Computer Security Handbook

SEYMOUR BOSWORTH, CDP , is president of S. Bosworth & Associates, Plainview, New York, a management consulting firm active in computing applications for banking, commerce, and industry. Since 1972 Bosworth has been a contributing editor to all four editions of the Computer Security Handbook, and he has written many articles and lectured extensively about computer security and other technical and managerial subjects. He has been responsible for design and manufacture, system analysis, programming, and operations of both digital and analog computers. M. E. KABAY, PhD, is Associate Professor of Computer Information Systems at Norwich University, where he is also director of the graduate program in Information Assurance. During his career, he has worked as an operating systems internals and database performance specialist for Hewlett Packard, an operations manager at a large service bureau, and a consultant in operations, performance, and security.

PART ONE: FOUNDATIONS OF COMPUTER SECURITY. Brief History and Mission of Information System Security (S. Bosworth & R. Jacobson). Cyberspace Law and Computer Forensics (R. Heverly & M. Wright). Using a "Common Language" for Computer Security Incident Information (J. Howard & P. Meunier). Studies and Surveys of Computer Crime (M. Kabay). Toward a New Framework for Information Security (D. Parker). PART TWO: THREATS AND VULNERABILITIES. The Psychology of Computer Criminals (Q. Campbell & D. Kennedy). Information Warfare (S. Bosworth). Penetrating Computer Systems and Networks (C. Cobb, et al.). Malicious Code (R. Thompson). Mobile Code (R. Gezelter). Denial of Service Attacks (D. Levine & G. Kessler). The Legal Framework for Protecting Intellectual Property in the Field of Computing and Computer Software (W. Zucker & S. Nathan). E Commerce Vulnerabilities (A. Ghosh). Physical Threats to the Information Infrastructure (F. Platt). PART THREE: PREVENTION: TECHNICAL DEFENSES. Protecting the Information Infrastructure (F. Platt). Identification and Authentication (R. Sandhu). Operating System Security (W. Stallings). Local Area Networks (G. Kessler & N. Pritsky). E Commerce Safeguards (J. Ritter & M. Money). Firewalls and Proxy Servers (D. Brussin). Protecting Internet Visible Systems (R. Gezelter). Protecting Web Sites (R. Gezelter). Public Key Infrastructures and Certificate Authorities (S. Chokhani). Antivirus Technology (C. Cobb). Software Development and Quality Assurance (D. Levine). Piracy and Antipiracy Techniques (D. Levine). PART FOUR: PREVENTION: HUMAN FACTORS. Standards for Security Products (P. Brusil & N. Zakin). Security Policy Guidelines (M. Kabay). Security Awareness (K. Rudolph, et al.). Ethical Decision Making and High Technology (J. Linderman). Employment Practices and Policies (M. Kabay). Operations Security and Production Controls (M. Walsh & M. Kabay). E Mail and Internet Use Policies (M. Kabay). Working with Law Enforcement (M. Wright). Using Social Psychology to Implement Security Policies (M. Kabay). Auditing Computer Security (D. Levine). PART FIVE: DETECTION. Vulnerability Assessment and Intrusion Detection Systems (R. Bace). Monitoring and Control Systems (D. Levine). Application Controls (M. Walsh). PART SIX: REMEDIATION. Computer Emergency Quick Response Teams (B. Cowens & M. Miora). Data Backups and Archives (M. Kabay). Business Continuity Planning (M. Miora). Disaster Recovery (M. Miora). Insurance Relief (R. Parisi, Jr.). PART SEVEN: MANAGEMENT S ROLE. Management Responsibilities and Liabilities (C. Hallberg, et al.). Developing Security Policies (M. Kabay). Risk Assessment and Risk Management (R. Jacobson). Y2K: Lessons Learned for Computer Security (T. Braithwaite). PART EIGHT: OTHER CONSIDERATIONS. Medical Records Security (P. Brusil & D. Harley). Using Encryption Internationally (D. Levine). Censorship and Content Filtering (L. Tien & S. Finkelstein). Privacy in Cyberspace (B. Hayes, et al.). Anoymity and Identity in Cyberspace (M. Kabay). The Future of Information Security (P. Tippett). Index.