Computer Security Handbook

The definitive formula for computer security, from power outages to theft and sabotage

Whether you are in charge of many computers, or even one important one, there are immediate steps you can take to safeguard your company’s computer system and its contents. The Computer Security Handbook provides a readable and comprehensive resource for protecting computer mainframe systems and PC networks. This Fourth Edition continues a long tradition of maintaining highly regarded industry guidelines for detecting virtually every possible threat to your system and prescribes specific actions you can take to eliminate them.

The collected chapters are written by renowned industry professionals. Requiring minimal technical knowledge to understand, covered topics include: foundations of computer security, threats and vulnerabilities, prevention (technical defenses and human factors), detection, remediation, management’s role, and other considerations such as using encryption internationally, anonymity and identity in cyberspace, and censorship.

Protect the information and networks that are vital to your organization with Computer Security Handbook, Fourth Edition.

Table of Contents

PART ONE: FOUNDATIONS OF COMPUTER SECURITY.

Brief History and Mission of Information System Security (S. Bosworth & R. Jacobson).

Cyberspace Law and Computer Forensics (R. Heverly & M. Wright).

Using a "Common Language" for Computer Security Incident Information (J. Howard & P. Meunier).

Studies and Surveys of Computer Crime (M. Kabay).

Toward a New Framework for Information Security (D. Parker).

PART TWO: THREATS AND VULNERABILITIES.

The Psychology of Computer Criminals (Q. Campbell & D. Kennedy).

Information Warfare (S. Bosworth).

Penetrating Computer Systems and Networks (C. Cobb, et al.).

Malicious Code (R. Thompson).

Mobile Code (R. Gezelter).

Denial of Service Attacks (D. Levine & G. Kessler).

The Legal Framework for Protecting Intellectual Property in the Field of Computing and Computer Software (W. Zucker & S. Nathan).

E-Commerce Vulnerabilities (A. Ghosh).

Physical Threats to the Information Infrastructure (F. Platt).

PART THREE: PREVENTION: TECHNICAL DEFENSES.

Protecting the Information Infrastructure (F. Platt).

Identification and Authentication (R. Sandhu).

Operating System Security (W. Stallings).

Local Area Networks (G. Kessler & N. Pritsky).

E-Commerce Safeguards (J. Ritter & M. Money).

Firewalls and Proxy Servers (D. Brussin).

Protecting Internet-Visible Systems (R. Gezelter).

Protecting Web Sites (R. Gezelter).

Public Key Infrastructures and Certificate Authorities (S. Chokhani).

Antivirus Technology (C. Cobb).

Software Development and Quality Assurance (D. Levine).

Piracy and Antipiracy Techniques (D. Levine).

PART FOUR: PREVENTION: HUMAN FACTORS.

Standards for Security Products (P. Brusil & N. Zakin).

Security Policy Guidelines (M. Kabay).

Security Awareness (K. Rudolph, et al.).

Ethical Decision Making and High Technology (J. Linderman).

Employment Practices and Policies (M. Kabay).

Operations Security and Production Controls (M. Walsh & M. Kabay).

E-Mail and Internet Use Policies (M. Kabay).

Working with Law Enforcement (M. Wright).

Using Social Psychology to Implement Security Policies (M. Kabay).

Auditing Computer Security (D. Levine).

PART FIVE: DETECTION.

Vulnerability Assessment and Intrusion Detection Systems (R. Bace).

Monitoring and Control Systems (D. Levine).

Application Controls (M. Walsh).

PART SIX: REMEDIATION.

Computer Emergency Quick-Response Teams (B. Cowens & M. Miora).

Data Backups and Archives (M. Kabay).

Business Continuity Planning (M. Miora).

Disaster Recovery (M. Miora).

Insurance Relief (R. Parisi, Jr.).

PART SEVEN: MANAGEMENT'S ROLE.

Management Responsibilities and Liabilities (C. Hallberg, et al.).

Developing Security Policies (M. Kabay).

Risk Assessment and Risk Management (R. Jacobson).

Y2K: Lessons Learned for Computer Security (T. Braithwaite).

PART EIGHT: OTHER CONSIDERATIONS.

Medical Records Security (P. Brusil & D. Harley).

Using Encryption Internationally (D. Levine).

Censorship and Content Filtering (L. Tien & S. Finkelstein).

Privacy in Cyberspace (B. Hayes, et al.).

Anoymity and Identity in Cyberspace (M. Kabay).

The Future of Information Security (P. Tippett).

Index.