• Aucun résultat trouvé

SECURITY POLICIES FOR DOCUMENT SECURITY

Dans le document DOCUMENT SECURITY (Page 167-181)

DOCUMENT FORGERY

SECURITY POLICIES FOR DOCUMENT SECURITY

Network Security has its own outline or schema for security policies that range in topics from Router Security to Acceptable Use to Firewall Con-figuration. This outline concentrates solely upon topics appropriate to the major issue of Document Security. To organize the topics conceptually, the outline moves from the outermost area of security concern, the world ex-ternal to the organization’s security boundary, to the innermost assets of the organization.

Policies External

Documents Permitted in External Environment Document and Media Disposal

Encryption Policies Mobile Devices

Travel Security for Sensitive Information Perimeter

Public Security Zone

Business Channels Monitoring and Security Internal

Internal Security Zone Document Classification

Physical Security for Documents Media Reuse

Inner Core

Sensitive Security Zone Confidential Zone High Security Zone

153

The general concerns in drafting security policies for Document Security are as follows:

1. Clarity. Policies must have a high level of readability. Employees must understand what is expected of them without jargon or highly tech-nical language.

2. Accessibility. Policies should be on an Intranet or a Wiki where em-ployees may access them quickly and search them using keywords.

3. Relevancy. If policies are not kept current, they become irrelevant and only hinder security understanding.

4. Standards must be defined. Adherence to a policy requires setting stan-dards by which employees can conform. Failing to adopt agreed upon standards to measure adherence creates confusion and a lack of cred-ibility for the security effort.

5. Responsibility. Persons or job roles responsible for implementing a policy must be identified. Saying it is everyone’s responsibility means no one will take responsibility. Define who is responsible for which components of the policy.

6. Tools and resources. Describe all tools and resources necessary for the correct implementation of the policy.

7. Criteria. Establish the criteria for discriminating between documents and information assets. By which criteria will the security team classify documents? What factors determine the assigning of documents to particular security zones?

8. Auditing and testing. Describe the methods the organization will use to verify compliance to the Document Security policies on a periodic basis.

BIBLIOGRAPHY

Articles

Akapose, Wole: “E-mail security: A Review of Available Technologies,” The ISSA Jour-nal, February 2006. (Contains a section on CAPTCHA.)

Anastasia, George: “Big Brother and the Bookie,” Mother Jones( Jan–Feb 2002).

Andress, Jason: “Secure Data Deletion and Recovery,” The ISSA Journal, January 2007.

Lambrecht, Bill: “Discarded U.S. Computers for Sale in Nigeria, along with their Se-crets,” St. Louis Post-Dispatch, December 17, 2006.

Manning, Stephen: “The Biggest Threat to Computer Security? Carelessness,” Austin American-Statesman, June 19, 2006.

Meinel, Carolyn: “How Hackers Break In . . . and How They Are Caught,” Scientific American, October 1998.

Mendell, Ronald L.: “And, the Floppies Spoke for the Victim,” SecurityPortal, September 1999. (The article is no longer on the Web. Article covered floppies and magnets.) Mendell, Ronald L.: “Intelligence Gathering for ITSEC Professionals,” The ISSA

Jour-nal, December 2005.

Mendell, Ronald L.: “Internet Rhetoric for Security,” The ISSA Journal, August 2006.

Pham, Alex: “Bullies Invade Even the Virtual World,” Austin American-Statesman, Sep-tember 23, 2002.

Reichenberg, Nimrod: “Seven Steps to Secure USB Drives,” The ISSA Journal, January 2007.

Tyson, Dave: “Geeks and Guards: Leveraging the Corporate Guard Force.” The ISSA Journal, August, 2006.

Washington Poststaff: Article on “Multi-State Anti-Terrorism Information Exchange.”

Austin American-Statesman, August 6, 2003.

Wiredstaff: “Foil a Snooping Boss,” August 2006.

Books

Aristotle: The Art of Rhetoric. (translated by H.C. Lawson-Tanced), New York: Penguin, 1991.

Brown, Christopher L.T.: Computer Evidence: Collection & Preservation. Hingham, MA:

Charles River Media, 2006.

155

Caloyannides, Michael A.: Desktop Witness. Indianapolis, IN: John Wiley & Sons, Inc., 2002.

Capaldi, Nicholas: The Art of Deception. Buffalo, NY: Prometheus Books, 1979.

