Building on classical queueing theory mainly dealing with single node queueing systems, networks of queues, or stochastic networks has been a field of intensive research over the last three decades. Whereas the first breakthrough in queueing network theory was initiated by problems and work in operations research, the second breakthrough, as well as subsequent major work in the area, was closely related to computer science, particularly to performance analysis of complex systems in computer and communication science.The text reports on recent research and development in the area. It is centered around explicit expressions for the steady behavior of discrete time queueing networks and gives a moderately positive answer to the question of whether there can be a product form calculus in discrete time. Originating from a course given by the author at Hamburg University, this book is ideally suited as a text for courses on discrete time stochastic networks.

This book constitutes the refereed proceedings of the 5th IFIP/IEEE International Conference on the Management of Multimedia Networks and Services, MMNS 2002, held in Santa Barbara, CA, USA, in October 2002.The 27 revised full papers presented were carefully reviewed and selected from a total of 76 submissions. The papers are organized in topical sections on service management, management of wireless multimedia, bandwidth sharing protocols, distributed video architectures, management systems, differentiated network services, user level traffic adaptation, and multicast congestion control.

Cooperative Information Systems have emerged as a central concept in a variety of applications, projects, and systems in the new era of e-business. The conference at which the papers in this volume were presented was the ninth international conference on the topic of Cooperative Information Systems (CoopIS 2001), and was held in Trento, Italy on September 5-7, 2001. Like the previous conferences, CoopIS 2001 has been remarkably successful in bringing together representatives of many di?erent ?elds, spanning the entire range of e?ective web-based Cooperative Information Systems, and with interests ranging from industrial experience to original research concepts and results. The 29 papers collected here out of the 79 ones that were submitted, dem- strate well the range of results achieved in several areas such as agent te- nologies, models and architectures, web systems, information integration, m- dleware technologies, federated and multi-database systems. The papers th- selves, however, do not convey the lively excitement of the conference itself, and the continuing spirit of cooperation and communication across disciplines that has been the hallmark of these conferences. We would especially like to thank our keynote speakers: Philip A. Bernstein (Microsoft Research, USA), Edward E. Cobb (BEA Systems, USA), and Ma- izio Lenzerini (Universit'a di Roma "La Sapienza", Italy) for providing a portrait of the best contemporary work in the ?eld. We would also like to thank the many people who made CoopIS 2001 possible.

This book constitutes the thoroughly refereed post-proceedings of the Second Workshop of the Cross-Language Evaluation Forum, CLEF 2001, held in Darmstadt, Germany in September 2001.The 35 revised full papers presented together with two introductory survey articles and a comprehensive appendix were carefully improved during the round of reviewing and selections. The papers are organized in topical sections on systems evaluation experiments, mainly cross-language, monolingual experiments, interactive issues, and evaluation issues and results.

Anonymity and unobservability have become key issues in the context of securing privacy on the Internet and in other communication networks. Services that provide anonymous and unobservable access to the Internet are important for electronic commerce applications as well as for services where users want to remain anonymous.This book is devoted to the design and realization of anonymity services for the Internet and other communcation networks. The book offers topical sections on: attacks on systems, anonymous publishing, mix systems, identity management, pseudonyms and remailers. Besides nine technical papers, an introduction clarifying the terminology for this emerging area is presented as well as a survey article introducing the topic to a broader audience interested in security issues.

What should be every software organization's primary goal? Managing Software Quality. Producing and sustaining the high quality of products and processes in evolutionary systems are at the core of software engineering, and it is only through a comprehensive measurement program that a successful outcome can be assured. Cost and budget limitations, schedule due dates, all represent systems engineering constraints which impinge on the degree to which software development and maintenance professional can achieve maximum quality. Richard Nance and James Arthur's guide to managing software quality goes beyond the usual answers to the "why" and "what" questions generally provided in the standards documents. They not only look at the "how to" in their focus of the measurement of software quality, but also come up with specific suggestions to the pressing needs of practising software engineers, quality assurance engineers and software and project managers."This is one of the few books in this area that addresses the 'quality' aspect based upon the important aspect of documentation. In addition, the book provides a basis for not only the software manager concerned with measurement implementation, but also the researcher in identifying the current state of the art and practice. This will be a key reference guide for anyone that is concerned with developing quality software."(William H Farr, PhD, Naval Surface Warfare Center Dahlgren Division)About the Authors: Research motivated by problems arising in large, complex software systems is what stimulates Richard Nance. His collaboration with the U.S. Navy on major software-intensive programs spans over 30 years. James Arthur is an Associate Professor of Computer Science at Virginia Tech.

