Skip to main content

Computer Security Handbook, Volume 1, 6th Edition

Computer Security Handbook, Volume 1, 6th Edition

Seymour Bosworth (Editor), M. E. Kabay (Editor), Eric Whyne (Editor)

ISBN: 978-1-118-85167-8

Sep 2015

1216 pages

Select type: O-Book

Description

The definitive handbook on computer security, from power outages to theft and sabotage

Whether you are in charge of many computers, or even one important one, there are immediate steps you can take to safeguard your company's computer system and its contents. Computer Security Handbook, Sixth Edition provides a readable and comprehensive resource for protecting computer mainframe systems and PC networks.

The new edition continues a long tradition of maintaining highly regarded industry guidelines for detecting virtually every possible threat to your system and prescribes specific actions you can take to eliminate them.

The collected chapters are written by renowned industry professionals. Requiring minimal technical knowledge to understand, covered topics include: foundations of computer security, threats and vulnerabilities, prevention, detection, remediation, management's role, and other considerations such as using encryption internationally, anonymity and identity in cyberspace, and censorship.

Among the 75 chapters of the Sixth Edition are:

  • Hardware Elements of Security
  • Fundamentals of Cryptography and Steganography
  • Mathematical models of information security
  • Insider threats
  • Social engineering and low-tech attacks
  • Spam, phishing, and Trojans
  • Biometric authentication
  • VPNs and secure remote access
  • Securing Peer2Peer, IM, SMS, and collaboration tools
  • U.S. legal and regulatory security issues, such as GLBA and SOX

Protect the information and networks that are vital to your organization with Computer Security Handbook, Sixth Edition.

