Premium Members Get 10% Off and Earn Rewards Find Out More
Computer and Information Security Handbook
Computer and Information Security Handbook, Fourth Edition offers deep coverage of an extremely wide range of issues in computer and cybersecurity theory, along with applications and best practices, offering the latest insights into established and emerging technologies and advancements. With new parts devoted to such current topics as Cyber Security for the Smart City and Smart Homes, Cyber Security of Connected and Automated Vehicles, and Future Cyber Security Trends and Directions, the book now has 115 chapters written by leading experts in their fields, as well as 8 updated appendices and an expanded glossary.

Chapters new to this edition include such timely topics as Threat Landscape and Good Practices for Internet Infrastructure, Cyber Attacks Against the Grid Infrastructure, Threat Landscape and Good Practices for the Smart Grid Infrastructure, Energy Infrastructure Cyber Security, Smart Cities Cyber Security Concerns, Community Preparedness Action Groups for Smart City Cyber Security, Smart City Disaster Preparedness and Resilience, Cyber Security in Smart Homes, Threat Landscape and Good Practices for Smart Homes and Converged Media, Future Trends for Cyber Security for Smart Cities and Smart Homes, Cyber Attacks and Defenses on Intelligent Connected Vehicles, Cyber Security Issues in VANETs, Use of AI in Cyber Security, New Cyber Security Vulnerabilities and Trends Facing Aerospace and Defense Systems, and much more.
1100664946
Computer and Information Security Handbook
Computer and Information Security Handbook, Fourth Edition offers deep coverage of an extremely wide range of issues in computer and cybersecurity theory, along with applications and best practices, offering the latest insights into established and emerging technologies and advancements. With new parts devoted to such current topics as Cyber Security for the Smart City and Smart Homes, Cyber Security of Connected and Automated Vehicles, and Future Cyber Security Trends and Directions, the book now has 115 chapters written by leading experts in their fields, as well as 8 updated appendices and an expanded glossary.

Chapters new to this edition include such timely topics as Threat Landscape and Good Practices for Internet Infrastructure, Cyber Attacks Against the Grid Infrastructure, Threat Landscape and Good Practices for the Smart Grid Infrastructure, Energy Infrastructure Cyber Security, Smart Cities Cyber Security Concerns, Community Preparedness Action Groups for Smart City Cyber Security, Smart City Disaster Preparedness and Resilience, Cyber Security in Smart Homes, Threat Landscape and Good Practices for Smart Homes and Converged Media, Future Trends for Cyber Security for Smart Cities and Smart Homes, Cyber Attacks and Defenses on Intelligent Connected Vehicles, Cyber Security Issues in VANETs, Use of AI in Cyber Security, New Cyber Security Vulnerabilities and Trends Facing Aerospace and Defense Systems, and much more.
95.99 In Stock
Computer and Information Security Handbook

Computer and Information Security Handbook

Computer and Information Security Handbook
Add to Wishlist
Computer and Information Security Handbook

Computer and Information Security Handbook

Overview

Computer and Information Security Handbook, Fourth Edition offers deep coverage of an extremely wide range of issues in computer and cybersecurity theory, along with applications and best practices, offering the latest insights into established and emerging technologies and advancements. With new parts devoted to such current topics as Cyber Security for the Smart City and Smart Homes, Cyber Security of Connected and Automated Vehicles, and Future Cyber Security Trends and Directions, the book now has 115 chapters written by leading experts in their fields, as well as 8 updated appendices and an expanded glossary.

Chapters new to this edition include such timely topics as Threat Landscape and Good Practices for Internet Infrastructure, Cyber Attacks Against the Grid Infrastructure, Threat Landscape and Good Practices for the Smart Grid Infrastructure, Energy Infrastructure Cyber Security, Smart Cities Cyber Security Concerns, Community Preparedness Action Groups for Smart City Cyber Security, Smart City Disaster Preparedness and Resilience, Cyber Security in Smart Homes, Threat Landscape and Good Practices for Smart Homes and Converged Media, Future Trends for Cyber Security for Smart Cities and Smart Homes, Cyber Attacks and Defenses on Intelligent Connected Vehicles, Cyber Security Issues in VANETs, Use of AI in Cyber Security, New Cyber Security Vulnerabilities and Trends Facing Aerospace and Defense Systems, and much more.

