PrintNumber ErrorLocation Error Correction DateAdded
1 pii First Printing: March 2009
12  11  10  09        4  3  2  1
Second PRinting: March 2010 5/4/2009
1 p31 In 1991, nearly 150 women and young girls died when they couldn’t exit the Triangle Shirtwaist factory they were working in when it caught fire. In 1911, nearly 150 women and young girls died when they couldn’t exit the Triangle Shirtwaist factory they were working in when it caught fire. 3/25/2010
1 p37 Figure 2.1  Bollards. (Source: www.deltascientific.com/bollards2.htm) Figure 2.1  Bollards. (Source: www.deltascientific.com/hs_bollards.htm) 3/25/2010
1 p48 These systems must be controlled to protect organizations and their and occupants from the threat of chemical and biological threats. These systems must be controlled to protect organizations and their occupants from the threat of chemical and biological threats. 3/25/2010
1 p64 Single sign-on allows users the ability to authenticate only once and then access all needed resourced and systems. Single sign-on allows users the ability to authenticate only once and then access all needed resources and systems. 3/25/2010
1 p72 Certificates can reside on a smart card or used by Internet Protocol Security (IPSec) and Secure Sockets Layer (SSL) for web authentication. Certificates can reside on a smart card or can be used by Internet Protocol Security (IPSec) and Secure Sockets Layer (SSL) for web authentication. 3/25/2010
1 p86 For example, Figure 3.8 demonstrates these boundaries. If you were cleared for secret access, you could read the level below, which is confidential.
For example, Figure 3.8 demonstrates these boundaries. If you were cleared for secret access, you could read the level below, which is secret.
3/25/2010
1 p86 Access control models can be divided into two distinct types: centralized and decentralized. Access control models can be divided into two distinct groups: centralized and decentralized. 3/25/2010
1 p91 If so, you should be aware that a growing number of HR departments are searching these sites to get know potential employees. If so, you should be aware that a growing number of HR departments are searching these sites to get to know potential employees. 3/25/2010
1 p99 This acceptable use policy defines the boundaries of the acceptable use of this organizations systems and resources. Access to any company system or resources is a privilege that may be wholly or partially restricted without prior notice and without consent of the user. In cases of suspected violations or during the process of periodic review employees can have activities monitored. Monitoring may involve a complete keystroke log of an entire session or sessions as needed to very compliance to company polices and usage agreements. This acceptable use policy defines the boundaries of the acceptable use of this organization’s systems and resources. Access to any company system or resources is a privilege that may be wholly or partially restricted without prior notice and without consent of the user. In cases of suspected violations or during the process of periodic review employees can have activities monitored. Monitoring may involve a complete keystroke log of an entire session or sessions as needed to verify compliance to company polices and usage agreements. 3/25/2010
1 p100 Even if you see it, a hardware keystroke loggers can be overlooked because it resembles a balum or extension. Even if you see it, a hardware keystroke loggers can be overlooked because it resembles a balun or extension. 3/25/2010
1 p108 Just as with Fraggle and Smurf, the network’s bandwidth will be reduced or even possible saturated. Just as with Fraggle and Smurf, the network’s bandwidth will be reduced or even possibly saturated. 3/25/2010
1 p111 3. What are the two primary components of a DAC? 3. What are two primary components of a discretionary access control (DAC)? 3/25/2010
1 p134 Figure 4.5 illustrates an example of EBC. Figure 4.5 illustrates an example of ECB. 3/25/2010
1 p145 Table 4.3   Symmetric and Asymmetric Systems Compared
Symmetric Asymmetric
Confidentiality Integrity, authentication, nonrepudation
Table 4.3   Symmetric and Asymmetric Systems Compared
Symmetric Asymmetric
Confidentiality Integrity, authentication, nonrepudiation
3/25/2010
1 p192 Biba addresses only the first goal of integrity—protecting the system for access by unauthorized users. Biba addresses only the first goal of integrity—protecting the system from access by unauthorized users. 3/26/2010
1 p200 Common Criteria’s seven levels of assurance and its two security requirements are required test knowledge. Common Criteria’s levels of assurance include levels 0-7 and its two security requirements are required test knowledge. 3/26/2010
1 p206 The attacker used this knowledge to open thousand of different online accounts collecting only a few cents from each. The attacker used this knowledge to open thousands of different online accounts collecting only a few cents from each. 3/26/2010
1 p236 When this occurs, a collusion occurs and the devices retransmit its frame after waiting a random period and sensing the wire again. When this occurs, the devices retransmit its frame after waiting a random period and sensing the wire again. 3/26/2010
1 p241 Switches operate by storing the MAC addresses by placing them in a lookup table that is located in random access memory (RAM). Switches operate by storing the MAC addresses, placing them in a lookup table that is located in random access memory (RAM). 3/26/2010
1 p263 Because packets with private IP addresses cannot be routed to external IP addresses, and external traffic cannot be routed into the NATed network. This is because packets with private IP addresses cannot be routed to external IP addresses, and external traffic cannot be routed into the NATed network. 3/26/2010
1 p298 Quarter Inch Tape (QIC) Quarter Inch Tape Cartridge 3/26/2010
1 p302 Figure 7.4 illustrates the RTO can be used to determine acceptable downtime. Figure 7.4 illustrates how the RTO can be used to determine acceptable downtime. 3/26/2010
1 p315 8. Which of the following will a business impact analysis not provide? 8. Which of the following will a business impact analysis provide? 3/26/2010
1 p341 P.T. Barnum once said, “There’s a sucker born every minute,” unfortunately, he was right.
8. Which of the following will a business impact analysis provide? 3/26/2010
1 p375 Hard changeover—This method establishes a data at which users are forced to change over. Hard changeover—This method establishes a date at which users are forced to change over. 3/26/2010
1 p399 The DDoS attack was in vogue until around the year 2000, when botnets started gaining ground. The DDoS attack were in vogue until around the year 2000, when botnets started gaining ground. 3/26/2010
1 p409 Sarbanes-Oxley (SoX) Sarbanes-Oxley (SOX) 3/26/2010
1 p410 Figure 10.2 7. Audit 6. Audit 3/26/2010
1 p412 Risk management is the act of determining what threats your organization faces, analyzing the vulnerabilities that can expose your assets to that threat, and determining how you will deal with the risk. Risk management is the act of determining what threats your organization faces, analyzing the vulnerabilities that can expose your assets to those threats, and determining how you will deal with the risk. 3/26/2010
1 p424 http://www.iatrp.com/ http://www.iatrp.org/ 3/26/2010
1 p424 NIST provides another resource for qualitative risk assessment methodologies. NIST 800-53A and FIPS 199 provides another resource for qualitative risk assessment methodologies. 3/26/2010