Book description
The classic and authoritative reference in the field of computer security, now completely updated and revised.
With the continued presence of large-scale computers; the proliferation of desktop, laptop, and handheld computers; and the vast international networks that interconnect them, the nature and extent of threats to computer security have grown enormously. Now in its fifth edition, Computer Security Handbook continues to provide authoritative guidance to identify and to eliminate these threats where possible, as well as to lessen any losses attributable to them.
With seventy-seven chapters contributed by a panel of renowned industry professionals, the new edition has increased coverage in both breadth and depth of all ten domains of the Common Body of Knowledge defined by the International Information Systems Security Certification Consortium (ISC).
Of the seventy-seven chapters in the fifth edition, twenty-five chapters are completely new, including:
Hardware Elements of Security
Fundamentals of Cryptography and Steganography
Mathematical models of information security
Insider threats
Social engineering and low-tech attacks
Spam, phishing, and Trojans: attacks meant to fool
Biometric authentication
VPNs and secure remote access
Securing Peer2Peer, IM, SMS, and collaboration tools
U.S. legal and regulatory security issues, such as GLBA and SOX
Whether you are in charge of many computers or just one important one, there are immediate steps you can take to safeguard your computer system and its contents. Computer Security Handbook, Fifth Edition equips you to protect the information and networks that are vital to your organization.
Table of contents
-
Volume I: Computer Security Handbook
- Title Page
- Copyright
- Contents
- PREFACE
- ACKNOWLEDGMENTS
- ABOUT THE EDITORS
- ABOUT THE CONTRIBUTORS
- A NOTE TO INSTRUCTORS
-
INTRODUCTION TO PART I: FOUNDATIONS OF COMPUTER SECURITY
- CHAPTER 1: BRIEF HISTORY AND MISSION OF INFORMATION SYSTEM SECURITY
-
CHAPTER 2: HISTORY OF COMPUTER CRIME
- 2.1 WHY STUDY HISTORICAL RECORDS?
- 2.2 OVERVIEW.
- 2.3 1960S AND 1970S: SABOTAGE.
- 2.4 IMPERSONATION.
- 2.5 PHONE PHREAKING.
- 2.6 DATA DIDDLING.
- 2.7 SALAMI FRAUD.
- 2.8 LOGIC BOMBS.
- 2.9 EXTORTION.
- 2.10 TROJAN HORSES.
- 2.11 NOTORIOUS WORMS AND VIRUSES.
- 2.12 SPAM.
- 2.13 DENIAL OF SERVICE.
- 2.14 HACKER UNDERGROUND OF THE 1980S AND 1990S.
- 2.15 CONCLUDING REMARKS.
- 2.16 FURTHER READING
- 2.17 NOTES
-
CHAPTER 3: TOWARD A NEW FRAMEWORK FOR INFORMATION SECURITY*
- 3.1 PROPOSAL FOR A NEW INFORMATION SECURITY FRAMEWORK.
- 3.2 SIX ESSENTIAL SECURITY ELEMENTS.
- 3.3 WHAT THE DICTIONARIES SAY ABOUT THE WORDS WE USE.
- 3.4 COMPREHENSIVE LISTS OF SOURCES AND ACTS CAUSING INFORMATION LOSSES.
- 3.5 FUNCTIONS OF INFORMATION SECURITY.
- 3.6 SELECTING SAFEGUARDS USING A STANDARD OF DUE DILIGENCE.
- 3.7 THREATS, ASSETS, VULNERABILITIES MODEL.
- 3.8 CONCLUSION.
-
CHAPTER 4: HARDWARE ELEMENTS OF SECURITY
- 4.1 INTRODUCTION.
- 4.2 BINARY DESIGN.
- 4.3 PARITY.
- 4.4 HARDWARE OPERATIONS.
- 4.5 INTERRUPTS.
- 4.6 MEMORY AND DATA STORAGE.
- 4.7 TIME.
- 4.8 NATURAL DANGERS.
- 4.9 DATA COMMUNICATIONS.
- 4.10 CRYPTOGRAPHY.
- 4.11 BACKUP.
- 4.12 RECOVERY PROCEDURES.
