Cover Image
Read Now

An Information Security Handbook

Aimed primarily at final year undergraduate courses and MSc courses on Information Systems, Management of Information Systems and Design of Information Systems, this textbook aims to provide answers to five questions; What is security? What are the security problems particular to an IT system? What...

Full description

Bibliographic Details
Main Author: Hunter, John M.
Format: eBook
Language:English
Published: London Springer London 2001, 2001
Edition:1st ed. 2001
Series:Computer Communications and Networks
Subjects:
Computer Communication Networks
Cryptography
Computer Networks 
Procurement
Data Encryption (computer Science)
Cryptology
Industrial Procurement
Online Access:
Collection: Springer Book Archives -2004 - Collection details see MPG.ReNa
LEADER 06596nmm a2200385 u 4500
001 EB000616859
003 EBX01000000000000001348293
005 00000000000000.0
007 cr|||||||||||||||||||||
008 140122 ||| eng
020 |a 9781447102618 
100 1 |a Hunter, John M. 
245 0 0 |a An Information Security Handbook  |h Elektronische Ressource  |c by John M. Hunter 
250 |a 1st ed. 2001 
260 |a London  |b Springer London  |c 2001, 2001 
300 |a XIV, 226 p. 3 illus  |b online resource 
505 0 |a 1. Introduction -- 1.1 Why a Book about Information Security? -- 1.2 Some Conventions -- 1.3 Risks -- 1.4 Information Sensitivity -- 1.5 Information Importance -- 1.6 Countermeasures -- 1.7 Information Warfare -- 1.8 Management -- 1.9 Summary -- 2. Technology and Security -- 2.1 Privilege and Machine Modes -- 2.2 System Configuration -- 2.3 Physical Aspects of Discs and Tapes -- 2.4 Files and Access Control -- 2.5 RAID Storage -- 2.6 Summary -- 3. Physical Security -- 3.1 The Security Domains -- 3.2 Security Aspects of Layout -- 3.3 Summary -- 4. Personnel Security -- 4.1 Assessing Personnel Trustworthiness -- 4.2 Example and Leadership -- 4.3 Awareness -- 4.4 IT Staff -- 4.5 New Recruits and Leavers -- 4.6 General -- 4.6 Summary -- 5. Communications Security -- 5.1 Encryption and Cryptanalysis -- 5.2 Authentication Dialogues -- 5.3 The Kerberos Authentication Dialogue -- 5.4 Hacking -- 5.5 Unix and the TCP/IP Family of Protocols -- 5.6 Firewalls and Gateways -- 6. Unix Security --  
505 0 |a F.2.2 Configuration -- F.3 Accuracy -- F.3.1 Communications -- F.3.2 Storage -- F.4 Availability -- F.4.1 Communications -- F.4.2 Logical Denial -- F.4.3 Personnel -- F.4.4 Physical Denial -- F.4.5 Environmental Damage -- F.5 Data Exchange -- F.5.1 Communications Security -- F.5.2 Covert Channel -- F.5.3 Radiation Security -- F.5.4 Transmission Security -- F.5.5 Traffic Flow Security -- F.6 Authentication -- F.7 Audit -- F.8 Personnel -- G. Glossary of Information Security Terms -- H. References & Bibliography 
505 0 |a A.2 Network Activity Monitors -- A.3 Intrusion Checkers -- A.4 Change Detectors -- A.5 Password Checkers -- A.6 Firewall Packages -- A.7 Security Documentation -- A.8 Other Secure Software -- B. DoD Computer System Evaluation Criteria -- C. IT Security Evaluation Criteria (ITSEC) -- D. An Example System Security Policy -- E. System Threats and Countermeasures -- E.1 Introduction -- E.2 Threats to the Level of Service -- E.2.1 Power Supplies -- E.2.2 Hardware Faults -- E.2.3 Software Crashes -- E.2.4 Operator Errors -- E.2.5 Computer Viruses -- E.2.6 Environmental Disasters -- E.3 Threats to the Information Base -- E.4 Threats Leading to Information Leakage -- E.5 Choice of Countermeasures -- E.6 Summary -- F. Example List of SecurityCountermeasures -- F.1 Access Control -- F.1.1 Communications -- F.1.2 Covert Channel Control -- F.1.3 Discretionary Access Control -- F.1.4 Mandatory Access Control -- F.1.5 Physical Access Control -- F.2 Accountability -- F.2.1 Transactions --  
