Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
76 Airport Consultants Council 2012. Airport Information Technology & Systems (IT&S) Best Practice Guidelines for the Airport Industry. Jan. AirTight Networks 2012. âImpact of Bring Your Own Device (BYOD).â www.airtightnetworks.com. Apr. Asian Age 2014. âAirports Authority of India Conducts Security Audit After Hacking.â The Asian Age. www.asianage. com/india/airports-authority-india-conducts-security-audit-after-hacking-640. 24 Sept. Battey, J. 2014. âFAA Moving to Secure Microsoft Cloud.â Computer Sciences Corporation. www.csc.com/public_ sector/publications/91598/91642-faa_moving_to_secure_microsoft_cloud (As of Nov. 16, 2014). Bodeau, D., Boyle S., Fabius-Greene J., and Graubar R. 2010. âCyber Security Governance.â MITRE Technical Report MTR100308. The MITRE Corporation. Sept. Butler, B. 2014. âEven the Most Secure Cloud Storage May Not Be So Secure, Study Finds.â Network World. Web. 21 Apr. Byres, E. 2012. âSCADA Security Basics: SCADA vs. ICS Terminology.â Tofino Security. www.tofinosecurity.com/ blog/scada-security-basics-scada-vs-ics-terminology. 5 Sept. Camhi, J. 2014. âState Governments & the Future of Cyber Security Regulation.â Information Weekâs Bank Systems & Technology. 9 Jul. Cappelli, D. 2012. âThe CERT Top 10 List for Winning the Battle Against Insider Threats.â Presented at the RSA Conference 2012, San Francisco, CA. Cappelli, D., Moore, A., and Trzeciak, R. 2012. The CERT Guide to Insider Threats. Boston: Addison-Wesley Professional. Carnegie Mellon University 2014a. âInsider Threat.â Community Emergency Response Team (CERT), Software Engineering Institute. www.cert.org/insider-threat/ (As of Nov. 21, 2014). Carnegie Mellon University 2014b. âInsider Threat Test Datasetsâ Software Engineering Institute. www.cert.org/ insider-threat/tools/index.cfm (As of Nov. 18, 2014). Center for Internet Security 2013. â2013 Annual Report.â East Greenbush, New York. Cheong, B. 2011. âCyber Security at Airports.â Presented at the Airports Council InternationalâNorth America Conference. Oct. Christey, S. 2011, âCWE/SANS Top 25 Most Dangerous Software Errors.â The MITRE Corporation. cwe.mitre. org/top25/ (As of Oct 30, 2014). CIRT.net 2014. Default Passwords. cirt.net/passwords (As of May 2014). Citrix 2012. âBest Practices BYOD Simple and Secure.â www.citrix.com/content/dam/citrix/en_us/documents/ oth/byod-best-practices.pdf. Sept. City of Chicago 2014. âComprehensive Annual Financial Report for the Year Ended December 31, 2013.â 30 June. Committee on National Security Systems 2010. âNational Information Assurance Glossary 2010, Instruction No. 4009.â 26 April. Corrin, A. 2013. âBudget Shows How Cyber Programs Are Spreading.â Federal Computer Week. fcw.com/articles/ 2013/04/12/budget-cybersecurity.aspx. 13 Apr. Dallas/Ft. Worth International Airport 2014. âDallas/Ft. Worth International Airport FY 2015 Adopted Budget.â Finance Department. Texas. DarkTrace 2014. âWhat Darktrace Finds: Example Anomalies.â www.darktrace.com/proven-track-record/example- anomalies/ (As of Oct. 22, 2014). Depner, H. 2014. âHome Depot: Yet Another Retail Breach. PCI Compliance Just Doesnât Cut It.â Blog post. Kaseya. http://blog.kaseya.com/blog/2014/09/03/home-depot-yet-another-retail-breach/. 3 Sept. Dugan, D., Berg, M., Dillinger, J., and Stamp, J. 2005. âPenetration Testing of Industrial Control Systems.â Sandia Report SAND2005-2846P. Sandia National Laboratories. 7 Mar. References
