Foreword xix
Preface xxv Chapter 1: Is There
a Security Problem in Computing? 1
1.1 What Does "Secure"
Mean? 1
1.2 Attacks 5
1.3 The Meaning of Computer
Security 9
1.4 Computer
Criminals 21
1.5 Methods of
Defense 23
1.6 What's
Next 30
1.7 Summary 32
1.8 Terms and
Concepts 32
1.9 Where the Field Is
Headed 33
1.10 To Learn
More 34
1.11 Exercises 34
2.1 Terminology and
Background 38
2.2 Substitution
Ciphers 44
2.3 Transpositions
(Permutations) 55
2.4 Making "Good" Encryption
Algorithms 59
2.5 The Data Encryption
Standard 68
2.6 The AES Encryption
Algorithm 72
2.7 Public Key
Encryption 75
2.8 The Uses of
Encryption 79
2.9 Summary of
Encryption 91
2.10 Terms and
Concepts 92
2.11 Where the Field Is
Headed 93
2.12 To Learn
More 94
2.13 Exercises 94
3.1 Secure
Programs 99
3.2 Nonmalicious Program
Errors 103
3.3 Viruses and Other Malicious
Code 111
3.4 Targeted Malicious
Code 141
3.5 Controls Against Program
Threats 160
3.6 Summary of Program Threats
and Controls 181
3.7 Terms and
Concepts 182
3.8 Where the Field Is
Headed 183
3.9 To Learn
More 185
3.10 Exercises 185
4.1 Protected Objects and
Methods of Protection 189
4.2 Memory and Address
Protection 193
4.3 Control of Access to General
Objects 204
4.4 File Protection
Mechanisms 215
4.5 User
Authentication 219
4.6 Summary of Security for
Users 236
4.7 Terms and
Concepts 237
4.8 Where the Field Is
Headed 238
4.9 To Learn
More 239
4.10 Exercises 239
5.1 What Is a Trusted
System? 243
5.2 Security
Policies 245
5.3 Models of
Security 252
5.4 Trusted Operating System
Design 264
5.5 Assurance in Trusted
Operating Systems 287
5.6 Summary of Security in
Operating Systems 312
5.7 Terms and
Concepts 313
5.8 Where the Field Is
Headed 315
5.9 To Learn
More 315
5.10 Exercises 316
6.1 Introduction to
Databases 319
6.2 Security
Requirements 324
6.3 Reliability and
Integrity 329
6.4 Sensitive
Data 335
6.5 Inference 341
6.6 Multilevel
Databases 351
6.7 Proposals for Multilevel
Security 356
6.8 Data
Mining 367
6.9 Summary of Database
Security 371
6.10 Terms and
Concepts 371
6.11 Where the Field Is
Headed 372
6.12 To Learn
More 373
6.13 Exercises 373
7.1 Network
Concepts 377
7.2 Threats in
Networks 396
7.3 Network Security
Controls 440
7.4 Firewalls 474
7.5 Intrusion Detection
Systems 484
7.6 Secure
E-mail 490
7.7 Summary of Network
Security 496
7.8 Terms and
Concepts 498
7.9 Where the Field Is
Headed 500
7.10 To Learn
More 502
7.11 Exercises 502
8.1 Security
Planning 509
8.2 Risk
Analysis 524
8.3 Organizational Security
Policies 547
8.4 Physical
Security 556
8.5 Summary 566
8.6 Terms and
Concepts 567
8.7 To Learn
More 568
8.8 Exercises 569
9.1 Making a Business
Case 572
9.2 Quantifying
Security 578
9.3 Modeling
Cybersecurity 589
9.5 Summary 599
9.6 Terms and
Concepts 600
9.7 To Learn
More 601
9.8 Exercises 601
10.1 Privacy
Concepts 604
10.2 Privacy Principles and
Policies 608
10.3 Authentication and
Privacy 619
10.4 Data
Mining 623
10.5 Privacy on the
Web 626
10.6 E-mail
Security 635
10.7 Impacts on Emerging
Technologies 638
10.8 Summary 643
10.9 Terms and
Concepts 643
10.10 Where the Field Is
Headed 645
10.11 To Learn
More 645
10.12 Exercises 646
11.1 Protecting Programs and
Data 649
11.2 Information and the
Law 663
11.3 Rights of Employees and
Employers 670
11.4 Redress for Software
Failures 673
11.5 Computer
Crime 679
11.6 Ethical Issues in Computer
Security 692
11.7 Case Studies of
Ethics 698
11.8 Terms and
Concepts 714
11.9 To Learn
More 714
11.10 Exercises 715
12.1 Mathematics for
Cryptography 718
12.2 Symmetric
Encryption 730
12.3 Public Key Encryption
Systems 757
12.4 Quantum
Cryptography 774
12.5 Summary of
Encryption 778
12.6 Terms and
Concepts 778
12.7 Where the Field Is
Headed 779
12.8 To Learn
More 779
12.9 Exercises 779
The New State-of-the-Art in Information Security: Now Covers the Economics of Cyber Security and the Intersection of Privacy and Information Security
For years, IT and security professionals and students have turned to Security in Computing as the definitive guide to information about computer security attacks and countermeasures. In their new fourth edition, Charles P. Pfleeger and Shari Lawrence Pfleeger have thoroughly updated their classic guide to reflect today's newest technologies, standards, and trends.
The authors first introduce the core concepts and vocabulary of computer security, including attacks and controls. Next, the authors systematically identify and assess threats now facing programs, operating systems, database systems, and networks. For each threat, they offer best-practice responses.
Security in Computing, Fourth Edition, goes beyond technology, covering crucial management issues faced in protecting infrastructure and information. This edition contains an all-new chapter on the economics of cybersecurity, explaining ways to make a business case for security investments. Another new chapter addresses privacy--from data mining and identity theft, to RFID and e-voting.
New coverage also includes
Charles P. Pfleeger is an independent information security consultant and principal of the Pfleeger Consulting Group. He specializes in threat/vulnerability analysis, system design review, certification preparation, expert witness testimony, and training.
Shari Lawrence Pfleeger, a senior information scientist at the RAND Corporation, has written ten books on software engineering, measurement, and quality, including Software Engineering: Theory and Practice, Third Edition (Prentice Hall, 2006). She was named one of the world's top software engineering researchers by the Journal of Systems and Software.
Ask a Question About this Product More... |