Covers the economics of cyber security and the intersection of privacy and information security. This title introduces the core concepts and vocabulary of computer security, including attacks and controls. It identifies and assesses the threats facing programs, operating systems, database systems, and networks.

This is the new state-of-the-art in information security. This title now covers the economics of cyber security and the intersection of privacy and information security. For years, IT and security professionals and students have turned to "Security in Computing" as the definitive guide to information about computer security attacks and countermeasures. In their new fourth edition, Charles P. Pfleeger and Shari Lawrence Pfleeger have thoroughly updated their classic guide to reflect today's newest technologies, standards, and trends. The authors first introduce the core concepts and vocabulary of computer security, including attacks and controls. Next, the authors systematically identify and assess threats now facing programs, operating systems, database systems, and networks. For each threat, they offer best-practice responses. "Security in Computing, Fourth Edition" goes beyond technology, covering crucial management issues faced in protecting infrastructure and information. This edition contains an all-new chapter on the economics of cybersecurity, explaining ways to make a business case for security investments.;Another new chapter addresses privacy - from data mining and identity theft, to RFID and e-voting. New coverage also includes: programming mistakes that compromise security: man-in-the-middle, timing, and privilege escalation attacks; Web application threats and vulnerabilities; networks of compromised systems: bots, botnets, and drones; Rootkits - including the notorious Sony XCP; Wi-Fi network security challenges, standards, and techniques; new malicious code attacks, including false interfaces and keystroke loggers; improving code quality: software engineering, testing, and liability approaches; biometric authentication: capabilities and limitations; using the Advanced Encryption System (AES) more effectively; balancing dissemination with piracy control in music and other digital content; countering new cryptanalytic attacks against RSA, DES, and SHA; and responding to the emergence of organized attacker groups pursuing profit.

Contributor:

Willis H. Ware

Publisher:

Prentice Hall PTR

ISBN:

9780132390774

Publication date:

October 2006

Length:

242mm

Width:

183mm

Thickness:

50mm

Weight:

1456g

Edition:

4th Edition

Pages:

845

Illustrations:

Illustrated

Prescribed at:

UNISA 2012

Subject / Course:

INF4831

Subject / Course:

CPS401I

Illustrated:

Illustrated

• Foreword xixPreface xxv Chapter 1: Is There a Security Problem in Computing? 1 1.1 What Does "Secure" Mean? 1 1.2 Attacks 5 1.3 The Meaning of Computer Security 9 1.4 Computer Criminals 21 1.5 Methods of Defense 23 1.6 What's Next 30 1.7 Summary 32 1.8 Terms and Concepts 32 1.9 Where the Field Is Headed 331.10 To Learn More 341.11 Exercises 34 Chapter 2: Elementary Cryptography 37 2.1 Terminology and Background 38 2.2 Substitution Ciphers 44 2.3 Transpositions (Permutations) 55 2.4 Making "Good" Encryption Algorithms 59 2.5 The Data Encryption Standard 68 2.6 The AES Encryption Algorithm 72 2.7 Public Key Encryption 75 2.8 The Uses of Encryption 79 2.9 Summary of Encryption 912.10 Terms and Concepts 922.11 Where the Field Is Headed 932.12 To Learn More 942.13 Exercises 94 Chapter 3 Program Security 98 3.1 Secure Programs 99 3.2 Nonmalicious Program Errors 103 3.3 Viruses and Other Malicious Code 111 3.4 Targeted Malicious Code 141 3.5 Controls Against Program Threats 160 3.6 Summary of Program Threats and Controls 181 3.7 Terms and Concepts 182 3.8 Where the Field Is Headed 183 3.9 To Learn More 1853.10 Exercises 185 Chapter 4 Protection in General-Purpose Operating Systems 188 4.1 Protected Objects and Methods of Protection 189 4.2 Memory and Address Protection 193 4.3 Control of Access to General Objects 204 4.4 File Protection Mechanisms 215 4.5 User Authentication 219 4.6 Summary of Security for Users 236 4.7 Terms and Concepts 237 4.8 Where the Field Is Headed 238 4.9 To Learn More 2394.10 Exercises 239 Chapter 5 Designing Trusted Operating Systems 242 5.1 What Is a Trusted System? 243 5.2 Security Policies 245 5.3 Models of Security 252 5.4 Trusted Operating System Design 264 5.5 Assurance in Trusted Operating Systems 287 5.6 Summary of Security in Operating Systems 312 5.7 Terms and Concepts 313 5.8 Where the Field Is Headed 315 5.9 To Learn More 3155.10 Exercises 316 Chapter 6 Database and Data Mining Security 318 6.1 Introduction to Databases 319 6.2 Security Requirements 324 6.3 Reliability and Integrity 329 6.4 Sensitive Data 335 6.5 Inference 341 6.6 Multilevel Databases 351 6.7 Proposals for Multilevel Security 356 6.8 Data Mining 367 6.9 Summary of Database Security 3716.10 Terms and Concepts 3716.11 Where the Field Is Headed 3726.12 To Learn More 3736.13 Exercises 373 Chapter 7 Security in Networks 376 7.1 Network Concepts 377 7.2 Threats in Networks 396 7.3 Network Security Controls 440 7.4 Firewalls 474 7.5 Intrusion Detection Systems 484 7.6 Secure E-mail 490 7.7 Summary of Network Security 496 7.8 Terms and Concepts 498 7.9 Where the Field Is Headed 5007.10 To Learn More 5027.11 Exercises 502 Chapter 8 Administering Security 508 8.1 Security Planning 509 8.2 Risk Analysis 524 8.3 Organizational Security Policies 547 8.4 Physical Security 556 8.5 Summary 566 8.6 Terms and Concepts 567 8.7 To Learn More 568 8.8 Exercises 569 Chapter 9 The Economics of Cybersecurity 571 9.1 Making a Business Case 572 9.2 Quantifying Security 578 9