search for books and compare prices
Tables of Contents for Computer Security
Chapter/Section Title
Page #
Page Count
Preface to the Third Edition
xiii
Preface to the Second Edition
xv
Acknowledgments
xvii
PART I THE THREAT TO COMPUTER SECURITY
Essentials of Computer Security
3
26
Unique EDP Security Problems
3
5
EDP Security in a Nutshell
8
5
Computers and Crime; Know Your Enemy!
13
7
The Anatomy of Computer Crime
20
9
Computer Crime and the Law
29
36
United States
29
3
Australia
32
3
Canada
35
7
United Kingdom
42
2
New Zealand
44
1
Continental Europe
44
2
Conclusions
46
1
Classic Case Histories
47
18
References for Part I
59
6
PART II SECURITY MANAGEMENT CONSIDERATIONS
Organizing for EDP Security
65
14
EDP Security in the public Sector
65
1
EDP Security in the Private Sector
66
3
Corporate EDP Security
69
3
Duties of the Security Coordinator
72
2
Principles of Security Management
74
2
New Challenges for IT Security Management
76
3
Protection of Information
79
20
Classification---The Government Model
79
4
Classification---The Corporate Model
83
2
Special Problems with EDP
85
1
Marking Classified Matter
86
2
Storing Classified Matter
88
1
Destroying Classified Matter
89
1
Residual Memory in Magnetic Media
90
2
Procedural Safeguards for Classified Matter
92
3
Conclusion
95
4
Screening and Management of Personnel
99
16
Management Responsibility
102
1
Relations with Vendors
102
1
Categories of Security Clearance
103
1
Security Screening of Employees
104
4
Personnel Security Policies
108
3
Conclusion
111
4
PART III PHYSICAL SECURITY
Physical Access Control
115
16
Basics of Access Control
115
1
Automatic Access Control
116
4
Key Access Control
120
1
Concentric Controlled Perimeters
120
1
Outer Perimeter Access
121
1
Building Access Control
122
1
Control of Access to Restricted Areas
123
3
Material Control in Restricted Areas
126
1
Computer Room Access Control
127
4
Physical Security
131
14
The Fortress Concept
131
2
Outer Perimeter Defense
133
1
Building Perimeters
134
2
Guarded Areas
136
3
Restricted Area Perimeter
139
3
Computer Room Security
142
3
Environmental Security
145
12
Electrical Power
145
4
Grounding
149
1
Interference Suppression
150
2
Dust Control
152
1
Environmental Controls
153
4
Disaster Control
157
20
Locating the Computer Center
157
3
Protecting the Computer Center
160
5
Automatic Fire Detection
165
2
General Fire-Safety Planning
167
2
Disaster Recovery
169
8
PART IV COMMUNICATIONS SECURITY
Line Security
177
22
Communications Security Subfields
177
1
Security of Communications Cables
178
4
Interior Communications Lines
182
1
Telephone Instrument Security
183
5
Additional Line Security Considerations
188
1
Local Area Networks
189
6
Space Radio Interception
195
4
Transmission Security
199
16
General Considerations
199
1
Operating Procedures
200
6
Speech Privacy
206
4
Error-Proof Codes
210
3
Traffic Analysis
213
2
Cryptographic Security
215
36
Introduction to Cryptology
215
1
Overview of Ciphers
216
3
How Ciphers Work
219
5
How DES Works
224
11
Network Communications Security
235
1
Weaknesses of DES
236
2
Ways to Use DES
238
3
Asymmetrical Ciphers
241
2
El Gamel
243
1
Crypto Procedures
244
2
Cryptanalysis
246
3
Summary
249
2
Emanations Security
251
16
Emanation Problems
251
2
Probability of Interception
253
1
Defense Mechanisms
254
2
Mesuring Electromagnetic Emanation Levels
256
4
Additional Defenses
260
5
Defense Against Acoustical Emanations
265
2
Technical Security
267
14
Victimization of EDP Centers
267
1
Categories of Technical Surveillance
