Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Information security handbook
Caelli W., Longley D., Shain M., Stockton Press, New York, NY, 1991. Type: Book (9781561590186)
Date Reviewed: Feb 1 1993

After an “Overview,” this book has chapters on each of the following topics:

  • Security Management and Policy

  • Risk Management

  • Contingency Planning and Damage Avoidance

  • Information Security and the Law

  • Monitoring and Audit Control

  • Applications and Theory of Cryptography

  • Access Control

  • Security of Stored Data and Programs

  • Communications Security

  • Formal Models of Secure Systems

I particularly liked the chapter on security policy as, unlike some other texts, it explains in detail what a company security policy is and what should be in it, and it gives an example. The chapter on data security covers viruses, worms, and database security. If you want a review of all the well-known security models, the last chapter is the place to look. It also covers security evaluation criteria and describes both the TCSEC and the ITSEC in some detail. The only niggling complaint I have is that, while it says what a security model is for, I would have liked an explanation of how one goes about achieving that aim. The authors rightly do not want to go into formal methods, but some middle ground should be achievable.

As a handbook this work hits its target, although at 833 pages you need big hands. It is a collection of chapters on related topics within computer security; each chapter is thorough but isolated from the others. In a way, the selection of topics is odd. At one extreme we have “Security Management and Policy,” and at the other “Formal Models of Secure Systems.” Most of the chapters are particularly relevant to security managers trying to protect their companies’ assets, but some will appeal to those whose job is to design secure computer systems.

One day it would be nice to see a single integrated text that covers the whole spectrum of secure computer system creation from the definition of abstract requirements, via development methods and risk analysis, down to a discussion of the mechanisms that can implement those requirements. While this book does not attempt to do that, it is a successful handbook and I am pleased to have it on my bookshelf.
Reviewer:  Pete Trueman Review #: CR116344
Bookmark and Share
 
Security and Protection (K.6.5 )
 
 
Abuse And Crime Involving Computers (K.4.2 ... )
 
 
Security, Integrity, And Protection (H.2.0 ... )
 
 
Governmental Issues (K.5.2 )
 
 
Security and Protection (D.4.6 )
 
 
Data Encryption (E.3 )
 
  more  
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
CIRCAL and the representation of communication, concurrency, and time
Milne G. ACM Transactions on Programming Languages and Systems 7(2): 270-298, 1985. Type: Article		 Oct 1 1985
Computer security risk management
Palmer I., Potter G., Van Nostrand Reinhold Co., New York, NY, 1989. Type: Book (9780442302900)		 Apr 1 1991
Computers at risk
, National Academy Press, Washington, DC, 1991. Type: Book (9780309043885)		 Oct 1 1991
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy