Handbook of Information Security Management:Policy, Standards, and Organization

Table of Contents

APPENDIX II

REFERENCES

IBM Security Architecture [SC28-8135-01]

ECMA 138 (SESAME) (see http://www.esat.kuleuven.ac.be/cosic/sesame3_2.html)

Open Systems Foundation Distributed Computing Architectures (see http://www.osf.org/tech_foc.htm)

APPENDIX III

GLOSSARY

Architecture: That part of design that deals with appearance, function, location, and materials.
Authentication: The testing or reconciliation of evidence; reconciliation of evidence of user identity
Cryptography: The art of secret writing; the translation of information from a public code to a secret one and back again for the purpose of limiting access to it to a select few.
Distinguished User Name: User’s full name so qualified as to be unique within a population. Qualifiers may include such things as enterprise name, organization unit, date of birth, etc.
Enterprise: The largest unit of organization; usually associated with ownership. (In government it is associated with sovereignty or democratic election.)
Enterprise Data: Data which are defined, meaningful, and used across business functions or for the strategic purposes of the enterprise.
Name Space: All of the possible names in a domain, whether used or not.
PIN: Personal Identification Number; evidence of personal identity when used with another form.

APPENDIX IV

PRODUCTS OF INTEREST

Secure authentication products — A number of clients and servers share a protocol for secure authentication. These include Novell Netware, Windows NT and Oracle Secure Network Services. A choice of these may meet some of the architectural requirements.

Single sign-on products — Likewise, there are a number of products on the market that meet some or all of the requirements for limited or single sign-on. These include SSO DACS from Mergent International, NetView Access Services from IBM, and NetSP.

• SSO DACS (Mergent International) (see http://www.pilgrim.umass.edu/pub/security/mergent.html)

• NetView Access Services (IBM) (see http://www.can.ibm.com/mainframe/software/sysman/p32.html)

• SuperSession (see http://www.candle.com/product_info/solutions/SOLCL.HTM)

• NetSP (IBM) (see http://www.raleigh.ibm.com/dce/dcesso.html)

Authentication services — A number of standard services are available for authenticating evidence of user identity. These include:

• Ace Server (see http://www.securid.com/ID188.100543212874/Security/ACEdata.html)

• TACACS (see http://sunsite.auc.dk/RFC/rfc/rfc1492.html)

• Radius (see http://www.tribe.com/support/TribeLink/RADIUS/RADIUSpaper.html)

Administrative services — There are a number of products that are intended for creating and maintaining access control data across a distributed computing environment. These include:

• Security Administration Manager (SAM) (Schumann, AG) (see http://www.schumann-ag.de/deutsch/sam/sam.html)

• RAS (Technologic) (see http://www.technologic.com/RAS/rashome.html)

• Omniguard Enterprise Security Manager (Axent) (http://www.axent.com:80/axent/products/products.html)

• Mergent Domain DACS (http://www.mergent.com/html/products.html)

• RYO (“Roll yer own”)

Table of Contents

The CISSP Open Study Guide Web Site

We are proud to bring to all of our members a legal copy of this outstanding book. Of course this version is getting a bit old and may not contain all of the info that the latest version are covering, however it is one of the best tool you have to review the basics of security. Investing in the latest version would help you out in your studies and also show your appreciation to Auerbach for letting me use their book on the site.