An Introduction to Computer Security: The Nist Handbook
Covers: elements of computer security; roles and responsibilities; common threats; computer security policy; computer security program and risk management; security and planning in the computer system life cycle; assurance; personnel/user issues; preparing for contingencies and disasters; computer security incident handling; awareness, training, and education; physical and environmental security; identification and authentication; logical access control; audit trails; cryptography; and assessing and mitigating the risks to a hypothetical computer system.
Comentarios de la gente - Escribir un comentario
No encontramos ningún comentario en los lugares habituales.
Otras ediciones - Ver todas
An introduction to computer security: the NIST handbook
Barbara Guttman,Edward Roback
Vista de fragmentos - 1995
access control lists accreditation agency appropriate attendance application attendance data audit trails automated backup central computer security changes Chapter computer security policy computer security program computer system contingency planning Cost Considerations cryptographic keys discussed documentation electronic employees encryption ensure example files functions Gaithersburg hackers handbook hardware HGA's identify implementation incident handling capability individuals Institute of Standards integrity Interdependencies issues key cryptography LAN server logical access controls mainframe modified monitoring National Institute NIST normally OMB Circular A-130 organization organization's organizational passwords payroll performed personal computers personnel procedures protect public key public key cryptography responsible risk assessment risk management safeguards secret key security controls security measures security policy security requirements smart card Smart tokens specific Standards and Technology support and operations system administrators system life cycle system management system security system-level threats types unauthorized users vulnerabilities
Página 9 - Cost-Effective 4. Systems Owners Have Security Responsibilities Outside Their Own Organizations 5. Computer Security Responsibilities and Accountability Should Be Made Explicit 6. Computer Security Requires a Comprehensive and Integrated Approach 7. Computer Security Should Be Periodically Reassessed 8. Computer Security...
Página 21 - ... involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapons system; or is critical to the direct fulfillment of military or intelligence missions...
Página ii - (3) have responsibility within the Federal Government for developing technical, management, physical, and administrative standards and guidelines for the cost-effective security and privacy of sensitive information in Federal computer systems...
Página 82 - ... reviewing an operational system to see that security controls, both automated and manual, are functioning correctly and effectively. Operational assurance addresses whether the system's technical features are being bypassed or have vulnerabilities and whether required procedures are being followed. To maintain operational assurance, organizations use two basic methods: system audits and monitoring. A system audit is a one-time or periodic event to evaluate security; monitoring refers to an ongoing...
Página 11 - The costs and benefits of security should be carefully examined in both monetary and nonmonetary terms to ensure that the cost of controls does not exceed expected benefits. Security should be appropriate and proportionate to the value of and degree of reliance on the computer systems and to the severity, probability and extent of potential harm.
Página 168 - ... review the effectiveness of physical access controls in each area, both during normal business hours and at other times — particularly when an area may be unoccupied. Fire Safety Factors. Building fires are a particularly dangerous security threat because of the potential for complete destruction of hardware and data, the risk to human life, and the pervasiveness of the damage. Smoke, corrosive gases, and high humidity from a localized fire can damage systems throughout an entire building....
Página 5 - The operational controls address security methods that focus on mechanisms that primarily are implemented and executed by people (as opposed to systems). These controls are put in place to improve the security of a particular system (or group of systems). They often require technical or specialized expertise — and often rely upon management activities as well as technical controls.
Página 22 - House Committee on Science, Space, and Technology, Subcommittee on Investigations and Oversight, which is presently scheduled for September 23, 1992.
Página 59 - ... against the losses that would be expected if these measures were not in place. Part of the security management process on the matrix. 63 Fed. Reg. 43,242, 43,275 (Aug. 12, 1998) Risk Management: Risk is the possibility of something adverse happening. Risk management is the process of assessing risk, taking steps to reduce risk to an acceptable level and maintaining that level of risk. Part of the security management process on the matrix. 63 Fed. Reg. 43,242, 43,275 (Aug. 12, 1998) Role-Based...
Information Security Management Handbook, Fourth Edition, Volumen4
Harold F. Tipton
Vista previa limitada - 2002
Todos los resultados de la Búsqueda de libros »
Hack Attacks Denied: A Complete Guide to Network Lockdown
Sin vista previa disponible - 2001