Managing information systems security and privacy

Managing Information Systems Security and Privacy

Volumn , Issue , 2006, Pages 1-236

  Trček, Denis ^a  

^a JO EF STEFAN INSTITUTE   (Slovenia)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84892804004     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.1007/3-540-28104-5     Document Type: Book

References (378)

1. Burrows M., Abadi M., Needham R.: Logic of Authentication. SRC Research Report No. 39, Digital Equipment Corporation, (1989)
2. Denning D.E.: Cryptography and Data Security. Addison Wesley, Boston, (1982)
3. Diller A.: Z - An Introduction to Formal Methods. John Wiley & Sons, Chichester, (1994)
4. International Standards Organization: Information Technology - Code of Practice for Information Security Management, ISO 17799, Geneva, (2000)1
5. International Standards Organization: Information Technology - Guidelines for the Management of IT Security. Parts 1 through 5, ISO, Geneva, (1996, 1997, 1998, 2000)
6. Kendall K.E., Kendall J.E.: Systems Analysis and Design. Prentice Hall, Upper Saddle River, (1999)
7. Laudon K. C, Laudon J. P.: Management Information Systems - Organization and Technology. Prentice Hall, Upper Saddle River, (2003)
8. Menezes A.J., van Oorschot P.C., Vanstone S.A.: Handbook of Applied Cryptography. CRC Press, New York, (2001)
9. Powers M. D.: The Internet Legal Guide. John Wiley & Sons, New York, (2002)
10. Schneier B.: Applied Cryptography. John Wiley & Sons, New York, (1996)
11. Stallings W.: Cryptography and Network Security. Prentice Hall, Upper Saddle River, (2003)
12. Sterman J.: Business Dynamics - Systems Thinking for a Complex World. McGraw Hill, New York, (2000)
13. Tanenbaum A.S.: Computer networks. Prentice Hall, Upper Saddle River, (1996)
14. Abadi M., Needham R.: Prudent Engineering Practice for Cryptographic Protocols. SRC Research Report No. 125, Digital Corporation, Palo Alto (1994)
15. Aberdeen Group: Evaluating the Cost of Ownership for Digital Certificate Projects. Aberdeen Group, Boston, (1998)
16. Adams C, Farrell S.: Internet X.509 Public Key Infrastructure Certificate Management Protocols. IETF RFC 2510, Reston, (1999)
17. Adams C, Gilchrist J.: The CAST-256 Encryption Algorithm. IETF RFC 2612, Reston, (1999)
18. Agrawal M., Kayal N., Saxena N.: Primes Is in P. Preprint, (2002), http://www.cse.iitk.ac.in/primality.pdf
19. Ajtai M., Dwork C: A Public-Key Cryptosystem with Worst-Case / Average-Case Equivalence. Proceedings of the 29th ACM STOC, ACM, New York (1997)
20. Aljifri H., Sanchez D. N.: International Legal Aspects of Cryptography. Computers & Security, Vol. 22, No. 3, pp. 196-203, Elsevier, (2003)
21. Alliance for Telecommunications Industry Solutions: ATIS Telecom Glossary 2000, ATIS Committee T1A1, Ref. Tl.523-2001, NIST, Gaithersburg, (2001), http://www.atis.org/tg2k
22. Alvarez G., Petrović S.: A New Taxonomy of Web Attacks Suitable for Efficient Encoding. Computers & Security, Vol. 22, No. 5, pp. 435-449, Elsevier, (2003)
23. American National Standards Institute: Financial Institution Key Management (Wholesale). Standard X9.17, Washington D.C., (1985)
24. Amoroso E.G.: Fundamentals of Computer Security Technology. Prentice Hall, Upper Saddle River, (1994)
25. Anderson D. et al.: Preliminary System Dynamics Maps of the Insider Cyber Threat Problem. John Wiley & Sons, Proceedings of the 22nd Conference of the SDS, Oxford, (2004)
26. Anderson R. J.: Whither Cryptography. Information Management & Computer Security, Vol. 2, No. 5, pp. 13-20, Emerald, (1994)
27. Anderson R.J., Kuhn M.: Tamper Resistance - a Cautionary Note. Proceedings of the Second USENIX Workshop on Electronic Commerce, pp. 1-11, Oakland, (1996)
28. Anderson R.J.: Security Engineering. John Wiley & Sons, New York, (2001)
29. Annoni M., Javornik T., Kandus G., Mohorčič M., Švigelj A., Trček D., Hu Y.F., Maral G., Ferro E.: Service Efficient Network Interconnection Via Satellite. John Wiley & Sons, New York, (2001)
30. Asiani T.: A Taxonomy of Security Faults in the UNIX Operating System. Purdue University, M.Sc. Thesis, Lafayette, (1995)
31. Association of Chief Police Officers :Good Practice Guide for Computer Based Evidence. Computer Crime Group, London, (2003)
32. Ayoade J. O., Kosuge T.: Breakthrough in Privacy Concerns and Lawful Access Conflicts. Telematics and Informatics, Vol. 19, No. 4, pp. 273-289, Elsevier, (2002)
33. Baker & Mc Kenzie: Global E-Commerce Law. Baker & Mc Kenzie, Chicago, (2002), http://www.bmck.com/ecommerce/intlegis-t.htm
34. Baldwin R., Rivest R.: The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms. IETF RFC 2040, Reston, (1996)
35. Barrett N.: Penetration and Social Engineering - Hacking the Weakest Link. Information Security Technical Report, Vol. 8, No. 4. pp. 56-64, Elsevier, (2003)
36. Bartel M., Boyer J., Fox B., LaMacchia B., Simon B.: XML-Signature Syntax and Processing. W3C REC-xmldsig-core-20020212, Cambridge / Sophia Antipolis / Kanagawa, (2002), http://www.w3.org/TR/2002/REC-xmldsig-core-20020212
37. Bell D.E., LaPadula L.J.: Secure Computer Systems - Mathematical Foundations. Mitre Corp., ESD-TR-73-278, Washington D.C., (1973)
38. Bell D.E., LaPadula L.J.: Secure computer System. MITRE, Technical Report, MTR-2997, Bedford, (1976)
39. Bella G., Riccobene E.: A Realistic Environment for Crypto-Protocol Analyses by ASMs. Proc. of Workshop on Abstract State Machines, pp. 127-138, Magdeburg, (1998)
40. Bergkamp L.: EU Data Protection Policy. Computer Law & Security, Vol. 18, No. 1. pp. 31-47, Elsevier, (2002)
41. Berinato S.: Calculated Risk. CSO Online, December 2002, CXO Media Inc., Framingham, (2002), http://www.csoonline.com/read/120902/calculate.html
42. Berners-Lee T, Fielding R., Masinter L.: Uniform Resource Identifiers (URI) -Generic Syntax. IETF RFC 2396 Reston (1998)
43. Bishop M., Bailey D.: A Critical Analysis of Vulnerability Taxonomies. University of California at Davis, TR CSE-96-11, Davis, (1996)
44. Black E.P. (editor): Dictionary of Algorithms and Data Structures. NIST, Washington D.C., (2005), http://www.nist.gov/dads
45. Blum M., Micali S.: How to Generate Cryptographically Strong Sequences of Pseudo-Random Bits. Journal on Computing, Vol. 13., No. 4., pp. 850-864, SIAM, (1984)
46. Blum L., Blum M., Shub M.: A Simple Unpredictable Pseudo-Random Number Generator. Journal on Computing, Vol. 15, No. 2, pp. 364-383, SIAM, (1986)
47. Blyth A., CunlifFe D., Sutherland I.: Security Analysis of XML Usage and XML Parsing. Computers & Security, Vol. 22, No. 6, pp. 494-505, Elsevier, (2003)
48. Boer B., Bosselaers A.: Collisions for the Compress Functions of MD5. Euro-crypt '93 Lecture Notes in Computer Science, Vol; 773, pp. 294-304, Springer Verlag, Heidelberg, (1993)
49. Borshchev A., Filippov A.: From System Dynamics and Discrete Event to Practical Agent Based Modelling - Reasons, Techniques, Tools. John Wiley & Sons, Proceedings of the 22nd Conference of the SDS, Oxford, (2004)
50. Bosak J., Bray T., Connolly D., Maler E., Nicol G., Sperberg-McQueen C, Wood L., Clark J. (editors):"Guide to the W3C XML Specification DTD, Version 2.1. W3C DTD Specification Version 2.1, Cambridge / Sophia Antipolis / Kanagawa, (1998), http://www.w3.org/XML/1998/06/xmlspec-report-v21.htm#AEN49
51. Boyd C: Security Architectures Using formal Methods. IEEE Journal on Selected Areas in Communications, Vol. 11, No. 3, pp. 694-701, IEEE, (1993)
52. Börger E.: The Origins and the Development of the ASM Method for High Level System Design and Analysis. Journal of Universal Computer Science, Vol. 8, No. 1, pp. 2-74, Graz, (2002)
53. Bray T., Paoli J., Sperberg-McQueen CM., Maler E., Yergeau F. (editors): Extensible Markup Language (XML) 1.1. W3C REC-xmlll-20040204, Cambridge / Sophia Antipolis / Kanagawa, (2004), http://www.w3.org/TR/xmlll/
54. Brewer D.F.C., Nash M.J.: The Chinese Wall Security Policy. Proceedings of IEEE Symposium on Research in Security & Privacy, pp. 206-214, New York, (1989)
55. Brezinski D., Killalea T.: Guidelines for Evidence Collection and Archiving. IETF RFC 3227, Reston, (2002)
56. British Standards Institute: Code of Practice For Information Security Management. BSI, BS 7799, London, (1999)
57. British Standards Institute: Information Security Management Systems. BSI, BS 7799-2, London, (2002)
58. Broder J.F.: Risk Analysis - The Security Survey. Butterworth - Heinemann, Woburn, (2000)
59. Bundesahmt für Sicherheit in der Informationstechnik: IT Baseline Protection Manual. BSI, Bonn, (2003) http://www.bsi.bund.de/english/gshb/manual/ index.htm.
