Computer Security

Computer Security, Second Edition aims to present different ideas and practices that promote the prevention of attacks on computer systems and data being compromised. The book is divided into five parts. Part I covers the important elements of computer security and case histories of computer-related crimes. Part II discusses the organizations and models for the protection of information. Part III talks about the physical security involved and access control involved in data protection. Part IV deals with the different measures employed to promote security in the communication between computers. Part V explains systems security, its access control, and integrity. The text is recommended for people involved in the promotion of computer security, especially programmers and IT practitioners, in institutions where computer-processed information is crucial and must be protected.

Table of Contents:
ContentsAcknowledgments Introduction Part I The Threat to Computer Security 1 Essentials of Computer Security Unique EDP Security Problems EDP Security in a Nutshell 2 A Casebook of Computer Crime Case Histories ConclusionPart II Security Management Considerations 3 Organizing for EDP Security EDP Security in the Public Sector EDP Security in the Private Sector Corporate EDP Security Duties of the Security Coordinator Principles of Security Management 4 Protection of Information Classification—The Government Model Classification—The Corporate Model Special Problems with EDP Marking Classified Matter Storing Classified Matter Destroying Classified Matter Residual Memory in Magnetic Media Procedural Safeguards for Classified Matter Conclusion 5 Screening and Management of Personnel Management Responsibility Relations with Vendors Categories of Security Clearance Security Screening of Employees Personnel Security Policies Conclusion Part III Physical Security 6 Physical Access Control Basics of Access Control Automatic Access Control Key Access Control Concentric Controlled Perimeters Outer Perimeter Access Building Access Control Control of Access to Restricted Areas Material Control in Restricted Areas Computer Room Access Control 7 Physical Security The Fortress Concept Outer Perimeter Defense Building Perimeters Guarded Areas Restricted Area Perimeter Computer Room Security 8 Environmental Security Electrical Power Grounding Interference Suppression Dust Control Environmental Controls 9 Disaster Control Locating the Computer Center Protecting the Computer Center Automatic Fire Detection General Fire-Safety Planning Disaster Recovery Part IV Communications Security 10 Line Security Communications Security Subfields Definition of Terminal Security of Communications Cables Interior Communications Lines Telephone Instrument Security Additional Line Security Considerations Local Area Networks Space Radio Interception 11 Transmission Security General Considerations Operating Procedures Speech Privacy Error-Proof Codes Traffic Analysis 12 Cryptographic Security Introduction to Cryptology Overview of Cyphers How Cyphers Work How DES Works Network Communications Security Weaknesses of DES Ways to Use DES Asymmetrical Cyphers Crypto Procedures Cryptanalysis Summary 13 Emission Security Emission Problems Probability of Interception Defense Mechanism Measuring Electromagnetic Emanation Levels Additional Defenses Defense Against Acoustical Emanations 14 Technical Security Victimization of EDP Centers Categories of Technical Surveillance Defenses Against Technical Surveillance Types of Intrusion Devices Part V Systems Security 15 Systems Identification Introduction to Systems Security Guidelines for a Trusted Computing Base Personal Identification Other User Identification Systems Identifying Specified Assets System Relationships Privacy Considerations 16 Isolation in Computer Systems Defense Strategies Processing Modes Temporal Isolation Spatial Isolation System Architecture Cryptographic Isolation Restriction of Privilege 17 Systems Access Control Basic Principles of Access Authentication Systems Access Internal Access Access Privileges Keeping Hackers Out System Security Add-On Packages 18 Detection and Surveillance Threat Monitoring Trend Analysis Investigation Auditing Compensatory Action The Human Factor in Computer Crime 19 Systems Integrity Program Security Error Control Privacy in Statistical Data Bases Protection of Security Functions 20 Record Keeping and Security Logs Backup Files Restart and Recovery Record Retention Inventories and Lists 21 Systems Reliability and Security Hardware Software Changes System Backup Part VI Threat Evaluation 22 Threat Evaluation Costs of Countermeasures Cost of Loss Types of Loss Computer-Programmed Threat Evaluation Survey Conclusion Appendix: Sample Log Forms Glossary Selected Bibliography Index