As part of the UML standard OCL has been adopted by both professionals in industry and by academic researchers and is one of the most widely used languages for expressing object-oriented system properties. This book contains key contributions to the development of OCL. Most papers are developments of work reported at different conferences and workshops. This unique compilation addresses many important issues faced by advanced professionals and researchers in object modeling like e.g. real-time constraints, type checking, and constraint modeling.

This book constitutes the thoroughly refereed post-proceedings of the 4th International Workshop on Product Family Engineering, PFE 2001, held in Bilbao, Spain, in October 2001.The 31 revised full papers presented together with an introduction and six session reports were carefully reviewed and selected for inclusion in the book. The papers are organized in topical sections on product issues, process issues, community issues, platform and quality solutions, diversity solutions, product validation, and process validation.

The Information Security Conference 2001 brought together individuals involved in multiple disciplines of information security to foster the exchange of ideas. The conference, an outgrowth of the Information Security Workshop (ISW) series, was held in Malaga, Spain, on October 1 3, 2001. Previous workshops were ISW '97 at Ishikawa, Japan; ISW '99 at Kuala Lumpur, Malaysia; and ISW 2000 at Wollongong, Australia. The General Co chairs, Javier Lopez and Eiji Okamoto, oversaw the local organization, registration, and performed many other tasks. Many individuals deserve thanks for their contribution to the success of the conference. Jose M. Troya was the Conference Chair. The General Co chairs were assisted with local arrangements by Antonio Mana, Carlos Maraval, Juan J. Ortega, Jose M. Sierra, and Miguel Soriano. This was the first year that the conference accepted electronic submissions. Many thanks to Dawn Gibson for assisting in developing and maintaining the electronic submission servers. The conference received 98 submissions of which 37 papers were accepted for presentation. These proceedings contain revised versions of the accepted papers. Revisions were not checked and the authors bear full responsibility for the contents of their papers. The Program Committee consisted of Elisa Bertino, Universita di Milano; G. R."