60. Burrows M., Abadi M., Needham R.: Logic of Authentication. SRC Research Report Number 39, Digital Equipment Corporation - DEC, (1989), http://gatekeeper.research.compaq.com/pub/DEC/SRC/research-reports/abstracts/ src-rr-039.html
61. Burrows M., Abadi M., Needham R.: Logic of Authentication. ACM Transactions on Computer Systems, Vol. 8, No. 1, pp. 18-36, ACM, New York, (1990)
62. Buzzard K.: Adequate Security - What Exactly Do You Mean? Computer Law & Security, Vol. 19, No. 5, pp. 406-410, Elsevier, (2003)
63. Callas J., Donnerhacke L., Finney H., Thayer R.: OpenPGP Message Format. IETF RFC 2440, Reston, (1998)
64. Campbell K., Wiener M.: Proof That DES is Not a Group. Proceedings of the Crypto 1992, Springer Verlag, Heidelberg, (1992)
65. Cantor S., Kemp J., Philpott R., Maler E. (editors): Assertions and Protocols for the OASIS Security Assertion Markup Language v 2.0. OASIS saml-core-2.0-os, Billerica, (2005), http://docs.oasis-open.Org/security/saml/ v2.0/
66. Carey P., Rüssel C: Data Protection - Security/Data Security - The Key to Privacy. Computer Law & Security Report, Vol. 18, No. 2, pp. 112-113, Elsevier, (2002)"
67. Center for Democracy & Technology: Anti-Spyware Legislation on Fast Track Through House. Center for Democracy & Technology, Washington D.C., (2004), http: //www.cdt.org/privacy/spy ware/
68. CERT/CC: CERT/CC " Advisories. CERT, Pittsburgh, (2005), http: / / www xert.org/advisories/
69. Chadwick D.W., Otenko A.: The PERMIS X.509 Role Based Privilege Management Infrastructure. Proceedings of the 7th ACM Symposium on Access Control Models and Technologies, pp. 135-140, Monterey, (2002)
70. Chadwick D.W., Mundy D., New J.: Experiences of Using PKI to Access a Hospital Information System by High Street Opticians. Computer Communications, Vol. 26, No )
71. Charvat J.: Project Management Methodologies - Selecting, Implementing, and Supporting Methodologies and Processes for Projects. John Wiley & Sons, New York, (2003)
72. Chase N.: XML Primer Plus. SAMS Publishing, Indianapolis, (2003)
73. Chaum D.: Blind Signatures for Untraceable Payments. Advances in Cryptol-ogy, Proceedings of the ACM Crypto '82, pp. 199-203, New York, (1983)
74. Chaum D.: Security Without Identification - Transaction Systems to Make the big Brother Obsolete. Communications of the ACM, Vol. 28, No. 10, pp. 10301044, New York, (1985)
75. Chaum D., Fiat A., Naor M.: Untraceable Electronic Cash. Proceedings of Crypto '88, pp. 319-327, Springer Verlag, (1990)
76. Chaum D.: Online Cash Checks. Proceedings of Eurocrypt '89, pp. 288-293, Springer Verlag, (1990)
77. Cheswick W.R., Bellovin S.M.: Firewalls and Internet Security. Addison-Wesley, Reading, (1994)
78. Chirillo J., Blaul S.: Implementing Biometrie Security. John Wiley & Sons, Indianapolis, (2003)
79. Christensen E., Curbera F., Meredith G., Weerawarana S.: Web Services Description Language (WSDL) v 1.1. W3C 2001/NOTE-wsdl-20010315, Cambridge / Sophia Antipolis / Kanagawa, (2001), http://www.w3.org/TR/2001/NOTE-wsdl- 20010315
80. Clark D.D., Wilson D.R.: A Comparison of Commercial and Military Computer Security Policies. Proceedings of IEEE Symposium on Research in Security & Privacy, New York, (1987)
81. Clark J., DeRose S.: XML Path Language (XPath) v 1.0. W3C REC-xpath-19991116, Cambridge / Sophia Antipolis / Kanagawa, (1999), http://www.w3.org/TR/1999/REC-xpath-19991116
82. Clark J.: XSL Transformations (XSLT) v 1.0. W3C REC-xslt-19991116, Cambridge / Sophia Antipolis / Kanagawa, (1999), http://www.w3.org/TR/1999/REC- xslt-19991116
83. Clement L., Hatley A., von Riegen C, Rogers T. (editors): UDDI v 3.0.2. OASIS, Billerica, (2004), http://uddi.Org/pubs/uddi-v3.0.2-20041019.htm
84. COBIT Steering Committee: Overview. Information Systems Audit and Control Foundation, Rolling Meadows, (1998)
85. Coffey T., Dojen R., Flanaga T.: Formal Verification - An Imperative Step in the Design of Security Protocols. Computer Networks, Vol. 2003, No. 43, pp. 601-618, Elsevier, (2003)
86. Cohen F.B.: Information System Attacks: A Preliminary Classification Scheme. Computers & Security, Vol. 16, No. 1, pp. 29-46, Elsevier, (1997)
87. Coles R.S., Moulton R.: Operationalizing IT Risk Management. Computers & Security, Vol. 22, No. 6, pp. 487-493, Elsevier, (2003)
88. Collis J., Ndumu D.: The Zeus Agent Building Toolkit. Parts 1 through 4, British Telecom, London, (1999)
89. Coloyannides M.: Society Cannot Function Without Privacy. Security & Privacy, Vol. 2, No. 3, pp. 84-86, IEEE, (2003)
90. Corell L.C.: Brainstorming Reinvented - A Corporate Communications Guide to Ideation. SAGE Publications, Thousand Oaks, (2004)
91. Council of Europe: On the Protection of Personal Data Used for Employment. Recommendation No. R (89) 2, Strasbourg, (1989), http://cm.coe.int/ta/rec/1989/89r2.htm
92. Council of Europe: CyberCrime Convention. ETS No. 185, Budapest, (2001), http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htm
93. Crannor L.F. (editor): P3P Guiding Principles. W3C Recommendation NOTE-P3P10-principles-19980721, Cambridge / Sophia Antipolis / Kanagawa, (2002), http://www.w3.org/TR/1998/NOTE-P3P10-principles-19980721
94. Crocker D.H.: Standard for the Format of ARPA Internet Text Messages. IETF RFC 822, Reston, (1982)
95. Culley A.: Computer Forensics - Past, Present and Future. Information Security Technical Report, Vol. 8, No. 2, pp. 32-36, Elsevier, (2003)
96. Daniels M.: Integrating Simulation Technologies With Swarm. Agent Simulation - Applications, Models, and Tools Conference, Chicago, (1999), http://www.santafe.edu/ mgd/anl/anlchicago.html
97. David J.: Incident Response. Network Security, Vol. 2003, No. 9. pp. 17-19, Elsevier, (2003)
98. Denning D. E.: Cryptography and Data Security. Addison Wesley, Boston, (1982)
99. Denning D.E., Brandstad D.K.: A Taxonomy for Key Escrow Encryption Systems. Communications of the ACM, Vol. 39, No. 3, pp. 34-40, ACM, (1996)
100. Denning D. E.: Information Warfare and Security. Addison Wesley, Boston, (1999)
101. Der-Chyuan L., Jiang-Lung L.: Steganographic Method for Secure Communications. Computers & Security, Vol. 21, No. 5, pp. 449-460, Elsevier, (2002)
102. Devargas M.: Survival is Not Compulsory. Computers & Security, Vol. 18, No. 1, pp. 35-46, Elsevier, (1999)
103. Diffie W., Hellman M.: New Directions in Cryptography. Transactions on Information Theory, Vol. 22, No. 6, pp. 644-654, New York, (1976)
