Economic Collection and Industrial Espionage – 2002, Office of the National Counterintelligence Executive, 2003. NCIX, Annual Report to Congress on Foreign Economic Collection and Industrial Espionage – 2003, Office of the National Counterintelligence Executive, 2004. Schneier, Bruce, Beyond Fear – Thinking sensibly about security in an uncertain world, Copernicus Books, 2003. Sennewald, Charles, Effective Security Management 4th. Ed., Butterworth Heinemann, 2003. Shwartau, Winn, Time Based Security – Practical and Provable Methods to Protect Enterprise and Infrastructure Networks and Nation, Interpact Press, 1999. 2. Analyse des Risques & Risk Analysis Alberts, Christopher, Audrey Dorofee, Managing Information Security Risks – The Octave Approach, Addison-Wesley, 2003. Alexander, Dean, Yonah Alexander, Terrorism and Business – The Impact of September 11, 2001, Transnational Publishers, 2002. Alexander, Dean, Business Confronts Terrorism – Risks and Responses, The University of Wisconsin Press, 2004. ASIS, General Security Risk Assessment Guideline, ASIS International, 2003. Broder, James, Risk Analysis and The Security Survey Second Ed., Butterworth Heinemann, 2000. COSO, Enterprise Risk Management – Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission, 2004. Debaig, Michel, Luis Maria Huete, Le Paradoxe de la Grenouille – Rompre avec les paradigmes dominants pour créer de la valeur, Dunod, 1999. Dixon, Lloyd, John Arlington, Stephen Carroll, Darius Lakadwalla, Robert Reville, David Adamson, Issues and Options for Government Intervention in the Market for Terrorism Insurance, RAND 2004. Eckes, George, Six Sigma for Everyone, John Wiley, 2003. Page 3 de 8 Protection Totale Engineering Group – 1 carrefour de rive – 1201 Geneva - Switzerland Email : [email protected] Documentary references by M. Nesterenko EFQM, The Fundamental Concepts of Excellence, EFQM, 2003. EFQM, Introducing Excellence, EFQM, 2003. George, Michael, Lean Six Sigma for Service, McGraw-Hill, 2003. Lam, James, Enterprise Risk Management – From Incentives to Control, Wiley, 2003. Wisner, Ben, Piers Blaikie, Terry Cannon, Ian Davis, At Risk – Natural Hazards, people’s vulnerability and disasters, Second Edition, Routledge, 2004. 3. Sécurité Informatique & IT Security Dubin, Joel, The Little Black book of Computer Security, 29th Street Press, 2005. FFIEC, Supervision of technology Service Providers – IT Examination Handbook, Federal Financial Institutions Examination Council, March 2003. Garfinkel, Simson and Gene Spafford, Web Security, Privacy & Commerce, 2 Ed., O’Reilly, 2002. Ghosh, Anup K., E-Commerce Security, Wiley, 1998. Jarmon, David, SANS Security Essentials GSEC Practical Assignement Version 1.3 – A Preparation Guide to Information Security Policies, SANS Institute, 2002. Loscocco, Peter, Syephen Smalley, Patrick Muckelbauer, Ruth Taylor, Jeff Turner, John Farell, The Inevitability of Failure : The Flawed Assumption of Security in Modern Computing Environments, National Security Agency (NSA), 2004. Martin, Daniel, La Criminalité Informatique – Cybercrime : sabotage, piratage, etc… évolution et répression, Puf, 1997. Ministère de l’Économie des Finances et de l'industrie, La Nouvelle Donne du Commerce Électronique, Ed. de Bercy, 1999. Moteff, John, Computer Security: A Summary of Selected Federal Laws, Executive Orders, and Presidential Directives, Congressional Research Service, April 16, 2004. National Industrial Security Program (The), Industry’s Perspective: Making Progress, but Falling Short of Potential, Information Security Oversight Office, 2003. NIST SP 800-50, National Institute of Standards and Technology, Building an Information Technology Security Awareness and Training Program, US Department of Commerce, October 2003. Rothke, Ben, Computer Security – 20 Things Every Employee Should Know, McGraw Hill, 2004. Wenger Andreas, The Internet and the Changing Face of International Relations and Security, ETH Swiss Federal Institute of Technology Zurich, 2004. 