WelcometoRotterdamandtotheInternationalConferenceSafecomp2000,on thereliability,safetyandsecurityofcriticalcomputerapplications. Thisalready marksthe19thyearoftheconference,showingtheundiminishedinterestthe topicelicitsfrombothacademiaandindustry. Safecomphasproventobean excellentplacetomeetandhavediscussions,andwehopethistrendcontinues thisyear. Peopleandorganisationsdependmoreandmoreonthefunctioningofc- puters. Whetherinhouseholdequipment,telecommunicationsystems,o?ce- plications,banking,peoplemovers,processcontrolormedicalsystems,theoft- embeddedcomputersubsystemsaremeanttoletthehostingsystemrealiseits intendedfunctions. Theassuranceofproperfunctioningofcomputersin- pendableapplicationsisfarfromobvious. Themillenniumstartedwiththebug andthefullendorsementoftheframeworkstandardIEC61508. Thevariety ofdependablecomputerapplicationsincreasesdaily,andsodoesthevarietyof risksrelatedtotheseapplications. Theassessmentoftheserisksthereforeneeds re?ectionandpossiblynewapproaches. Thisyear'sSafecompprovidesabroad mixofpapersontheseissues,onprogressmadeindi?erentapplicationdomains andonemergingchallenges. Oneofthespecialtopicsthisyearistransportandinfrastructure. Onewould behardpressedto?ndabetterplacetodiscussthisthaninRotterdam. The reliability,safetyandsecurityofcomputersisofprominentimportancetoRott- dam,asafewexamplesillustrate. Itsharbourdependsonthereliablefunctioning ofcontainerhandlingsystems,onthesafefunctioningofitsradarsystems,and, asofrecently,onthesafeandreliablefunctioningoftheenormousstormsurge barrieratHoekvanHolland. AnewtopicforSafecompis medicalsystems. Theseprogressivelydepend on-embedded-programmableelectronicsystems. Experienceshowsthatthe medicalworldlacksthemethodsforapplyingthesesystemssafelyandreliably. Wewelcomeagroupofpeoplereadytodiscussthistopic,andhope,bydoing so,tocontributetothis?eldofapplicationsofsafe,reliableandsecuresystems. SoftwareprocessimprovementalsorepresentsaspecialtopicofSafecomp 2000. Itprovedtobethemostfruitfulofthethreeintermsofsubmittedpapers. Thereweremanycontributionsfromahostofcountries,whichhadtobespread amongstdi?erentsessiontopics. WewishtothanktheInternationalProgramCommittee'smembers,41in total,fortheire?ortsinreviewingthepapersandfortheirvaluableadvicein organisingthisconference. Wearealsogratefulfortheircontributiontod- tributingcallsforpapersandannouncements. Withouttheirhelptheburdenof organisingthisconferencewouldhavebeenmuchgreater. VI Preface Finally,letusonceagainwelcomeyoutoRotterdam,atrulyinternational cityandhometopeopleofmanynationalities. Wehopeyoutakethetimenot onlytoenjoythisconference,butalsoto?ndyourwayaroundthecity,sinceit surelyhasmuchtoo?er. FloorKoornneef MeinevanderMeulen Table of Contents InvitedPaper TheTenMostPowerfulPrinciplesforQualityin(Softwareand) SoftwareOrganizationsforDependableSystems...1 TomGilb Veri?cationandValidation EmpiricalAssessmentofSoftwareOn-LineDiagnostics UsingFaultInjection...14 JohnNapier,JohnMayandGordonHughes Speeding-UpFaultInjectionCampaignsinVHDLModels...27 B. Parrotta,M. Rebaudengo,M. SonzaReordaandM. Violante Speci?cationandVeri?cationofaSafetyShellwithStatechartsand ExtendedTimedGraphs...37 JanvanKatwijk,HansToetenel,Abd-El-KaderSahraoui,EricAnderson andJanuszZalewski ValidationofControlSystemSpeci?cationswithAbstractPlantModels...53 WenhuiZhang AConstantPerturbationMethodforEvaluation ofStructuralDiversityinMultiversionSoftware...63 LupingChen,JohnMayandGordonHughes ExpertError:TheCaseofTrouble-ShootinginElectronics...74 DenisBesnard TheSafetyManagementofData-DrivenSafety-RelatedSystems ...86 A. G. Faulkner,P. A. Bennett,R. H. Pierce,I. H. A. Johnston andN. Storey SoftwareSupportforIncidentReportingSystems inSafety-CriticalApplications...96 ChrisJohnson SoftwareProcessImprovement ADependability-ExplicitModelfortheDevelopment ofComputingSystems...107 MohamedKaan iche,Jean-ClaudeLaprieandJean-PaulBlanquart VIII Table ofContents DerivingQuanti?edSafetyRequirementsinComplexSystems ...117 PeterA. Lindsay,JohnA. McDermidandDavidJ. Tombs ImprovingSoftwareDevelopmentbyUsing SafeObjectOrientedDevelopment:OTCD...131 XavierM'ehautandPierreMor'ere ASafetyLicensablePESforSIL4Applications...141 WolfgangA. Halang,PeterVogrinandMatja?zColnari?c SafetyandSecurityIssuesinElectricPowerIndustry ...151 ? Zdzis lawZurakowski DependabilityofComputerControlSystemsinPowerPlants ...165 Cl'audiaAlmeida,AlbertoArazo,YvesCrouzetandKaramaKanoun AMethodofAnalysisofFaultTreeswithTimeDependencies ...176 JanMagottandPawe lSkrobanek Formal Methods AFormalMethodsCaseStudy:UsingLight-WeightVDM fortheDevelopmentofaSecuritySystemModule...187 GeorgDroschl,WalterKuhn,GeraldSonneckandMichaelThuswald FormalMethods:TheProblemIsEducation...198 ThierryScheurer FormalMethodsDi?usion:PastLessonsandFutureProspects...211 R. Bloom?eld,D. Craigen,F. Koob,M. UllmannandS. Wittmann InvitedPaper SafeTech:AControlOrientedViewpoint...227 MaartenSteinbuch SafetyGuidelines,StandardsandCerti?cation DerivationofSafetyTargetsfortheRandomFailure ofProgrammableVehicleBasedSystems...240 RichardEvansandJonathanMo?ett IEC61508-ASuitableBasisfortheCerti?cation ofSafety-CriticalTransport-InfrastructureSystems??...250 DerekFowlerandPhilBennett Table of Contents IX HardwareAspects AnApproachtoSoftwareAssistedRecovery fromHardwareTransientFaultsforRealTimeSystems...264 D. BasuandR. Paramasivam ProgrammableElectronicSystemDesign&Veri?cationUtilizingDFM...275 MichelHoutermans,GeorgeApostolakis,AarnoutBrombacher andDimitriosKarydas SIMATICS7-400F/FH:Safety-RelatedProgrammableLogicController...286 AndreasSchenk SafetyAssessmentI AssessmentoftheReliabilityofFault-TolerantSoftware: ABayesianApproach...294 BevLittlewood,PeterPopovandLorenzoStrigini EstimatingDependabilityofProgrammableSystemsUsingBBNs...309 BjornAxelGran,GustavDahll,SiegfriedEisinger,EivindJ. Lund, JanGerhardNorstrom,PeterStrockaandBrittJ. Ystanes DesignforSafety ImprovementsinProcessControlDependability throughInternetSecurityTechnology...321 FerdinandJ. Dafelmair ASurveyonSafety-CriticalMulticastNetworking ...333 JamesS. PascoeandR. J. Loader InvitedPaper CausalReasoningaboutAircraftAccidents...344 PeterB. Ladkin Transport&Infrastructure ControllingRequirementsEvolution:AnAvionicsCaseStudy...361 StuartAndersonandMassimoFelici HAZOPAnalysisofFormalModels ofSafety-CriticalInteractiveSystems...