505 0 |a 12.1 Introduction -- 12.2 Viruses -- 12.3 Virus Examples -- 12.4 Dealing with Viruses -- 12.5 Java & Active-X -- 12.6 The “Millennium Bug” -- 12.7 Summary -- 13. The UK Data Protection Acts -- 13.1 Definitions -- 13.2 The Data Protection Principles -- 13.3 Summary -- 14. System Administration and Security -- 14.1 The Procurement of Secure Information Systems -- 14.2 System and Data Backups -- 14.3 Resource Tracking and Management -- 14.4 System Testing and Probing -- 14.5 Configuration Management -- 14.6 Database Maintenance -- 14.7 User Account Management -- 14.8 Audit Trail Management -- 14.9 Summary -- 15. The Management of Security -- 15.1 The Security Management Problem -- 15.2 A Security Management Methodology -- 15.3 System Security Policies -- 15.4 Summary -- 16. Conclusions -- 16.1 A Definition of Information System Security -- 16.2 The Security Problems of an Information System -- 16.3 Tailpiece -- A. Unix Security Resources -- A.1 Configuration Checkers --  
505 0 |a 6.1 The Security Problems of Unix -- 6.2 Unix File Permissions -- 6.3 Executing as the Superuser -- 6.4 Password Security -- 6.5 Improving Unix Network Security -- 7. Internet Security -- 7.1 External Hazards -- 7.2 ISP Services -- 7.3 After an Attack -- 7.4 Summary -- 8. Radiation Security -- 8.1 Equipment Layout -- 8.2 Maintenance -- 8.3 Summary -- 9. Procedural Security -- 9.1 System Integrity -- 9.2 Magnetic Media -- 9.3 Denial of System Benefits to a Competitor -- 9.4 Disposal of Documents -- 9.5 Weeding and Downgrading -- 9.6 When It Starts to Go Wrong -- 9.7 Summary -- 10. Software Security -- 10.1 Secure Computer Systems -- 10.2 Software Evaluation -- 10.3 Software Security Models -- 10.4 Other Software Security Issues -- 11. Some Notes on Static Analysis -- 11.1 Introduction -- 11.2 Control Flow Analysis -- 11.3 Data Flow Analysis -- 11.4 InformationFlow Analysis -- 11.5 Semantic Analysis -- 11.6 The Use of Static Analysis -- 11.7 Summary -- 12. Computer Viruses --  
653 |a Computer Communication Networks 
653 |a Cryptography 
653 |a Computer networks  
653 |a Procurement 
653 |a Data encryption (Computer science) 
653 |a Cryptology 
653 |a Industrial procurement 
041 0 7 |a eng  |2 ISO 639-2 
989 |b SBA  |a Springer Book Archives -2004 
490 0 |a Computer Communications and Networks 
028 5 0 |a 10.1007/978-1-4471-0261-8 
856 4 0 |u https://doi.org/10.1007/978-1-4471-0261-8?nosfx=y  |x Verlag  |3 Volltext 
082 0 |a 005.824 
520 |a Aimed primarily at final year undergraduate courses and MSc courses on Information Systems, Management of Information Systems and Design of Information Systems, this textbook aims to provide answers to five questions; What is security? What are the security problems particular to an IT system? What can be done to reduce the security risks associated with such a system? In a given situation, what are the appropriate security countermeasures? How should one set about procuring an information system with security implications? It looks at the different goals organisations might have in employing security techniques (availability, integrity, confidentiality, exclusivity) and which technique is best suited to achieving each goal. With guidelines appropriate for the protection of both conventional commercial and military systems, An Information Security Handbook will be of interest to computer system managers and administrators in any commercial or government organisation 

Similar Items