Casey, Eoghan: Digital Evidence and Computer Crime, 2nd Edition. San Diego, CA: Aca-demic Press, 2004.

Graves, Kimberly: CEH Official Certified Ethical Hacker Review Guide. Indianapolis, IN:

Sybex, 2007.

Harris, Shon: CISSP. Emeryville, CA: Berkeley, McGraw-Hill/Osborne, 2002.

Mendell, Ronald L.: How To Do Financial Asset Investigations, 3rd edition. Springfield, IL: Charles C. Thomas, 2006.

Mendell, Ronald L.: Investigating Computer Crime in the 21st Century, 2nd edition.

Springfield, IL: Charles C. Thomas, 2004.

Mitnick, Kevin D. and Simon, William L.: The Art of Deception. Indianapolis, IN: Wiley Publishing, 2002.

Mitnick, Kevin D. and Simon, William L.: The Art of Intrusion. Indianapolis, IN: Wiley Publishing, 2006.

Pirie, Madsen: How To Win Every Argument: The Use and Abuse of Logic. New York: Con-tinuum, 2006.

Schifreen, Robert: Defeating the Hacker. West Sussex, England: John Wiley & Sons, 2006.

Scott, Robert: The Investigator’s Little Black Book 3. Beverly Hills, CA: Crime Time Pub-lishing, 2002.

Solomon, Micheal G., Barrett, Diane, Broom, Neil: Computer Forensics Jump Start™.

Sybex, 2005.

The Knightmare: Secrets of a Super Hacker. Post Townsend, WA: Loompanics Unlim-ited, 1994.

Vacca, John R.: Computer Forensics: Computer Crime Scene Investigation. Hingham, MA:

Charles River Media, 2002.

Data Sheets

PortAuthority Technologies,”Information Risk Assessment: Information Leak Pre-vention for the Enterprise,” 2005.

Reconnex, “Feature Overview,” 2006.

Reconnex, “Information Protection. Always.,” 2006.

Reconnex, “iGuard 3600 Data Sheet,” 2006.

Electronic Documents

Ayers, Rick and Jansen, Wayne: “Guidelines on PDA Forensics.” NIST, August, 2004.

Guel, Michael D.: “A Short Primer for Developing Security Policies.” SANS Institute, 2001.

Keller, Alex: “Google Hacking: A Crash Course,” (PowerPoint file), Alex Keller is a Network/Systems Administrator for BSS Computing at San Francisco State

Uni-versity.

Shirani, Bram, CISSP: “Anti-forensics.” PowerPoint presentation, HTCIA Spring Training, 2002.

In Electronic Format on the Web

Appligent White Paper, “The Case for Content Security,” located at http://www.

appligent.com/docs/tech/ContentSecurity.pdf.

Barron, Anne, “Three Easy Steps for Gathering Intelligence at Trade Shows,” located at http://www.scipstore.org/scipstore.org_asp//news/cimp/v3i4article1.asp CAPTCHA Tutorial, located at http://www.captcha.biz/.

Digimarc®, “Combating Identity Document Counterfeiting,” located at http://www.

digimarc.com/govt/docs/dmrc_wp_combating.pdf.

Digimarc, “Enhancing Personal Identity Verification with Digital Watermarks,” located at http://csrc.nist.gov/piv-program/FIPS-201-Public-Comments/digimarc.pdf.

Goodell, Jeff, “How to Fake a Passport,” New York Times Magazine, February 10, 2002, located at http://www.globalpolicy.org/nations/citizen/2002/0210fake.htm.

Guel, Michele D., “The SANS Policy Primer,” (PDF format), located at http://www.

sans.org/resources/policies.

Kissel, Richard et al: “Guidelines for Media Sanitization,” (PDF file), National Institute of Standards and Technology (NIST) Special Publication 800-88, September 2006 lo-cated at http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf Long, Johnny, “Google Hacking Mini-Guide,” located at

http://www.informit.com/articles/article.asp?p=170880&rl=1.

Masse, Robert and Wang, Jian Hui, “Hacking with Google for Fun and Profit!,” lo-cated at http://www.gosecure.ca/SecInfo/library/WebApplication/GOOGLE-HACKING-GS1004.ppt

Metadatarisk, “The Dangers of Document Metadata: The Risks to Corporations,” lo-cated at http://www.metadatarisk.org/collateral/content_security_risks/US_Brief_

Dangers_of_Document_Metadata.pdf .