References 77 Energy Sector Control Systems Working Group 2014. âCybersecurity Procurement Language for Energy Delivery Systems.â Apr. Fischer, E. 2013. âFederal Laws Relating to Cybersecurity: Overview and Discussion of Proposed Revisions.â Congressional Research Service. 20 Jun. FISMA 2013. DOT Has Made Progress but Its Systems Remain Vulnerable to Significant Security Threats. Office of Inspector General Audit Report, November 22. Francy, F. 2014. âThe Aviation Information Sharing and Analysis Center.â Presented at the ICAC Conference. 15 Sept. Gartner, Inc. 2013. âGartner Says Cloud Computing Will Become the Bulk of New IT Spend by 2016.â Press Release. 24 Oct. Gilliland, A. 2014. âEnterprise Security Products.â Presented at RSA Conference 2014. Glasser, J. and Lindauer B. 2013. âBridging the Gap: A Pragmatic Approach to Generating Insider Threat Data.â Security and Privacy Workshops, 2013 IEEE, pp. 98â104. Institute of Electrical and Electronics Engineers. doi:10.1109/SPW.2013.37. Gopalakrishnan, K., Govindarasu, M., Jacobsonson, D., and Phares, B. 2013. âCyber Security for Airports.â International Journal for Traffic and Transport Engineering, 3(4): pp. 365â376. Guttman, B. and Roback, E. A. 1995. An Introduction to Computer Security: The NIST Handbook. NIST Special Publication 800-12. Honorof, M. 2013a. âWhy the NSAâs PRISM Program Shouldnât Surprise You.â TechNewsDaily. www.technewsdaily. com/18291-prism-shouldnt-surprise-you.html. 7 Jun. Honorof, M. 2013b. âHow to Secure Your Cloud Storage.â Tomâs Guide. www.tomsguide.com/us/howto-secure- cloud-storage,review-1799.html. 29 Jul. HSN Consultants, Inc. âThe Nilson Report.â Issue 1024, Aug. IBM 2014. IBM Security Services 2014 Cyber Security Intelligence Index. Information Security Standards 2014. Summary of ISO/IEC 27002:2013. IsecT Ltd. www.iso27001security.com/ html/27002.html (As of Oct. 23, 2014). Infosecurity Magazine 2008. âCyber Security Lacking at Airports.â www.infosecuritymagazine.com/news/cyber- security-lacking-at-airports/. 7 Mar. Infrastructure Security and Energy Restoration Committee 2007. â21 Steps to Improve Cyber Security of SCADA Networks.â U.S. Department of Energy. 1 Jan. Jansen, W. and Grance, T. 2011. Guidelines on Security and Privacy in Public Cloud Computing. Draft NIST Special Publication 800-144. Dec. Janssen, C. 2014. âIT Infrastructure.â Technopedia. www.techopedia.com/definition/29199/it-infrastructure. 21 Nov. Joint Task Force Transformation Initiative 2012. Security and Privacy Controls for Federal Information Systems and Organizations. NIST Special Publication 800-53 Revision 4. Feb. Kaiser, L. 2012. â2013â2023 Transportation Industrial Control Systems Cybersecurity Standards Strategy.â U.S. Department of Homeland Security. Karol, G. 2013. â5 Steps to Recovery After Your Business Has Been Hacked.â FOXBusiness. smallbusiness.foxbusiness. com/technology-web/2013/02/19/5-steps-to-recovery-afteryour-business-has-been-hacked/. 19 Feb. Khalaf, S. 2014. âMobile Use Grows 115% in 2013, Propelled by Messaging Apps.â Flurry from Yahoo. blog.flurry. com/default.aspx?Tag=Apps. 13 Jan. Kimery, A. 2014. âTunisian Hackers Announce Cyber Jihad Against U.S. Banks, Airport Computer Systems.â www.hstoday.us. 4 Jul. Klein, A. 2012. âMan-in-the-Browser: Citadel Trojan Targets Airport Employees with VPN Attack.â Blog post. Trusteer. 14 Aug. Kumar, A. 2012. âAirport VPN Hacked Using Citadel Malware.â The Hacker News. Web. 16 Aug. Kumar, M. 2011. âCatania airport website hacked, Moroccan Suspected!â The Hacker News. Web. Lofgren, A. 2013. âPracticing Safe BYOD: Is Your Data at Risk?â All Things D. Dow Jones & Company Inc. allthingsd.com/20130827/practicing-safe-byod-is-your-data-at-risk/. 27 Aug. Marfatia, M. 2014. âHow Legacy Code Is Exposing Business and Government Systems.â Security Info Watch. www.securityinfowatch.com/article/11386786/advanced-persistent-threats-plagueapplications-that-were- written-decades-ago-in-deadprogramming-languages. 8 Apr. Marks, J. 2013. âFAA Considers Putting NextGen Weather System in the Cloud.â Nextgov. www.nextgov.com/ cloud-computing/2013/02/faa-considers-putting-nextgen-weather-system-cloud/61319/. 14 Feb. McAfee 2014. âMcAfee Labs Threats Report.â www.mcafee.com/us/resources/reports/rp-quarterly-threat- q4-2013.pdf (As of Nov. 15. 2014). McGraw, G. 2006. Software Security: Building Security In. Upper Saddle River, NJ: Addison-Wesley Professional. Mercedes, K. and Winograd, T. 2008. âEnhancing the Development Life Cycle to Produce Secure Software.â Data & Analysis Center for Software. Oct.