104. Diffie W., Hellman M.: Exhaustive Cryptanalysis of the NBS Data Encryption Standard. Computer, Vol. 10, No. 6, pp. 74-84, IEEE, (1977)
105. Dijkstra E.W., Schölten CS.: Predicate Calculus and Program Semantics. Springer Verlag, Heidelberg, (1990)
106. Diller A.: Z - An Introduction to Formal Methods. John Wiley & Sons, Chichester, (1994)
107. Dobbertin H.: The Status of MD5 After a Recent Attack. CryptoBytes, Vol. 2, No. 3, pp. 1-6, RS A Labs, Redwood City, (1996)
108. Dournaee B.: XML Security. McGraw-Hill, New York, (2002)
109. Du W., Mathur A.P.: Categorization of Software Errors That Lead to Security Breaches. Proceedings of the 21st National Information Systems Security Conference, p. ?, Arlington, (1998)
110. Du W., Mathur A.P.: Testing the Software Vulnerability Using Environment Perturbation. Proceedings of the International Conference on Dependable Systems and Networks, pp. 603-612, New York, (2000)
111. Eastlake D.E., Niles K.: Secure XML - The New Syntax for Signatures and Encryption. Addison Wesley, Boston, (2003)
112. Editorial: Port Scanning Legal in US. Network Security, Vol. 2001, No. 1, p. 2, Elsevier, (2001)
113. Editorial: 17 Ways to Crack Passwords. Network Security, Vol. 2003, No. 8, pp. 1-2, Elsevier, (2003)
114. Electronic Privacy Information Center: Privacy Law Sourcebook. EPIC, Washington D.C., (2001)
115. ElGamal T.: A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory, Vol. 31, No. 4, pp. 469-472, IEEE, (1985)
116. Ellison C, Frantz B., Lampson B., Rivest R., Thomas B., Ylonnen T.: SPKI Certificate Theory. IETF RFC 2693, Reston, (1999)
117. European Commission: Data Protection Directive, 95/64/EC. Official Journal of the European Communities, L 281, 23/11/1995, Brussels, (1995)
118. European Commission: Telecommunications Data Protection Directive, 97/66/EC. Official Journal of the European Communities, L 024, 30/1/1998, Brussels, (1998)
119. European Commission: Setting up a Community Regime for the Control of Exports of Dual-use Items and Technology. Official Journal of the European Communities, L 159, 30/06/2000, Brussels, (2000)
120. European Commission: Amending Regulation with Regard to IntraCommunity Transfers and Exports of Dual-use Items and Technology. Official Journal of the European Communities, L 336, 30/12/2000, Brussels, (2000)
121. European Commission: A Community Framework for Electronic Signatures, 1999/93/EC. Official Journal of the European Communities, L 013, 19/01/2000, Brussels, (2000)
122. European Commission: Amending Regulation With Regard to the List of Controlled Dual-use Items and Technology When Exported. Official Journal of the European Communities, L 065, 07/03/2001, Brussels, (2001)
123. European Commission: Directive on the Harmonization of Certain Aspects of Copyright and Related Rights in the Information Society. Official Journal of the European Communities, L 167/10, 22/6/2001, Brussels, (2001)
124. European Commission: Privacy and Electronic Communications Directive, 02/58/EC. Official Journal of the European Communities, L201, 31/7/2002, Brussels, (2002)
125. European Telecommunications Standards Institute: Baseline Security Standards - Features and Mechanisms. Security Techniques Advisory Group, Standard DTR/NA-002608, Sophia Antipolis, (1996)
126. Evans J.R., Olson D.L.: Simulation and Risk Analysis. Prentice Hall, Upper Saddle River, (1998)
127. Fallside D.C., Walmsley P. (editors): XML Schema - Primer. W3C REC-xmlschema-0-20041028, Cambridge / Sophia Antipolis / Kanagawa, (2004), http://www.w3.org/TR/xmlschema-0/
128. Farmer D.: Striking a Balance Between Security and Privacy. Card Technology Today, Vol. 14, No. 3, pp. 11-12, Elsevier, (2002)
129. Farrel S., Housley R.: An Internet Attribute Certificate Profile for Authorization. IETF RFC 3281, Reston, (2002)
130. Feistel H.: Cryptography and Computer Privacy. Scientific American, Scientific American, Vol. 228, No. 5, pp. 15-23, New York, (1973)
131. Fenn C, Shooter R., Allan K.: IT Security Outsourcing. Computer Law & Security, Vol. 18, No. 2, pp. 109-111, Elsevier, (2002)
132. Fielding R. et al: Hypertext Transfer Protocol - HTTP v 1.1. RFC 2616, IETF, Reston, (1999)
133. Florio L., Wierenga K.: Eduroam, Providing Mobility for Roaming Users. Proceedings of EUNIS '05 Conference, p. ?, Manchester, (2005)
134. Forrester J.: Industrial Dynamics - A Major Breakthrough for Decision Makers. Harvard Business Review, Vol. 36, No. 4, pp. 37-66, Cambridge, (1958)
135. Forrester J.: Industrial Dynamics. MIT Press, Cambridge, (1961)
136. Forte D.: Biometrics - Future Abuses. Computer Fraud & Security, Vol. 2003, No. 10, pp. 12-14, Elsevier, (2004)
137. Foundation for Intellignet Agents: FIPA Agent Management Specification. FIFA SC00023J, Geneva, (2002)
138. Freed N., Borenstein N.: Multipurpose Internet Mail Extensions, part 1. IETF RFC 2045, Reston, (1996)
139. Freier, A.O., et al.: Secure Sockets Layer Protocol (version 3). Netscape Corp., Mountain View, (1996), http://wp.netscape.com/eng/ssl3/index.html
140. Fukuyama F.: Trust - The Social Virtues and the Creation of Prosperity. Free Press, New York, (1996)
141. Fumy W.: From Common Criteria to Elliptic Curves. ISO Bulletin, Vol. 2000, No. 6, pp. 20-25, ISO, (2000)
142. Fung R.A., Farn K.J., Lin A.C.: A Study on the Certification of the Information Security Management Systems. Computer Standards & Interfaces, Vol. 2003, No. 25, pp. 447-461, Elsevier, (2003)
143. Geer D.: Risk Management is Still Where the Money Is. Computer, Vol. 36, No. 12, pp. 129-131, IEEE, (2003)
144. Geihs K.: Middleware Challenges Ahead, IEEE Computer, Volume 34, No. 6, pp. 24-31, IEEE, Washington D.C., (2001)
145. Gerberick D.: Developing E-business Trust. Security, Vol. 38, No. 9, pp. 37-40, ?, (2001)
146. Goldreich O.: Cryptography and Cryptographic Protocols. Distributed Computing, Vol. 16, No. 2-3, pp. 177-199, Springer Verlag, (2003)
147. Gong L., Needham R., Yahalom R.: Reasoning About Belief in Cryptographic Protocols. Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 234-248, Oakland, (1990)
148. Gonzales J. M. et al.: Key Recovery for the Commercial Environment. International Journal on Information Security, Vol. 1, No. 3, pp. 161-174, Springer Verlag, Heidelberg, (2002)
149. Gonzalez J.J., Sawicka A.: A Framework for Human Factors in Information Security. Proceedings of the WSEAS Conference on Security, HW/SW Codesign, E-Commerce and Computer Networks, Rio de Janeiro, (2002)
