Rothstein Associates Inc.

COMPUTER SECURITY MANAGEMENT
by Karen A. Forcht

"Coverage of important security topics from a practical, business-oriented
perspective. COMPUTER SECURITY MANAGEMENT provides a broad overview of
computer security and offers guidance for improving business systems, procedures,
and the skills of personnel. Here are some highlights:
- State-of-the-art coverage with an emphasis on future trends. Promotes the concept
that an effective manager must always stay current on security matters.
- A comprehensive chapter on viruses and other forms of malicious code provides
descriptive background and offers popular prevention and remedial options.
- Discusses legal aspects of computer security with an eye toward effective
management.
- Stresses the principle that planning ahead of time is better than after-the-fact
punishment or reorganization after the damage has been done. A chapter on
computer ethics introduces this preventative aspect of computer security.
- Thorough coverage of planning for natural disasters. Details contingency plans to
minimize effects of natural disasters and outlines rapid recovery techniques.
- Each chapter opens with a contemporary vignette that focuses on real business
situations relevant to the material covered within the chapter. Problem-solving
exercises and in-depth case studies are also offered.


"As its title implies, this text discusses computer systems management and
introduces the security issues that result from automation. Computer Security
Management addresses today's heightened concerns regarding confidentiality,
privacy, and volatility in our increasingly computerized society.

"Computers impact each one of us directly, and learning to manage them properly
and efficiently is a valuable skill. This book presents the basic principles of computer
system security, providing a strong platform of knowledge for managers at all levels.
Computer Security Management reinforces the basic tenet that planning up front is
preferable to reorganization and punishment after the fact through a series of
pertinent articles at the beginning of each chapter that are right out of today's
headlines.

"This book is divided into five parts:
Part I, Introduction to Computer Security, includes an overview of computer
security and a look at physical protection.
Part II, Systems Security and Control, includes chapters on hardware security
controls, software controls, and encryption techniques.
Part III, Special Considerations, covers database security, network and
telecommunications security, microcomputer security, and viruses,
Part IV, Legal and Ethical Issues, includes coverage of legal issues, current
legislation, and ethical use of computers.
Part V, Managerial Issues, includes chapters on managerial issues, disaster recovery
and contingency planning, and new technologies and future trends.

"Each chapter concludes with exercises and case studies, allowing readers to apply
the topics presented in the chapter, Computer security is not a "fixed" discipline; it
must be applied to the issues at hand. The "moving target" that computers represent
is, in most cases, situational, and careful discussion of the unique circumstances is
vital.

CONTENTS
Preface
PART I: INTRODUCTION TO COMPUTER SECURITY
1. Overview of Computer Security
- Why Worry About Computer Security?
- Ethical Considerations
- Threats to Security
- Security Measures
- End-of-Chapter Materials
2. Physical Protection
- Natural Disasters
- Physical Facilities
- Access Controls
- End-of-Chapter Materials
PART II SYSTEMS SECURITY AND CONTROL
3. Hardware Security Controls
- The Total System Needs Securing
- Levels of Hardware Controls
- Operating System Controls
- Access Controls
- General-Purpose Operating Systems Security
- Sources of Additional Information
- End-of-Chapter Materials
4. Software Controls
- Software Security and Controls
- Types of Software Intrusions
- Configuration Management
- Modularity and Encapsulation
- Protecting Information
- The Orange Book
- Selecting Security Software
- Analysis of Software Products
- End-of-Chapter Materials
5. Encryption Techniques
- Encryption Overview
- Types of Ciphers
- Types of Keys
- The Data Encryption Standard (DES)
- Guidelines for Use of Encryption
- End-of-Chapter Materials
PART III SPECIAL CONSIDERATIONS
6. Database Security
- Introduction to Databases
- Security Requirements of Databases
- Designing Database Security
- Methods of Protection
- Security of Multilevel Databases
- The Future of Databases
- End-of-Chapter Materials
7. Network and Telecommunication Security
- Telecommunications and Networks
- Security Considerations
- Cases in Point
- Special Communications
- Security Considerations
- Thoughts About the Future
- End-of-Chapter Materials
8. Microcomputer Security
- Microcomputer Problems and Solutions
- The Microcomputer Environment
- Security of Microcomputers
- Internal Data Security
- The Threats to Micros
- Developing a Micro Security Plan
- Establishing a Micro-to-Mainframe Link
- Portable Microcomputer Security
- Password Protection
- Security of Special Micro Applications
- End-of-Chapter Materials
9. Viruses
- History of Viruses
- Anatomy of Viruses
- Categories of Viruses and How They Work
- How Viruses Spread
- Pseudo-Virus Programs
- Motivation to Create Viruses
- Known Viruses
- Detection and Eradication
- Virus Protection Packages
- International Perspective
- The Future of Viruses
- End-of-Chapter Materials
PART IV LEGAL AND ETHICAL ISSUES
10. Legal Issues and Current Legislation
- Defining Computer Crime
- Methods of Computer Crime
- Types of Crimes Committed
- Software Violations
- Software Piracy
- Consultants and Outside Contractors
- Crimes Against Computer Systems
- Computer Crime Legislation
- Privacy Considerations
- Conclusion
- End-of-Chapter Materials
11. Ethical Use of Computers
- Defining Ethics
- Professional Codes of Ethics
- Corporate Policies on Ethics
- Academic Institutions Integrating Ethics into Classes
- Scenarios to Ponder
- End-of-Chapter Materials
PART V MANAGERIAL ISSUES
12. Managerial Issues
- Determination of Goals and Priorities
- Information Classification, Ownership, and Valuation
- Locating and Training Computer Security Personnel
- Budget Constraints
- Security Training and Awareness
- Evaluating and Updating Security Programs
- Disclosure of Security Violations
- Critical Management Issues in Computer Security
- End-of-Chapter Materials
13. Disaster Recovery and Contingency Planning
- Crisis Management
- Risk Analysis
- Security Plan
- Backup Procedures
- Insurance
- Training of Employees
- Testing the Plan
- Scenarios of Actual Disasters
- End-of-Chapter Materials
14 New Technologies and Future Trends
- The Future Is Now
- International Issues
- Privacy Concerns
- Ergonomics
- New Technologies
- End-of-Chapter Materials
Index

ABOUT THE AUTHOR
"Karen A. Forcht is Professor of Information and Decision Sciences at James
Madison University She is a recipient of the Association of Computer Educators'
Computer Educator of the Year award, and is a member of both the Computer
Security Institute and the Information Systems Security Association."

1997, 486 pages. Order #DR292, $57.50

4 Arapaho Rd.

Brookfield, CT 06804-3104

1-888-ROTHSTEin

Telephone: 203.740.7444; 888.768.4783

Fax: 203.740.7401

All bookstore enquiries should be sent to Rothstein Associates at the above address.

Looking for Practical Knowledge?