Commonsense Computer Security

Your Practical Guide to Preventing Accidental and Deliberate Electronic Data Loss

Martin R. Smith

Publisher: McGraw-Hill, 1989, 227 pages

ISBN: 0-07-707162-X

Keywords: Information Security

Last modified: May 24, 2021, 12:18 p.m.

How important is your computer data?

How much would it matter if it were:

  • lost by accident?
  • tampered with maliciously?
  • unavailable because of inefficient procedures?
  • plagued by viruses?
  • stolen by competitors?

Information is an essential but vulnerable corporate asset. Who is responsible for its safety= Computer specialists? Security staff? Auditors? Or is it a key management issues?

Computer security is a people problem not a machine problem, and ultimate responsibility lies with management. It need not be expensive, complicated or technical. The solutions are straightforward, for the greatest threat is not highly sophisticated attack, but low-tech insider crimes made possible by poor procedures and a lack of work discipline. Every organization can achieve satisfactory and economical computer security using a blend of traditional security techniques tailored to the computing environment.

Commonsense Computer Security contains all you need to know to review or refine your security arrangements — whether you usa a micro, mainframe or nationwide network. Each element of computer security is described in detail but in non-technical, readable terms. Aspects covered include:

  • physical, document and personnel security
  • hardware and software security
  • communications (network) security
  • compromising emanations
  • disaster planning and insurance
  • the security of small systems
  • developing a computer security policy
  • staff training and awareness

An essential book for senior managers, computer staff, security personnel, auditors — anyone with responsibility for, or working with, electronic data.

  • Part One: The nature of the problem
    1. The nature of computer security
      • What is a computer?
      • What is security?
      • What is computer security?
    2. Threats and vulnerabilities
      • Qualities of information
      • Vulnerabilities of computers
      • Threats to computers
      • Risk to computers
      • Methods of exploitation
    3. Countering the dangers
      • The nature of the security features
      • Defence in depth
    4. Valuing data
      • Types of data
      • Classification
  • Part Two: responsibilities for computer security
    1. Computer versus security staffs?
      • The interdisciplinary approach
      • Mutual problems
      • The problems with being a computer person
      • The problems with being a security person
      • The role of the auditor
    2. Allocation of computer security duties
      • Naming changes
      • Who's in charge?
      • Chain of command
      • The allocation of computer security duties
      • Installation security committees
    3. Registration of computers
      • Why register computers?
      • Responsibility for registration
      • Uses for the register of computers
      • Updating the register
      • Serial numbering of computers
      • Contents of computer registration documents
  • Part Three: The solution
    1. Physical security
      • Defence in depth — the fortress concept
      • Aims of physical security
      • The physical protection of computers
      • The physical protection of computer installation services and utilities
      • Fire protection
    2. Document security
      • What is a computer document?
      • Handling computer documents
      • Marking computer documents
      • Accounting for magnetic media
      • Accounting for associated documents
      • Purging magnetic media
      • Backing up magnetic media
      • Destruction of computer documents
      • Checks and musters of computer documents
    3. Personnel security
      • The elements of personnel security
      • Fundamental principles of personnel security
      • The threats from staff members
      • The motivation crime
      • Personnel security measures within a computer installation
    4. Hardware security
      • Securing hardware from tampering
      • Hardware identification devices
      • Hardware integrity checks
      • Maintenance procedures
      • Fault tolerance
      • Contracts
    5. Software security
      • The aims of software security
      • The limitations of software security
      • Software security — general measures
      • Software security — access control
      • Software security — separation
      • Software security — audit
      • Software security — programming
      • Cover Channels
      • The 'Orange Book' — the US Department of Defense trusted computer system evaluation criteria
      • Bugs and viruses
      • Some final thoughts
    6. Compromising emanations (TEMPEST)
      • The nature of the problem
      • The dangers from TEMPEST
      • Simple precautions against TEMPEST
      • TEMPEST-proofed equipment
    7. Communications and network security
      • Methods of data transmission
      • Transmission characteristics
      • Networks
      • Aims of communications and network security
      • Threats to communications and networks
      • Methods of protection — cryptology
      • Methods of protection — physical and procedural security
      • Hacking
    8. Disaster planning
      • The need for a disaster recovery plan
      • Developing a disaster recovery plan
      • Stand-by facilities
      • Contents of the plan
      • Invoking the disaster recovery plan
    9. Computer insurance
      • Problems with insurance
      • Risks that can be covered
      • Types of cover
      • Claims that can be made
      • Where to buy your policy
      • Do's and don'ts of computer insurance
    10. Security of personal computers
      • History of the personal computer
      • Uses of the personal computer
      • Weaknesses and vulnerabilities of personal computers
      • Countermeasures to protect the personal computer
  • Part Four: Plan of action
    1. Developing a computer security policy
      • Defining the computer security policy
      • Risk analysis
      • Format of the computer security policy
      • Contents of the computer security policy
      • Uses for the computer security policy
      • Security operating procedures
    2. Training and awareness
      • The need for training and awareness
      • Training for computer security
      • Awareness of computer security
      • Some final thoughts

Reviews

Commonsense Computer Security

Reviewed by Roland Buresund

Excellent ********** (10 out of 10)

Last modified: May 21, 2007, 2:56 a.m.

One of the best books on IT security ever written!

Do you need more info?

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required

captcha

required