The Internet has given rise to new opportunities for the public sector to improve efficiency and better serve constituents in the form of e-government. But with a rapidly growing user base globally and an increasing reliance on the Internet, digital tools are also exposing the public sector to new risks.
An accessible primer, Cybersecurity: Public Sector Threats and Responses focuses on the convergence of globalization, connectivity, and the migration of public sector functions online. It identifies the challenges you need to be aware of and examines emerging trends and strategies from around the world. Offering practical guidance for addressing contemporary risks, the book is organized into three sections:

1. Global Trends considers international e-government trends, includes case studies of common cyber threats and presents efforts of the premier global institution in the field
2. National and Local Policy Approaches examines the current policy environment in the United States and Europe and illustrates challenges at all levels of government
3. Practical Considerations explains how to prepare for cyber attacks, including an overview of relevant U.S. Federal cyber incident response policies, an organizational framework for assessing risk, and emerging trends

Also suitable for classroom use, this book will help you understand the threats facing your organization and the issues to consider when thinking about cybersecurity from a policy perspective.

Just say "no" to piles of sticky notes and scraps of paper with your passwords and logins! Keep track of them in this elegant, yet inconspicuous, alphabetically tabbed red leatherette notebook. In this 4" x 5.75" hardcover notebook with removable cover band, record the necessarily complex passwords and user login names required to thwart hackers. You'll find: Internet password safety and naming tips A to Z tabbed pages with space to list website, username, and five passwords for each Dedicated pages to record software license information, with spaces for license number, purchase date, renewal date, and monthly fee Dedicated pages to record network settings and passwords, including for modem, router, WAN, LAN, and wireless A notes section with blank lined pages This internet password logbook provides an easy way to keep track of website addresses, usernames, and passwords in one discreet and convenient location.

This book discusses a broad range of cyber security issues, addressing global concerns regarding cyber security in the modern era. The growth of Information and Communication Technology (ICT) and the prevalence of mobile devices make cyber security a highly topical and relevant issue. The transition from 4G to 5G mobile communication, while bringing convenience, also means cyber threats are growing exponentially. This book discusses a variety of problems and solutions including: * Internet of things and Machine to Machine Communication; * Infected networks such as Botnets; * Social media and networking; * Cyber Security for Smart Devices and Smart Grid * Blockchain Technology and * Artificial Intelligence for Cyber Security Given its scope, the book offers a valuable asset for cyber security researchers, as well as industry professionals, academics, and students.

This book highlights recent research advances on biometrics using new methods such as deep learning, nonlinear graph embedding, fuzzy approaches, and ensemble learning. Included are special biometric technologies related to privacy and security issues, such as cancellable biometrics and soft biometrics. The book also focuses on several emerging topics such as big data issues, internet of things, medical biometrics, healthcare, and robot-human interactions. The authors show how these new applications have triggered a number of new biometric approaches. They show, as an example, how fuzzy extractor has become a useful tool for key generation in biometric banking, and vein/heart rates from medical records can also be used to identify patients. The contributors cover the topics, their methods, and their applications in depth.

Faced with the compliance requirements of increasingly punitive information and privacy-related regulation, as well as the proliferation of complex threats to information security, there is an urgent need for organizations to adopt IT governance best practice. IT Governance is a key international resource for managers in organizations of all sizes and across industries, and deals with the strategic and operational aspects of information security. Now in its seventh edition, the bestselling IT Governance provides guidance for companies looking to protect and enhance their information security management systems (ISMS) and protect themselves against cyber threats. The new edition covers changes in global regulation, particularly GDPR, and updates to standards in the ISO/IEC 27000 family, BS 7799-3:2017 (information security risk management) plus the latest standards on auditing. It also includes advice on the development and implementation of an ISMS that will meet the ISO 27001 specification and how sector-specific standards can and should be factored in. With information on risk assessments, compliance, equipment and operations security, controls against malware and asset management, IT Governance is the definitive guide to implementing an effective information security management and governance system.

The technology controlling United States nuclear weapons predates the Internet. Updating the technology for the digital era is necessary, but it comes with the risk that anything digital can be hacked. Moreover, using new systems for both nuclear and non-nuclear operations will lead to levels of nuclear risk hardly imagined before. This book is the first to confront these risks comprehensively. With Cyber Threats and Nuclear Weapons, Herbert Lin provides a clear-eyed breakdown of the cyber risks to the U.S. nuclear enterprise. Featuring a series of scenarios that clarify the intersection of cyber and nuclear risk, this book guides readers through a little-understood element of the risk profile that government decision-makers should be anticipating. What might have happened if the Cuban Missile Crisis took place in the age of Twitter, with unvetted information swirling around? What if an adversary announced that malware had compromised nuclear systems, clouding the confidence of nuclear decision-makers? Cyber Threats and Nuclear Weapons, the first book to consider cyber risks across the entire nuclear enterprise, concludes with crucial advice on how government can manage the tensions between new nuclear capabilities and increasing cyber risk. This is an invaluable handbook for those ready to confront the unique challenges of cyber nuclear risk.

The essential reference for security pros and CCIE Security candidates: identity, context sharing, encryption, secure connectivity and virtualization Integrated Security Technologies and Solutions - Volume II brings together more expert-level instruction in security design, deployment, integration, and support. It will help experienced security and network professionals manage complex solutions, succeed in their day-to-day jobs, and prepare for their CCIE Security written and lab exams. Volume II focuses on the Cisco Identity Services Engine, Context Sharing, TrustSec, Application Programming Interfaces (APIs), Secure Connectivity with VPNs, and the virtualization and automation sections of the CCIE v5 blueprint. Like Volume I, its strong focus on interproduct integration will help you combine formerly disparate systems into seamless, coherent, next-generation security solutions. Part of the Cisco CCIE Professional Development Series from Cisco Press, it is authored by a team of CCIEs who are world-class experts in their Cisco security disciplines, including co-creators of the CCIE Security v5 blueprint. Each chapter starts with relevant theory, presents configuration examples and applications, and concludes with practical troubleshooting. Review the essentials of Authentication, Authorization, and Accounting (AAA) Explore the RADIUS and TACACS+ AAA protocols, and administer devices with them Enforce basic network access control with the Cisco Identity Services Engine (ISE) Implement sophisticated ISE profiling, EzConnect, and Passive Identity features Extend network access with BYOD support, MDM integration, Posture Validation, and Guest Services Safely share context with ISE, and implement pxGrid and Rapid Threat Containment Integrate ISE with Cisco FMC, WSA, and other devices Leverage Cisco Security APIs to increase control and flexibility Review Virtual Private Network (VPN) concepts and types Understand and deploy Infrastructure VPNs and Remote Access VPNs Virtualize leading Cisco Security products Make the most of Virtual Security Gateway (VSG), Network Function Virtualization (NFV), and microsegmentation

While many agencies struggle to comply with Federal Information Security Management Act (FISMA) regulations, those that have embraced its requirements have found that their comprehensive and flexible nature provides a sound security risk management framework for the implementation of essential system security controls. Detailing a proven approach for establishing and implementing a comprehensive information security program, FISMA Principles and Best Practices: Beyond Compliance integrates compliance review, technical monitoring, and remediation efforts to explain how to achieve and maintain compliance with FISMA requirements. Based on the author's experience developing, implementing, and maintaining enterprise FISMA-based information technology security programs at three major federal agencies, including the U.S. Department of Housing and Urban Development, the book gives you workable solutions for establishing and operating an effective security compliance program. It delineates the processes, practices, and principles involved in managing the complexities of FISMA compliance. Describing how FISMA can be used to form the basis for an enterprise security risk management program, the book: * Provides a comprehensive analysis of FISMA requirements * Highlights the primary considerations for establishing an effective security compliance program * Illustrates successful implementation of FISMA requirements with numerous case studies Clarifying exactly what it takes to gain and maintain FISMA compliance, Pat Howard, CISO of the Nuclear Regulatory Commission, provides detailed guidelines so you can design and staff a compliance capability, build organizational relationships, gain management support, and integrate compliance into the system development life cycle. While there is no such thing as absolute protection, this up-to-date resource reflects the important security concepts and ideas for addressing information security requirements

A Practical Introduction to Enterprise Network and Security Management, Second Edition, provides a balanced understanding of introductory and advanced subjects in both computer networking and cybersecurity. Although much of the focus is on technical concepts, managerial issues related to enterprise network and security planning and design are explained from a practitioner’s perspective.