- 4.13 MICROCOMPUTER CONSIDERATIONS.
- 4.14 CONCLUSION.
- 4.15 HARDWARE SECURITY CHECKLIST
- 4.16 FURTHER READING
-
CHAPTER 5: DATA COMMUNICATIONS AND INFORMATION SECURITY
- 5.1 INTRODUCTION.
- 5.2 SAMPLING OF NETWORKS.
- 5.3 NETWORK PROTOCOLS AND VULNERABILITIES.
- 5.4 STANDARDS.
- 5.5 INTERNET PROTOCOL (IP).
- 5.6 TRANSMISSION CONTROL PROTOCOL (TCP).
- 5.7 USER DATAGRAM PROTOCOL.
- 5.8 TCP/IP SUPERVISORY STANDARDS.
- 5.9 APPLICATION STANDARDS.
- 5.10 CONCLUDING REMARKS.
- 5.11 FURTHER READING
- 5.12 NOTES
- CHAPTER 6: NETWORK TOPOLOGIES, PROTOCOLS, AND DESIGN
- CHAPTER 7: ENCRYPTION
- CHAPTER 8: USING A COMMON LANGUAGE FOR COMPUTER SECURITY INCIDENT INFORMATION
- CHAPTER 9: MATHEMATICAL MODELS OF COMPUTER SECURITY
- CHAPTER 10: UNDERSTANDING STUDIES AND SURVEYS OF COMPUTER CRIME
-
CHAPTER 11: FUNDAMENTALS OF INTELLECTUAL PROPERTY LAW
- 11.1 INTRODUCTION.
- 11.2 THE MOST FUNDAMENTAL BUSINESS TOOL FOR PROTECTION OF TECHNOLOGY IS THE CONTRACT.
- 11.3 PROPRIETARY RIGHTS AND TRADE SECRETS.
- 11.4 COPYRIGHT LAW AND SOFTWARE.
- 11.5 DIGITAL MILLENNIUM COPYRIGHT ACT.
- 11.6 CIRCUMVENTING TECHNOLOGY MEASURES.
- 11.7 PATENT PROTECTION.
- 11.8 PIRACY AND OTHER INTRUSIONS.
- 11.9 OTHER TOOLS TO PREVENT UNAUTHORIZED INTRUSIONS.
- 11.10 OPEN SOURCE.
- 11.11 APPLICATION INTERNATIONALLY.
- 11.12 CONCLUDING REMARKS.
- 11.13 FURTHER READING
- 11.14 NOTES
-
INTRODUCTION TO PART II: THREATS AND VULNERABILITIES
-
CHAPTER 12: THE PSYCHOLOGY OF COMPUTER CRIMINALS
- 12.1 INTRODUCTION.
- 12.2 SELF-REPORTED MOTIVATIONS.
- 12.3 PSYCHOLOGICAL PERSPECTIVES ON COMPUTER CRIME.
- 12.4 SOCIAL DISTANCE, ANONYMITY, AGGRESSION, AND COMPUTER CRIME.
- 12.5 INDIVIDUAL DIFFERENCES AND COMPUTER CRIMINALS.
- 12.6 ETHICS AND COMPUTER CRIME.
- 12.7 CLASSIFICATIONS OF COMPUTER CRIMINALS.
- 12.8 SUMMARY AND CONCLUSIONS.
- 12.9 NOTES
-
CHAPTER 13: THE DANGEROUS INFORMATION TECHNOLOGY INSIDER: PSYCHOLOGICAL CHARACTERISTICS AND CAREER PATTERNS1
- 13.1 COMPUTER INFORMATION TECHNOLOGY INSIDERS.
- 13.2 PSYCHOLOGICAL CHARACTERISTICS OF INFORMATION TECHNOLOGY SPECIALISTS.
- 13.3 CHARACTERISTICS OF THE DANGEROUS COMPUTER INFORMATION TECHNOLOGY INSIDER (CITI).
- 13.4 ESCALATING PATHWAY TO MAJOR COMPUTER CRIME.
- 13.5 STRESS AND ATTACKS ON COMPUTER SYSTEMS.
- 13.6 TYPOLOGY OF COMPUTER CRIME PERPETRATORS.
