This handbook provides assistance in securing computer-based resources (including hardware, software, and information) by explaining important concepts, cost considerations, and interrelationships of security controls. It illustrates the benefits of security controls, the major techniques or approaches for each control, and important related considerations. The handbook provides a broad overview of computer security to help readers understand their computer security needs and develop a sound approach to the selection of appropriate security controls. It does not describe detailed steps necessary to implement a computer security program, provide detailed implementation procedures for security controls, or give guidance for auditing the security of specific systems.
Cited By
- Mercuri R and Neumann P (2016). The risks of self-auditing systems, Communications of the ACM, 59:6, (22-25), Online publication date: 23-May-2016.
- Novotny A Signs of Time Proceedings of the Third International Conference on Human Aspects of Information Security, Privacy, and Trust - Volume 9190, (547-558)
- Fenz S An ontology- and Bayesian-based approach for determining threat probabilities Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, (344-354)
- Fenz S and Ekelhart A Formalizing information security knowledge Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, (183-194)
- Murray D, Milos G and Hand S Improving Xen security through disaggregation Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments, (151-160)
- Ekelhart A, Fenz S, Neubauer T and Weippl E Formal threat descriptions for enhancing governmental risk assessment Proceedings of the 1st international conference on Theory and practice of electronic governance, (40-43)
Recommendations
Capturing industry experience for an effective information security assessment
An Information System (IS) security programme consists of several essential security controls. In order to verify and maintain the effectiveness of an IS security programme, it is pertinent to identify how security controls are compared to each other in ...