Because of the critical importance of cybersecurity in today’s enterprise networks, security-related issues are explained throughout the book, and four chapters are dedicated to fundamental knowledge. Challenging concepts are explained so readers can follow through with careful reading.

This book is written for those who are self-studying or studying information systems or computer science in a classroom setting. If used for a course, it has enough material for a semester or a quarter.

FEATURES

Provides both theoretical and practical hands-on knowledge and learning experiences for computer networking and cybersecurity

Offers a solid knowledge base for those preparing for certificate tests, such as CompTIA and CISSP

Takes advantage of actual cases, examples, industry products, and services so students can relate concepts and theories to practice

Explains subjects in a systematic and practical manner to facilitate understanding

Includes practical exercise questions that can be individual or group assignments within or without a classroom

Contains several information-rich screenshots, figures, and tables carefully constructed to solidify concepts and enhance visual learning

The text is designed for students studying information systems or computer science for the first time. As a textbook, this book includes hands-on assignments based on the Packet Tracer program, an excellent network design and simulation tool from Cisco. Instructor materials also are provided, including PowerPoint slides, solutions for exercise questions, and additional chapter questions from which to build tests.

Table of Contents

1. Networking: Fundamental Concepts

2. Cybersecurity: Fundamentals

3. Essential Layers of Computer Networking

4. IP Address Planning and Management

5. Intermediary Devices

6. Wi-Fi and Cellular Network

7. Ethernet LAN

8. Cybersecurity: Threats

9. Cybersecurity: Network and Host Protection

10. Cybersecurity: Data Protection

11. Fundamentals of Packet Routing

12. Wide Area Network

13. Physical Layer Data Transmissions

Every year, in response to advancements in technology and new laws in different countries and regions, there are many changes and updates to the body of knowledge required of IT security professionals. Updated annually to keep up with the increasingly fast pace of change in the field, the Information Security Management Handbook is the single most comprehensive and up-to-date resource on information security and assurance.

Providing an up-to-date compilation of the fundamental skills, techniques, tools, and understanding required of IT security professionals, the Information Security Management Handbook, Sixth Edition, Volume 4 reflects the latest changes to information security and the CISSP(r) Common Body of Knowledge (CBK(r)). This edition updates the benchmark Volume 1 with a wealth of new information on mobile device security, adaptive threat defense, Web 2.0, virtualization, data leakage, and governance. New material also addresses risk management, business continuity planning, disaster recovery planning, and cryptography.

As the risks that threaten the security of our systems continue to evolve, it is imperative that those charged with protecting that information stay ahead of the curve. Also available in a fully searchable CD-ROM format, this comprehensive resource provides the up-to-date understanding required to keep you abreast of the latest developments, new vulnerabilities, and possible threats.

This book provides a framework for assessing China's extensive cyber espionage efforts and multi-decade modernization of its military, not only identifying the "what" but also addressing the "why" behind China's focus on establishing information dominance as a key component of its military efforts. China combines financial firepower-currently the world's second largest economy-with a clear intent of fielding a modern military capable of competing not only in the physical environments of land, sea, air, and outer space, but especially in the electromagnetic and cyber domains. This book makes extensive use of Chinese-language sources to provide policy-relevant insight into how the Chinese view the evolving relationship between information and future warfare as well as issues such as computer network warfare and electronic warfare. Written by an expert on Chinese military and security developments, this work taps materials the Chinese military uses to educate its own officers to explain the bigger-picture thinking that motivates Chinese cyber warfare. Readers will be able to place the key role of Chinese cyber operations in the overall context of how the Chinese military thinks future wars will be fought and grasp how Chinese computer network operations, including various hacking incidents, are part of a larger, different approach to warfare. The book's explanations of how the Chinese view information's growing role in warfare will benefit U.S. policymakers, while students in cyber security and Chinese studies will better understand how cyber and information threats work and the seriousness of the threat posed by China specifically. Provides a detailed overview and thorough analysis of Chinese cyber activities Makes extensive use of Chinese-language materials, much of which has not been utilized in the existing Western literature on the subject Enables a better understanding of Chinese computer espionage by placing it in the context of broader Chinese information warfare activities Analyzes Chinese military modernization efforts, providing a context for the ongoing expansion in China's military spending and reorganization Offers readers policy-relevant insight into Chinese military thinking while maintaining academic-level rigor in analysis and source selection

