EDP-Security

This book presents an up-to-date description of the most important issues relating to EDP-security. The most widespread types of abuse, errors, and accidents are covered as well as the relevant countermeasures. Other topics include: # risk management, i.e., methods which can assist decision-makers to decide what to protect themselves against and the extent of protection needed; # methods for security improvement; # administrative activities which follow from the introduction and maintenance of EDP-security systems; and # legislation relating to the creation, use, and protection of files. The structure of the book and the numerous illuminating examples allow the reader to learn about the subject without using detailed mathematical descriptions (although these descriptions are provided as notes for those interested).

Table of Contents:
EDP-security and threats against EDP-security. Threats against the physical security. Accidents/threats affecting the physical security. Deliberate threats against the physical security. Threats against data. Accidents affecting data: 1. Errors in transaction data. 2. Programming errors. 3. Operating errors. Deliberate threats against data: 1. Data diddling. 2. The Trojan Horse. 3. The salami technique. 4. Superzapping. 5. Trap doors. 6. Logic bombs. 7. Viruses. 8. Worms. 9. Jokes. 10. Asynchronous attacks. 11. Scavenging. 12. Data leakage. 13. Piggy backing. 14. Wiretapping. 15. Simulation. 16. File coupling. 17. Hacking. 18. Copying of programs. Risk management. Estimating the value of security measures. Estimating the value of EDP-assets. Estimating the frequency and probability of threats. Estimating availability. How to choose security measures. Methods to improve security. Physical security. Access control: 1. Securing external access. 2. Securing internal access. Protection through physical location. Fire protection. Power failure. Radiation from the EDP-installation. Handling storage media. Terminal security. The PC and text processing equipment. Protection against unauthorized users. Identification and verification. Authorization methods: 1. Access matrices. 2. Hierarchical security levels. 3. Combination of access matrices and hierarchical security levels. 4. Content-dependent access control. Encryption: 1. DES-encryption. 2. Public-key encryption. 3. Encryption of files. Administration of passwords and encryption keys. Statistical databases: 1. The individual tracker. 2. The general tracker. 3. Intrusion by means of linear equations. 4. Protection of statistical databases. Protection of main storage of the computer. Storage protection by means of tagging. Storage protection by means of locks and keys. Storage protection by means of base-limit files. Storage protection by means of segment tables. Integrity and recovery files. Recovery of "old-fashioned" files. Log recovery. Concurrency control. Problems relating to concurrency control and recovery of batch-oriented programs: 1. Recovery of batch updating programs. 2. Methods for recovery of printer output. 3. Methods of running batch-programs requiring a particular database status. Recovery lines: 1. In inverted list databases. 2. In hierarchical databases. 3. In network databases. 4. In relational databases. 5. With log systems recovering at field level. 6. By self-designed software. 7. Re-running real-time transactions. Recovery of transactions which are to update in several different databases. Consistency control. User-implemented consistency control. Consistency control in database systems. Consistency control in character sets and blocks: 1. Parity control. 2. M-out-of-N codes. 3. Hamming-codes. 4. Polynomial codes. Validity control. Semantic integrity. Internal integrity. Audit trails. Test runs. Program test. System test. Security in distributed databases.