After an “Overview,” this book has chapters on each of the following topics:
Security Management and Policy
Risk Management
Contingency Planning and Damage Avoidance
Information Security and the Law
Monitoring and Audit Control
Applications and Theory of Cryptography
Access Control
Security of Stored Data and Programs
Communications Security
Formal Models of Secure Systems
I particularly liked the chapter on security policy as, unlike some other texts, it explains in detail what a company security policy is and what should be in it, and it gives an example. The chapter on data security covers viruses, worms, and database security. If you want a review of all the well-known security models, the last chapter is the place to look. It also covers security evaluation criteria and describes both the TCSEC and the ITSEC in some detail. The only niggling complaint I have is that, while it says what a security model is for, I would have liked an explanation of how one goes about achieving that aim. The authors rightly do not want to go into formal methods, but some middle ground should be achievable.
As a handbook this work hits its target, although at 833 pages you need big hands. It is a collection of chapters on related topics within computer security; each chapter is thorough but isolated from the others. In a way, the selection of topics is odd. At one extreme we have “Security Management and Policy,” and at the other “Formal Models of Secure Systems.” Most of the chapters are particularly relevant to security managers trying to protect their companies’ assets, but some will appeal to those whose job is to design secure computer systems.
One day it would be nice to see a single integrated text that covers the whole spectrum of secure computer system creation from the definition of abstract requirements, via development methods and risk analysis, down to a discussion of the mechanisms that can implement those requirements. While this book does not attempt to do that, it is a successful handbook and I am pleased to have it on my bookshelf.