268
1
Defenses Against Technical Surveillance
269
4
Types of Intrusion Devices
273
8
PART V SYSTEMS SECURITY
Systems Identification
281
26
Introduction to Systems Security
281
5
Guidelines for a Trusted Computing Base
286
5
Personal Identification
291
7
Other User Identification Systems
298
1
Identifying Specified Assets
298
4
System Relationships
302
1
Privacy Considerations
302
2
Freedom of Information
304
3
Isolation in Computer Systems
307
22
Defense Strategies
307
1
Processing Modes
308
2
Temporal Isolation
310
2
Spatial Isolation
312
1
System Architecture
312
13
Cryptographic Isolation
325
1
Restriction of Privilege
326
1
Virtual Machine Isolation
327
1
Trends in User Isolation
327
2
Systems Access Control
329
24
Basic Principles of Access
329
3
Authentication
332
4
Systems Access
336
1
Internal Access
337
3
Access Privileges
340
4
Keeping Hackers Out
344
5
Systems Security Add-on Packages
349
4
Detection and Surveillance
353
16
Threat Monitoring
353
2
Trend Analysis
355
6
Investigation
361
2
Auditing
363
2
Compensatory Action
365
2
The Human Factor in Computer Crime
367
2
Systems Integrity
369
20
Program Security
369
3
Error Control
372
3
Privacy in Statistical Data Bases
375
4
Protection of Security Functions
379
2
Commercial Security Model
381
2
Object-Oriented Model
383
3
Conclusion
386
1
Bibliography
387
2
Systems Reliability and Security
389
14
Hardware
389
2
Software
391
1
Changes
392
1
System Backup
392
3
Record-Keeping and Security
395
1
Logs
395
2
Backup Files
397
1
Restart and Recovery
398
1
Record Retention
399
1
Inventories and Lists
400
3
Security and Personal Computers
403
56
Introduction
403
2
Physical Security
405
2
Environmental Protection
407
2
Protection of Removable Media
409
3
Electromagnetic Emanations
412
1
Security Attributes of Microprocessors
412
5
PC Operating Systems
417
11
Local-Area-Network (LAN) Security
428
3
Security in Remote Support Programs
431
3
Database Security
434
4
Security in Application Programs
438
1
Backup
439
4
Anti-Virus Defenses
443
4
Security Add-ons for Operating Systems---Trusted Computer Systems Evaluation
447
6
New Thinking in PC Security
453
3
Conclusion
456
1
Bibliography
456
3
PART VI INFORMATION SECURITY RISK ANALYSIS
Systems Approach to Risk Management
459
18
Introduction
459
1
Applications of Risk Analysis
459
1
IT Security Management
460
2
Information and Risk Analysis
462
1
Information Security by Consensus
462
2
State of Infosec Risk Analysis
464
1
General Systems Approach
464
2
Cybernetic Control Cycle
466
1
Problems in Risk Analysis
466
1
Cybernetic Model of Activity
467
4
Representative Risk-Analysis Packages
471
2
Specific Recommendations
473
4
Threat Assessment
477
14
Introduction
477
2
Properties of Threats
479
3
Estimating Likelihood
482
5
Trend Analysis
487
4
Assets and Safeguards
491
14
Assets
491
1
Vulnerabilities
492
1
Assets and Impacts
493
1
Risk-Analysis Modeling
493
4
Cost-of-Loss Model
497
3
Safeguards
500
2
Constraints
502
3
Keeping Secrets in Computers
505
42
Threats and Legal Remedies
506
3
Self-Help Measures
509
2
National Security Models
511
28
Threat Risk Assessment
539
8
Modes of Risk Analysis
547
28
Compliance Auditing
547
1
Requirements Analysis
548
3
Security Inspection and Evaluation
551
2
Cost-Benefit Analysis
553
3
Life-Cycle Software Development
556
1
Development of Security Software
557
1
The Workshop Model
558
4
Transaction Model
562
13
References for Part VI
569
6
Appendix: Sample Log Forms
575
4
Glossary
579
50
Selected Bibliography
629
6
Index
635