78 Guidebook on Best Practices for Airport Cybersecurity Merriam-Webster Dictionary 2014. Encyclopedia Britannica. Inc. www.merriam-webster.com/. MinneapolisâSt. Paul Metropolitan Airports Commission 2014. âOperating Budget.â Minnesota. MITRE Corporation 2014a. âSoftware Assurance, Making Security Measurable.â measurablesecurity.mitre.org/ directory/areas/softwareassurance.html (As of Oct.30, 2014). MITRE Corporation 2014b. CAPEC-1000: Mechanism of Attack, Common Attack Pattern Enumeration and Classification. 7 Nov. capec.mitre.org (Last Viewed May 5, 2015). MS-ISAC 2014. MS-ISAC Membership Overview. National Initiative for Cybersecurity Education (NICE) 2014. National Cybersecurity Workforce Framework, Version 1.0, May 2014. National Institute of Standards and Technology. niccs.us-cert.gov/training/national- cybersecurity-workforce-framework. NIST 2012. Guide for Conducting Risk Assessments. NIST Special Publication 800-30 Revision 1. Sept. NIST 2014. âFramework for Improving Critical Infrastructure Cybersecurityâ Version 1, 14 Feb. Orlando Aviation Authority 2014. âOrlando International Airport and Orlando Executive Airport Budget Fiscal Year 2014â2015.â City of Orlando, Florida. Paganini, P. 2013. âIstanbul Ataturk International Airport Targeted by a Cyber Attack.â Securityaffairs.co. 28 Jul. Palmer, D. 2013. âEducation Helps Miami International Airport Reduce Threat of 20,000 Cyber Attacks a Day.â Computing. www.computing.co.uk/ctg/news/2276385/education-helps-miami-international-airportreduce- threat-of-20-000-cyber-attacks-a-day. 20 Jun. PCI Security Standards Council 2013. Payment Card Industry (PCI) Data Security Standard: Requirements and Security Assessment Procedures. Version 3.0. Nov. Peters, G. and Woosley, T. 2009. âThe New Sustainable Airport Manual.â Presented at Airports Going Green Conference 2009. Phifer, L. 2013. âBYOD Security Strategies: Balancing BYOD Risks and Rewards.â TechTarget SearchSecurity. n.p. searchsecurity.techtarget.com/feature/BYOD-security-strategies-Balancing-BYOD-risksand-rewards. Jan. Phneah, E. 2013. âBYOD and the Consumerization of IT: Five Security Risks of Moving Data in BYOD Era.â ZDnet. www.zdnet.com/five-securityrisks-of-moving-data-in-byod-era-7000010665/. 4 Feb. Port Authority of New York & New Jersey no date. National Alliance to Advance NextGen. www.panynj.gov/ airports/nextgen.html (As of Nov. 11, 2014). Purnell, J., Hough, R., White, R., Gonzalez, S., Haley, F., Hyde, M., Willis, J., de Grandis, G., and Walfish, J. 2012. ACRP Report 59: Information Technology Systems at AirportsâA Primer, Washington, DC: Transportation Research Board. Rainie, L., Anderson, J., and Connolly, J. 2014. âCyber Attacks Likely to Increase.â Pew Research Internet Project. Pew Research Center. www.pewinternet.org/2014/10/29/cyber-attacks-likely-to-increase/. 29 Oct. Ranasinghe, D. 2014. âTechnology the Backbone of Worldâs Best Airportâ TechEdge, A CNBC Special Report. www.cnbc.com/id/101521255#. 30 Mar. Razo, J. R. 2012. âOverview of Best Practices for Protecting Sensitive Information.â Presented at Dartmouth Collegeâs Securing the eCampus 2012 Conference, July 17. www.ists.dartmouth.edu/docs/ecampus/2012/ 2012ecampus_razo.pdf. Rios, B. 2014. âPulling the Curtain on Airport Security.â Presented at the BlackHat 2014 Conference. Roadmap to Secure Control Systems in the Transportation Sector Working Group 2012. âRoadmap to Secure Control Systems in the Transportation Sector.