4. Sécurité des Réseaux & Network Security Al Agha, Pujolle, Vivier, Réseaux de mobiles & réseaux sans fil, Eyrolles, 2001. Borchgrave, Arnaud de, Frank Cilluffo, Sharon Cardash, Michèle Legerwood, Cyberthreats and Information Security – Meeting the 21st Century Challenge, CSIS, 2001. Campus Press, Sécurité Optimale 3e Ed, Campus Press, 2001. Computer Science and Telecommunications Board, Cybersecurity Today and Tomorrow: Pay Now or Pay Later, National Research council, 2002. CRS Report for Congress, Computer Attack and Cyber Terrorism: Vulnertabilities and Policy Issues for Congress, Congressional Research Service, October 17, 2003. CRS Report for Congress, Creating a National Framework for Cybersecurity : An analysis of Issues and Options, Congressional Research Service, February 22, 2005. Crume, Jeff, Inside Internet Security, Addison Wesley, 2000. ERCOM, Le Livre Blanc de la Sécurité Réseaux etTélécoms, 2002. Page 4 de 8 Protection Totale Engineering Group – 1 carrefour de rive – 1201 Geneva - Switzerland Email : [email protected] Documentary references by M. Nesterenko FFIEC, Information Security – IT Examination Handbook, Federal Financial Institutions Examination Council, December 2002. GAO Testimony of Robert Dacey, Information Security – Effective Patch Management is Critical to Mitigating Software Vunerabilities, GAO, September 2003. GAO Report to Congress, Information Security – Technologies to Secure Federal Systems, GAO, March 2004. Grant, Chris, Defense-In-Depth Applied to Laptop Security : Ensuring Your Data Remains Your Data, SANS Institute October 14, 2003. ISO 15408-1999, Information Technology – Security Techniques – Evaluation criteria for IT security – Part 1 & 2 & 3, ISO 1999. ISO 17799-2000, Information Technology – Code of practice for information security management, ISO, 2000. Kaeo, Merike, Sécurité des Réseaux, Cisco Press, 2000. Lipson, Howard, Tracking and Tracing Cyberattacks : Technical Challenges and Global policy Issues, CERT Coordination Center, 2002. Mainwald, Eric, Sécurité des Réseaux, Campus Press, 2001. Mel, H.X. et Doris Baker, La Cryptographie décryptée, Campus Press, 2001. Melnick, David, Mark Dinman, Alexander Muratov, PDA Security – incorporating Handhelds into the Enterprise, McGraw-Hill, 2003. NIST SP 800-18, National Institute of Standards and Technology, Guide for Developing Security Plans for Information Technology Systems, US Departement of Commerce, December 1998. NIST SP 800-27, National Institute of Standards and Technology, Engineering Principles for Information Technology Security (A Baseline for Achieving Security), US Departement of Commerce, June 2001. NIST SP 800-30, National Institute of Standards and Technology, Risk Management Guide for Information Technology Systems, US Departement of Commerce, October 2001. NIST SP 800-31, National Institute of Standards and Technology, Intrusion Detection Systems, US Departement of Commerce, 2002. NIST SP 800-41, National Institute of Standards and Technology, Guidelines on Firewalls and Firewall Policy, US Departement of Commerce, January 2002. NIST SP 800-47, National Institute of Standards and Technology, Security Guide for Interconnecting Information Technology Systems, US Department of Commerce, August 2002. NIST SP 800-45, National Institute of Standards and Technology, Guidelines on Electronic Mail Security, US Department of Commerce, September 2002. NIST SP 800-55, National Institute of Standards and Technology, Security Metrics Guide for Information Technology Systems, US Department of Commerce, July 2003. NIST SP 800-61, National Institute