In the past several years, there has been an increasing trend in the use of Radio Frequency Identification (RFID) and Wireless Sensor Networks (WSNs) as well as in the integration of both systems due to their complementary nature, flexible combination, and the demand for ubiquitous computing. As always, adequate security remains one of the open areas of concern before wide deployment of RFID and WSNs can be achieved. Security in RFID and Sensor Networks is the first book to offer a comprehensive discussion on the security challenges and solutions in RFID, WSNs, and integrated RFID and WSNs, providing an essential reference for those who regularly interface with these versatile technologies. Exposes Security Risks The book begins with a discussion of current security issues that threaten the effective use of RFID technology. The contributors examine multi-tag systems, relay attacks, authentication protocols, lightweight cryptography, and host of other topics related to RFID safety. The book then shifts the focus to WSNs, beginning with a background in sensor network security before moving on to survey intrusion detection, malicious node detection, jamming, and other issues of concern to WSNs and their myriad of applications. Offers Viable Solutions In each chapter, the contributors propose effective solutions to the plethora of security challenges that confront users, offering practical examples to aid in intuitive understanding. The last part of the book reviews the security problems inherent in integrated RFID & WSNs. The book ends with a glimpse of the future possibilities in these burgeoning technologies and provides recommendations for the proactive design of secure wireless embedded systems.

It was an honor and a privilege to chair the 24th IFIP International Information Se- rity Conference (SEC 2009), a 24-year-old event that has become a tradition for - formation security professionals around the world. SEC 2009 was organized by the Technical Committee 11 (TC-11) of IFIP, and took place in Pafos, Cyprus, during May 18-20, 2009. It is an indication of good fortune for a Chair to serve a conference that takes place in a country with the natural beauty of Cyprus, an island where the hospitality and frie- liness of the people have been going together, hand-in-hand, with its long history. This volume contains the papers selected for presentation at SEC 2009. In response to the call for papers, 176 papers were submitted to the conference. All of them were evaluated on the basis of their novelty and technical quality, and reviewed by at least two members of the conference Program Committee. Of the papers submitted, 39 were selected for presentation at the conference; the acceptance rate was as low as 22%, thus making the conference a highly competitive forum. It is the commitment of several people that makes international conferences pos- ble. That also holds true for SEC 2009. The list of people who volunteered their time and energy to help is really long.

According to the Brookings Institute, an organization s information and other intangible assets account for over 80 percent of its market value. As the primary sponsors and implementers of information security programs, it is essential for those in key leadership positions to possess a solid understanding of the constantly evolving fundamental concepts of information security management. Developing this knowledge and keeping it current however, requires the time and energy that busy executives like you simply don t have.

Supplying a complete overview of key concepts, The Executive MBA in Information Security provides the tools needed to ensure your organization has an effective and up-to-date information security management program in place. This one-stop resource provides a ready-to use security framework you can use to develop workable programs and includes proven tips for avoiding common pitfalls so you can get it right the first time.

Allowing for quick and easy reference, this time-saving manual provides those in key leadership positions with a lucid understanding of:

• The difference between information security and IT security
• Corporate governance and how it relates to information security
• Steps and processes involved in hiring the right information security staff
• The different functional areas related to information security
• Roles and responsibilities of the chief information security officer (CISO)

Presenting difficult concepts in a straightforward manner, this concise guide allows you to get up to speed, quickly and easily, on what it takes to develop a rock-solid information security management program that is as flexible as it is secure.

User identification and authentication are essential parts of information security. Users must authenticate as they access their computer systems at work or at home every day. Yet do users understand how and why they are actually being authenticated, the security level of the authentication mechanism that they are using, and the potential impacts of selecting one authentication mechanism or another? Introducing key concepts, Mechanics of User Identification and Authentication: Fundamentals of Identity Management outlines the process of controlled access to resources through authentication, authorization, and accounting in an in-depth, yet accessible manner. It examines today's security landscape and the specific threats to user authentication. The book then outlines the process of controlled access to resources and discusses the types of user credentials that can be presented as proof of identity prior to accessing a computer system. It also contains an overview on cryptography that includes the essential approaches and terms required for understanding how user authentication works. This book provides specific information on the user authentication process for both UNIX and Windows. Addressing more advanced applications and services, the author presents common security models such as GSSAPI and discusses authentication architecture. Each method is illustrated with a specific authentication scenario.

"Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats" was developed by a group of leading researchers. It describes the fundamental challenges facing the research community and identifies new promising solution paths. Moving Target Defense which is motivated by the asymmetric costs borne by cyber defenders takes an advantage afforded to attackers and reverses it to advantage defenders. Moving Target Defense is enabled by technical trends in recent years, including virtualization and workload migration on commodity systems, widespread and redundant network connectivity, instruction set and address space layout randomization, just-in-time compilers, among other techniques. However, many challenging research problems remain to be solved, such as the security of virtualization infrastructures, secure and resilient techniques to move systems within a virtualized environment, automatic diversification techniques, automated ways to dynamically change and manage the configurations of systems and networks, quantification of security improvement, potential degradation and more.

"Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats" is designed for advanced -level students and researchers focused on computer science, and as a secondary text book or reference. Professionals working in this field will also find this book valuable.

The Internet of Things (IoT) is the notion that nearly everything we use, from gym shorts to streetlights, will soon be connected to the Internet; the Internet of Everything (IoE) encompasses not just objects, but the social connections, data, and processes that the IoT makes possible. Industry and financial analysts have predicted that the number of Internet-enabled devices will increase from 11 billion to upwards of 75 billion by 2020. Regardless of the number, the end result looks to be a mind-boggling explosion in Internet connected stuff. Yet, there has been relatively little attention paid to how we should go about regulating smart devices, and still less about how cybersecurity should be enhanced. Similarly, now that everything from refrigerators to stock exchanges can be connected to a ubiquitous Internet, how can we better safeguard privacy across networks and borders? Will security scale along with this increasingly crowded field? Or, will a combination of perverse incentives, increasing complexity, and new problems derail progress and exacerbate cyber insecurity? For all the press that such questions have received, the Internet of Everything remains a topic little understood or appreciated by the public. This volume demystifies our increasingly "smart" world, and unpacks many of the outstanding security, privacy, ethical, and policy challenges and opportunities represented by the IoE. Scott J. Shackelford provides real-world examples and straightforward discussion about how the IoE is impacting our lives, companies, and nations, and explain how it is increasingly shaping the international community in the twenty-first century. Are there any downsides of your phone being able to unlock your front door, start your car, and control your thermostat? Is your smart speaker always listening? How are other countries dealing with these issues? This book answers these questions, and more, along with offering practical guidance for how you can join the effort to help build an Internet of Everything that is as secure, private, efficient, and fun as possible.

Sensor networks differ from traditional networks in many aspects including their limited energy, memory space, and computational capability. These differentiators create unique security vulnerabilities. Security in Sensor Networks covers all aspects of the subject, serving as an invaluable reference for researchers, educators, and practitioners in the field. Containing thirteen invited chapters from internationally recognized security experts, this volume details attacks, encryption, authentication, watermarking, key management, secure routing, and secure aggregation, location, and cross-layer. It offers insight into attacking and defending routing mechanisms in ad hoc and sensor networks, and analyzes MAC layer attacks in 802.15.4 sensor networks. About the Author Before joining the Department of Computer Science at the University of Alabama in 2006, and his prior position at the University of Memphis in 2002, Dr. Yang Xiao was an accomplished Medium Access Control (MAC) architect deeply involved in IEEE 802.11 standard enhancement. A former voting member of IEEE 802.11 Working Group, he serves as editor or on the editorial boards of numerous prestigious journals that cover emerging topics within mobile and wireless computing. A co-editor of seven books, he also serves as a referee/reviewer for many funding agencies, as well as a panelist for the National Science Foundation.

In Online Predators, An Internet Insurgency: A Field Manual for Teaching and Parenting in the Digital Arena Jeffrey A. Lee brings his ten plus years' experience in the fight against online child exploitation to bear in an easy to follow guide for all with a stake in the life of a child. This book equips parents, guardians, extended family, and educational professionals with practical strategies to help keep kids safe in a technology connected world. Instead of focusing on ever changing technology, Lee proposes a key fundamental change in the fight against online predation-to develop an insatiable curiosity about their child's online life, then get in the front lines and stay there.

Port-based authentication is a "network access control" concept in which a particular device is evaluated before being permitted to communicate with other devices located on the network. 802.1X Port-Based Authentication examines how this concept can be applied and the effects of its application to the majority of computer networks in existence today. 802.1X is a standard that extends the Extensible Authentication Protocol (EAP) over a Local Area Network (LAN) through a process called Extensible Authentication Protocol Over LANs (EAPOL).