Microsoft Knowledge Base, “The Remove Hidden Data Tool for Office 2003 and Office XP,” located at http://support.microsoft.com/kb/834427.

Microsoft Knowledge Base, “How to Minimize Metadata in MS Word 2000 Docu-ments,” located at http://support.microsoft.com/kb/237361.

Microsoft Knowledge Base, “How to Minimize Metadata in Excel Documents,” lo-cated at http://support.microsoft.com/kb/223789.

Microsoft Knowledge Base, “How to Minimize Metadata in PowerPoint Documents,”

located at http://support.microsoft.com/kb/314797.

Microsoft Knowledge Base, “How to Minimize Metadata in PowerPoint 2002 Docu-ments,” located at http://support.microsoft.com/kb/314800.

Mitek Systems, “Combating Check Forgery,” located at http://miteksystems.com/

pdf/FPS%20White_paper.pdf.

National Security Agency., “Redacting with Confidence: How to Safely Publish San-itized Reports Converted from Word to PDF,” located at http://www.fas.

org/sgp/othergov/dod/nsa-redact.pdf.

Olzak, Tom, “Fundamentals of Storage Media Sanitation Part One,” June 2006, lo-cated at http://blogs.ittoolbox.com/security/adventures/archives/fundamentals-of-storage-media-sanitation-part-1-9407.

Olzak, Tom, “Fundamentals of Storage Media Sanitation Part Two,” June 2006, lo-cated at http://blogs.ittoolbox.com/security/adventures/archives/fundamentals-of-storage-media-sanitation-part-2-9559.

Olzak, Tom, “Fundamentals of Storage Media Sanitation Part Three,” June 2006, lo-cated at http://blogs.ittoolbox.com/security/adventures/archives/fundamentals-of-storage-media-sanitation-part-3-9680.

Payne, Donna, “Control Metadata in Your Legal Documents,” located at http://

office.microsoft.com/en-us/assistance/HA011400341033.aspx.

Payne, Donna and Lewis, Bruce, “EDD Showcase: Metadata: Are You Protected?,”

Law Technology News, August 2004, located at http://www.lawtechnews.com/r5/

showkiosk.asp?listing_id=430591.

Popescu, Alin C. and Farid, Harry, “Exposing Digital Forgeries by Detecting Duplicated Image Regions,” located at http://www.ists.dartmouth.edu/library/tr-2004-515.pdf.

Popular Science, “Debunking 9/11 Myths: Introduction with Forward by John Mc-Cain,” http://www.popularmechanics.com/technology/military_law/3491861.html.

Smith, Russell G., “Criminal Exploitation of New Technologies,” Trends & Issues, Aus-tralian Institute of Criminology, July 1998, No. 93, located at http://www.aic.

gov.au/publications/tandi/ti93.pdf.

Smith, Russell G., “Identity-related Economic Crime: Risks and Countermeasures,”

Trends & Issues, Australian Institute of Criminology, September 1999, No. 129, located at http://www.aic.gov.au/publications/tandi/ti129.pdf.

Sollicito, Michelle Johnston, “Securing Your Laptop,” located at http://www.informit.

com/articles/article.asp?p=174137&rl=1

Taylor, Laura, “PDA Security 101,” located at http://www.intranetjournal.com/articles/

200304/ij_04_07_03a.html

Ward, Mark., “The Hidden Dangers of Documents,” 18 August 2003, (BBC Web page), located at http://news.bbc.co.uk/2/hi/technology/3154479.stm.

Wikipedia, Article on CAPTCHA, located at http://en.wikipedia.org/wiki/CAPTCHA.

Unpublished Manuscript

Grayhat Research Corporation, Advanced Information Security Course, October 2006.

Useful Web Sites

Adobe (the security of PDF files) located at http://www.adobe.com/security.

“A Handbook of Rhetoric Devices” located at http://www.virtualsalt.com/ rhetoric.htm.

“Antisemitism on the Internet” located at http://www.jugendschutz.net/pdf/osce_

berlin.pdf.

ARIN (for checking IP addresses in North America) located at http://www.arin.

net/whois.

Better Business Bureau located at http://www.bbb.org.

Guidestar (for charitable organizations) located at http://www.guidestar.org.

Hoaxbusters at http://hoaxbusters.ciac.org/.

Metadatarisk.org (on the dangers of Metadata) located at http://www.metadatarisk.org.