of Standards and Technology, Draft Incident Handling Guide, US Department of Commerce, September 2003. NIST SP 800-35, National Institute of Standards and Technology, Guide to Information Technology Security Services, US Department of Commerce, October 2003. NIST SP 800-36, National Institute of Standards and Technology, Guide to Selecting Information Technology Security Products, US Department of Commerce, October 2003. NIST SP 800-42, National Institute of Standards and Technology, Guideline on Network Security Testing, US Department of Commerce, October 2003. Page 5 de 8 Protection Totale Engineering Group – 1 carrefour de rive – 1201 Geneva - Switzerland Email : [email protected] Documentary references by M. Nesterenko NIST SP 800-53, National Institute of Standards and Technology, Information Security – Recommended Security Controls for Federal Information Systems, US Department of Commerce, October 2003. Northcutt, Stephen, Judy Novak, Donald McLachlan, Detection des Intrusions Réseaux, Campus Press, 2001. Pipkin, Donald, Sécurité des systèmes d’information, Campus Press HP Books, 2000. Pujolle, Guy, Initiation aux Réseaux, Eyrolles, 2000. Scambray, Joel, Stuart McClure, George Kurtz, Hacking Exposed 2e. Ed, McGraw-Hill, 2001. Tipton, Harold, Micki Krause, Information Security Management Handbook 4th Ed., Auerbach, 2000. 5. Fraude Internet & Internet Crime ASIS International, PriceWaterhouseCoopers, US Chamber of Commerce, Trends in Prorietary Information Loss – Survey Report September 2002, ASIS, 2002. AusCert, Computer Crime and Security Survey 2003, AusCert, 2003. CERT, CERT/CC Overview – Incident and Vulnerability Trends, Carnegie Mellon Software Engineering Institute, 2002. Computer Security Institute, CSI/FBI Survey 2001, Computer Security Institute, 2001. Computer Security Institute, CSI/FBI Survey 2002, Computer Security Institute, 2002. Computer Security Institute, CSI/FBI Survey 2003, Computer Security Institute, 2003. Computer Security Institute, CSI/FBI Survey 2004, Computer Security Institute, 2004 Computer Security Institute, CSI/FBI Survey 2004, Computer Security Institute, 2005 Deloitte Touche Tomatsu, 2003 Global Security Survey, Deloitte Touche Tomatsu, 2003. Deloitte Touche Tomatsu, 2004 Global Security Survey, Deloitte Touche Tomatsu, 2004. Deloitte Touche Tomatsu, 2004 Global Security Survey, Deloitte Touche Tomatsu, 2005. Emigh, Aaron, Online Identity Theft : Phishing Technology, Chokepoints and Countermeasures, Radix labs, October 2005. Ernst & Young, Global Information Security Survey 2003, Enrst & Young 2003. Ernst & Young, Global Information Security Survey 2003, Enrst & Young 2004. Higgins, Mark ed., Riptech Internet Security Threat Report – Attack Trends Q1 and Q2 2002, Riptech Inc., July 2002. Higgins, Mark ed., Symantec Internet Security Threat Report – Attack Trends Q3 and Q4 2002, Riptech Inc., Symantec, February 2003. IFCC, 2002 Internet Fraud report, The National White Collar Crime Center, 2003. McAfee, Virtual Criminology Report : North American Study into Organized Crime and the Internet, McAfee, July 2005. National Cyber Security Alliance, Fast and Present Danger – In-Home Study on Broadband Security Among American Consumers, America Online, May 2003. Symantec, Internet Security Threat Report – Trends for July 1, 2003 – December 31, 2003, Volume V, Symantec, March 2004. 6. Protection du Site & Physical Security Garcia, Mary Lynn, The Design and Evaluation of Physical Protection Systems, Butterworth Heinemann, 2001. Honey, Gerard, Electronic Access Control, Newness, 2000. Konicek, Joel, Karen Little, Security, ID Systems and Locks – The Book on Electronic Access Control, Butterworth – Heinemann, 1997. Roper, C.A., Physical Security and the Inspection Process, Butterworth Heinemann, 1997. Page 6 de 8 Protection Totale Engineering Group – 1 carrefour de rive – 1201 Geneva - Switzerland Email : [email protected] Documentary references by M. Nesterenko US Army, Physical Security – FM3-19.30, ASIS International, 2001. 