An Introduction to Computer Security: The Nist Handbook

Portada
DIANE Publishing, 1995 - 276 páginas
2 Opiniones
Covers: elements of computer security; roles and responsibilities; common threats; computer security policy; computer security program and risk management; security and planning in the computer system life cycle; assurance; personnel/user issues; preparing for contingencies and disasters; computer security incident handling; awareness, training, and education; physical and environmental security; identification and authentication; logical access control; audit trails; cryptography; and assessing and mitigating the risks to a hypothetical computer system.
 

Comentarios de la gente - Escribir un comentario

No encontramos ningún comentario en los lugares habituales.

Contenido

26 Computer Security Requires a Comprehensive and Integrated Approach
13
28 Computer Security is Constrained by Societal Factors
14
ROLES AND RESPONSIBILITIES
15
31 Senior Management
16
35 Supporting Functions
18
36 Users
19
COMMON THREATS A BRIEF OVERVIEW
21
41 Errors and Omissions
22
42 Fraud and Theft
23
43 Employee Sabotage
24
46 Industrial Espionage
26
47 Malicious Code
27
49 Threats to Personal Privacy
28
MANAGEMENT CONTROLS
31
COMPUTER SECURITY POLICY
33
51 Program Policy
35
52 IssueSpecific Policy
37
53 SystemSpecific Policy
40
54 Interdependencies
42
55 Cost Considerations
43
COMPUTER SECURITY PROGRAM MANAGEMENT
45
62 Central Computer Security Programs
47
63 Elements of an Effective Central Computer Security Program
51
64 SystemLevel Computer Security Programs
53
66 Central and SystemLevel Program Interactions
56
COMPUTER SECURITY RISK MANAGEMENT
59
72 Risk Mitigation
63
73 Uncertainty Analysis
67
74 Interdependencies
68
SECURITY AND PLANNING IN THE COMPUTER SYSTEM LIFE CYCLE
71
82 Benefits of Integrating Security in the Computer System Life Cycle
72
83 Overview of the Computer System Life Cycle
73
84 Security Activities in the Computer System Life Cycle
74
85 Interdependencies
86
ASSURANCE
89
91 Accreditation and Assurance
90
92 Planning and Assurance
92
94 Operational Assurance
96
95 Interdependencies
101
OPERATIONAL CONTROLS
105
PERSONNELUSER ISSUES
107
102 User Administration
110
103 Contractor Access Considerations
116
105 Interdependencies
117
PREPARING FOR CONTINGENCIES AND DISASTERS
119
Identifying the Mission or BusinessCritical Functions
120
Anticipating Potential Contingencies or Disasters
122
Selecting Contingency Planning Strategies
123
Implementing the Contingency Strategies
126
Testing and Revising
128
117 Interdependences
129
118 Cost Considerations
130
134 Training
146
135 Education
147
136 Implementation
148
137 Interdependencies
152
SECURITY CONSIDERATIONS IN COMPUTER SUPPORT AND OPERATIONS
155
141 User Support
156
142 Software Support
157
144 Backups
158
146 Documentation
161
148 Interdependencies
162
149 Cost Considerations
163
PHYSICAL AND ENVIRONMENTAL SECURITY
165
151 Physical Access Controls
167
152 Fire Safety Factors
168
153 Failure of Supporting Utilities
170
155 Plumbing Leaks
171
157 Mobile and Portable Systems
172
159 Interdependencies
174
TECHNICAL CONTROLS
177
IDENTIFICATION AND AUTHENTICATION
179
161 IA Based on Something the User Knows
180
162 IA Based on Something the User Possesses
182
163 IA Based on Something the User Is
186
164 Implementing IA Systems
187
165 Interdependences
189
LOGICAL ACCESS CONTROL
193
171 Access Criteria
194
The Impetus for Access Controls
197
Implementation Mechanisms
198
174 Administration of Access Controls
204
175 Coordinating Access Controls
206
177 Cost Considerations
207
AUDIT TRAILS
211
182 Audit Trails and Logs
214
183 Implementation Issues
217
184 Interdependencies
220
185 Cost Considerations
221
CRYPTOGRAPHY
223
192 Uses of Cryptography
226
193 Implementation Issues
230
194 Interdependences
233
195 Cost Considerations
234
EXAMPLE
239
ASSESSING AND MITIGATING THE RISKS TO A HYPOTHETICAL COMPUTER SYSTEM
241
202 HGAs Computer System
242
203 Threats to HGAs Assets
245
204 Current Security Measures
248
205 Vulnerabilities Reported by the Risk Assessment Team
257
206 Recommendations for Mitigating the Identified Vulnerabilities
262
207 Summary
266
Cross Reference and General Index
269

Otras ediciones - Ver todas

Términos y frases comunes

Pasajes populares

Página 9 - Cost-Effective 4. Systems Owners Have Security Responsibilities Outside Their Own Organizations 5. Computer Security Responsibilities and Accountability Should Be Made Explicit 6. Computer Security Requires a Comprehensive and Integrated Approach 7. Computer Security Should Be Periodically Reassessed 8. Computer Security...
Página 21 - ... involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapons system; or is critical to the direct fulfillment of military or intelligence missions...
Página ii - (3) have responsibility within the Federal Government for developing technical, management, physical, and administrative standards and guidelines for the cost-effective security and privacy of sensitive information in Federal computer systems...
Página 82 - ... reviewing an operational system to see that security controls, both automated and manual, are functioning correctly and effectively. Operational assurance addresses whether the system's technical features are being bypassed or have vulnerabilities and whether required procedures are being followed. To maintain operational assurance, organizations use two basic methods: system audits and monitoring. A system audit is a one-time or periodic event to evaluate security; monitoring refers to an ongoing...
Página 11 - The costs and benefits of security should be carefully examined in both monetary and nonmonetary terms to ensure that the cost of controls does not exceed expected benefits. Security should be appropriate and proportionate to the value of and degree of reliance on the computer systems and to the severity, probability and extent of potential harm.
Página 168 - ... review the effectiveness of physical access controls in each area, both during normal business hours and at other times — particularly when an area may be unoccupied. Fire Safety Factors. Building fires are a particularly dangerous security threat because of the potential for complete destruction of hardware and data, the risk to human life, and the pervasiveness of the damage. Smoke, corrosive gases, and high humidity from a localized fire can damage systems throughout an entire building....
Página 5 - The operational controls address security methods that focus on mechanisms that primarily are implemented and executed by people (as opposed to systems). These controls are put in place to improve the security of a particular system (or group of systems). They often require technical or specialized expertise — and often rely upon management activities as well as technical controls.
Página 22 - House Committee on Science, Space, and Technology, Subcommittee on Investigations and Oversight, which is presently scheduled for September 23, 1992.
Página 59 - ... against the losses that would be expected if these measures were not in place. Part of the security management process on the matrix. 63 Fed. Reg. 43,242, 43,275 (Aug. 12, 1998) Risk Management: Risk is the possibility of something adverse happening. Risk management is the process of assessing risk, taking steps to reduce risk to an acceptable level and maintaining that level of risk. Part of the security management process on the matrix. 63 Fed. Reg. 43,242, 43,275 (Aug. 12, 1998) Role-Based...
Página 170 - Most commonly this results from an earthquake, a snow load on the roof beyond design criteria, an explosion that displaces or cuts structural members, or a fire that weakens structural members.

Referencias a este libro

Todos los resultados de la Búsqueda de libros »

Información bibliográfica