- 13.7 CONCLUSION AND IMPLICATIONS.
- 13.8 NOTE
- CHAPTER 14: INFORMATION WARFARE
- CHAPTER 15: PENETRATING COMPUTER SYSTEMS AND NETWORKS
- CHAPTER 16: MALICIOUS CODE
- CHAPTER 17: MOBILE CODE
- CHAPTER 18: DENIAL-OF-SERVICE ATTACKS
-
CHAPTER 19: SOCIAL ENGINEERING AND LOW-TECH ATTACKS
- 19.1 INTRODUCTION.
- 19.2 BACKGROUND AND HISTORY.
- 19.3 SOCIAL ENGINEERING METHODS.
- 19.4 PSYCHOLOGY AND SOCIAL PSYCHOLOGY OF SOCIAL ENGINEERING.
- 19.5 DANGERS OF SOCIAL ENGINEERING AND ITS IMPACT ON BUSINESSES.
- 19.6 DETECTION.
- 19.7 RESPONSE.
- 19.8 DEFENSE AND MITIGATION.
- 19.9 CONCLUSION.
- 19.10 FURTHER READING
- 19.11 NOTES
- CHAPTER 20: SPAM, PHISHING, AND TROJANS: ATTACKS MEANT TO FOOL
- CHAPTER 21: WEB-BASED VULNERABILITIES
- CHAPTER 22: PHYSICAL THREATS TO THE INFORMATION INFRASTRUCTURE
-
CHAPTER 12: THE PSYCHOLOGY OF COMPUTER CRIMINALS
-
INTRODUCTION TO PART III: PREVENTION: TECHNICAL DEFENSES
-
CHAPTER 23: PROTECTING THE INFORMATION INFRASTRUCTURE
- 23.1 INTRODUCTION.
- 23.2 SECURITY PLANNING AND MANAGEMENT.
- 23.3 STRATEGIC PLANNING PROCESS.
- 23.4 ELEMENTS OF GOOD PROTECTION.
- 23.5 OTHER CONSIDERATIONS.
- 23.6 ACCESS CONTROL.
- 23.7 SURVEILLANCE SYSTEMS.
- 23.8 OTHER DESIGN CONSIDERATIONS.
- 23.9 MITIGATING SPECIFIC THREATS.
- 23.10 INFORMATION NOT PUBLICLY AVAILABLE.
- 23.11 COMPLETING THE SECURITY PLANNING PROCESS.
- 23.12 SUMMARY AND CONCLUSIONS.
- 23.13 FURTHER READING
- 23.14 NOTES
- CHAPTER 24: OPERATING SYSTEM SECURITY
- CHAPTER 25: LOCAL AREA NETWORKS
- CHAPTER 26: GATEWAY SECURITY DEVICES
- CHAPTER 27: INTRUSION DETECTION AND INTRUSION PREVENTION DEVICES
-
CHAPTER 28: IDENTIFICATION AND AUTHENTICATION
- 28.1 INTRODUCTION.
- 28.2 FOUR PRINCIPLES OF AUTHENTICATION.
- 28.3 PASSWORD-BASED AUTHENTICATION.
- 28.4 TOKEN-BASED AUTHENTICATION.
- 28.5 BIOMETRIC AUTHENTICATION.
- 28.6 CROSS-DOMAIN AUTHENTICATION.
- 28.7 RELATIVE COSTS OF AUTHENTICATION TECHNOLOGIES.
- 28.8 CONCLUDING REMARKS.
- 28.9 SUMMARY.
- 28.10 FURTHER READING
- 28.11 NOTES
-
CHAPTER 29: BIOMETRIC AUTHENTICATION
- 29.1 INTRODUCTION.
- 29.2 IMPORTANCE OF IDENTIFICATION AND VERIFICATION.
- 29.3 FUNDAMENTALS AND APPLICATIONS.
- 29.4 TYPES OF BIOMETRIC TECHNOLOGIES.
- 29.5 TYPES OF ERRORS AND SYSTEM METRICS.
- 29.6 DISADVANTAGES AND PROBLEMS
- 29.7 RECENT TRENDS IN BIOMETRIC AUTHENTICATION
- 29.8 SUMMARY AND RECOMMENDATIONS.