7. Investigations & Forensics Casey, Eoghan, Handbook of Computer Crime Investigation – Forensic Tools and Technology, Academic Press, 2002. ISTS, Law Enforcement Tools and Technologies for Investigating Cyber Attacks – Gap Analysis Report, Institute for Security Technology Studies, February 2004. Mena, Jesùs, Investigative Data Mining for Security and Criminal Detection, Butterworth Heinemann, 2003. National Institute of Justice, Electronic Crime Scene Investigation – A Guide for First Responders, US Dept. of Justice, July, 2001. Schaub, James, Toni Ames, The ultimate Telecommunications Security Survey, ButterworthHeinemann, 1995. Sennewald, Charles, John K. Tsukayama, The Process of Investigation – Concept and Strategies for Investigators in the Private Sector, Second Ed., Butterworth Heinemann, 2001. Tyska, Louis, Lawrence Fennely, Investigations – 150 Things You Should Know, Butterworth Heinemann, 1999. 8. Gestion des Crises & Disaster Recovery Blythe, Bruce, Blindsided – A Manager’s Guide to Catastrophic Incidents in the Workplace, Portfolio, 2002. Childs, Donna, Stefan Dietrich, Contingency Planning and Disaster Recovery, John Wiley, 2002. FFIEC, Business Continuity Planning – IT Examination Handbook, Federal Financial Institutions Examination Council, March 2003. Kirschenbaum, Alan, Chaos Organization and Disaster Management, Marcel Drekker, 2004. Kunstler, James Howard, The Long Emergency – Surviving the Converging Catastrophes of the Twenty-First Century, Atlantic Monthly Press, 2005. Lagadec, Patrick, Etats d’urgence – Défaillances technologiques et déstabilisation sociale, Seuil, 1988. Lagadec, Patrick, La Gestion des Crises – outils de réflexion à l’usage des décideurs, McGraw-Hill, 1991. Lagadec, Patrick, Cellules de Crise – Les conditions d’une conduite efficace, Author’s website, 2004. Lagadec, Patrick, Erwann Michel-Kerjan, A Framework for Senior Executives to Meet the Challenge of Interdependent Critical Networks Under Threat : The Paris intiative, « Anthrax and beyond », Center for Risk Management and Decision Processes – The Wharton School of the university of Pennsylvania, 2004. NIST SP 800-34, National Institute of Standards and Technology, Contingency Planning Guide for Information Technology Systems, US Department of Commerce, June 2002. Steinberg, Ted, Acts of God – The Unnatural History of Natural Disaster in America, Oxford University Press, 2000. Toigo, John William, Disaster Recovery Planning 2 Ed., Prentice Hall, 2000. 9. Technologie - Biométrie & Biometrics Page 7 de 8 Protection Totale Engineering Group – 1 carrefour de rive – 1201 Geneva - Switzerland Email : [email protected] Documentary references by M. Nesterenko Accenture, High Performance Enabled through Radio Frequency Identification – Accenture Research on Asia Pacific Perspectives, Accenture 2004. Balkovich, Edward, Tora K. Bikson, Gordon Bikto, 9 to 5: Do you Know If Your Boss Knows where You Are? – Case Studies of Radio Frequency Identification Usage in the Workplace, RAND, 2004. GAO Testimony of Keith Rhodes, Information Security – Challenges in Using Biometrics, GAO, September 2003. GAO Testimony of Joel Willemssen, Electronic Government – Challenges to the Adoption of Smart Card Technology, GAO, September 2003. Piazza, Peter, The Smart Cards Are Coming…Really, ASIS Security Management online, January 2005. Woodward, John, Christopher Horn, Julius Gatune, Aryn thomas, Biometrics – A Look at Facial Recognition, RAND, 2003. Page 8 de 8 Protection Totale Engineering Group – 1 carrefour de rive – 1201 Geneva - Switzerland Email : [email protected]