Stealth Products located at http://www.computersecurity.com/stealth/computer_

tracker.htm and http://www.computersecurity.com/stealth/data_protector.htm.

“www.terror.net: How Modern terrorism Uses the Internet” located at http://www.

usip.org/pubs/specialreports/sr116.pdf.

A

Accumulation centers for documents, xi Aggregation of information, 24–25, 27, 31, 36,

42

Anti-forensics (see alsoComputer forensics), 103–122

countermeasures, using, 121–122 Attacks (see alsoTechniques)

brute-force, 93, 97

business channels, via (seeBusiness channels)

data aggregation, via (see Aggregation of information)

digital forgery, via (seeDocuments, forging)

encryption, on, 103–104

Google hacking, via (seeGoogle hack-ing)

IDS detecting, 46

information thieves, by, 48–50, 122, 129–130, 135, 139

infosphere, via (seeInfosphere) insiders, by, 50

keyboard, via, 71–72 outsiders, by, 49

social engineering, via (seeSocial engi-neering)

theft, by (seeTheft) B

BIOS (Basic Input/Output System), 91 Blogs, 25, 37, 39, 42, 124, 131, 134 Boolean searches, 38

Business channels (see alsoInformation leak-age), ix–x, 30, 41–54, 153 Business intelligence, 23, 25–26, 41, 66, 95

C

CAPTCHA, 51, 53, 155, 157–158

CD-ROMs (see alsoComputer media, optical), 74, 76, 77, 107, 112, 114

Chalkboards, xi, 76–78, 80

Cleansing, purging, and destruction of com-puter media (see alsoComputer

media, erasure of; Computer media, reuse of), 65–74

Collaborative spaces (on the Web), 129, 134 Comments in documents, 5–6, 8–9, 11–12,

16–19, 126

Computer forensics (see alsoAnti-forensics), viii, 65–66, 87–101, 103, 105–106, 110, 115, 117–118, 121–122, 144, 156

low-lying fruit, 87, 95 techniques, 94–98 tools, 99

Computer media

electronic, v, viii, xi, 144 erasure of, x, 61, 65–74

magnetic, v, ix, 65–74, 78, 86, 106–107, 139–140, 144, 151

Cookies (Internet browser), 88, 95, 98, 110, 112

Countermeasures

business channels, for, 44–48, 53–54 forgery, to, 142–146

intelligence gathering for, 39 least privilege in (seeLeast privilege) metadata, for, 10–15

mobile device theft, for, 64

security zones as (seeSecurity zones) trapped lists as (seeTrapping lists) Web-facing documents, for, 28–30,

38–39

Credentials (see alsoDocuments, forging), viii, x, 140–141

Cross-site scripting, 131

Customer lists, vii, 24–27, 30, 55, 83, 95, 109 D

Data

backup, 62

deleted and hidden files, 89–94 financial (seeFinancial data) forgotten, 5–6, 18, 87–88

161

INDEX

proprietary (seeProprietary data) residual (seeSlack space; Computer

media, persistence in)

Databases, vii, 24, 26–27, 29–30, 45–46, 59, 68, 83

Defense-in-depth, 49–50, 63–64, 68, 85 Degaussing, 67–72, 74, 106–107 Digital devices, viii, x, 39, 57, 61, 63, 81,

98–99, 105 Digital images, 44, 54, 144 Digital photography, 52–54, 94–95 Disinformation

Web pages and sites, on, viii, x, 124, 131–134, 136

DMZ (Demilitarized Zone, a segregated seg-ment on a network), 29

Documents

characteristics, 79 classifying, 81–86

comments (seeComments in docu-ments)

confidential, vii–viii, xi, 4, 28–31, 36, 39, 48, 53, 66, 81–82, 84, 88 electronic, v, xi, 3–4, 17–18, 20–21,

28–29, 45, 87, 94, 100–101, 123, 146–147, 151

electronic layers in, v

fingerprinting of, 45–46, 48, 50, 54 forging, xi, 137–151, 158

hallmarks of forgery, 137–138

identity (seeIdentity document counter-feiting)

metadata in, v, viii–ix, xi, 3–21, 72, 100–101, 104, 122, 136, 146, 151, 157–159

implications of, 4–10 palimpsest, as, v, 3, 110

paper, xi, 28–29, 44, 50, 75–78, 94, 143, 147

PDF (seePDF documents) physical, viii, x–xi, 28, 39, 44, 58,

75–86, 119, 123, 139, 142, 146, 148–150

properties (seeProperties in documents) reviewing and verifying, 146–151 sensitive, ix, 24–25, 28, 31, 39, 42–45,