- 29.9 FURTHER READING
- 29.10 NOTES
- CHAPTER 30: E-COMMERCE AND WEB SERVER SAFEGUARDS
- CHAPTER 31: WEB MONITORING AND CONTENT FILTERING
- CHAPTER 32: VIRTUAL PRIVATE NETWORKS AND SECURE REMOTE ACCESS
-
CHAPTER 33: 802.11 WIRELESS LAN SECURITY
- 33.1 INTRODUCTION.
- 33.2 802.11 ARCHITECTURE AND PRODUCT TYPES.
- 33.3 WIRELESS LAN SECURITY THREATS.
- 33.4 ORIGINAL 802.11 SECURITY FUNCTIONALITY.
- 33.5 IEEE 802.11I.
- 33.6 802.11 SECURITY AUDITING TOOLS.
- 33.7 CONCLUSION.
- 33.8 APPENDIX 33A–802.11 STANDARDS.
- 33.9 APPENDIX 33B: ABBREVIATIONS, TERMINOLOGY, AND DEFINITIONS.
- 33.10 FURTHER READING
- 33.11 NOTES
- CHAPTER 34: SECURING VOIP
- CHAPTER 35: SECURING P2P, IM, SMS, AND COLLABORATION TOOLS
- CHAPTER 36: SECURING STORED DATA
-
CHAPTER 37: PKI AND CERTIFICATE AUTHORITIES
- 37.1 INTRODUCTION.
- 37.2 NEED FOR PUBLIC KEY INFRASTRUCTURE.
- 37.3 PUBLIC KEY CERTIFICATE.
- 37.4 ENTERPRISE PUBLIC KEY INFRASTRUCTURE.
- 37.5 CERTIFICATE POLICY.
- 37.6 GLOBAL PUBLIC KEY INFRASTRUCTURE.
- 37.7 FORMS OF REVOCATION.
- 37.8 REKEY.
- 37.9 KEY RECOVERY.
- 37.10 PRIVILEGE MANAGEMENT.
- 37.11 TRUSTED ARCHIVAL SERVICES AND TRUSTED TIME STAMPS.
- 37.12 COST OF PUBLIC KEY INFRASTRUCTURE.
- 37.13 FURTHER READING
- 37.14 NOTES
- CHAPTER 38: WRITING SECURE CODE
- CHAPTER 39: SOFTWARE DEVELOPMENT AND QUALITY ASSURANCE
- CHAPTER 40: MANAGING SOFTWARE PATCHES AND VULNERABILITIES
- CHAPTER 41: ANTIVIRUS TECHNOLOGY
- CHAPTER 42: PROTECTING DIGITAL RIGHTS: TECHNICAL APPROACHES
-
CHAPTER 23: PROTECTING THE INFORMATION INFRASTRUCTURE
-
Volume II: Computer Security Handbook
- Title Page
- Copyright
- Contents
- PREFACE
- ACKNOWLEDGMENTS
-
INTRODUCTION TO PART IV: PREVENTION: HUMAN FACTORS
- CHAPTER 43: ETHICAL DECISION MAKING AND HIGH TECHNOLOGY
- CHAPTER 44: SECURITY POLICY GUIDELINES
- CHAPTER 45: EMPLOYMENT PRACTICES AND POLICIES
- CHAPTER 46: VULNERABILITY ASSESSMENT
- CHAPTER 47: OPERATIONS SECURITY AND PRODUCTION CONTROLS
- CHAPTER 48: E-MAIL AND INTERNET USE POLICIES
- CHAPTER 49: IMPLEMENTING A SECURITY AWARENESS PROGRAM
- CHAPTER 50: USING SOCIAL PSYCHOLOGY TO IMPLEMENT SECURITY POLICIES
-
CHAPTER 51: SECURITY STANDARDS FOR PRODUCTS
- 51.1 INTRODUCTION.
- 51.2 NONSTANDARD PRODUCT ASSESSMENT ALTERNATIVES.
- 51.3 SECURITY ASSESSMENT STANDARDS FOR PRODUCTS.
- 51.4 STANDARDS FOR ASSESSING PRODUCT BUILDERS.
- 51.5 COMBINED PRODUCT AND PRODUCT BUILDER ASSESSMENT STANDARDS.
- 51.6 COMMON CRITERIA PARADIGM OVERVIEW.
- 51.7 DETAILS ABOUT THE COMMON CRITERIA STANDARD.
- 51.8 USING THE CC TO DEFINE SECURITY REQUIREMENTS AND SECURITY SOLUTIONS.
- 51.9 COMMON TEST METHODOLOGY FOR CC TESTS AND EVALUATIONS.
- 51.10 GLOBAL RECOGNITION OF CEM/CC-BASED ASSESSMENTS.
- 51.11 EXAMPLE NATIONAL SCHEME: CCEVS.
- 51.12 VALIDATED PROFILES AND PRODUCTS.
- 51.13 BENEFITS OF CC EVALUATION.
- 51.14 CONCLUDING REMARKS.
- 51.15 NOTES
- INTRODUCTION TO PART V: DETECTING SECURITY BREACHES
-
INTRODUCTION TO PART VI: RESPONSE AND REMEDIATION
-
CHAPTER 56: COMPUTER SECURITY INCIDENT RESPONSE TEAMS1
- 56.1 OVERVIEW.
- 56.2 PLANNING THE TEAM.
- 56.3 SELECTING AND BUILDING THE TEAM.
- 56.4 PRINCIPLES UNDERLYING EFFECTIVE RESPONSE TO COMPUTER SECURITY INCIDENTS.
- 56.5 RESPONDING TO COMPUTER EMERGENCIES.
- 56.6 MANAGING THE CSIRT.
- 56.7 POSTINCIDENT ACTIVITIES.
- 56.8 CONCLUDING REMARKS.
- 56.9 FURTHER READING
- 56.10 NOTES
- CHAPTER 57: DATA BACKUPS AND ARCHIVES
- CHAPTER 58: BUSINESS CONTINUITY PLANNING
- CHAPTER 59: DISASTER RECOVERY
- CHAPTER 60: INSURANCE RELIEF
-
CHAPTER 61: WORKING WITH LAW ENFORCEMENT
- 61.1 INTRODUCTION.
- 61.2 RELEVANT LAWS.
- 61.3 PLAN AHEAD.
- 61.4 MEMORANDUM OF AGREEMENT.
- 61.5 HANDLING EVIDENCE AND THE CHAIN OF CUSTODY.
- 61.6 ISSUES OF LIABILITY.
- 61.7 ASK LAW ENFORCEMENT TO GIVE BACK.
- 61.8 THE KNOCK AT THE DOOR.
- 61.9 KEEPING YOUR OPERATION RUNNING DURING AN INVESTIGATION.
- 61.10 NONELECTRONIC RECORDS AND THE INSIDER THREAT
- 61.11 INFORMATION SHARING (THE HUMAN FACTOR).
- 61.12 CONCLUSION.
- 61.13 FURTHER READING
- 61.14 NOTES
-
CHAPTER 56: COMPUTER SECURITY INCIDENT RESPONSE TEAMS1
-
INTRODUCTION TO PART VII: MANAGEMENT'S ROLE IN SECURITY
- CHAPTER 62: RISK ASSESSMENT AND RISK MANAGEMENT
- CHAPTER 63: MANAGEMENT RESPONSIBILITIES AND LIABILITIES
- CHAPTER 64: U.S. LEGAL AND REGULATORY SECURITY ISSUES
- CHAPTER 65: ROLE OF THE CISO
-
CHAPTER 66: DEVELOPING SECURITY POLICIES
- 66.1 INTRODUCTION.
- 66.2 COLLABORATING IN BUILDING SECURITY POLICIES.
- 66.3 PHASE 1: PRELIMINARY EVALUATION.
- 66.4 PHASE 2: MANAGEMENT SENSITIZATION.
- 66.5 PHASE 3: NEEDS ANALYSIS.
- 66.6 PHASE 4: POLICIES AND PROCEDURES.
- 66.7 PHASE 5: IMPLEMENTATION.
- 66.8 PHASE 6: MAINTENANCE.
- 66.9 CONCLUDING REMARKS.