The text presents an introductory overview of port-based authentication including a description of 802.1X port-based authentication, a history of the standard and the technical documents published, and details of the connections among the three network components. It focuses on the technical aspect of 802.1X and the related protocols and components involved in implementing it in a network. The book provides an in-depth discussion of technology, design, and implementation with a specific focus on Cisco devices. Including examples derived from the 802.1X implementation, it also addresses troubleshooting issues in a Cisco environment. Each chapter contains a subject overview.

Incorporating theoretical and practical approaches, 802.1X Port-Based Authentication seeks to define this complex concept in accessible terms. It explores various applications to today's computer networks using this particular network protocol.

While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner. Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available. Organized into five sections, the book- -Focuses on setting the right road map so that you can be most effective in your information security implementations -Discusses cost-effective staffing, the single biggest expense to the security organization -Presents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectively -Identifies high-risk areas, focusing limited resources on the most imminent and severe threats -Describes how to manage the key access controls when faced with manual user management, how to automate user management tasks in a cost effective manner, and how to deal with security breaches Demonstrating strategies to maximize a limited security budget without compromising the quality of risk management initiatives, Information Security Cost Management helps you save your organization time and money. It provides the tools required to implement policies, processes, and training that are crucial to the success of a company's security.

This book presents a comprehensive mathematical theory that explains precisely what information flow is, how it can be assessed quantitatively - so bringing precise meaning to the intuition that certain information leaks are small enough to be tolerated - and how systems can be constructed that achieve rigorous, quantitative information-flow guarantees in those terms. It addresses the fundamental challenge that functional and practical requirements frequently conflict with the goal of preserving confidentiality, making perfect security unattainable. Topics include: a systematic presentation of how unwanted information flow, i.e., "leaks", can be quantified in operationally significant ways and then bounded, both with respect to estimated benefit for an attacking adversary and by comparisons between alternative implementations; a detailed study of capacity, refinement, and Dalenius leakage, supporting robust leakage assessments; a unification of information-theoretic channels and information-leaking sequential programs within the same framework; and a collection of case studies, showing how the theory can be applied to interesting realistic scenarios. The text is unified, self-contained and comprehensive, accessible to students and researchers with some knowledge of discrete probability and undergraduate mathematics, and contains exercises to facilitate its use as a course textbook.

This book constitutes the refereed proceedings of the 35th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2020, held in Maribor, Slovenia, in September 2020. The conference was held virtually due to the COVID-19 pandemic. The 29 full papers presented were carefully reviewed and selected from 149 submissions. The papers present novel research on theoretical and practical aspects of security and privacy protection in ICT systems. They are organized in topical sections on channel attacks; connection security; human aspects of security and privacy; detecting malware and software weaknesses; system security; network security and privacy; access control and authentication; crypto currencies; privacy and security management; and machine learning and security.

The Critical Infrastructure Protection Survey recently released by Symantec found that 53% of interviewed IT security experts from international companies experienced at least ten cyber attacks in the last five years, and financial institutions were often subject to some of the most sophisticated and large-scale cyber attacks and frauds.

The book by Baldoni and Chockler analyzes the structure of software infrastructures found in the financial domain, their vulnerabilities to cyber attacks and the existing protection mechanisms. It then shows the advantages of sharing information among financial players in order to detect and quickly react to cyber attacks. Various aspects associated with information sharing are investigated from the organizational, cultural and legislative perspectives. The presentation is organized in two parts: Part I explores general issues associated with information sharing in the financial sector and is intended to set the stage for the vertical IT middleware solution proposed in Part II. Nonetheless, it is self-contained and details a survey of various types of critical infrastructure along with their vulnerability analysis, which has not yet appeared in a textbook-style publication elsewhere. Part II then presents the CoMiFin middleware for collaborative protection of the financial infrastructure.

The material is presented in an accessible style and does not require specific prerequisites. It appeals to both researchers in the areas of security, distributed systems, and event processing working on new protection mechanisms, and practitioners looking for a state-of-the-art middleware technology to enhance the security of their critical infrastructures in e.g. banking, military, and other highly sensitive applications. The latter group will especially appreciate the concrete usage scenarios included.