48–54, 57–58, 65–66, 76, 78–79, 81–82, 85–86, 88, 97, 100–101, 104–105

types of, 29–30, 75–78

Web-facing, v, vii–ix, 23–39 Dumpsters and trash bins, xi, 85

DVDs (see alsoComputer media, optical), 20, 35, 45, 70, 74, 76–77, 99, 105–106 E

Electronic media (seeComputer media) E-mail, ix, 12, 17–18, 29, 39, 41–43, 45, 47,

52–55, 88–89, 94–95, 98–99, 101, 113, 121–122, 124, 126–130, 133, 135–136, 139, 141, 155

Emotional appeal (see alsoInternet rhetoric) Web pages using, 124, 136

Encryption, viii–x, 29, 54–55, 59–62, 64, 73, 93, 103, 106, 115–116, 118, 121–122, 153

tar archives in, 122 External publications, 54

F

Faxes and fax machines, 39, 43–45, 54, 69, 76, 79–80, 85–86, 139, 141–142 File systems (computer), 59, 113–114 Financial data, vii, 24–25, 27, 31, 130 Firewalls, 29–30

Forensics (seeComputer forensics) Forgery (seeDocuments, forging)

Fraud, viii, 123–124, 135, 137, 139–142, 146 FTP (File Transfer Protocol), ix, 17, 26, 39,

41–43, 54, 88, 119 G

George Orwell’s 1984, 47, 117

Google hacking, 7, 25–27, 30–36, 49, 157 GLB (Graham-Leach-Bliley Act), 29 Grayhat Research Corporation, 46

H

Hashes, 95–96, 100

HEX editor, 20–21, 92, 106, 110 Hiding data, 5, 118–119

common methods for, 5

HIPAA (Health Insurance Portability and Ac-countability Act), 29, 46

Holmes, Sherlock, 87

Host protected area of a hard drive (HPA), 91

I

Identifiers (seePersonal identifiers) Identity document counterfeiting, 138–142 IM (Instant messaging), ix, 39, 41–43, 45, 52,

54

Images (seeDigital images; JPEG images;

Steganography)

Information footprint (seeInfosphere) Information leakage, v, viii–ix, 3, 5, 9, 16–17,

24, 28, 30, 39, 41–54 types of, viii

Information security (ITSEC) information, 24 Information taboos (for posting on the Web),

31, 48, 109, 131

marketable personal data (see Market-able personal data)

personal identifiers (seePersonal identi-fiers)

Scarfo case example, 114–119 vital information, x, 89 Instant messaging (seeIM)

Intelligence (seeOpen source intelligence) Internet options (in Internet Explorer),

110–112

Internet rhetoric (seePersuasion; Predators online)

J

JPEG images, 91 K

Key information assets (data treasures), viii, 24, 107

Keyloggers, 116

Keystroke capturing (seeKeyloggers) L

Latency of information (seeMemory; Persis-tence; Locations for information la-tency)

Least privilege, 28, 53, 113 LSB (Least Significant Bit), 91

Locations for information latency, 43–45 Loss of confidentiality (seeDocuments,

confi-dential) M

Magnetic media (seeComputer media, mag-netic)

Marketable personal data, 23–25, 129 Marketing plans (see alsoProprietary data),

24–27, 48, 82–83, 95, 100 Media library, 76, 78, 85–86 Media sanitization policies, 72–73 Memory, 44–45, 52, 66–67, 69–72, 74, 77,

92–94, 99, 105, 120

Metadata (seeDocuments, metadata in) Microsoft Office, 3, 5–6, 10–11, 16–17 Microsoft Word, 3, 6–7, 9, 13–16, 18, 157 Mirrored images, xi

N

Network intrusion detection, 29–30, 46, 49 NIST Publication 66–69, 73, 80–88, 157

O

Obfuscation (see alsoCAPTCHA; Steganogra-phy), 130

Open source intelligence (OSI), 26

Optical media (seeComputer media, optical) Overwrites, 71–72

P

Palimpsest (seeDocuments, palimpsest, as) Passwords, 34, 43, 48–50, 60, 79–80, 93–94,

