- Authors:
- Deborah Russell,
- G. T. Gangemi
No abstract available.
Cited By
Li S, Zhu M and Qiu Y Attack Intent Analysis Method Based on Attack Path Graph Proceedings of the 8th International Conference on Communication and Network Security, (27-31)- Oakley J Improving offensive cyber security assessments using varied and novel initialization perspectives Proceedings of the 2018 ACM Southeast Conference, (1-9)
- Mun H and Oh S (2016). Injecting Subject Policy into Access Control for Strengthening the Protection of Personal Information, Wireless Personal Communications: An International Journal, 89:3, (715-728), Online publication date: 1-Aug-2016.
- Padayachee K and Eloff J (2009). Adapting usage control as a deterrent to address the inadequacies of access controls, Computers and Security, 28:7, (536-544), Online publication date: 1-Oct-2009.
- Nasirifard P and Peristeras V Uncle-Share Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems, (1122-1130)
- Padayachee K and Eloff J Enhancing optimistic access controls with usage control Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business, (75-82)
- Ryan J (2007). Plagiarism, Graduate Education, and Information Security, IEEE Security and Privacy, 5:5, (62-65), Online publication date: 1-Sep-2007.
- Al-Hamdani W and Griskell I A proposed curriculum of cryptography courses Proceedings of the 2nd annual conference on Information security curriculum development, (4-11)
- Payne C Enhanced Security Models for Operating Systems Proceedings of the 28th Annual International Computer Software and Applications Conference - Volume 01, (230-235)
- Zbib R, Anjum F, Ghosh A and Umar A (2019). Intrusion Tolerance in Distributed Middleware, Information Systems Frontiers, 6:1, (67-75), Online publication date: 1-Mar-2004.
- Clarke S and Drake P A social perspective on information security Socio-technical and human cognition elements of information systems, (249-265)
- Duri S, Gruteser M, Liu X, Moskowitz P, Perez R, Singh M and Tang J Framework for security and privacy in automotive telematics Proceedings of the 2nd international workshop on Mobile commerce, (25-32)
- Loughry J and Umphress D (2002). Information leakage from optical emanations, ACM Transactions on Information and System Security (TISSEC), 5:3, (262-289), Online publication date: 1-Aug-2002.
- Apostolico A and Crochemore M String pattern matching for a deluge survival kit Handbook of massive data sets, (151-194)
- Patiyoot D (2002). Security issues for wireless ATM networks, ACM SIGOPS Operating Systems Review, 36:1, (31-57), Online publication date: 1-Jan-2002.
- de Ru W and Eloff J (1997). Enhanced Password Authentication through Fuzzy Logic, IEEE Expert: Intelligent Systems and Their Applications, 12:6, (38-45), Online publication date: 1-Nov-1997.
- Smith C A Survey to Determine Federal Agency Needs for a Role-Based Access Control Security Product Proceedings of the 3rd International Software Engineering Standards Symposium (ISESS '97)
- Mavrikidis J (1996). Security issues in a networked UNIX and MVS/VM environment, ACM SIGSAC Review, 14:3, (2-8), Online publication date: 1-Aug-1996.
- Crosbie M and Spafford E Evolving event-driven programs Proceedings of the 1st annual conference on genetic programming, (273-278)
- Cavaiani C and Alves-Foss J (1996). Mutual authenticating protocol with key distribution in client/server environment, XRDS: Crossroads, The ACM Magazine for Students, 2:4, (17-22), Online publication date: 1-Apr-1996.
- Alves-Foss J and Barbosa S (1995). Assessing computer security vulnerability, ACM SIGOPS Operating Systems Review, 29:3, (3-13), Online publication date: 1-Jul-1995.
- Granger S Why electronic mail is inherently private Proceedings of the conference on Ethics in the computer age, (110-112)
- Granger S The hacker ethic Proceedings of the conference on Ethics in the computer age, (7-9)
- Brown P Digital signatures Proceedings of the 1st ACM conference on Computer and communications security, (86-92)
Index Terms
- Computer security basics
Reviews
Stanley A. Kurzban
At last, here is a fine, eminently readable (almost chatty), practical, and broad book on computer security for auditors, administrators, managers, and even those who teach introductory business courses in the subject. Although such readers may find little of value in the 100+ pages that the authors devote to matters (such as TEMPEST and the “Orange Book”) that are of concern only to those who must abide by United States Department of Defense (DoD) regulations, the remainder of the book is well worth its price. While it contains almost no material on specific systems and software products, the book does contain a great deal of generally useful, fundamental guidance on justifying security measures, the history of computer security, access control and identification and authentication, viruses, worms, and other “wildlife,” administration, cryptography, and network security. The substantive discussions are preceded by a helpful chapter that expounds critical definitions and are followed by appendices on initialisms (which the authors miscall “acronyms”) and sources for further study. The latter are especially appropriate because the book always avoids painful detail. Most of the books flaws occur in its DoD-related sections. Trying to keep up with fast-paced changes as they occurred no doubt led to use of the present tense to refer on page 40 to the applicability of a directive whose rescission is chronicled on page 42; similarly, page 36 gives one impression of the National Security Agencys endorsement of the Data Encryption Standard, but page 187 gives a different impression that takes more recent events into account. The introduction of the “star property” on page 77 can make no sense without its justification, for which the authors merely refer the reader to an appendix listing other publications. Also inadequate is the books treatment on page 66 of cracking passwords by making trial encryptions and comparing them to available ciphertext; page 166 is written as though such cracking were of concern only in exceptional cases. Also, the books history could leave the reader with the incorrect impression that all advances in computer security stemmed from governmental agencies activities. DoD-related flaws and emphasis notwithstanding, Russell and Gangemi have produced a fine and sorely needed text that is well designed and well edited. One must hope that it will edify those to whom the subject of computer security has heretofore seemed all too arcane.
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.