PREFACE

ACKNOWLEDGMENTS

ABOUT THE EDITORS

ABOUT THE CONTRIBUTORS

A NOTE TO THE INSTRUCTOR

PART I FOUNDATIONS OF COMPUTER SECURITY

1. Brief History and Mission of Information System Security
Seymour Bosworth and Robert V. Jacobson

2. History of Computer Crime
M. E. Kabay

3. Toward a New Framework for Information Security
Donn B. Parker, CISSP

4. Hardware Elements of Security
Sy Bosworth and Stephen Cobb

5. Data Communications and Information Security
Raymond Panko and Eric Fisher

6. Local Area Network Topologies, Protocols, and Design
Gary C. Kessler

7. Encryption
Stephen Cobb and Corinne LeFranc¸ois

8. Using a Common Language for Computer Security Incident Information
John D. Howard

9. Mathematical Models of Computer Security
Matt Bishop

10. Understanding Studies and Surveys of Computer Crime
M. E. Kabay

11. Fundamentals of Intellectual Property Law
William A. Zucker and Scott J. Nathan

PART II THREATS AND VULNERABILITIES

12. The Psychology of Computer Criminals
Q. Campbell and David M. Kennedy

13. The Insider Threat
Gary L. Tagg, CISSP

14. Information Warfare
Seymour Bosworth

15. Penetrating Computer Systems and Networks
Chey Cobb, Stephen Cobb, M. E. Kabay, and Tim Crothers

16. Malicious Code
Robert Guess and Eric Salveggio

17. Mobile Code
Robert Gezelter

18. Denial-of-Service Attacks
Gary C. Kessler

19. Social-Engineering and Low-Tech Attacks
Karthik Raman, Susan Baumes, Kevin Beets, and Carl Ness

20. Spam, Phishing, and Trojans: Attacks Meant to Fool
Stephen Cobb

21. Web-Based Vulnerabilities
Anup K. Ghosh, Kurt Baumgarten, Jennifer Hadley, and Steven Lovaas

22. Physical Threats to the Information Infrastructure
Franklin Platt

PART III PREVENTION: TECHNICAL DEFENSES

23. Protecting the Physical Information Infrastructure
Franklin Platt

24. Operating System Security
William Stallings

25. Local Area Networks
N. Todd Pritsky, Joseph R. Bumblis, and Gary C. Kessler

26. Gateway Security Devices
Justin Opatrny

27. Intrusion Detection and Intrusion Prevention Devices
Rebecca Gurley Bace

28. Identification and Authentication
Ravi Sandhu, Jennifer Hadley, Steven Lovaas, and Nicholas Takacs

29. Biometric Authentication
Eric Salveggio, Steven Lovaas, David R. Lease, and Robert Guess

30. E-Commerce and Web Server Safeguards
Robert Gezelter

31. Web Monitoring and Content Filtering
Steven Lovaas

32. Virtual Private Networks and Secure Remote Access
Justin Opatrny and Carl Ness

33. 802.11 Wireless LAN Security
Gary L. Tagg, CISSP and Jason Sinchak, CISSP

34. Securing VoIP
Christopher Dantos and John Mason

35. Securing P2P, IM, SMS, and Collaboration Tools
Carl Ness

36. Securing Stored Data
David J. Johnson, Nicholas Takacs, Jennifer Hadley, and M. E. Kabay

37. PKI and Certificate Authorities
Santosh Chokhani, Padgett Peterson, and Steven Lovaas

38. Writing Secure Code
Lester E. Nichols, M. E. Kabay, and Timothy Braithwaite

39. Software Development and Quality Assurance
Diane E. Levine, John Mason, and Jennifer Hadley

40. Managing Software Patches and Vulnerabilities
Karen Scarfone, Peter Mell, and Murugiah Souppaya

41. Antivirus Technology
Chey Cobb and Allysa Myers

42. Protecting Digital Rights: Technical Approaches
Robert Guess, Jennifer Hadley, Steven Lovaas, and Diane E. Levine

PART IV PREVENTION: HUMAN FACTORS

43. Ethical Decision Making and High Technology
James Landon Linderman

44. Security Policy Guidelines
M. E. Kabay and Bridgitt Robertson

45. Employment Practices and Policies
M. E. Kabay and Bridgitt Robertson

46. Vulnerability Assessment
Rebecca Gurley Bace and Jason Sinchak

47. Operations Security and Production Controls
M. E. Kabay, Don Holden, and Myles Walsh

48. Email and Internet Use Policies
M. E. Kabay and Nicholas Takacs

49. Implementing a Security-Awareness Program
K. Rudolph

50. Using Social Psychology to Implement Security Policies
M. E. Kabay, Bridgitt Robertson, Mani Akella, and D. T. Lang

51. Security Standards for Products
Paul Brusil and Noel Zakin

PART V DETECTING SECURITY BREACHES

52. Application Controls
Myles Walsh and Susan Baumes

53. Monitoring and Control Systems
Caleb S. Coggins and Diane E. Levine

54. Security Audits
Donald Glass, Richard O. Moore III, Chris Davis, John Mason, David Gursky, James Thomas, Wendy Carr, M. E. Kabay, and Diane Levine

55. Cyber Investigation
Peter Stephenson

PART VI RESPONSE AND REMEDIATION

56. Computer Security Incident Response Teams
Michael Miora, M. E. Kabay, and Bernie Cowens

57. Data Backups and Archives
M. E. Kabay and Don Holden

58. Business Continuity Planning
Michael Miora

59. Disaster Recovery
Michael Miora

60. Insurance Relief
Robert A. Parisi, Jr., John F. Mullen, and Kevin Apollo

61. Working with Law Enforcement
David A. Land

PART VII MANAGEMENT’S ROLE IN SECURITY

62. Quantitative Risk Assessment and Risk Management
Robert V. Jacobson and Susan Baumes

63. Management Responsibilities and Liabilities
Carl Hallberg, M. E. Kabay, Bridgitt Robertson, and Arthur E. Hutt

64. U.S. Legal and Regulatory Security Issues
Timothy Virtue

65. The Role of the CISO
Karen F. Worstell

66. Developing Security Policies
M. E. Kabay and Sean Kelley

67. Developing Classification Policies for Data
Karthik Raman, Kevin Beets, and M. E. Kabay

68. Outsourcing and Security
Kip Boyle, Michael Buglewicz, and Steven Lovaas

PART VIII PUBLIC POLICY AND OTHER CONSIDERATIONS

69. Privacy in Cyberspace: U.S. and European Perspectives
Henry L. Judy, Scott L. David, Benjamin S. Hayes, Jeffrey B. Ritter, Marc Rotenberg, and M. E. Kabay

70. Anonymity and Identity in Cyberspace
M. E. Kabay, Eric Salveggio, Robert Guess, and Russell D. Rosco

71. Healthcare Security and Privacy
Paul Brusil

72. Legal and Policy Issues of Censorship and Content Filtering
Lee Tien, Seth Finkelstein, and Steven Lovaas

73. Expert Witnesses and the Daubert Challenge
Chey Cobb

74. Professional Certification and Training in Information Assurance
M. E. Kabay, Christopher Christian, Kevin Henry, and Sondra Schneider

75. The Future of Information Assurance
Jeremy A. Hansen