The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'Computer Security Handbook'

Cover of Computer Security Handbook
TitleComputer Security Handbook
Author(s)Seymour Bosworth, Michel E. Kabay
ISBN0471412589
LanguageEnglish
PublishedApril 2002
PublisherJohn Wiley & Sons
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Computer security
Amazon.com info for Computer Security Handbook

Score:

Vote for this book

The Virtual Bookcase Reviews of 'Computer Security Handbook':

Reviewer Rob Slade wrote:
There are many recognizable (and a lot more not so recognizable) names in the list of contributors. Authors such as Rebecca Bace, Donn Parker, and William Stallings stand out as people who have something worth saying, and can say it well. Other names are associated with less worthy works. Chapter one states that the purpose of the handbook is to describe information system security risks, the measures for mitigating those risks, and the techniques for managing security risks. In a sense, it does that, but risk management is not the whole of computer security. Even if the title of the book were to confine itself to risk management, one would still have to say that, overall, there are other works that cover the field more completely, with less wasted verbiage. There has been an attempt to remove the limiting of previous editions to topics relevant to "big iron." However, new technologies still seem to get short shrift. Part one looks at foundations of computer security, with papers examining the history and mission of security (actually just history of computers), law and computer forensics (random collection of legal issues, almost nothing on forensics), common language for computer incident information (proposal with no proof that it will either cover all incidents or assist with dealing with incidents), surveys of computer crime (lots of material on how studies should be conducted, and uncritical reports of some studies), and new framework for security (Donn Parker says we are missing pieces of security). Threats and vulnerabilities are reviewed in part two, including essays on the psychology of computer criminals (mostly good but some questionable observations and theories about black hats), information warfare (information systems can be attacked--surprise!), penetrating systems and networks (there are different ways to get unauthorized access), malicious code (traditional models and some recent examples of viruses), mobile code (some aspects of ActiveX and scripting), denial of service attacks (reasonable overview of various types--and some unrelated exploits), intellectual property (random legislation and thoughts), e-commerce vulnerabilities (various weaknesses), and physical threats (generic disaster recovery). Part three covers preventive technical defenses, containing topics such as protecting information infrastructure (generic security, mostly physical), identification and authentication (brief introduction), operating system security (good introduction to access control), local area networks (random thoughts), e-commerce safeguards (legal protections and vague ideas), firewalls (confused grab bag), protecting Internet systems (basic concepts), protecting web sites (broad but not deep), public key infrastructure (basic components, but no more), antivirus technology (simplistic look at scanning), software development (simplistic look at the software development life cycle), and piracy (piracy is going on and we have to find some way to stop it). Human factors, in part four, looks at standards for security products (verbose description of the Common Criteria components), security policy guidelines (miscellaneous related documents), security awareness (do interesting seminars), ethics (vague), employment policies (grab bag), operations security (and another), Internet use policies (yet again), working with law enforcement (generic and poorly structured), social psychology (redoing the security awareness article with extra psychological jargon), and auditing computer security (a checklist). Part five's look at detection is brief, with intrusion detection (excellent introduction), monitoring (you should log stuff), and application controls (database integrity). Remediation reviews computer emergency response teams (generic), backups (pedestrian), business continuity planning (have a plan), disaster recovery (repeat previous), and insurance (get some) in part six. Part seven examines management's role, including management responsibilities (you could be liable), developing policies (generic), risk assessment (assess risks), and Y2K (management is now onside-- yeah, right). Other considerations, such as medical records (good introduction and discussion of the issues), using encryption internationally (laws differ), censorship (random thoughts), privacy (various laws), anonymity (psychological ponderings), and the future (various thoughts) make up part eight. There is useful material in the work, but it is difficult to abstract the good from the mundane unless you are already quite expert in the field. The newcomer would be advised to get some basic training or reading before attempting to deal with this work, but the expert will be able to find some useful nuggets. copyright Robert M. Slade, 2001
Add my review for Computer Security Handbook

Book description:

The definitive formula for computer security, from power outages to theft and sabotage Whether you are in charge of many computers, or even one important one, there are immediate steps you can take to safeguard your company’s computer system and its contents. The Computer Security Handbook provides a readable and comprehensive resource for protecting computer mainframe systems and PC networks. This Fourth Edition continues a long tradition of maintaining highly regarded industry guidelines for detecting virtually every possible threat to your system and prescribes specific actions you can take to eliminate them. The collected chapters are written by renowned industry professionals. Requiring minimal technical knowledge to understand, covered topics include: foundations of computer security, threats and vulnerabilities, prevention (technical defenses and human factors), detection, remediation, management’s role, and other considerations such as using encryption internationally, anonymity and identity in cyberspace, and censorship. Protect the information and networks that are vital to your organization with Computer Security Handbook, Fourth Edition.

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (445)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2008 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement