The classic and authoritative reference in the field of computer security, now completely updated and revised
With the continued presence of large-scale computers; the proliferation of desktop, laptop, and handheld computers; and the vast international networks that interconnect them, the nature and extent of threats to computer security have grown enormously. Now in its fifth edition, Computer Security Handbook continues to provide authoritative guidance to identify and to eliminate these threats where possible, as well as to lessen any losses attributable to them.
With seventy-seven chapters contributed by a panel of renowned industry professionals, the new edition has increased coverage in both breadth and depth of all ten domains of the Common Body of Knowledge defined by the International Information Systems Security Certification Consortium (ISC).
Of the seventy-seven chapters in the fifth edition, twenty-five chapters are completely new, including:
1. Hardware Elements of Security
2. Fundamentals of Cryptography and Steganography
3. Mathematical models of information security
4. Insider threats
5. Social engineering and low-tech attacks
6. Spam, phishing, and Trojans: attacks meant to fool
7. Biometric authentication
8. VPNs and secure remote access
9. Securing Peer2Peer, IM, SMS, and collaboration tools
10. U.S. legal and regulatory security issues, such as GLBA and SOX
Whether you are in charge of many computers or just one important one, there are immediate steps you can take to safeguard your computer system and its contents. Computer Security Handbook, Fifth Edition equips you to protect the information and networks that are vital to your organization.
Auflage
Sprache
Verlagsort
Verlagsgruppe
Zielgruppe
Editions-Typ
Illustrationen
Maße
Höhe: 25.5 cm
Breite: 18.3 cm
Dicke: 90 mm
Gewicht
ISBN-13
978-0-471-71652-5 (9780471716525)
Schweitzer Klassifikation
Part I. Foundations Of Computer Security.
1. Brief History and Mission of Information System Security.
2. History of Computer Crime.
3. Toward a New Framework for Information Security.
4. Hardware Elements of Security.
5. Data Communications and Information Security.
6. Network Topologies, Protocols, and Design.
7. Encryption.
8. Using a Common Language for Computer Security Incident Information.
9. Mathematical Models of Computer Security.
10. Understanding Studies and Surveys of Computer Crime.
11. Fundamentals of Intellectual Property Law.
Part II. Threats And Vulnerabilities.
12. The Psychology of Computer Criminals.
13. The Dangerous Information Technology Insider: Psychological Characteristics and Career Patterns.
14. Information Warfare.
15. Penetrating Computer Systems and Networks.
16. Malicious Code.
17. Mobile Code.
18. Denial-of-Service Attacks.
19. Social Engineering and Low-Tech Attacks.
20. Spam, Phishing, and Trojans: Attacks Meant To Fool.
21. Web-Based Vulnerabilities.
22. Physical Threats to the Information Infrastructure.
Part III. Prevention: Technical Defenses.
23. Protecting the Information Infrastructure.
24. Operating System Security.
25. Local Area Networks.
26. Gateway Security Devices.
27. Intrusion Detection and Intrusion Prevention Devices.
28. Identification and Authentication.
29. Biometric Authentication.
30. E-Commerce and Web Server Safeguards.
31. Web Monitoring and Content Filtering.
32. Virtual Private Networks and Secure Remote Access.
33. 802.11 Wireless LAN Security.
34. Securing VOIP.
35. Securing P2P, IM, SMS, and Collaboration Tools.
36. Securing Stored Data.
37. PKI and Certificate Authorities.
38. Writing Secure Code.
39. Software Development and Quality Assurance.
40. Managing Software Patches and Vulnerabilities.
41. Antivirus Technology.
42. Protecting Digital Rights: Technical Approaches.
Part IV. Prevention: Human Factors.
43. Ethical Decision Making and High Technology.
44. Security Policy Guidelines.
45. Employment Practices and Policies.
46. Vulnerability Assessment.
47. Operations Security and Production Controls.
48. E-Mail and Internet Use Policies.
49. Implementing a Security Awareness Program.
50. Using Social Psychology to Implement Security Policies.
51. Security Standards for Products.
Part V. Detecting Security Breaches.
52. Application Controls.
53. Monitoring and Control Systems.
54. Security Audits, Standards and Inspections.
55. Cyber Investigation.
Part VI. Response & Remediation.
56. Computer Security Incident Response Teams.
57. Data Backups and Archives.
58. Business Continuity Planning.
59. Disaster Recovery.
60. Insurance Relief.
61. Working with Law Enforcement.
Part VII. Management's Role In Security.
62. Risk Assessment and Risk Management.
63. Management Responsibilities and Liabilities.
64. U.S. Legal and Regulatory Security Issues.
65. The Role of the CISO.
66. Developing Security Policies.
67. Developing Classification Policies for Data.
68. Outsourcing and Security.
Part VIII. Public Policy And Other Considerations.
69. Privacy in Cyberspace: U.S. and European Perspectives.
70. Anonymity and Identity in Cyberspace.
71. Medical Records Protection.
72. Legal and Policy Issues of Censorship and Content Filtering.
73. Expert Witnesses and the Daubert Challenge.
74. Professional Certification and Training in Information Assurance.
75. Undergraduate and Graduate Education in Information Assurance.
76. The Future of Information Assurance.