â Control Systems Security Program, National Cybersecurity Division, U.S. Department of Homeland Security. Aug. Rouse, M. 2011. âEndpoint Security.â TechTarget. Web. Jun. Sawyer, R. 2007. The Seven Military Classics of Ancient China. New York: Basic Books. Selvan, S. 2013. âDubai International Hacked by Portugal Cyber Army.â E Hacking News. Web. 19 Apr. 2013. Silowash, G., Cappelli, D., Moore, A. P., Trzeciak, R. F., Shimeall, T. J., and Flynn, L. 2012. Common Sense Guide to Mitigating Insider Threats, 4th Edition. Software Engineering Institute, December. Software Assurance Marketplace 2014. Currently Available Open Source Assurance Tools. Morgridge Institute for Research. continuousassurance.org/solutions/tool-selection/ (As of Oct. 30, 2014). Souppaya, M. and Scarfone, K. 2013. Guidelines for Managing the Security of Mobile Devices in the Enterprise. NIST Special Publication 800-124 Revision 1. Stapleton, T. 2014. âHuman Error: The Biggest Cyber Security Threat?â Strategic Risk. n.p. www.strategic-riskglobal. com/human-error-the-biggest-cyber-securitythreat/1410557.article. 30 Oct. Stotts, R. and Lippenholz, S. 2014. âCyber Hunting: Proactively Track Anomalies to Inform Risk Decisions.â Booz Allen Hamilton. www.boozallen.com/insights/2013/03/cyber-hunting-proactively-track-anomalies- to-inform-risk-decisions (As of Oct. 22, 2014). Stouffer, K., Falco, J., and Scarfone, K. 2013. Guide to Industrial Control Systems Security. NIST Special Publication 800-82, Revision 1. May.
References 79 Strahler, S. 2014. âA New Job Title for 2014: CISO.â Crainâs Chicago Business. www.chicagobusiness.com/article/ 20140913/ISSUE02/309139997/a-new-job-title-for-2014-ciso. 15 Sept. Sullivan, A. 2013. âObama Budget Makes Cybersecurity a Growing U.S. Priority.â Reuters. 10 Apr. Transportation Security Administration 2014. Security Technologies. www.tsa.gov/about-tsa/security-technologies (As of October 30, 2014). U.S. Department of Energy 2008. âCommon Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program.â Office of Electricity Delivery and Energy Reliability. Nov. U.S. Department of Energy 2014. âNational SCADA Test Bed Fact Sheet, Office of Electricity Delivery and Energy Reliability.â energy.gov/sites/prod/files/oeprod/DocumentsandMedia/NSTB_Fact_Sheet_FINAL_09-16-09. pdf (Last Viewed Nov. 21, 2014). U.S. Department of Homeland Security 2009. âCyber Security Procurement Language for Control Systems.â Control Systems Security Program, National Cyber Security Division. Sept. U.S. Department of Homeland Security 2010. âCyber Security Assessments of Industrial Control Systems.â ics-cert. uscert.gov/sites/default/files/documents/Cyber_Security_Assessments_of_Industrial_Control_Systems.pdf. Nov. U.S. Department of Homeland Security 2012. âFederal Continuity Directive 1.â Oct. Verizon 2012. Verizon Enterprise Risk and Incident Sharing Metrics Framework. White paper. Verizon 2014. âVerizon 2014 PCI Compliance Report.â www.verizonenterprise.com/pcireport/2014/ (As of June 16, 2014). Vijay 2014. âAirports Authority of India (AAI) Hacked, Critical Data Compromised.â TechWorm. www.techworm. net/2014/09/airports-authority-of-india-hacked.html. 24 Sept. White House 2009. âCyberspace Policy Review.â www.whitehouse.gov/assets/documents/Cyberspace_Policy_ Review_final.pdf Wi-Fi Alliance 2015. Discover Wi-Fi: Security. http://www.wi-fi.org/discover-wi-fi/security (Last Viewed May 5, 2015).