Product Details

ISBN-13: 9780080921945
Publisher: Elsevier Science
Publication date: 05/04/2009
Series: Morgan Kaufmann Series in Computer Security
Sold by: Barnes & Noble
Format: eBook
Pages: 928
File size: 13 MB
Note: This product may take a few minutes to download.

About the Author

John Vacca is an independent information technology consultant and researcher, professional writer, editor, reviewer, and author based in Pomeroy, Ohio, USA. Since 1982, John has authored, edited, and published more than 85 books, including Smart Cities Policies and Financing: Approaches and Solutions, Elsevier; Cloud Computing Security: Foundations and Challenges, Taylor and Francis/CRC Press; Solving Urban Infrastructure Problems Using Smart City Technologies: Handbook on Planning, Design, Development, and Regulation, Elsevier; Online Terrorist Propaganda, Recruitment, and Radicalization, Taylor and Francis/CRC Press; Nanoscale Networking and Communications Handbook, Taylor and Francis/CRC Press; Handbook of Sensor Networking: Advanced Technologies and Applications, Taylor and Francis/CRC Press; Network and System Security 2/e, Elsevier/Syngress; Cyber Security and IT Infrastructure Protection, Elsevier/Syngress; and Managing Information Security 2/e, Elsevier/Syngress; among many others.
John was a Configuration Management Specialist, Computer Specialist, and the Computer Security Official (CSO) for NASA’s space station program (Freedom) and the International Space Station Program from 1988 until his retirement from NASA in 1995. John has also been a security consultant for major motion pictures, including AntiTrust, Collateral, and Identity Theft: The Michelle Brown Story. He received his M.Sc. from Kansas State University and an MBA from Emporia State University and served in the United States Air Force from 1967-1971.

Read an Excerpt

Computer and Information Security Handbook

Morgan Kaufmann Publishers

Copyright © 2009 Elsevier Inc.
All right reserved.
ISBN: 978-0-08-092194-5

Chapter One

Building a Secure Organization

John Mallery BKD, LLP

It seems logical that any business, whether a commercial enterprise or a not-for-profit business, would understand that building a secure organization is important to long-term success. When a business implements and maintains a strong security posture, it can take advantage of numerous benefits. An organization that can demonstrate an infrastructure protected by robust security mechanisms can potentially see a reduction in insurance premiums being paid. A secure organization can use its security program as a marketing tool, demonstrating to clients that it values their business so much that it takes a very aggressive stance on protecting their information. But most important, a secure organization will not have to spend time and money identifying security breaches and responding to the results of those breaches.

As of September 2008, according to the National Conference of State Legislatures, 44 states, the District of Columbia, and Puerto Rico had enacted legislation requiring notification of security breaches involving personal information. Security breaches can cost an organization significantly through a tarnished reputation, lost business, and legal fees. And numerous regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), and the Sarbanes-Oxley Act, require businesses to maintain the security of information. Despite the benefits of maintaining a secure organization and the potentially devastating consequences of not doing so, many organizations have poor security mechanisms, implementations, policies, and culture.

1. OBSTACLES TO SECURITY

In attempting to build a secure organization, we should take a close look at the obstacles that make it challenging to build a totally secure organization.

Security Is Inconvenient

Security, by its very nature, is inconvenient, and the more robust the security mechanisms, the more inconvenient the process becomes. Employees in an organization have a job to do; they want to get to work right away. Most security mechanisms, from passwords to multifactor authentication, are seen as roadblocks to productivity. One of the current trends in security is to add whole disk encryption to laptop computers. Although this is a highly recommended security process, it adds a second login step before a computer user can actually start working. Even if the step adds only one minute to the login process, over the course of a year this adds up to four hours of lost productivity. Some would argue that this lost productivity is balanced by the added level of security. But across a large organization, this lost productivity could prove significant.

To gain a full appreciation of the frustration caused by security measures, we have only to watch the Transportation Security Administration (TSA) security lines at any airport. Simply watch the frustration build as a particular item is run through the scanner for a third time while a passenger is running late to board his flight. Security implementations are based on a sliding scale; one end of the scale is total security and total inconvenience, the other is total insecurity and complete ease of use. When we implement any security mechanism, it should be placed on the scale where the level of security and ease of use match the acceptable level of risk for the organization.