This book constitutes the refereed proceedings of the First International Conference on COTS-Based Software Systems, ICCBSS 2002, held in Orlando, Florida, USA, in February 2002.The 23 revised full papers presented were carefully reviewed and selected from numerous submissions. The book addresses all current issues on commercial-off-the-shelf software systems, from the R&D as well as from the practitioner's point of view.

Cooperation among systems has gained substantial importance in recent years: electronic commerce virtual enterprises and the middleware paradigm are just some examples in this area. CoopIS is a multi-disciplinary conference, which deals with all aspects of cooperation. The relevant disciplines are: collaborative work, distributed databases, distributed computing, electronic commerce, human-computer interaction, multi-agent systems, information retrieval, and workflow systems. The CoopIS series provides a forum for well-known researchers who are drawn by the stature and the tradition of these conference series and has a leading role in shaping the future of the cooperative information systems area. CoopIS 2000 is the seventh conference in the series and the fifth conference organized by the International Foundation on Cooperative Information Systems (IFCIS). It is sponsored by the IFCIS, the IBM Research Laboratory in Haifa and Compaq, Tandem labs Israel. It replaces the former international workshops on Interoperability in Multidatabase systems (IMS) and the conference series on Cooperative Information Systems (CoopIS & ICICIS). In response to the call for papers 74 papers were submitted. Each of them was reviewed by at least three reviewers, and at the end of this process 24 papers were accepted for presentation at the conference. Six additional papers were selected for short presentations. In addition the conference includes two panels, two keynote speakers (Professor Calton Pu from Georgia Tech and Professor Sheizaf Rafaeli from Haifa University) and one tutorial. A special issue of the International Journal of Cooperative Information Systems will follow. August 2000 Opher Etzion & Peter Scheuermann

This book constitutes the refereed proceedings of the International Workshop on Policies for Distributed Systems and Networks, POLICY 2001, held in Bristol, UK in January 2001. The 16 revised full papers presented were carefully reviewed and selected from 43 submissions. Among the topics covered are abstractions and notations for policy specifications, security policies, access control, implementations, applications, quality of service, and management.

This book constitutes the refereed proceedings of the Fourth International Workshop on Recent Advances in Intrusion Detection, RAID 2001, held in Davis, CA, USA, in October 2001.The 12 revised full papers presented were carefully reviewed and selected from a total of 55 submissions. The papers are organized in sections on logging, cooperation, anomaly detection, intrusion tolerance, legal aspects and specification-based IDS.

