Contents
PART I INTRODUCTION TO COMPUTER SECURITY
Chapter 1 - Overview of Computer Security 2
Why Worry About Computer Security? 4
Ethical Considerations 8
Threats to Security 8
Security Measures 16
End of Chapter Materials 23
Chapter 2 - Physical Protection 29
Natural Disasters 31
Physical Facilities 36
Access Controls 44
End of Chapter Materials 51
PART II SYSTEMS SECURITY AND CONTROL
Chapter 3 - Hardware Security Controls 60
The Total System Needs Securing 62
Levels of Hardware Controls 66
Operating System Controls 68
Access Controls 70
General Purpose Operating Systems Security 74
Sources of Additional Information 75
End of Chapter Materials 76
Chapter 4 - Software Controls 83
Software Security and Controls 84
Types of Software Intrusions 87
Configuration Management 89
Modularity and Encapsulation 92
Protecting Information 94
The Orange Book 98
Selecting Security Software 99
Analysis of Software Products 100
End of Chapter Materials 102
Chapter 5 - Encryption Techniques 109
Encryption Overview 110
Types of Ciphers 113
Types of Keys 116
The Data Encryption Standard (DES) 121
Guidelines for Use of Encryption 124
End of Chapter Materials 126
PART III SPECIAL CONSIDERATIONS
Chapter 6 - Database Security 134
Introduction to Databases 136
Security Requirements of Databases 144
Designing Database Security 148
Methods of Protection 149
Security of Multilevel Databases 152
The Future of Databases 156
End of Chapter Materials 157
Chapter 7 - Network and Telecommunications Security 163
Telecommunications and Networks 166
Security Considerations 173
Cases in Point 183
Special Communications Security Considerations 187
Thoughts About the Future 201
End of Chapter Materials 202
Chapter 8 - Microcomputer Security 208
Microcomputer Problems and Solutions 210
The Microcomputer Environment 212
Security of Microcomputers 213
Internal Data Security 218
The Threats to Micros 220
Developing a Micro Security Plan 222
Establishing a Micro to Mainframe Link 223
Portable Microcomputer Security 226
Password Protection 226
Security of Special Micro Applications 232
End of Chapter Materials 237
PART IV LEGAL AND ETHICAL ISSUES
Chapter 9 - Viruses 244
History of Viruses 247
Anatomy of Viruses 248
Categories of Viruses and How They Work 256
How Viruses Spread 264
Pseudo Virus Programs 269
Motivation to Create Viruses 272
Known Viruses 273 · Detection end eradication 275
Virus Protection Packages 278
International Perspective 283
The Future of Viruses 284
End of Chapter Materials 285
Chapter 10 - Legal Issues and Current Legislation
294
Defining Computer Crime 296
Methods of Computer Crime 298
Types of Crimes Committed 301
Software Violations 309
Software Piracy 312
Consultants and Outside Contractors 316
Crimes Against Computer Systems 317
Computer Crime Legislation 318
Privacy Considerations 324
Conclusion 326
End�of�Chapter Materials 327
Chapter 11 - Ethical Use of Computers 334
Defining Ethics 337
Professional Codes of Ethics 345
Corporate Policies on Ethics 354
Academic Institutions Integrating Ethics into Classes 357
Scenarios to Ponder 361
End�of�Chapter Materials 362
Part V MANAGERIAL ISSUES
Chapter 12 - Managerial Issues 370
Determination of Goals and Priorities 372
Information Classification, Ownership and Valuation 377
Locating and Training Computer Security Personnel 381
Budget Constraints 392
Security Training and Awareness 394
Evaluating and Updating Security Programs 396
Disclosure of Security Violations 403
Critical Management issues in Computer Security 404
End�of�Chapter Materials 410
Chapter 13 - Disaster Recovery and Contingency Planning
416
Crisis Management 418
Risk Analysis 419
Security Plan 423
Backup Procedures 431
Insurance 435
Training of Employees 437
Testing the Plan 438
Scenarios of Actual Disasters 440
End�of�Chapter Materials 444
Chapter 14 - New Technologies and Future Trends 450
The Future Is Now 452
International Issues 454
Privacy Concerns 459
Ergonomics 461
New Technologies 463
End�of�Chapter Materials 471
Index 479