Computers Are Powerful and Complex

Home computers have become storehouses of personal materials. Our computers now contain wedding videos, scanned family photos, music libraries, movie collections, and financial and medical records. Because computers contain such familiar objects, we have forgotten that computers are very powerful and complex devices. It wasn't that long ago that computers as powerful as our desktop and laptop computers would have filled one or more very large rooms. In addition, today's computers present a "user-friendly" face to the world. Most people are unfamiliar with the way computers truly function and what goes on "behind the scenes." Things such as the Windows Registry, ports, and services are completely unknown to most users and poorly understood by many computer industry professionals. For example, many individuals still believe that a Windows login password protects data on a computer. On the contrary-someone can simply take the hard drive out of the computer, install it as a slave drive in another computer, or place it in a USB drive enclosure, and all the data will be readily accessible.

Computer Users Are Unsophisticated

Many computer users believe that because they are skilled at generating spreadsheets, word processing documents, and presentations, they "know everything about computers." These "power users" have moved beyond application basics, but many still do not understand even basic security concepts. Many users will indiscriminately install software and visit questionable Web sites despite the fact that these actions could violate company policies. The "bad guys"—people who want to steal information from or wreak havoc on computers systems—have also identified that the average user is a weak link in the security chain. As companies began investing more money in perimeter defenses, attackers look to the path of least resistance. They send malware as attachments to email, asking recipients to open the attachment. Despite being told not to open attachments from unknown senders or simply not to open attachments at all, employees consistently violate this policy, wreaking havoc on their networks. The "I Love You Virus" spread very rapidly in this manner. More recently, phishing scams have been very effective in convincing individuals to provide their personal online banking and credit-card information. Why would an attacker struggle to break through an organization's defenses when end users are more than willing to provide the keys to bank accounts? Addressing the threat caused by untrained and unwary end users is a significant part of any security program.

Computers Created Without a Thought to Security

During the development of personal computers (PCs), no thought was put into security. Early PCs were very simple affairs that had limited computing power and no keyboards and were programmed by flipping a series of switches. They were developed almost as curiosities. Even as they became more advanced and complex, all effort was focused on developing greater sophistication and capabilities; no one thought they would have security issues. We only have to look at some of the early computers, such as the Berkeley Enterprises Geniac, the Heathkit EC-1, or the MITS Altair 8800, to understand why security was not an issue back then. The development of computers was focused on what they could do, not how they could be attacked.

As computers began to be interconnected, the driving force was providing the ability to share information, certainly not to protect it. Initially the Internet was designed for military applications, but eventually it migrated to colleges and universities, the principal tenet of which is the sharing of knowledge.

Current Trend Is to Share, Not Protect

Even now, despite the stories of compromised data, people still want to share their data with everyone. And Web-based applications are making this easier to do than simply attaching a file to an email. Social networking sites such as SixApart provide the ability to share material: "Send messages, files, links, and events to your friends. Create a network of friends and share stuff. It's free and easy ..." In addition, many online data storage sites such as DropSend and FilesAnywhere provide the ability to share files. Although currently in the beta state of development, Swivel provides the ability to upload data sets for analysis and comparison. These sites can allow proprietary data to leave an organization by bypassing security mechanisms.

Data Accessible from Anywhere

As though employees' desire to share data is not enough of a threat to proprietary information, many business professionals want access to data from anywhere they work, on a variety of devices. To be productive, employees now request access to data and contact information on their laptops, desktops, home computers, and mobile devices. Therefore, IT departments must now provide the ability to sync data with numerous devices. And if the IT department can't or won't provide this capability, employees now have the power to take matters into their own hands.

(Continues...)