This volume contains the proceedings of the international HPCN Europe 2000 event which was held in the Science and Technology Centre Watergraafsmeer, Amsterdam, the Netherlands, May 8-10, 2000. HPCN (High Performance Computing and Networking)Europeeventwas organized for the r st time in 1993 in Amsterdam as the result of several i- tiatives in Europe, the United States of America, and Japan. Succeeding HPCN events were held in Munich (1994), Milan (1995), Brussels (1996), and Vienna (1997), returning to Amsterdam in 1998 to stay. The HPCN event keeps growing and advancing every year, and this year the event consisted of the scientic conference, focused workshops, and several associated events. Theplenary lectures werepresented bysix renowned speakers: { Henk van der Vorst, University of Utrecht, The Netherlands: Giant Eig- problems within Reach, { WolfgangGentzsch, CTO, GridwareInc., Germany: The Information Power Grid is Changing our World, { Bernard Lecussan, SupAero and ONERA/CERT/DTIM, France: Irregular Application Computations on a Cluster of Workstations, { Miguel Albrecht, European Southern Observatory, Garching, Germany: Technologies for Mining Terabytes of Data, { HansMeinhardt, Max-Planck-Institut,Germany: The Algorithmic Beauty of Sea Shells,and { IngoAugustin,CERN,Geneva,Switzerland: Towards Multi-petabyte Storage Facilities. Theconference consisted ofparalleltrackspresenting 52selected papers, andone track presenting 25 posters. The areas covered in the conference include: Ind- trial and General End-User Applications of HPCN, Computational and C- puter Sciences, and this year the scope of the conference was further expanded by an additional area to emphasize the information management aspects, and the importance of the web-based cooperative application infrastructures.

This book constitutes the refereed proceedings of the Third International Workshop on Learning Software Organizations, LSO 2001, held in Kaiserslautern, Germany, in September 2001.The twelve revised full papers presented together with an introductory overview, keynote and panel summaries, and three posters were carefully reviewed and selected for inclusion in the book. Among the topics addressed are organizational learning in dynamic domains, knowledge management in software development, Web-based collaborative learning, knowledge management support, software process improvement, Web-based data mining, process-integrated learning, process-centered software engineering education, etc.

Traditionally, models and methods for the analysis of the functional correctness of reactive systems, and those for the analysis of their performance (and - pendability) aspects, have been studied by di?erent research communities. This has resulted in the development of successful, but distinct and largely unrelated modeling and analysis techniques for both domains. In many modern systems, however, the di?erence between their functional features and their performance properties has become blurred, as relevant functionalities become inextricably linked to performance aspects, e.g. isochronous data transfer for live video tra- mission. During the last decade, this trend has motivated an increased interest in c- bining insights and results from the ?eld of formal methods - traditionally - cused on functionality - with techniques for performance modeling and analysis. Prominent examples of this cross-fertilization are extensions of process algebra and Petri nets that allow for the automatic generation of performance models, the use of formal proof techniques to assess the correctness of randomized - gorithms, and extensions of model checking techniques to analyze performance requirements automatically. We believe that these developments markthe - ginning of a new paradigm for the modeling and analysis of systems in which qualitative and quantitative aspects are studied from an integrated perspective. We are convinced that the further worktowards the realization of this goal will be a growing source of inspiration and progress for both communities.

This book constitutes the thoroughly refereed post-proceedings of the 10th International Workshop on Software Measurement, IWSM 2000, held in Berlin, Germany in October 2000.The 10 revised full papers presented were carefully reviewed and selected for inclusion in the book. The papers are organized in topical sections on object-oriented software measurement, software process improvement, function-point-based software measurement, software measurement of special aspects, improving the software measurement process.

System Development: A Strategic Framework looks at one of the key issues in the design and development of IT systems: the fact that the bulk of system development projects undertaken will fail to meet originally defined objectives. Using a number of case studies, it analyses the reasons for this poor performance and provides the reader with a pattern of well-defined failure mechanisms which are especially relevant to large, long-term projects. With these established, the book then generates a set of planning procedures and corporate guidelines which will substantially reduce the impact and probability of financial and performance disasters in future projects.Accessible to the professional and non-technical reader, this book will prove invaluable to project managers, development managers, IT controllers, project engineers, and systems analysts as well as MSc and MBA students studying computer system development.

Lessons in System Safety contains the full set of invited papers presented at the Eighth Annual Safety-critical Systems Symposium, held in Southampton, February 2000. The safety-critical systems domain is rapidly expanding, and its industrial problems are always candidates for academic research. It embraces almost all industry sectors, and lessons learned in one are commonly appropriate to others. The Safety-critical Systems Symposium provides an annual forum for discussing such problems, and the papers in this volume, being from both industrial and academic institutions, all offer lessons in system safety.

This monograph-like state-of-the-art survey presents the history, the key ideas, the success stories, and future challenges of performance evaluation and demonstrates the impact of performance evaluation on a variety of different areas through case studies in a coherent and comprehensive way. Leading researchers in the field have contributed 19 cross-reviewed topical chapters competently covering the whole range of performance evaluation, from theoretical and methodological issues to applications in numerous other fields. Additionally, the book contains one contribution on the role of performance evaluation in industry and personal accounts of four pioneering researchers describing the genesis of breakthrough results.The book will become a valuable source of reference and indispensable reading for anybody active or interested in performance evaluation.