150. Gonzalez J.J. (editor): From Modeling to Managing Security - A System Dynamics Approach. Hoyskole Forlaget AS, Kristiansand, (2003)
151. Government of Canada - Communications Security Establishment: Canadian Handbook on Information Technology Security. Government of Canada, Ottawa, (1998)
152. Grandison T., Sloman M.: A Survey of Trust in Internet Applications. IEEE Communications Surveys, Vol. 2000, No. 4, pp. 2-13, IEEE, (2000)
153. Grimm R., Ochsenschläger P.: Binding Telecooperation - A Formal Model for Electronic Commerce. Computer Networks, Vol. 2001, No. 37, pp. 171-193, Elsevier, (2001)
154. Grosso P., Maler E., Marsh J., Walsh N. (editors): XPointer Framework. W3C REC-xptr-framework-20030325, Cambridge / Sophia Antipolis / Kanagawa, (2003), http://www.w3.org/TR/2003/REC-xptr-framework-20030325
155. Guessoum Z., Briot J.P.: From Active Objects to Autonomous Agents. IEEE Concurrency, Vol. 7, No. 3, pp. 68-76, IEEE, (1999)
156. Gunara-Chen G.: The Art of Intrusion Testing. Information Security Technical Report, Vol. 8, No. 4, pp. 6-13, Elsevier, (2003)
157. Gupta J.N.D., Sharma S.K. (editors): Intelligent enterprises of the 21s4 century. Idea Group Inc., Hershey, (2004)
158. Gutman P.: PKI Is Not Dead, Just Resting. IEEE Computer, Vol. 35, No. 8, pp. 41-49, New York, (2002)
159. Haas H. Brown A. (editors): Web Services Glossary. W3C NOTE-ws-gloss-20040211, Cambridge / Sophia Antipolis / Kanagawa, (2004). http://www.w3.Org/TR/2004/NOTE-ws-gloss-20040211/#securitymechanism
160. Haller N.M.: The S/Key One-Time Password System. Proceedings of the ISOC SNDSS, pp. 151-157, San Diego, (1994)
161. Halliday D. et al.: EU Update: Baker & McKenzies Regular Article Tracking Developments in EU Law Relating to IP, IT & Telecommunications. Computer Law & Security Report, Vol. 19, No. 2, pp. 61-64, Elsevier, (2003)
162. Hansen M., Kohntopp K., Pfitzmann A.: The Open Source Approach - Opportunities and Limitations With Respect to Security and Privacy. Computers & Security, Vol. 21, No. 5, pp. 461-471, Elsevier, (2002)
163. Harkins D., Carel D.: The Internet Key Exchange (IKE). IETF RFC 2409, Reston, (1998)
164. Hearn J.: Does CC Paradigm Have a Future? Security & Privacy, Vol. 2004, No. 1, pp. 64-65, IEEE, (2004)
165. Hendry M.: Smart Card Security and Applications. Artech House, Norwood, (1997)
166. Hinde S.: Privacy Legislation - A Comparison of the US and EU Approaches. Computers & Security, Vol. 22, No. 5, pp. 378-387, Elsevier, (2003)
167. Hinde S.: Careless About Privacy. Computers & Security, Vol. 22, No. 4, pp. 284-288, Elsevier, (2003)
168. Hirsch F., Philpott R., Maler E. (editors): Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) v 2.0. OASIS saml-sec-consider-2.0-os, Billerica, (2005), http://docs.oasis-open .org/security /saml / v2.0/
169. Holzmann J.G.: Design and Validation of Computer Protocols. Prentice Hall, London, (1991)
170. Hopcroft J.E., Ullman J.D.: Introduction to Automata Theory, Languages and Computation. Addison Wesley, Boston, (1979)
171. Hollins B.: Brainstorming Products for the Long-term Future. Creativity and Innovation Management, Vol. 8, No. 4, pp. 286-293, Blackwell Publishing, Oxford, (1999)
172. Housley R. et al.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile. IETF RFC 2459, Reston, (1999)
173. Housley R., Hoffman P.: Internet X.509 Public Key Infrastructure Operational Protocols - FTP and HTTP. IETF RFC 2585 Reston (1999)
174. Hoyle D.: ISO 9000 Quality Systems Handbook. Butterworth-Heinemann, Oxford, (1998)
175. Hunter P.: Quantum Cryptography Latest - Promises to Boost Security Within a Decade but Won't End the Arms Race. Computer Fraud & Security, Vol. 2002, No. 3, pp. 14-15, Elsevier, (2002)
176. Hwang J., Wu K., Liu D.: Access Control With Role Attribute Certificates. Computer Standards & Interfaces, Vol. 22, No. 1, pp. 43-53, Elsevier, (2000)
177. I'Anson C, Mitchell C: Security Defects in CCITT Recommendation X.509. ACM SIGCOMM, Vol. 20, No. 2, pp. 30-40, New York, (1990)
178. Imamura T., Dillaway B., Simon E.: XML Encryption Syntax and Processing. W3C REC-xmlenc-core-20021210, Cambridge / Sophia Antipolis / Kanagawa, (2002), http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/
179. International Labor Organization: Protection of Workers Personal Data. ILO Code of Practice, ILO, Geneva, (1997)
180. International Standards Organization: Information Processing - Text and Office Systems - Standard Generalized Markup Language (SGML). ISO 8879, Geneva, (1986)
181. International Standards Organization: Information Processing Systems - Open Systems Interconnection - Basic Reference Model, Security Architecture, part 2. ISO 7498-2, Geneva, (1989)
182. International Standards Organization: Information Processing Systems - Open Systems Interconnection - Basic Reference Model - The Basic Model. ISO 7498-1, Geneva, (1994)
183. International Standards Organization: Banking and Related Financial Services Information Security Guidelines. TC 68 / SC 2, ISO 13569, Geneva, (1997)
184. International Standards Organization: IT / 8-bit Single-byte Coded Graphic Character Sets / Part 1: Latin Alphabet No. 1. ISO/IEC 8859-1, Geneva, (1998)
185. International Standards Organization: Common Criteria, Security Techniques Evaluation Criteria for IT Security. IS 15408, parts 1 through 3. Geneva, (1999)
186. International Standards Organization: IT - Management of Information and Communications Technology Security, Part 1: Concepts and Models for Information and Communications Technology Security Management. ISO / IEC 13335-1, Geneva, (2004)
187. International Standards Organization: IT - Guidelines for the Management of IT Security, Part 2: Managing and Planning. ISO / IEC TR 13335-2, Geneva, (1997)
188. International Standards Organization: IT - Guidelines for the Management of IT Security, Part 3: Techniques for the Management of IT Security. ISO / IEC TR 13335-3, Geneva, (1998)
189. International Standards Organization: IT - Guidelines for the Management of IT Security, Part 4: Selection of Safeguards. ISO / IEC TR 13335-4, Geneva, (2000)
190. International Standards Organization: IT - Guidelines for the Management of IT Security, Part 5: Management Guidance on Network Security. ISO / IEC TR 13335-5, Geneva, (2001)
191. International Standards Organization: IT - Code of Practice for Information Security Management. ISO 17799, Geneva, (2000)