Excerpted from Computer and Information Security Handbook Copyright © 2009 by Elsevier Inc. . Excerpted by permission of Morgan Kaufmann Publishers. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Table of Contents

Contents

Foreword....................xxi
Preface....................xxiii
Acknowledgments....................xxvii
About the Editor....................xxix
Contributors....................xxxi
1. Building a Secure Organization John Mallery....................3
2. A Cryptography Primer Scott R. Ellis....................123
3. Preventing System Intrusions Michael West....................39
4. Guarding Against Network Intrusions Tom Chen and Patrick J. Walsh....................53
5. Unix and Linux Security Gerald Beuchelt....................67
6. Eliminating the Security Weakness of Linux and Unix Operating Systems Mario Santana....................79
7. Internet Security Jesse Walker....................93
8. The Botnet Problem Xinyuan Wang and Daniel Ramsbrock....................119
9. Intranet Security Bill Mansoor....................133
10. Local Area Network Security Dr. Pramod Pandya....................149
11. Wireless Network Security Chunming Rong and Erdal Cayirci....................169
12. Cellular Network Security Peng Liu, Thomas F. LaPorta and Kameswari Kotapati....................183
13. RFID Security Chunming Rong and Erdal Cayirci....................205
14. Information Security Essentials for IT Managers, Protecting Mission-Critical Systems Albert Caballero....................225
15. Security Management Systems Joe Wright and Jim Harmening....................255
16. Information Technology Security Management Rahul Bhaskerand Bhushan Kapoor....................259
17. Identity Management Dr. Jean-Marc Seigneur and Dr. Tewfiq El Malika....................269
18. Intrusion Prevention and Detection Systems Christopher Day....................293
19. Computer Forensics Scott R. Ellis....................307
20. Network Forensics Yong Guan....................339
21. Firewalls Dr. Errin W. Fulp....................349
22. Penetration Testing Sanjay Bavisi....................369
23. What Is Vulnerability Assessment? Almantas Kakareka....................383
24. Data Encryption Dr. Bhushan Kapoor and Dr. Pramod Pandya....................397
25. Satellite Encryption Daniel S. Soper....................423
26. Public Key Infrastructure Terence Spies....................433
27. Instant-Messaging Security Samuel J. J. Curry....................453
28. NET Privacy Marco Cremonini, Chiara Braghin and Claudio Agostino Ardagna....................469
29. Personal Privacy Policies Dr. George Yee and Larry Korba....................487
30. Virtual Private Networks Jim Harmening and Joe Wright....................507
31. Identity Theft Markus Jacobsson and Alex Tsow....................519
32. VoIP Security Dan Wing and Harsh Kupwade Patil....................551
33. SAN Security John McGowan, Jeffrey Bardin and John McDonald....................567
34. Storage Area Networking Devices Security Robert Rounsavall....................591
35. Risk Management Sokratis K. Katsikas....................605
36. Physical Security Essentials William Stallings....................629
37. Biometrics Luther Martin....................645
38. Homeland Security Rahul Bhaskar Ph.D. and Bhushan Kapoor....................661
39. Information Warfare Jan Eloff and Anna Granova....................677
40. Security Through Diversity Kevin Noble....................693
41. Reputation Management Dr. Jean-Marc Seigneur....................701
42. Content Filtering Peter Nicoletti....................723
43. Data Loss Protection Ken Perkins....................745
Appendix A Configuring Authentication Service on Microsoft Windows Vista John R. Vacca....................765
Appendix B Security Management and Resiliency John R. Vacca....................775
Appendix C List of Top Security Implementation and Deployment Companies....................777
Appendix D List of Security Products....................781
Appendix E List of Security Standards....................783
Appendix F List of Miscellaneous Security Resources....................785
Appendix G Ensuring Built-in Frequency Hopping Spread Spectrum Wireless Network Security....................793
Appendix H Configuring Wireless Internet Security Remote Access....................795
Appendix I Frequently Asked Questions....................799
Appendix J Glossary....................801
Index....................817

What People are Saying About This

From the Publisher

Comprehensive, up-to-date reference on computer and information security that offers the latest insights on emerging technologies and advancements

From the B&N Reads Blog
Page 1 of

Related Subjects

Computers
Computers - General & Miscellaneous
Networking & Telecommunications
Information Systems
Computer Security
Security - Computer Networks
Information Storage and Retrieval
Information systems->Security measures
Computers
Computers - General & Miscellaneous
Networking & Telecommunications
Information Systems
Computer Security
Security - Computer Networks
Information Storage and Retrieval
Information systems->Security measures

Customer Reviews