PART ONE: FOUNDATIONS OF COMPUTER SECURITY.

Brief History and Mission of Information System Security (S. Bosworth and R. Jacobson).

Cyberspace Law and Computer Forensics (R. Heverly and M. Wright).

Using a ""Common Language"" for Computer Security Incident Information (J. Howard and P. Meunier).

Studies and Surveys of Computer Crime (M. Kabay).

Toward a New Framework for Information Security (D. Parker).

PART TWO: THREATS AND VULNERABILITIES.

The Psychology of Computer Criminals (Q. Campbell and D. Kennedy).

Information Warfare (S. Bosworth).

Penetrating Computer Systems and Networks (C. Cobb, et al.).

Malicious Code (R. Thompson).

Mobile Code (R. Gezelter).

Denial of Service Attacks (D. Levine and G. Kessler).

The Legal Framework for Protecting Intellectual Property in the Field of Computing and Computer Software (W. Zucker and S. Nathan).

E-Commerce Vulnerabilities (A. Ghosh).

Physical Threats to the Information Infrastructure (F. Platt).

PART THREE: PREVENTION: TECHNICAL DEFENSES.

Protecting the Information Infrastructure (F. Platt).

Identification and Authentication (R. Sandhu).

Operating System Security (W. Stallings).

Local Area Networks (G. Kessler and N. Pritsky).

E-Commerce Safeguards (J. Ritter and M. Money).

Firewalls and Proxy Servers (D. Brussin).

Protecting Internet-Visible Systems (R. Gezelter).

Protecting Web Sites (R. Gezelter).

Public Key Infrastructures and Certificate Authorities (S. Chokhani).

Antivirus Technology (C. Cobb).

Software Development and Quality Assurance (D. Levine).

Piracy and Antipiracy Techniques (D. Levine).

PART FOUR: PREVENTION: HUMAN FACTORS.

Standards for Security Products (P. Brusil and N. Zakin).

Security Policy Guidelines (M. Kabay).

Security Awareness (K. Rudolph, et al.).

Ethical Decision Making and High Technology (J. Linderman).

Employment Practices and Policies (M. Kabay).

Operations Security and Production Controls (M. Walsh and M. Kabay).

E-Mail and Internet Use Policies (M. Kabay).

Working with Law Enforcement (M. Wright).

Using Social Psychology to Implement Security Policies (M. Kabay).

Auditing Computer Security (D. Levine).

PART FIVE: DETECTION.

Vulnerability Assessment and Intrusion Detection Systems (R. Bace).

Monitoring and Control Systems (D. Levine).

Application Controls (M. Walsh).

PART SIX: REMEDIATION.

Computer Emergency Quick-Response Teams (B. Cowens and M. Miora).

Data Backups and Archives (M. Kabay).

Business Continuity Planning (M. Miora).

Disaster Recovery (M. Miora).

Insurance Relief (R. Parisi, Jr.).

PART SEVEN: MANAGEMENT'S ROLE.

Management Responsibilities and Liabilities (C. Hallberg, et al.).

Developing Security Policies (M. Kabay).

Risk Assessment and Risk Management (R. Jacobson).

Y2K: Lessons Learned for Computer Security (T. Braithwaite).

PART EIGHT: OTHER CONSIDERATIONS.

Medical Records Security (P. Brusil and D. Harley).

Using Encryption Internationally (D. Levine).

Censorship and Content Filtering (L. Tien and S. Finkelstein).

Privacy in Cyberspace (B. Hayes, et al.).

Anoymity and Identity in Cyberspace (M. Kabay).

The Future of Information Security (P. Tippett).

Index.