192. International Standards Organization: IT - Z Formal Specification Notation -Syntax, Type System and Semantics. ISO / IEC 13568, Geneva, (2002)
193. International Standards Organization: IT - Security techniques - Hash-functions - Part 3: Dedicated Hash Functions. ISO 10118-3, Geneva, (2003)
194. International Standards Organization: Identification Cards - Integrated Circuit Cards With Contacts. ISO 7816 1 through 6, Geneva, (1998-2004)
195. International Standards Organization: Identification Cards - Contactless Integrated Circuit Cards. ISO 10536 1 through 6, Geneva, (1996-2000)
196. Internet Security Systems: X-Force Web Archives. ISS, Atlanta, (2005), http://xforce.iss.net/
197. ITU-T: IT - Open Systems Interconnection - The Directory: Overview of Concepts, Models and Services. Recommendation X.500, Geneva, (1997)
198. ITU-T: IT - Open Systems Interconnection - The Directory - Public Key and Attribute Certificate Frameworks. X.509 v4, Geneva, (2000)
199. Jaweed S.: Could There Ever be a Unitary Digital Certificate? Information Security Journal, Vol. 8, No. 3, pp. 36-44, Elsevier, (2003)
200. Joint Research Centre, PricewaterhouseCooopers: Final Report - GUIDES. Deliverable D5.2, (2002), http://eprivacyforum.jrc.it
201. Josang A.: A Logic for Uncertain Probabilities. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, Vol. 9, No. 3, pp. 279-311, World Scientific Publishing Company, New York, (2001)
202. Jurisic A., Menezes A.: Elliptic Curves and Cryptography. Dr. Dobb's Journal, Vol. 1997, No. 264, pp. 26-37, CMP Media, (1997)
203. Jutla D.N., Bodorik P.: Sociotechnical Architecture for Online Privacy. Security & Privacy, Vol. 4, No. 2, pp. 29-39, IEEE, (2005)
204. Jiirjens J.: Secure Systems Development with UML. Springer Verlag, Heidelberg, (2004)
205. Kalakota R., Robinson M., Tapscott D.: e-Business 2.0 - Roadmap for Success. Addison-Wesley, Reading, (2000)
206. Kaler C. (editor): Web Services Security (WS-Security), v 1.0. IBM, Cambridge / Sophia Antipolis / Kanagawa 2002, http://www-106.ibm.com/ developerworks/webservices/library/ws-secure
207. Kaliski B.: Certification Request Syntax - PKCS #10. IETF RFC 2314, Reston, (1998)
208. Kalin T., Kandus G., Trcek D., Novak R., Suselj M.: Smart-card and IP-based Infrastructure for a Health-care Information System in Slovenia. Proceedings of the INET 2000 - The internet global summit, Internet Society, Yokohama, (2000)
209. Katzenbeisser S., Petitcolas A.P.F.: Information Hiding Techniques for Steganography and Digital Watermarking. Artech house, Boston, (2000)
210. Keller S.S.: NIST-Recommended Random Number Generator Based on ANSI X9.31, Appendix A.2.4 Using the 3-Key Triple DES and AES Algorithms. NIST, Washington D.C., (2005)
211. Kemmerer R.A., Vigna G.: Intrusion Detection - A Brief History and Overview. Security & Privacy, Vol. 35, No. 5, pp. 27-30, IEEE, (2002)
212. Kemp G.: Auditing - The Future of IT Security. Computer Fraud & Security, Vol. 2001, No. 10, pp. 15-18, Elsevier, (2001)
213. Kendall K.E., Kendall J.E.: Systems Analysis and Design. Prentice Hall, Upper Saddle River, (1999)
214. Kenneally E.: The Byte Stops Here - Duty and Liability for Negligent Internet Security. IEEE Computer Security Journal, Vol. 16, No. 4, pp. 1-26, IEEE, (2000) "
215. Kent S., Atkinson R.: Security Architecture for the Internet Protocol. IETF RFC 2401, Reston, (1998)
216. Kent S., Atkinson R.: IP Authentication Header (AH). IETF RFC 2402, Reston, (1998)
217. Kent S., Atkinson R.: IP Encapsulating Security Payload (ESP). IETF RFC 2406, Reston, (1998)
218. King S.: Threats and Solutions to Web Services Security. Network Security, Vol. 2003, No. 9, pp. 8-12, Elsevier (2003)
219. Kocher P.C., Jaffe J., Jun B.: Differential Power Analysis. Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, Lecture Notes In Computer Science, Vol. 1666, pp. 388-397, Springer Verlag, Heidelberg, (1999)
220. Koops B. J.: Crypto Law Survey. Tilburg, (2004), http://rechten.uvt.nl/ koops/cryptolaw/
221. Krawczyk, H.: SKEME - A Versatile Secure Key Exchange Mechanism for Internet. IEEE Proceedings of the 1996 Symposium on Network and Distributed Systems Security, pp. 114-127, San Diego, (1996)
222. Krawczyk H., Bellare M., Canetti R.: HMAC - Keyed-Hashing for Message Authentication. IETF RFC 2104, Reston, (1997)
223. Krsul I.: Software Vulnerability Analysis. Purdue University, PhD Thesis, Lafayette, (1998)
224. Krutz R.L., Vines R.D.: The CISSP Preparation Guide - Mastering the Ten Domains of Computer Security. John Wiley & Sons, New York, (2001)
225. Lamport L.: Password Authentication with Insecure Communication. Communications of ACM, Vol. 24, No. 11, pp. 770-772, ACM, (1981)
226. Lampson B.: Computer Security in the Real World. Computer, Vol. 37, No. 6, pp. 37-46, IEEE, (2004)
227. Lancaster S.: Public Key Infrastructure - A Micro and Macro Analysis. Computer Standards & Interfaces, Vol. 25. No. 5, pp. 437-446, Elsevier, (2003)
228. Landwehr CE. et al.: A Taxonomy of Computer Program Security Flaws. ACM Computing Surveys, Vol. 26, No. 3, pp. 211-254, New York, (1994)
229. Laudon K. C, Laudon J. P.: Management Information Systems. Prentice Hall, Upper Saddle River, (2003)
230. Leach J.: Improving User Security Behavior. Computers & Security, Vol. 22, No. 8, pp. 685-692, Elsevier, (2003)
231. Le Hors A., Le Hegaret P., Wood L., Nicol G., Robie J., Champion M., Byrne S. (editors): Document Object Model (DOM) Level 3 Core Specification v 1.0. W3C REC-DOM-Level-3-Core-20040407, Cambridge / Sophia Antipolis / Kanagawa, (2004), http://www.w3.org/TR/2004/REC-DOM-Level-3-Core- 20040407
232. Lesk M.: Micropayments - An Idea Whose Time Has Passed Twice? Computers & Security, Vol. 3, No. 1, pp. 61-63, Elsevier, (2004)
233. Lie H., Bos B.: Cascading Style Sheets, level 1. W3C REC-CSS1-19990111, Cambridge / Sophia Antipolis / Kanagawa, (1999), http://www.w3.org/TR/1999/REC- CSSl-19990111
234. Liu S., Silverman M.: A Practical Guide to Biometrie Security Technology. IT Pro, Vol. 3, No. 1, pp. 27-32, IEEE, (2001)
235. Lobo C: Security Log Management. Network Security, Vol. 2003, No. 11, pp. 6-9, Elsevier, (2003)
236. Locard E.: Manuel de technique policiére. Payot, Paris, (1934)
237. Logrippo L., Melanchuk T., Wors R.J.D.: The Algebraic Specification Language LOTOS. ACM SIGSOFT Software Engineering Notes, Vol. 15, No. 4, pp. 59-66, ACM, (1990)
238. Lopez J., Oppliger R., Pernul G.: Authentication and Authorization Infrastructures - A Comparative Survey. Computers & Security, Vol. 23, No. 7, pp. 578-590, Elsevier, (2004)
239. Madson C, Glenn R.: The Use of HMAC-MD5 within ESP and AH. IETF RFC 2403, Reston, (1998)
240. Makridakis S., et al.: The Forecasting Accuracy of Major Time Series Methods. John Wiley & Sons, Chichester, (1986)
241. Manny H. C: Personal Privacy - Transatlantic Perspective. Computer Law & Security, Vol. 19, No. 1, pp. 4-10, Elsevier, (2003)
242. Marchesini J., Smith S.W., Zhao M.: Keyjacking - The Surprising Insecurity of Client-Side SSL. Computers & Security.Vol. 24, No. 2, pp. 109-123, Elsevier, (2005)
243. MasterCard Cardholder Solutions: Secure Electronic Payment Protocol. Draft standards, parts 1 through 4, St. Louis, (1995), http://www.x5.net/faqs/ crypto/ql40.html
244. Maughan D., Schertier M., Schneider M., Turner J.: Internet Security Association and Key Management Protocol (ISAKMP). IETF RFC 2408, Reston, (1998)
245. May C: Dynamic Corporate Culture Lies at the Heart of Effective Security Strategy. Computer Fraud & Security, Vol. 2003, No. 5, pp. 10-13, Elsevier, (2003)
246. McClure S., Scambray J, Kurtz G.: Hacking Exposed. McGraw-Hill, New York, (2003)
247. Mead N. R.: Who Is Liable for Insecure Systems? IEEE Computer, Vol. 37, No. 7, pp. 27-34, IEEE, (2004)
248. Meiseis L, Saaltink M.: The Z/EVES Reference Manual. ORA TR-97-5493-03d, Ottawa, (1997)
249. Menezes A.J., van Oorschot P.C., Vanstone S.A.: Handbook of Applied Cryptography. CRC Press, New York, (2001)
250. Meunchinger E. N.: Information Privacy Regulation: The EU Model and the French Model. Computer Law & Security Report, Vol. 17, No. 6, pp. 390-394, Elsevier, (2001)
251. Mills D.L.: Network Time Protocol (Version 3) Specification. IETF RFC 1305, Reston, (1992)
252. Miller R.: US to EU on Software Patents: "We sold out, you should too". NewsForge, (2004), http://trends.newsforge.com/trends/04/06/09/.
253. MITRE Corp.: Common Vulnerabilities and Exposures Database. MITRE, Washington D.C., (2005), http://cvs.mitre.org
254. Mockapetris P.: Domain Names - Concepts and Facilities. IETF RFC 1034, Reston, (1987)
255. Moses T. (editor): extensible Access Control Markup Language (XACML), v2.0. OASIS Access-control-xacml-2.0-core-spec-cd-04, Billerica, (2004), http://docs.oasis-open.org/xacml/access-control-xacml-2.0-core-spec-cd-04.pdf
256. Mulej M., Likar B.: Increasing the Capacity of Companies to Absorb Inventions from Research Organizations and Encouraging People to Innovate. Cybernetics and Systems, Vol. 36, No. 5, pp. 491-512, Taylor and Francis, (2005)
257. Myers M., Akney R. Malpani A. Gaperin S. Adams C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. IETF RFC 2560 Reston (1999)
258. Nagappan R., Skoczylas R., Sriganesh R.P.: Developing Java Web Services. John Wiley & Sons, Indianapolis, (2003)
259. National Bureau of Standards: Data Encryption Standard. FIPS PUB 46, Washington D.C., (1977)
260. National Infrastructure Security Co-ordination Centre: Understanding Firewalls. NISCC Technical Note 10/04, rev. 2, London, (2005)
261. National Institute of Standards and Technology: Digital Signature Standard -DSS. FIPS 186, Washington D.C., (1994)
262. National Institute of Standards and Technology: An Introduction to Computer Security. NIST Special Publication 800-12, Washington D.C., (1996)
263. National Institute of Standards and Technology: Data Encryption Standard. FIPS PUB 46-3, Washington D.C., (1999)
264. National Institute of Standards and Technology: Advanced Encryption Standard. FIPS PUB 197, Washington D.C., (2001)
265. National Institute of Standards and Technology: Secure Hash Signature Standard. FIPS PUB 180-2, Washingotn D.C., (2002)
266. National Institute of Standards and Technology / SEMATECH: e-Handbook of Statistical Methods. NIST / SEMATECH, Gaithersburg / Austin, (2005), http://www.itl.nist.gov/div898/handbook/
267. Needham R.M., Schroeder M.D.: Using Encryption for Authentication in Large Networks of Computers. Communications of the ACM, Vol. 21, No. 12, pp. 993-999, ACM, (1978)
268. Network World: Executive Guide to Wireless Security. Network World Inc., Southborough, (2005)
269. Neumann B.C., T'so T.: Kerberos - An Authentication Service for Computer Networks. IEEE Comm. Magazine, Vol. 32, No. 9, pp. 33-38, IEEE, (1994)
270. Nguyen P, Stern J.: Cryptanalysis of the Ajtai-Dwork Cryptosystem. Proceedings of Crypto '98, Lecture Notes in Computer Science, Vol. 1462, pp. 223-242, Springer Verlag, Heidelberg, (1998)
271. Nichols R.K., Lekkas P.C.: Wireless Security - Models, Threats, and Solutions. McGraw-Hill, New York, (2002)
272. Niss H.: Application to Application Web Services - Interactive Web Services. Course materials, IT University of Copenhagen, Copenhagen, (2004), http://www.itu.dk/courses/IWSJ/E2004/slides/app2app.pdf
273. Northcutt S.: Network Intrusion Detection. New Riders Publishing, Indianapolis, (2002)
274. Novak, R.: Side-Channel Attack on Substitution Blocks. Proceedings of the Int. Conference on Applied Cryptography and Network Security 2003, Lecture Notes in Computer Science, Vol. 2846, pp. 307-318, Springer-Verlag, Heidelberg, (2003)
275. Object Management Group: Unified Modeling Language. OMG Specification v 1.5, OMG, Needham, (2003)
276. Odlyzko A.M.: The Case Against Micropayments. Proceedings of Financial Cryptography 03, Lecture Notes on Computer Science, No. 2742, pp. 77-83, Springer Verlag, Heidelberg, (2003)
277. Organization for Economic Co-operation and Development: Guidelines for Cryptography Policy. OECD, Paris, (1997)
278. Organization for Economic Co-operation and Development: Implementing The OECD "Privacy Guidelines" In The Electronic Environment: Focus On The Internet. DSTI/ICCP/REG(97)6/FINAL, OECD, Paris, (1998)
279. Orman H.: The OAKLEY Key Determination Protocol. IETF RFC 2412, Reston, (1998)
280. Palmer T.: PKI Needs Good Standards? Information Security Technical Report, Vol. 8, No. 3, pp. 6-13, Elsevier, (2003)
281. Parameswaran M., et al.: P2P Networking - An Information Sharing Alternative. IEEE Computer, Vol. 34, No. 7, pp. 31-37, IEEE, (2001)
282. Pelton J.N.: Wireless and Satellite Telecommunications. Prentice Hall, Upper Saddle River, (1995)
283. Pemble M.: Balancing the Security Budget. Computer Fraud & Security, Vol. 3, No. 10, pp. 8-11, Elsevier, (2003)