- 66.10 NOTES
- CHAPTER 67: DEVELOPING CLASSIFICATION POLICIES FOR DATA
- CHAPTER 68: OUTSOURCING AND SECURITY
-
INTRODUCTION TO PART VIII: PUBLIC POLICY AND OTHER CONSIDERATIONS
- CHAPTER 69: PRIVACY IN CYBERSPACE: U.S. AND EUROPEAN PERSPECTIVES
- CHAPTER 70: ANONYMITY AND IDENTITY IN CYBERSPACE
-
CHAPTER 71: MEDICAL RECORDS PROTECTION
- 71.1 INTRODUCTION.
- 71.2 INFORMATION AND INFORMATION TECHNOLOGY IN HEALTHCARE
- 71.3 INFORMATION PRIVACY AND SECURITY ARE IMPORTANT IN HEALTHCARE.
- 71.4 NONMEDICAL DRIVERS FOR HEALTHCARE INFORMATION PROTECTION.
- 71.5 UNITED STATES LAWS AND GOVERNMENT POLICIES.
- 71.6 HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT.
- 71.7 SUMMARY.
- 71.8 FURTHER READING
- 71.9 NOTES
- CHAPTER 72: LEGAL AND POLICY ISSUES OF CENSORSHIP AND CONTENT FILTERING
- CHAPTER 73: EXPERT WITNESSES AND THE DAUBERT CHALLENGE
- CHAPTER 74: PROFESSIONAL CERTIFICATION AND TRAINING IN INFORMATION ASSURANCE
- CHAPTER 75: UNDERGRADUATE AND GRADUATE EDUCATION IN INFORMATION ASSURANCE
-
CHAPTER 76: EUROPEAN GRADUATE WORK IN INFORMATION ASSURANCE AND THE BOLOGNA DECLARATION1
- 76.1 UNDERGRADUATE AND GRADUATE EDUCATION.
- 76.2 CONVERGENCE OF EDUCATIONAL PROGRAMS.
- 76.3 BACHELOR'S AND MASTER'S IN INFORMATION SECURITY.
- 76.4 COMPUTER SCIENCE: DOES IT ENCOMPASS INFORMATION SECURITY, ASSURANCE, AND SECURITY ASSURANCE?
- 76.5 BOLOGNA BACHELOR'S DEGREE.
- 76.6 MOVING FROM UNDERGRADUATE TO GRADUATE EDUCATION: BOLOGNA.
- 76.7 EXECUTIVE AND SPECIALIZED MASTER'S DEGREES.
- 76.8 SIMILARITIES AND DIFFERENCES: ARTS AND SCIENCE.
- 76.9 WHAT DO PROGRAMS IN INFORMATION SECURITY TEACH STUDENTS?
- 76.10 UNDERGRADUATE EDUCATION: POLYTECHNICS AND UNIVERSITY.
- 76.11 INFORMATION ASSURANCE: DEFINING THE TERRITORY.
- 76.12 TEACHING INFORMATION SECURITY: THE MALWARE EXAMPLE.
- 76.13 CONCLUSION OF EUROPEAN INITIATIVES OVERVIEW.
- 76.14 IMPLICATIONS FOR EDUCATION.
- 76.15 IMPLICATIONS FOR MANAGERS.
- 76.16 NOTES
- CHAPTER 77: THE FUTURE OF INFORMATION ASSURANCE1
- INDEX
Product information
- Title: Computer Security Handbook, Fifth Edition
- Author(s):
- Release date: February 2009
- Publisher(s): Wiley
- ISBN: 9780471716525
You might also like
book
Computer and Information Security Handbook, 3rd Edition
Computer and Information Security Handbook, Third Edition, provides the most current and complete reference on computer …
book
Computer Security Fundamentals, 5th Edition
ONE-VOLUME INTRODUCTION TO COMPUTER SECURITY Clearly explains core concepts, terminology, challenges, technologies, and skills Covers today's …
book
Cyber Security, 2nd Edition
Cyber security has never been more essential than it is today, it’s not a case of …
book
Computer Security Fundamentals, 4th Edition
Clearly explains core concepts, terminology, challenges, technologies, and skills Covers today’s latest attacks and countermeasures The …