These post-proceedings contain the revised versions of the accepted papers of the international workshop \Transactions and Database Dynamics," which was the eighth workshop in a series focusing on foundations of models and languages for data and objects (FoMLaDO). Seven long papers and three short papers were accepted for inclusion in the proceedings. The papers address various issues of transactions and database dynamics: { criteria and protocols for global snapshot isolation in federated transaction management, { uni ed theory of concurrency control and replication control, { speci cation of evolving information systems, { inheritance mechanisms for deductive object databases with updates, { speci cation of active rules for maintaining database consistency, { integrity checking in subtransactions, { open nested transactions for multi-tier architectures, { declarative speci cation of transactions with static and dynamic integrity constraints, { logic-based speci cation of update queries as open nested transactions, and { execution guarantees and transactional processes in electronic commerce payments. In addition to the regular papers, there are papers resulting from two working groups. The rst working group paper discusses the basis for transactional c- putation. In particular, it addresses the speci cation of transactional software. The second working group paper focuses on transactions in electronic commerce applications. Among others, Internet transactions, payment protocols, and c- currency control and persistence mechanisms are discussed. Moreover, there is an invited paper by Jari Veijalainen which discusses tr- sactional aspects in mobile electronic commerce.

This book constitutes the refereed proceedings of the 7th European Workshop on Software Process Technology, EWSPT 2000, held in Kaprun, Austria in February 2000 in conjunction with a meeting of the European ESPRIT IV Project for Process Instance Evolution (PIE).The 21 revised papers presented were carefully reviewed and selected from 44 submissions. The book is organized in sections on methods, applications, process instance evolution, distributed processes and process modeling languages, and industrial experience.

This volume of the Lecture Notes in Computer Science series contains all papers accepted for presentation at the 10th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management (DSOM'99), which took place at the ETH Zurich in Switzerland and was hosted by the Computer Engineering and Networking Laboratory, TIK. DSOM'99 is the tenth workshop in a series of annual workshops, and Zurich is proud to host this 10th anniversary of the IEEE/IFIP workshop. DSOM'99 follows highly successful meetings, the most recent of which took place in Delaware, U.S.A. (DSOM'98), Sydney, Australia (DSOM'97), and L'Aquila, Italy (DSOM'96). DSOM workshops attempt to bring together researchers from the area of network and service management in both industry and academia to discuss recent advancements and to foster further growth in this ?eld. In contrast to the larger management symposia IM (In- grated Network Management) and NOMS (Network Operations and Management S- posium), DSOM workshops follow a single-track program, in order to stimulate interaction and active participation. The speci?c focus of DSOM'99 is "Active Technologies for Network and Service Management," re?ecting the current developments in the ?eld of active and program- ble networks, and about half of the papers in this workshop fall within this category.

Vulnerability management (VM) has been around for millennia. Cities, tribes, nations, and corporations have all employed its principles. The operational and engineering successes of any organization depend on the ability to identify and remediate a vulnerability that a would-be attacker might seek to exploit. What were once small communities became castles. Cities had fortifications and advanced warning systems. All such measures were the result of a group recognizing their vulnerabilities and addressing them in different ways. Today, we identify vulnerabilities in our software systems, infrastructure, and enterprise strategies. Those vulnerabilities are addressed through various and often creative means. Vulnerability Management demonstrates a proactive approach to the discipline. Illustrated with examples drawn from Park Foreman's more than three decades of multinational experience, the book demonstrates how much easier it is to manage potential weaknesses than to clean up after a violation. Covering the diverse realms that CISOs need to know and the specifics applicable to singular areas of departmental responsibility, he provides both the strategic vision and action steps needed to prevent the exploitation of IT security gaps, especially those that are inherent in a larger organization. Completely updated, the second edition provides a fundamental understanding of technology risks-including a new chapter on cloud vulnerabilities and risk management-from an interloper's perspective. This book is a guide for security practitioners, security or network engineers, security officers, and CIOs seeking understanding of VM and its role in the organization. To serve various audiences, it covers significant areas of VM. Chapters on technology provide executives with a high-level perspective of what is involved. Other chapters on process and strategy, although serving the executive well, provide engineers and security managers with perspective on the role of VM technology and processes in the success of the enterprise.