284. Pernul G.: Information Systems Security: Scope, State-of-the-art and Evaluation of Techniques. International Journal of Information Management, Vol. 15. No. 3, pp. 242-256, Elsevier, (1995)
285. Peyravian M., Roginsky A., Zunic N.: Non-PKI Methods for Public Key Distribution. Computers & Security, Vol. 2004, No. 23, pp. 97-103, Elsevier, (2004)
286. Piaget J.: Judgment and Reasoning in the Child. Routledge, London, (1999)
287. Piper D.: The Internet IP Security Domain of Interpretation for ISAKMP. IETF RFC 2407, Reston, (1998)
288. Piper F.: Some Trends in Research in Cryptography and Security Mechanisms. Computers & Security, Vol. 22, No. 1, pp. 22-25, Elsevier, (2003)
289. Pisa Consortium: Privacy Incorporate Software Agent. (2005), http://pet-pisa.openspace.nl
290. Postel J.B.: User Datagram Protocol (UDP). IETF RFC 768, Reston, (1981)
291. Postel J.B.: Internet Protocol (IP). IETF RFC 791, Reston, (1981)
292. Postel J.B. (editor): Transmission Control Protocol (TCP). IETF RFC 793, Reston, (1981)
293. Postel J.B.: Simple Mail Transfer Protocol. IETF RFC 821, Reston, (1982)
294. Postel J.B., Reynolds J.: File Transfer Protocol. IETF RFC 959, Reston, (1985)
295. Potter B.: Wireless Security policies. Network Security, Vol. 2003, No. 10, pp. 10-12, Elsevier, (2003)
296. Pounder C: The Emergence of a Comprehensive Obligation Towards Computer Security. Computers & Security, Vol. 21., No. 4., pp. 328-332, Elsevier, (2002)
297. Powers M. D.: The Internet Legal Guide. John Wiley & Sons, New York, (2002)
298. Prasad N., Rugieri M.: Technology Trends in Wireless Communications. Artceh House, London, (2003)
299. Priami C: Preface to the Special Issue on Security in Global Computing. International Journal on Information Security, Vol. 2, No. 3-4, p. 125, Springer Verlag, (2004)
300. Ramsdell B. (editor): S/MIME Version 3 Message Specification. IETF RFC 2633, Reston, (1999)
301. Räpple M.: Sicherheitskonzepte für das Internet, dpunkt-Verlag, Heidelberg, (2001)
302. Regan K.: Wireless LAN Security - Things You Should Know About WLAN Security. Network Security, Vol. 03, No. 1, pp. 7-9, Elsevier, (2003)
303. Reid C.R., Floyd S.A.: Extending the Risk Analysis Model to Include Market-Insurance. Computers & Security, Vol. 20, No. 4, pp. 331-339, Elsevier, (2001)
304. Reiser H., Volker G.: A Honeynet within the German Network - Experiences and Results. Lecture Notes in Informatics, Vol. 46, pp. 113-128, Springer Verlag, Heidelberg, (2004)
305. Rivest R.L., Shamir A., Adleman L.M.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, Vol. 21, No. 2, pp. 120-126, ACM, (1978)
306. Rivest R.: The MD5 Message Digest Algorithm. RFC 1321, IETF, Reston, (1992)
307. Rivest R., Shamir A.: PayWord and MicroMint - Two Simple Micropayment Schemes. Lecture Notes In Computer Science, Vol. 1189, pp. 69-87, Springer Verlag, Heidelberg, (1996)
308. Rivest R.: The Case Against Regulating Encryption Technology. Scientific American, Vol. 10, No. 10, pp. 88-89, New York, (1998)
309. Rivest R.L.: Can We Eliminate Revocation Lists? Proceedings of Financial Cryptography 98, Lecture Notes in Computer Science, Vol. 1465, pp. 178-183, Springer Verlag, Heidelberg, (1998)
310. Roe M.: CA Requirements. PASSWORD Project R. 2.5 document. Cambridge, (1993)
311. Roesh M. et al: Snort™Users Manual. The Snort Project, (2004), http://www.snort.org
312. RSA Laboratories: The RSA Laboratories' Frequently Asked Questions About Today's Cryptography, v 4.1. RSA Security Inc, Bedford, (2000)
313. Rüppel R.A.: A Formal Approach to Security Architectures. Proceedings of Eurocrypt 91, pp. 387-398, Brighton, (1991)
314. Sammes T., Jankinson B.: Forensic Computing - A Practitioners Guide. Springer Verlag, Heidelberg, (2000)
315. SANS institute: SANS/FBI Top 20 Vulnerabilities List. SANS, Bethesda, (2005), http://www.sans.org/resources/
316. Saxby S.: New Copyright Regulations Make Their Debut. Computer Law & Security Report, Vol. 19, No. 2, p. 443, Elsevier, (2003)
317. Saxby S.: EU Gets Tough on Intellectual Property Piracy. Computer Law & Security, Vol. 20, No. 3, p. 163, Elsevier, (2004)
318. Schneier B.: Description of a New Variable-Length Key, 64-Bit Block Cipher. Proceedings of Fast Software Encryption '93, pp. 191-204, Springer Verlag, Heidelberg, (1994)
319. Schneier B.: Applied Cryptography. John Wiley & Sons, New York, (1996)
320. Schneier B.: Secrets and Lies - Digital Security in a Networked World. John Wiley & Sons, New York, (2000)
321. Schneier B.: Regulating Cryptography. Crypto-Gram Newsletter, Vol. 4, No. 09/01, p. ?, Counterpane Inc., Mountain View, (2001), http://www.schneier.eom/ crypto-gram-0109a.html#5
322. Schneier B.: Hacking the Business Climate for Network Security. Computer, Vol. 37, No. 4, pp. 87-89, IEEE, (2004)
323. Schneier B.: SHA-1 Broken. Crypto-gram Newsletter, Vol. 8, No. 03/05, p. ?, Counterpane Internet Security, Mountain View, (2005), http://www.schneier. eom/crypto-gram-0503.html#l
324. Schultz E.: Security views. Computers & Security, Vol. 21, No. 4, pp. 293-302, Elsevier, (2002)
325. Schultz E.: The Gap Between Cryptography and Information Security. Computers & Security, Vol. 21, No. 8, pp. 674-676, Elsevier, (2002)
326. Schultz E.: Security Views. Computers & Security, Vol. 21, No. 8, pp. 677-688, Elsevier, (2002)
327. Schultz E.: Security Views. Computers & Security, Vol. 22, No. 7, pp. 559-569, Elsevier, (2003)
328. Schwartau W.: Information Warfare. Thunder's Mouth Press, New York, (1996)
329. Security Focus: Bugtraq Archives. Symantec corporation, Cupertino, (2005), http://www.securityfocus.com/
330. Shannon CE.: A Mathematical Theory of Communication. Bell Systems Technical Journal, Vol. 27, No. ? / No. ?, pp. 379-423 / pp. 623-656, ?, (1948)
331. Sharpe A., Rüssel C: Employee Monitoring. Computer Law & Security, Vol. 19, No. 5, pp. 411-415, Elsevier, (2003)
332. Shooman M.L.: Reliability of Computer Systems and Networks. John Wiley & Sons, New York, (2002)
333. Solovay R., Strassen V.: A Fast Monte-Carlo Test for Primality. SIAM Journal on Computing, Vol. 1977, No. 6, pp. 84-85, Philadelphia, (1977)
334. Spivey M. J.: The Z Notation - A Reference Manual. Prentice-Hall, London, (1989)
335. Srisuresh P., Holdrege M.: IP Network Address Translator (NAT) Terminology and Considerations. IETF RFC 2663, Reston, (1999)
336. Stallings W.: Cryptography and Network Security. Prentice Hall, Upper Saddle River, (2003)