96–97, 104–105, 109, 113–114, 117, 120–121, 133, 144

PDA (Personal Digital Assistant), viii–x, 29, 39, 55, 57–59, 61–62, 68, 80, 98–99, 109, 122, 157–158

PDF documents, 11–12, 14–15, 32, 35–36, 158–159

Peer-to-peer (P2P) networks, 42, 54

Persistence (see alsoComputer media, reuse of;

Magnetic media; Electronic media;

Optical media), 65–74

Persona online (seePredators online) Personal identifiers, 24, 31, 48, 135 Persuasion, 124–131, 135

PGP (Pretty Good Privacy encryption), 59, 115 Privacy, 10–12, 25, 48, 52, 114–115, 117–118,

128

Properties in documents, ix, 4–8, 12, 15, 19, 21, 90

Proprietary data, vii, 18, 23–25, 27, 78, 81 Q

Querying the Web (seeGoogle hacking) R

Regular expressions (REGEX), 46, 48, 54 Reuse of computer media (seeComputer

media, reuse of) Risk management, 52–53 Routers, 69

S

Sanitizing

computer media, of (seeComputer media, erasure of)

Sarbanes-Oxley (SOX), 46, 78 Scarfo case (seeInfosphere, Scarfo case) Search engines (seeGoogle hacking) Security labels, 39

Security personnel

surveillance by, 80–81

Security policies, 47, 61, 73, 81, 83–84, 106, 153–154, 157

Security procedures, 50, 83–85

Security zones, 28–30, 38, 44–46, 49, 52–53, 65, 101, 153–154

Sensitive information (see alsoDocuments, sen-sitive), v, viii, xi, 3–4, 18–19, 23–24, 26, 28, 30, 38, 41–50, 52, 54–56, 59, 62, 64–68, 81–83, 92, 94–95, 103, 105–106, 108, 113, 115, 119, 120–123, 131, 135–136 Shredders, 57, 68, 75

Site inspections, 78–81

Slack space (see alsoComputer forensics), v, x, 65, 91–93, 95, 98, 104, 122

Sleuthing

metadata, for, 17–21

Social engineering, vii, 49, 51, 53, 133, 135, 143

Soft copy media, 67

Steganography (see alsoImages; Obfuscation), 51, 53, 91, 98, 122

Sticky notes, 60, 79–80, 86

Storage media (seeComputer media) Swap files (see alsoComputer forensics), xi,

93–94, 113, 122 T

Tar archives (seeEncryption, tar archives in) Techniques

aggregation (seeAggregation of infor-mation)

degaussing (seeDegaussing) digital forgery, of, 139–140 forensic, v, 3, 94–100

Google hacking (seeGoogle hacking) hiding information, 118–119 hiding text, 3, 7, 20

obfuscation, 51–52, 54

recovery of magnetic media, 71 sleuthing, 20–21

spotting a forgery, 137–138

uncovering Web-facing documents, 23, 25–26, 31

Theft

digital devices, of, x, 55–64

tracking service as a countermeasure to, 62

vulnerable places for, 63 Threat matrix, 109

Trace evidence (seeSlack space; Swap files) Tracking service

mobile digital devices, for, 62 Trade secrets (seeProprietary data)

Trapping lists, 53, 55 Types

computer media (seeComputer media, types of)

data, 20, 48

dictionaries (for password attacks), 97 documents (seeDocuments, type of) files, 35

filtering, of, 20 metadata, 6 sanitizing, of, 74 U

USB drive (Universal Serial Bus), xi, 45, 50, 66–67, 69–71, 73–74, 77, 88, 93–94, 113, 115, 120–121, 155

V

Verbal communications, 51, 54 Virtual memory, 94

VOIP (Voice Over IP), 51, 54

VPNs (Virtual Private Networks), 49, 58–59, 61–62, 64

Vulnerability

accessing, 63, 76, 119–120 W

Web-facing documents (seeDocuments, Web-facing)

Web pages, viii, 5–6, 18–19, 32–35, 54, 111, 123–136

evaluating, 123–136 trustworthiness of, 124–128 Whiteboards, x–xi, 75–78, 80–81, 85 WiFi access points, 119

Wikis, 124, 131, 134, 154 Williams, Paul, 46

Wireless computing, 58–59, 61, 119 X

X.509 certificates, 59

Dans le document DOCUMENT SECURITY (Page 167-181)