Computer Security 3rd Ed.

John M. Carroll

Publisher: Butterworth-Heinemann, 1996, 648 pages

ISBN: 0-7506-9600-1

Keywords: IT Security

Last modified: July 21, 2021, 1:29 a.m.

Computer Security, Third Edition contains the best ideas on recent advances in computer hardware and the spread of personal computer technology. It includes a complete and comprehensive introduction to computer security, as well as coverage of computer crime, systems security, and cryptology.

Convinced that there is no such thing as computer security, only various degrees of insecurity, John Carroll presents the best concepts that high technology, classical security practice, and common sense have to offer to help reduce insecurity to the lowest possible level. This thoroughly enhanced third edition is an essential text for everyone involved with the operation and security of the computer complexes that are the heart of today's businesses.

In addition to completely updating the original matter, Computer Security, Third Edition includes new information on:

  • computer crime and the law
  • physical security
  • communications
  • surveillance
  • risk management
  • Part I: The Threat to Computer Security
    1. Essentials of Computer Security
      • Unique EDP Security Problems
      • EDP Security in a Nutshell
      • Computers and Crime; Know Your Enemy!
      • The Anatomy of Computer Crime
    2. Computer Crime and the Law
      • United States
      • Australia
      • Canada
      • United Kingdom
      • New Zealand
      • Continental Europe
      • Conclusions
      • Classic Case Histories
  • Part II: Security Management Considerations
    1. Organizing for EDP Security
      • EDP Security in the Public Sector
      • EDP Security in the Private Sector
      • Corporate EDP Security
      • Duties of the Security Coordinator
      • Principles of Security Management
      • New Challenges for IT Security Management
    2. Protection of Information
      • Classifications — The Government Model
      • Classifications — The Corporate Model
      • Special Problems with EDP
      • Marking Classified Matter
      • Storing Classified Matter
      • Destroing Classified Matter
      • Residual Memory in Magnetic Media
      • Procedural Safeguards for Classified Matter
      • Conclusion
    3. Screening and Management of Personnel
      • Management Responsibility
      • Relations with Vendors
      • Categories of Security Clearance
      • Security Screening of Employees
      • Personnel Security Policies
      • Conclusion
  • Part III: Physical Security
    1. Physical Access Control
      • Basics of Access Control
      • Automatic Access Control
      • Key Access Control
      • Concentric Controlled Perimeters
      • Outer Perimeter Access
      • Building Access Control
      • Control of Access to Restricted Areas
      • Material Control in Restricted Areas
      • Computer Room Access Control
    2. Physical Security
      • The Fortress Concept
      • Outer Perimeter Defense
      • Building Perimeters
      • Guarded Areas
      • Restricted Area Perimeter
      • Computer Room Security
    3. Environmental Security
      • Electric Power
      • Grounding
      • Interference Suppression
      • Dust Control
      • Environmental Controls
    4. Disaster Control
      • Locating the Computer Center
      • Protecting the Computer Center
      • Automatic Fire Detection
      • General Fire Safety Planning
      • Disaster Recovery
  • Part IV: Communications Security
    1. Line Security
      • Communication Security Subfields
      • Security of Communications Cables
      • Interior Communications Lines
      • Telephone Instrument Security
      • Additional Line Security Considerations
      • Local Area Networks
      • Space Radio Interception
    2. Transmission Security
      • General Consideration
      • Operating Procedures
      • Speech Privacy
      • Error-Proof Codes
      • Traffic Analysis
    3. Cryptographic Security
      • Introduction to Cryptology
      • Overview of Ciphers
      • How Ciphers Work
      • How DES Works
      • Network Communications Security
      • Weaknesses of DES
      • Ways to Use DES
      • Asymmetrical Ciphers
      • El Gamal
      • Crypto Procedures
      • Cryptanalysis
      • Summary
    4. Emanations Security
      • Emanation Problems
      • Probability of Interception
      • Defense Mechanisms
      • Measuring Electromagnetic Emanation Levels
      • Additional Defenses
      • Defense Against Acoustical Emanations
    5. Technical Security
      • Victimization of EDP Centers
      • Categories of Technical Surveillance
      • Defenses Against Technical Surveillance
  • Part V: Systems Security
    1. Systems Identification
      • Introduction to System Security
      • Guidelines for a Trusted Computing Base
      • Personal Identification
      • Other User Identification Systems
      • Identifying Specified Assets
      • System Relationships
      • Privacy Considerations
      • Freedom of Information
    2. Isolation in Computer Systems
      • Defense Strategies
      • Processing Modes
      • temporal Isolation
      • Spatial Isolation
      • System Architecture
      • Cryptographic Isolation
      • Restriction of Privilege
      • Virtual Machine Isolation
      • Trends in User Isolation
    3. Systems Access Control
      • Basic Principles of Access
      • Authentication
      • Systems Access
      • Internal Access
      • Access Privileges
      • Keeping Hackers Out
      • System Security Add-on Packages
    4. Detection and Surveillance
      • Threat Monitoring
      • Trend Analysis
      • Investigations
      • Auditing
      • Comprehensive Action
      • The Human Factor in Computer Crime
    5. Systems Integrity
      • Program Security
      • Error Control
      • Privacy in Statistical Data Bases
      • Protection of Security Functions
      • Commercial Security Model
      • Object-Oriented Model
      • Conclusion
      • Bibliography
    6. Systems Reliability and Security
      • Hardware
      • Software
      • Changes
      • System Backup
      • Record-Keeping and Security
      • Logs
      • Backup Files
      • Restart and Recovery
      • Record Retention
      • Inventories and Lists
    7. Security and Personal Computers
      • Introduction
      • Physical Security
      • Environmental Protection
      • Protection of Removable Media
      • Electromagnetic Emanations
      • Security Attributes of Microprocessors
      • PC Operating Systems
      • Local-Area Network (LAN) Security
      • Security in Remote Support Programs
      • Database Security
      • Security in Application Programs
      • Backup
      • Anti-Virus Defenses
      • Security Add-ons for PC Operating Systems — Trusted Computer Systems Evaluation
      • New Thinking in PC Security
      • Conclusions
      • Bibliography
  • Part VI: Information Security Risk Analysis
    1. Systems Approach to Risk Management
      • Introduction
      • Applications of Risk Analysis
      • IT Security Management
      • Information and Risk Analysis
      • Information Security by Consensus
      • State of Infosec Risk Analysis
      • General Systems Approach
      • Cybernetic Control Cycle
      • Problems in Risk Analysis
      • Cybernetic Model of Activity
      • Representative Risk-Analysis Packages
      • Specific Recommendations
    2. Threat Assessment
      • Introduction
      • Properties of Threats
      • Estimating Likelihood
      • Trend Analysis
    3. Assets and Safeguards
      • Assets
      • Vulnerabilities
      • Assets and Impacts
      • Risk-Analysis Modeling
      • Cost-of-Loss Model
      • Safeguards
      • Constraints
    4. Keeping Secrets in Computers
      • Threats and Legal Remedies
      • Self-Help Measures
      • National Security Models
      • Threat Risk Assessment
    5. Modes of Risk Analysis
      • Compliance Auditing
      • Requirements Analysis
      • Security Inspection and Evaluation
      • Cost-Benefit Analysis
      • Life-Cycle Software Development
      • Development of Security Software
      • The Workshop Model
      • Transaction Model
  • Appendix: Sample Log Forms

Reviews

Computer Security

Reviewed by Roland Buresund

Very Good ******** (8 out of 10)

Last modified: Nov. 14, 2008, 12:09 p.m.

Covers nearly everything.

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required

captcha

required