337. Steinke G.: Data Privacy Approaches From US and EU Perspectives. Telematics and Informatics, Vol. 19, No. 2, pp. 193-200, Elsevier, (2000)
338. Stephenson P.: Applying Forensic Techniques to Information System Risk Management. Computer Fraud & Security, Vol. 2003, No. 12, pp. 17-19, Elsevier, (2003)
339. Sterman J.: Business Dynamics - Systems Thinking for a Complex World. McGraw Hill, New York,"(2000)
340. Stewart J.: Spam & Sobig - Arm in Arm. Network Security, Vol. 3, No. 10. pp. 12-16, Elsevier, (2003)
341. Stool C: The Cuckoo's Egg. Pocket Books, New York, (1990)
342. Stuart R., Norvig P.: Artificial Intelligence - A Modern Approach. Prentice Hall, New York, (1995)
343. Syverson P., van Oorschot P.: On Unifying Some Cryptographic Protocol Logic. IEEE Proceedings of the Symposium on Security & Privacy, pp. 14-28, Oakland, (1994)
344. Tanenbaum A.S.: Computer Networks. Prentice Hall, Upper Saddle River, (1996)
345. The Institute of Electrical and Electronics Engineers: Standards for Information Technology - Telecommunications and Information Exchange between Systems - Local and Metropolitan Area Network - Specific Requirements - Part 11 / Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. IEEE 802.11, Piscataway, (1999), http://grouper.ieee.org/groups/ 802/ll/main.html
346. Tittel E., Chappie M., Stewart J.M.: CISSP - Certified Information Systems Security Professional Study Guide. Cybex, Alameda, (2003)
347. Torrubia A. et al.: Cryptography Regulations for E-commerce and Digital Rights Management. Computers & Security, Vol. 20, No. 8, pp. 724-738, Elsevier, (2010)
348. Trcek D.: Organization of Certification Authorities in a Global Network. Computer Security Journal, Vol. 10, No. 1. pp. 71-81, Computer Security Institute, (1994)
349. Trcek D., Klobucar T., Jerman B.B., Bracun F.: CA-Browsing System - A Supporting Application for Global Security Services. IEEE Proceedings of the ISOC Symposium on Network and Distributed System Security, pp. 123-128, San Diego, (1994)
350. Trcek D., Jerman B.B.: Formal Language for Security Services Base Modeling and Analysis. Computer Communications, Vol. 18, No. 12, pp. 921-928, Elsevier, (1995)
351. Trcek D., Jerman B.B.: Certification Authorities in a Global Network - Procedures and Guidelines for a PKI. Australian Computer Journal, Vol. 29, No. 2, pp. 41-47, Sydney, (1997)
352. Trcek D.: Minimizing the Risk of Electronic Document Forgery. Computer Standards & Interfaces, Vol. 19, No. 2, pp. 161-167, Elsevier, (1998)
353. Trcek D., Novak R., Kandus G., Suselj M.: Slovene Smart-card and IP Based Health-care Information System Infrastructure. International Journal of Medical Informatics, Vol. 61. No. 1, pp. 33-43, Elsevier, (2001)
354. Trcek D.: Towards Trust Management Standardization. Computer Standards and Interfaces, Vol. 26, No. 6, pp. 543-548, Elsevier, (2004)
355. Trcek D.: Trust Formalization - From Taxonomy to Modeling and Simulation Framework. Proceedings of the IASTED International Conference on Software Engineering, pp. 297-302, Acta Press, Innsbruck, (2004)
356. Trcek D.: Business Dynamics Supported Security Policy Management. Proceedings of the 22nd Conference of the SDS, John Wiley & Sons, Oxford, (2004)
357. Trosow S.: Digital Millenium Copyright Act - Does Canada Really Need It? University of Toronto Information Rights Salon, (2003), http://www.fis.utoronto. ca/research/inforights/SamuelTrosow.htm
358. UK Government: UK Government Gateway. UK Government, (2005), http://www.gateway.gov.uk/
359. UN Commission on International Trade Law - UNCITRAL: Model Law on Electronic Commerce. UNCITRAL, Vienna, (1996) http://www.uncitral.org/english/ texts/elect-com/ecommerceindex.htm
360. UN Commission on International Trade Law: Model Law on Digital Signatures. UNCITRAL, Vienna, (2001) http://www.uncitral.org/english/texts/ elect-com/ecommerceindex.htm
361. Ungureanu V.: Formal Support for Certificate Management Policies. Computers & Security, Vol. 23, No. 4, pp. 300-311, Elsevier, (2004)
362. US Department of Defense: Trusted Computer System Evaluation Criteria. DoD, standard CSC-STD-001-83, Washington D.cJ (1983)
363. US Department of Justice: Electronic Crime Scene Investigation - A Guide for First Responders. NCJ-187736, Washington D.C., (2001)
364. US Government: e-Authentication Gateway, Washington D.C., (2005), http://www.cio.gov/eauthentication/
365. US Senate / House of Representatives: Digital Millennium Copyright Act - DMCA. US Senate / House of Representatives, Washington D.C., (1998) http://www.copyright.gov/legislation/dmca.pdf
366. US Senate / House of Representatives: Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 - CAN-SPAM Act of 2003, US Senate, Washington D.C., (2003), http://www.spamlaws.com/federal/108s877.html
367. Van de Hof S.: Digital Signature Law Survey. Tilburg, (2004), http://rechten.uvt.nl/simone/DS-LAWSU.htm
368. Wack J., Cutler K., Pole J.: Guidelines on Firewalls and Firewall Policy, NIST Special Publication 800-41, Gaithersburg, (2002)
369. Weinberg N.: Digital Dough Fails to Rise. Network World, 04/12/99, South-borough, (1999), http://www.nwfusion.com/news/1999/0412dough.html
370. Wilson P.: "Top-down" versus "Bottom-up" - Different Approaches to Security. Network Security, Vol. 2003, No. 12, pp. 17-19, Elsevier, (2003)
371. Wirtz B.: Biometrie System Security - part 1. Biometrie Technology Today, Vol. 11, No. 2, pp. 6-8, Elsevier, (2003)
372. Wirtz B.: Biometrie System Security - part 2. Biometrie Technology Today, Vol. 11, No. 3, pp. 8-9, Elsevier, (2003)
373. Wolfe-Wilson J., Wolfe B.H.: Management Strategies for Implementing Forensic Security Measures. Information Security Technical Report, Vol. 8, No. 2, pp. 55-64, Elsevier, (2003)
374. World Intellectual Property Organization: Primer On E-commerce and Intellectual Property Issues. WIPO, Geneva, (2000)
375. World Wide Web Consortium: Simple Object Access Protocol. W3C Recommendations TR 20030624, Parts 0, 1 and 2, Cambridge / Sophia Antipolis / Kanagawa, (2003), http://www.w3.org/TR/soap/
376. Xiaoping J.: ZTC - A Type Checker for Z Notation. User's Guide, Chicago, (1998)
377. Xuejia L, Massey J.L.: A Proposal for a New Block Encryption Standard. EUROCRYPT '90, pp. 389-404, Springer Verlag, Heidelberg, (1991)
378. Young K.: Overcoming PKI Obstacles. eWeek, January 4, CNET Networks Inc., (2001), http://www.zdnet.com/